From 78b5f6b94b2d78d642165101183cbd7d20a49f75 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 2 Apr 2014 23:03:24 -0400 Subject: [PATCH 001/121] BinPAC SSH analyzer basic functionality. --- scripts/base/protocols/ssh/README | 1 - scripts/base/protocols/ssh/__load__.bro | 2 +- scripts/base/protocols/ssh/main.bro | 212 +++++---------------- src/analyzer/protocol/CMakeLists.txt | 4 +- src/analyzer/protocol/ssh/CMakeLists.txt | 8 +- src/analyzer/protocol/ssh/Plugin.cc | 7 +- src/analyzer/protocol/ssh/SSH.cc | 198 +++++++++++-------- src/analyzer/protocol/ssh/SSH.h | 51 ++++- src/analyzer/protocol/ssh/events.bif | 51 ++--- src/analyzer/protocol/ssh/ssh-analyzer.pac | 25 +++ src/analyzer/protocol/ssh/ssh-protocol.pac | 175 +++++++++++++++++ src/analyzer/protocol/ssh/ssh.pac | 32 ++++ 12 files changed, 465 insertions(+), 301 deletions(-) delete mode 100644 scripts/base/protocols/ssh/README create mode 100644 src/analyzer/protocol/ssh/ssh-analyzer.pac create mode 100644 src/analyzer/protocol/ssh/ssh-protocol.pac create mode 100644 src/analyzer/protocol/ssh/ssh.pac diff --git a/scripts/base/protocols/ssh/README b/scripts/base/protocols/ssh/README deleted file mode 100644 index c3f68d543f..0000000000 --- a/scripts/base/protocols/ssh/README +++ /dev/null @@ -1 +0,0 @@ -Support for Secure Shell (SSH) protocol analysis. diff --git a/scripts/base/protocols/ssh/__load__.bro b/scripts/base/protocols/ssh/__load__.bro index 0f3cb011f8..9e43682d13 100644 --- a/scripts/base/protocols/ssh/__load__.bro +++ b/scripts/base/protocols/ssh/__load__.bro @@ -1,3 +1,3 @@ +# Generated by binpac_quickstart @load ./main - @load-sigs ./dpd.sig \ No newline at end of file diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 33b0c84147..c3f90ec332 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -1,66 +1,31 @@ -##! Base SSH analysis script. The heuristic to blindly determine success or -##! failure for SSH connections is implemented here. At this time, it only -##! uses the size of the data being returned from the server to make the -##! heuristic determination about success of the connection. -##! Requires that :bro:id:`use_conn_size_analyzer` is set to T! The heuristic -##! is not attempted if the connection size analyzer isn't enabled. +##! Implements base functionality for SSH analysis. Generates the ssh.log file. -@load base/protocols/conn -@load base/frameworks/notice -@load base/utils/site -@load base/utils/thresholds -@load base/utils/conn-ids -@load base/utils/directions-and-hosts +# Generated by binpac_quickstart module SSH; export { - ## The SSH protocol logging stream identifier. redef enum Log::ID += { LOG }; type Info: record { - ## Time when the SSH connection began. - ts: time &log; + ## Timestamp for when the event happened. + ts: time &log; ## Unique ID for the connection. - uid: string &log; + uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. - id: conn_id &log; - ## Indicates if the login was heuristically guessed to be - ## "success", "failure", or "undetermined". - status: string &log &default="undetermined"; - ## Direction of the connection. If the client was a local host - ## logging into an external host, this would be OUTBOUND. INBOUND - ## would be set for the opposite situation. - # TODO: handle local-local and remote-remote better. - direction: Direction &log &optional; - ## Software string from the client. - client: string &log &optional; - ## Software string from the server. - server: string &log &optional; - ## Indicate if the SSH session is done being watched. - done: bool &default=F; + id: conn_id &log; + ## The client's version string + client: string &log &optional; + ## The server's version string + server: string &log &optional; + ## Auth result + result: string &log &optional; + ## Auth method + method: string &log &optional; }; - ## The size in bytes of data sent by the server at which the SSH - ## connection is presumed to be successful. - const authentication_data_size = 4000 &redef; - - ## If true, we tell the event engine to not look at further data - ## packets after the initial SSH handshake. Helps with performance - ## (especially with large file transfers) but precludes some - ## kinds of analyses. - const skip_processing_after_detection = F &redef; - - ## Event that is generated when the heuristic thinks that a login - ## was successful. - global heuristic_successful_login: event(c: connection); - - ## Event that is generated when the heuristic thinks that a login - ## failed. - global heuristic_failed_login: event(c: connection); - - ## Event that can be handled to access the :bro:type:`SSH::Info` - ## record as it is sent on to the logging framework. + ## Event that can be handled to access the SSH record as it is sent on + ## to the loggin framework. global log_ssh: event(rec: Info); } @@ -69,136 +34,55 @@ redef record connection += { }; const ports = { 22/tcp }; -redef likely_server_ports += { ports }; event bro_init() &priority=5 -{ + { Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]); Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); -} - -function set_session(c: connection) - { - if ( ! c?$ssh ) - { - local info: Info; - info$ts=network_time(); - info$uid=c$uid; - info$id=c$id; - c$ssh = info; - } } -function check_ssh_connection(c: connection, done: bool) + +event ssh_version(c: connection, is_orig: bool, version: string) { - # If already done watching this connection, just return. - if ( c$ssh$done ) - return; - - if ( done ) + if ( !c?$ssh ) { - # If this connection is done, then we can look to see if - # this matches the conditions for a failed login. Failed - # logins are only detected at connection state removal. - - if ( # Require originators and responders to have sent at least 50 bytes. - c$orig$size > 50 && c$resp$size > 50 && - # Responders must be below 4000 bytes. - c$resp$size < authentication_data_size && - # Responder must have sent fewer than 40 packets. - c$resp$num_pkts < 40 && - # If there was a content gap we can't reliably do this heuristic. - c?$conn && c$conn$missed_bytes == 0 )# && - # Only "normal" connections can count. - #c$conn?$conn_state && c$conn$conn_state in valid_states ) - { - c$ssh$status = "failure"; - event SSH::heuristic_failed_login(c); - } - - if ( c$resp$size >= authentication_data_size ) - { - c$ssh$status = "success"; - event SSH::heuristic_successful_login(c); - } + local s: SSH::Info; + s$ts = network_time(); + s$uid = c$uid; + s$id = c$id; + c$ssh = s; } + if ( is_orig ) + c$ssh$client = version; else - { - # If this connection is still being tracked, then it's possible - # to watch for it to be a successful connection. - if ( c$resp$size >= authentication_data_size ) - { - c$ssh$status = "success"; - event SSH::heuristic_successful_login(c); - } - else - # This connection must be tracked longer. Let the scheduled - # check happen again. - return; - } - - # Set the direction for the log. - c$ssh$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND : INBOUND; - - # Set the "done" flag to prevent the watching event from rescheduling - # after detection is done. - c$ssh$done=T; - - if ( skip_processing_after_detection ) - { - # Stop watching this connection, we don't care about it anymore. - skip_further_processing(c$id); - set_record_packets(c$id, F); - } + c$ssh$server = version; +# print c$ssh; } - -event heuristic_successful_login(c: connection) &priority=-5 +event ssh_auth_successful(c: connection, method: string) { - Log::write(SSH::LOG, c$ssh); - } - -event heuristic_failed_login(c: connection) &priority=-5 - { - Log::write(SSH::LOG, c$ssh); - } - -event connection_state_remove(c: connection) &priority=-5 - { - if ( c?$ssh ) - { - check_ssh_connection(c, T); - if ( c$ssh$status == "undetermined" ) - Log::write(SSH::LOG, c$ssh); - } - } - -event ssh_watcher(c: connection) - { - local id = c$id; - # don't go any further if this connection is gone already! - if ( ! connection_exists(id) ) + if ( !c?$ssh ) return; - - lookup_connection(c$id); - check_ssh_connection(c, F); - if ( ! c$ssh$done ) - schedule +15secs { ssh_watcher(c) }; + c$ssh$result = "success"; + c$ssh$method = method; + Log::write(SSH::LOG, c$ssh); } -event ssh_server_version(c: connection, version: string) &priority=5 +event ssh_auth_failed(c: connection, method: string) { - set_session(c); - c$ssh$server = version; + if ( !c?$ssh ) + return; + c$ssh$result = "failure"; + c$ssh$method = method; + Log::write(SSH::LOG, c$ssh); } -event ssh_client_version(c: connection, version: string) &priority=5 +event connection_closed(c: connection) { - set_session(c); - c$ssh$client = version; - - # The heuristic detection for SSH relies on the ConnSize analyzer. - # Don't do the heuristics if it's disabled. - if ( use_conn_size_analyzer ) - schedule +15secs { ssh_watcher(c) }; - } + if ( c?$ssh && !c$ssh?$result ) + { + c$ssh$result = "unknown"; + c$ssh$method = "unknown"; + Log::write(SSH::LOG, c$ssh); + } + } \ No newline at end of file diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt index fc63aa4b66..59e33843ac 100644 --- a/src/analyzer/protocol/CMakeLists.txt +++ b/src/analyzer/protocol/CMakeLists.txt @@ -19,11 +19,11 @@ add_subdirectory(ident) add_subdirectory(interconn) add_subdirectory(irc) add_subdirectory(login) -add_subdirectory(modbus) add_subdirectory(mime) +add_subdirectory(modbus) add_subdirectory(ncp) -add_subdirectory(netflow) add_subdirectory(netbios) +add_subdirectory(netflow) add_subdirectory(ntp) add_subdirectory(pia) add_subdirectory(pop3) diff --git a/src/analyzer/protocol/ssh/CMakeLists.txt b/src/analyzer/protocol/ssh/CMakeLists.txt index 505c89332e..1266e4f496 100644 --- a/src/analyzer/protocol/ssh/CMakeLists.txt +++ b/src/analyzer/protocol/ssh/CMakeLists.txt @@ -1,9 +1,11 @@ +# Generated by binpac_quickstart include(BroPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) bro_plugin_begin(Bro SSH) -bro_plugin_cc(SSH.cc Plugin.cc) -bro_plugin_bif(events.bif) -bro_plugin_end() + bro_plugin_cc(SSH.cc Plugin.cc) + bro_plugin_bif(events.bif) + bro_plugin_pac(ssh.pac ssh-analyzer.pac ssh-protocol.pac) +bro_plugin_end() \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index 53a0294a88..ddb01964f5 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -1,10 +1,11 @@ +// Generated by binpac_quickstart #include "plugin/Plugin.h" #include "SSH.h" BRO_PLUGIN_BEGIN(Bro, SSH) - BRO_PLUGIN_DESCRIPTION("SSH analyzer"); - BRO_PLUGIN_ANALYZER("SSH", ssh::SSH_Analyzer); + BRO_PLUGIN_DESCRIPTION("Secure Shell analyzer"); + BRO_PLUGIN_ANALYZER("SSH", SSH::SSH_Analyzer); BRO_PLUGIN_BIF_FILE(events); -BRO_PLUGIN_END +BRO_PLUGIN_END \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index ab3f6a5e5b..caeb5c4ca7 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -1,105 +1,135 @@ -// See the file "COPYING" in the main distribution directory for copyright. +// Generated by binpac_quickstart -#include "config.h" - -#include - -#include "NetVar.h" #include "SSH.h" -#include "Event.h" -#include "analyzer/protocol/tcp/ContentLine.h" + +#include "analyzer/protocol/tcp/TCP_Reassembler.h" + +#include "Reporter.h" #include "events.bif.h" -using namespace analyzer::ssh; +using namespace analyzer::SSH; SSH_Analyzer::SSH_Analyzer(Connection* c) + : tcp::TCP_ApplicationAnalyzer("SSH", c) - { - orig = new tcp::ContentLine_Analyzer(c, true); - orig->SetSkipPartial(true); - orig->SetCRLFAsEOL(LF_as_EOL); - AddSupportAnalyzer(orig); - resp = new tcp::ContentLine_Analyzer(c, false); - resp->SetSkipPartial(true); - resp->SetCRLFAsEOL(LF_as_EOL); - AddSupportAnalyzer(resp); + { + interp = new binpac::SSH::SSH_Conn(this); + had_gap = false; + num_encrypted_packets_seen = 0; + } + +SSH_Analyzer::~SSH_Analyzer() + { + delete interp; } -void SSH_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) +void SSH_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, is_orig); + + tcp::TCP_ApplicationAnalyzer::Done(); - // We're all done processing this endpoint - flag it as such, - // before we even determine whether we have any event generation - // work to do, to make sure we don't do any further work on it. - if ( is_orig ) - orig->SetSkipDeliveries(true); - else - resp->SetSkipDeliveries(true); + interp->FlowEOF(true); + interp->FlowEOF(false); + + } - if ( TCP() ) +void SSH_Analyzer::EndpointEOF(bool is_orig) + { + tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); + } + +void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) + { + tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + + assert(TCP()); + if ( TCP()->IsPartial() ) + return; + + if ( had_gap ) + // If only one side had a content gap, we could still try to + // deliver data to the other side if the script layer can handle this. + return; + + if ( num_encrypted_packets_seen || interp->get_state(orig) == binpac::SSH::ENCRYPTED ) { - // Don't try to parse version if there has already been a gap. - tcp::TCP_Endpoint* endp = is_orig ? TCP()->Orig() : TCP()->Resp(); - if ( endp->HadGap() ) - return; - } - - const char* line = (const char*) data; - - // The SSH identification looks like this: - // - // SSH-.-\n - // - // We're interested in the "version" part here. - - if ( length < 4 || memcmp(line, "SSH-", 4) != 0 ) - { - Weird("malformed_ssh_identification"); - ProtocolViolation("malformed ssh identification", line, length); + ProcessEncrypted(len, orig); return; } - int i; - for ( i = 4; i < length && line[i] != '-'; ++i ) - ; - - if ( TCP() ) + try { - if ( length >= i ) - { - IPAddr dst; - - if ( is_orig ) - dst = TCP()->Orig()->dst_addr; - else - dst = TCP()->Resp()->dst_addr; - - if ( Conn()->VersionFoundEvent(dst, line + i, - length - i) ) - ProtocolConfirmation(); - else - ProtocolViolation("malformed ssh version", - line, length); - } - else - { - Weird("malformed_ssh_version"); - ProtocolViolation("malformed ssh version", line, length); - } + interp->NewData(orig, data, data + len); + } + catch ( const binpac::Exception& e ) + { + printf(" **** %s\n", e.c_msg()); + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); } - - // Generate SSH events. - EventHandlerPtr event = is_orig ? - ssh_client_version : ssh_server_version; - if ( ! event ) - return; - - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(new StringVal(length, line)); - - ConnectionEvent(event, vl); + } + +void SSH_Analyzer::Undelivered(int seq, int len, bool orig) + { + tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + had_gap = true; + interp->NewGap(orig, len); + } + +void SSH_Analyzer::ProcessEncrypted(int len, bool orig) + { + if (!num_encrypted_packets_seen) + { + initial_encrypted_packet_size = len; + } + // printf("Encrypted packet of size %d from %s.\n", len, orig?"client":"server"); + int relative_len = len - initial_encrypted_packet_size; + if ( num_encrypted_packets_seen >= 2 ) + { + int auth_result = AuthResult(relative_len, orig); + if ( auth_result > 0 ) + { + StringVal* method = new StringVal(AuthMethod(relative_len, orig)); + if ( auth_result == 1 ) + BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); + if ( auth_result == 2 ) + BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); + } + packet_n_2_is_orig = packet_n_1_is_orig; + packet_n_2_size = packet_n_1_size; + } + packet_n_1_is_orig = orig; + packet_n_1_size = relative_len; + num_encrypted_packets_seen++; + } + + +int SSH_Analyzer::AuthResult(int len, bool orig) + { + if ( orig && !packet_n_1_is_orig && packet_n_2_is_orig ) + { + if ( len == -16 ) + return 1; + else if ( len >= 16 && + len <= 32 ) + return 2; + return 0; + } + return -1; + } + +const char* SSH_Analyzer::AuthMethod(int len, bool orig) + { + if ( packet_n_1_size == 96 ) // Password auth + return "keyboard-interactive"; + if ( packet_n_1_size == 32 ) // Challenge-response auth + return "challenge-response"; + if ( packet_n_2_size >= 112 && + packet_n_2_size <= 432 ) // Public key auth + return "pubkey"; + if ( packet_n_2_size == 16 ) // Host-based auth + return "host-based"; + return fmt("unknown auth method: n-1=%d n-2=%d", packet_n_1_size, packet_n_2_size); } diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 3878881693..7d391e8d66 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -1,25 +1,62 @@ -// See the file "COPYING" in the main distribution directory for copyright. +// Generated by binpac_quickstart #ifndef ANALYZER_PROTOCOL_SSH_SSH_H #define ANALYZER_PROTOCOL_SSH_SSH_H +#include "events.bif.h" + + #include "analyzer/protocol/tcp/TCP.h" -#include "analyzer/protocol/tcp/ContentLine.h" -namespace analyzer { namespace ssh { +#include "ssh_pac.h" + +namespace analyzer { namespace SSH { + +class SSH_Analyzer + +: public tcp::TCP_ApplicationAnalyzer { -class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: SSH_Analyzer(Connection* conn); + virtual ~SSH_Analyzer(); + // Overriden from Analyzer. + virtual void Done(); + virtual void DeliverStream(int len, const u_char* data, bool orig); + virtual void Undelivered(int seq, int len, bool orig); + // Overriden from tcp::TCP_ApplicationAnalyzer. + virtual void EndpointEOF(bool is_orig); + static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new SSH_Analyzer(conn); } -private: - tcp::ContentLine_Analyzer* orig; - tcp::ContentLine_Analyzer* resp; + static bool Available() + { + // TODO: After you define your events, || them together here. + // See events.bif for more information + return ( ssh_event ); + } + +protected: + binpac::SSH::SSH_Conn* interp; + + void ProcessEncrypted(int len, bool orig); + int AuthResult(int len, bool orig); + const char* AuthMethod(int len, bool orig); + + bool had_gap; + + // Packet analysis stuff + int initial_encrypted_packet_size; + int num_encrypted_packets_seen; + + bool packet_n_1_is_orig; + int packet_n_1_size; + bool packet_n_2_is_orig; + int packet_n_2_size; + }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index 9d73f5e483..f1fa16919d 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -1,38 +1,17 @@ -## Generated when seeing an SSH client's version identification. The SSH -## protocol starts with a clear-text handshake message that reports client and -## server protocol/software versions. This event provides access to what the -## client sent. -## -## -## See `Wikipedia `__ for more -## information about the SSH protocol. -## -## c: The connection. -## -## version: The version string the client sent (e.g., `SSH-2.0-libssh-0.11`). -## -## .. bro:see:: ssh_server_version -## -## .. note:: As everything after the initial version handshake proceeds -## encrypted, Bro cannot further analyze SSH sessions. -event ssh_client_version%(c: connection, version: string%); +# Generated by binpac_quickstart -## Generated when seeing an SSH server's version identification. The SSH -## protocol starts with a clear-text handshake message that reports client and -## server protocol/software versions. This event provides access to what the -## server sent. -## -## See `Wikipedia `__ for more -## information about the SSH protocol. -## -## c: The connection. -## -## version: The version string the server sent (e.g., -## ``SSH-1.99-OpenSSH_3.9p1``). -## -## .. bro:see:: ssh_client_version -## -## .. note:: As everything coming after the initial version handshake proceeds -## encrypted, Bro cannot further analyze SSH sessions. -event ssh_server_version%(c: connection, version: string%); +# In this file, you'll define the events that your analyzer will generate. A sample event is included. +## Generated for SSH connections +## +## See `Google `__ for more information about SSH +## +## c: The connection +##3 +event ssh_event%(c: connection%); + +event ssh_version%(c: connection, is_orig: bool, version: string%); + +event ssh_auth_successful%(c: connection, method: string%); + +event ssh_auth_failed%(c: connection, method: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac new file mode 100644 index 0000000000..5cde754521 --- /dev/null +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -0,0 +1,25 @@ +# Generated by binpac_quickstart + +refine flow SSH_Flow += { + function proc_ssh_version(msg: SSH_Version): bool + %{ + BifEvent::generate_ssh_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.is_orig}, + bytestring_to_val(${msg.version})); + return true; + %} + + function proc_newkeys(): bool + %{ + connection()->bro_analyzer()->ProtocolConfirmation(); + return true; + %} + +}; + +refine typeattr SSH_Version += &let { + proc: bool = $context.flow.proc_ssh_version(this); +}; + +refine typeattr SSH_Message += &let { + proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS); +}; diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac new file mode 100644 index 0000000000..84b1bc1f6a --- /dev/null +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -0,0 +1,175 @@ +enum state { + VERSION_EXCHANGE = 0, + KEY_EXCHANGE_CLEARTEXT = 1, + ENCRYPTED = 2, +}; + +enum message_id { + SSH_MSG_DISCONNECT = 1, + SSH_MSG_IGNORE = 2, + SSH_MSG_UNIMPLEMENTED = 3, + SSH_MSG_DEBUG = 4, + SSH_MSG_SERVICE_REQUEST = 5, + SSH_MSG_SERVICE_ACCEPT = 6, + SSH_MSG_KEXINIT = 20, + SSH_MSG_NEWKEYS = 21, + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, + SSH_MSG_USERAUTH_REQUEST = 50, + SSH_MSG_USERAUTH_FAILURE = 51, + SSH_MSG_USERAUTH_SUCCESS = 52, + SSH_MSG_USERAUTH_BANNER = 53, + SSH_MSG_GLOBAL_REQUEST = 80, + SSH_MSG_REQUEST_SUCCESS = 81, + SSH_MSG_REQUEST_FAILURE = 82, + SSH_MSG_CHANNEL_OPEN = 90, + SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91, + SSH_MSG_CHANNEL_OPEN_FAILURE = 92, + SSH_MSG_CHANNEL_WINDOW_ADJUST = 93, + SSH_MSG_CHANNEL_DATA = 94, + SSH_MSG_CHANNEL_EXTENDED_DATA = 95, + SSH_MSG_CHANNEL_EOF = 96, + SSH_MSG_CHANNEL_CLOSE = 97, + SSH_MSG_CHANNEL_REQUEST = 98, + SSH_MSG_CHANNEL_SUCCESS = 99, + SSH_MSG_CHANNEL_FAILURE = 100, +}; + +type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { + VERSION_EXCHANGE -> version: SSH_Version(is_orig); + KEY_EXCHANGE_CLEARTEXT -> kex: SSH_Key_Exchange(is_orig); + ENCRYPTED -> unk: bytestring &length=100; +} &byteorder=bigendian; + +type SSH_Version(is_orig: bool) = record { + version: bytestring &oneline; +} &let { + update_state: bool = $context.connection.update_state(KEY_EXCHANGE_CLEARTEXT, is_orig); +}; + +type SSH_Key_Exchange_Header(is_orig: bool) = record { + packet_length: uint32; + padding_length: uint8; +} &length=5; + +type SSH_Key_Exchange(is_orig: bool) = record { + header : SSH_Key_Exchange_Header(is_orig); + payload: SSH_Payload(is_orig, header.packet_length - header.padding_length - 2); + pad : bytestring &length=header.padding_length; +}; + +type SSH_Payload_Header(length: uint32) = record { + message_type: uint8; +} &length=1; + +type SSH_Payload(is_orig: bool, packet_length: uint32) = record { + header: SSH_Payload_Header(packet_length); + message: SSH_Message(is_orig, header.message_type, packet_length); +}; + +type SSH_Message(is_orig: bool, msg_type: uint8, packet_length: uint32) = case msg_type of { + SSH_MSG_KEXINIT -> kexinit: SSH_KEXINIT(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(is_orig, packet_length); + default -> unknown: bytestring &length=packet_length; +} &let { + detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == SSH_MSG_NEWKEYS); +}; + +type SSH_KEXINIT(is_orig: bool, length: uint32) = record { + cookie : bytestring &length=16; + kex_algorithms_len : uint32; + kex_algorithms : bytestring &length=kex_algorithms_len; + server_host_key_algorithms_len : uint32; + server_host_key_algorithms : bytestring &length=server_host_key_algorithms_len; + encryption_algorithms_client_to_server_len : uint32; + encryption_algorithms_client_to_server : bytestring &length=encryption_algorithms_client_to_server_len; + encryption_algorithms_server_to_client_len : uint32; + encryption_algorithms_server_to_client : bytestring &length=encryption_algorithms_server_to_client_len; + mac_algorithms_client_to_server_len : uint32; + mac_algorithms_client_to_server : bytestring &length=mac_algorithms_client_to_server_len; + mac_algorithms_server_to_client_len : uint32; + mac_algorithms_server_to_client : bytestring &length=mac_algorithms_server_to_client_len; + compression_algorithms_client_to_server_len : uint32; + compression_algorithms_client_to_server : bytestring &length=compression_algorithms_client_to_server_len; + compression_algorithms_server_to_client_len : uint32; + compression_algorithms_server_to_client : bytestring &length=compression_algorithms_server_to_client_len; + languages_client_to_server_len : uint32; + languages_client_to_server : bytestring &length=languages_client_to_server_len; + languages_server_to_client_len : uint32; + languages_server_to_client : bytestring &length=languages_server_to_client_len; + first_kex_packet_follows : uint8; + reserved : uint32; +} &length=length; + +type SSH_DH_GEX_REQUEST(is_orig: bool, length: uint32) = record { + min: uint32; + n : uint32; + max: uint32; +} &length=12; + +type SSH_DH_GEX_GROUP(is_orig: bool, length: uint32) = record { + p: mpint; + g: mpint; +} &length=length; + +type SSH_DH_GEX_INIT(is_orig: bool, length: uint32) = record { + e: mpint; +} &length=length; + +type SSH_DH_GEX_REPLY(is_orig: bool, length: uint32) = record { + k_s : ssh_string; + f : mpint; + signature: ssh_string; +} &length=length; + +#type SSH_NEWKEYS(is_orig: bool, length: uint32) = record { +# blah: ; +#} &let { +# detach: bool = $context.connection.detach(); +#} &length=0; + +type mpint = record { + len: uint32; + val: bytestring &length=len; +}; + +type ssh_string = record { + len: uint32; + val: bytestring &length=len; +}; + +refine connection SSH_Conn += { + %member{ + int state_up_; + int state_down_; + %} + + %init{ + state_up_ = VERSION_EXCHANGE; + state_down_ = VERSION_EXCHANGE; + %} + + function get_state(is_orig: bool): int + %{ + if ( is_orig ) + return state_up_; + else + return state_down_; + %} + + function update_state(s: state, is_orig: bool): bool + %{ + if ( is_orig ) + state_up_ = s; + else + state_down_ = s; + return true; + %} + +}; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh.pac b/src/analyzer/protocol/ssh/ssh.pac new file mode 100644 index 0000000000..b3181c4fa1 --- /dev/null +++ b/src/analyzer/protocol/ssh/ssh.pac @@ -0,0 +1,32 @@ +# Generated by binpac_quickstart + +# Analyzer for Secure Shell +# - ssh-protocol.pac: describes the SSH protocol messages +# - ssh-analyzer.pac: describes the SSH analyzer code + +%include binpac.pac +%include bro.pac + +%extern{ + #include "events.bif.h" +%} + +analyzer SSH withcontext { + connection: SSH_Conn; + flow: SSH_Flow; +}; + +# Our connection consists of two flows, one in each direction. +connection SSH_Conn(bro_analyzer: BroAnalyzer) { + upflow = SSH_Flow(true); + downflow = SSH_Flow(false); +}; + +%include ssh-protocol.pac + +# Now we define the flow: +flow SSH_Flow(is_orig: bool) { + flowunit = SSH_PDU(is_orig) withcontext(connection, this); +}; + +%include ssh-analyzer.pac \ No newline at end of file From 2698fcea8eb5f7e83ddaa6478a20f835bf3b4761 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 22 Apr 2014 18:26:39 -0400 Subject: [PATCH 002/121] SSH: Various updates. --- scripts/base/protocols/ssh/main.bro | 36 ++++++++++++---- src/analyzer/protocol/ssh/SSH.cc | 42 +++++++++++------- src/analyzer/protocol/ssh/SSH.h | 9 ++-- src/analyzer/protocol/ssh/events.bif | 20 +++------ src/analyzer/protocol/ssh/ssh-analyzer.pac | 50 ++++++++++++++++++++-- src/analyzer/protocol/ssh/ssh-protocol.pac | 19 +++++--- 6 files changed, 126 insertions(+), 50 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index c3f90ec332..b9768b6dbb 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -18,6 +18,8 @@ export { client: string &log &optional; ## The server's version string server: string &log &optional; + ## The server's key fingerprint + host_key: string &log &optional; ## Auth result result: string &log &optional; ## Auth method @@ -42,7 +44,7 @@ event bro_init() &priority=5 } -event ssh_version(c: connection, is_orig: bool, version: string) +event ssh_server_version(c: connection, version: string) { if ( !c?$ssh ) { @@ -52,16 +54,25 @@ event ssh_version(c: connection, is_orig: bool, version: string) s$id = c$id; c$ssh = s; } - if ( is_orig ) - c$ssh$client = version; - else - c$ssh$server = version; -# print c$ssh; + c$ssh$server = version; + } + +event ssh_client_version(c: connection, version: string) + { + if ( !c?$ssh ) + { + local s: SSH::Info; + s$ts = network_time(); + s$uid = c$uid; + s$id = c$id; + c$ssh = s; + } + c$ssh$client = version; } event ssh_auth_successful(c: connection, method: string) { - if ( !c?$ssh ) + if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "success"; c$ssh$method = method; @@ -70,7 +81,7 @@ event ssh_auth_successful(c: connection, method: string) event ssh_auth_failed(c: connection, method: string) { - if ( !c?$ssh ) + if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "failure"; c$ssh$method = method; @@ -85,4 +96,13 @@ event connection_closed(c: connection) c$ssh$method = "unknown"; Log::write(SSH::LOG, c$ssh); } + } + +event ssh_server_host_key(c: connection, key: string) + { + if ( !c?$ssh ) + return; + local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30)); + lx[0] = ""; + c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, ""); } \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index caeb5c4ca7..c89a77b9e7 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -18,6 +18,8 @@ SSH_Analyzer::SSH_Analyzer(Connection* c) interp = new binpac::SSH::SSH_Conn(this); had_gap = false; num_encrypted_packets_seen = 0; + initial_client_packet_size = 0; + initial_server_packet_size = 0; } SSH_Analyzer::~SSH_Analyzer() @@ -54,7 +56,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) // deliver data to the other side if the script layer can handle this. return; - if ( num_encrypted_packets_seen || interp->get_state(orig) == binpac::SSH::ENCRYPTED ) + if ( interp->get_state(orig) == binpac::SSH::ENCRYPTED ) { ProcessEncrypted(len, orig); return; @@ -80,23 +82,33 @@ void SSH_Analyzer::Undelivered(int seq, int len, bool orig) void SSH_Analyzer::ProcessEncrypted(int len, bool orig) { - if (!num_encrypted_packets_seen) - { - initial_encrypted_packet_size = len; - } - // printf("Encrypted packet of size %d from %s.\n", len, orig?"client":"server"); - int relative_len = len - initial_encrypted_packet_size; - if ( num_encrypted_packets_seen >= 2 ) + if (orig && !initial_client_packet_size) + initial_client_packet_size = len; + if (!orig && !initial_server_packet_size) + initial_server_packet_size = len; + + int relative_len; + if (orig) + relative_len = len - initial_client_packet_size; + else + relative_len = len - initial_server_packet_size; + // printf("Encrypted packet of length %d from %s.\n", len, orig?"client":"server"); + if ( num_encrypted_packets_seen >= 4 ) { int auth_result = AuthResult(relative_len, orig); if ( auth_result > 0 ) { + num_encrypted_packets_seen = 1; + //printf("Have auth\n"); StringVal* method = new StringVal(AuthMethod(relative_len, orig)); if ( auth_result == 1 ) BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); if ( auth_result == 2 ) BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); } + } + if ( num_encrypted_packets_seen >= 2 ) + { packet_n_2_is_orig = packet_n_1_is_orig; packet_n_2_size = packet_n_1_size; } @@ -108,7 +120,7 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) int SSH_Analyzer::AuthResult(int len, bool orig) { - if ( orig && !packet_n_1_is_orig && packet_n_2_is_orig ) + if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) { if ( len == -16 ) return 1; @@ -123,13 +135,13 @@ int SSH_Analyzer::AuthResult(int len, bool orig) const char* SSH_Analyzer::AuthMethod(int len, bool orig) { if ( packet_n_1_size == 96 ) // Password auth - return "keyboard-interactive"; - if ( packet_n_1_size == 32 ) // Challenge-response auth - return "challenge-response"; + return fmt("password (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); + if ( packet_n_1_size == 32 && ( packet_n_2_size == 0 || packet_n_2_size == 48 ) ) // Challenge-response auth + return fmt("challenge-response (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); if ( packet_n_2_size >= 112 && packet_n_2_size <= 432 ) // Public key auth - return "pubkey"; + return fmt("pubkey (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); if ( packet_n_2_size == 16 ) // Host-based auth - return "host-based"; - return fmt("unknown auth method: n-1=%d n-2=%d", packet_n_1_size, packet_n_2_size); + return fmt("host-based (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); + return fmt("unknown (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); } diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 7d391e8d66..b0d8aade57 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -34,9 +34,9 @@ public: static bool Available() { - // TODO: After you define your events, || them together here. - // See events.bif for more information - return ( ssh_event ); + return ( ssh_server_version || ssh_client_version || + ssh_auth_successful || ssh_auth_failed || + ssh_server_capabilities || ssh_server_host_key ); } protected: @@ -49,7 +49,8 @@ protected: bool had_gap; // Packet analysis stuff - int initial_encrypted_packet_size; + int initial_client_packet_size; + int initial_server_packet_size; int num_encrypted_packets_seen; bool packet_n_1_is_orig; diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index f1fa16919d..cefb591a6e 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -1,17 +1,11 @@ -# Generated by binpac_quickstart +event ssh_server_version%(c: connection, version: string%); -# In this file, you'll define the events that your analyzer will generate. A sample event is included. - -## Generated for SSH connections -## -## See `Google `__ for more information about SSH -## -## c: The connection -##3 -event ssh_event%(c: connection%); - -event ssh_version%(c: connection, is_orig: bool, version: string%); +event ssh_client_version%(c: connection, version: string%); event ssh_auth_successful%(c: connection, method: string%); -event ssh_auth_failed%(c: connection, method: string%); \ No newline at end of file +event ssh_auth_failed%(c: connection, method: string%); + +event ssh_server_capabilities%(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string%); + +event ssh_server_host_key%(c: connection, key: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 5cde754521..05cf20d4b4 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -3,8 +3,34 @@ refine flow SSH_Flow += { function proc_ssh_version(msg: SSH_Version): bool %{ - BifEvent::generate_ssh_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${msg.is_orig}, - bytestring_to_val(${msg.version})); + if ( ssh_client_version && ${msg.is_orig } ) + BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version})); + else if ( ssh_server_version ) + BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version})); + return true; + %} + + function proc_ssh_kexinit(msg: SSH_KEXINIT): bool + %{ + if ( ssh_server_capabilities ) + BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.kex_algorithms}), bytestring_to_val(${msg.server_host_key_algorithms}), + bytestring_to_val(${msg.encryption_algorithms_client_to_server}), + bytestring_to_val(${msg.encryption_algorithms_server_to_client}), + bytestring_to_val(${msg.mac_algorithms_client_to_server}), + bytestring_to_val(${msg.mac_algorithms_server_to_client}), + bytestring_to_val(${msg.compression_algorithms_client_to_server}), + bytestring_to_val(${msg.compression_algorithms_server_to_client}), + bytestring_to_val(${msg.languages_client_to_server}), + bytestring_to_val(${msg.languages_server_to_client})); + return true; + %} + + function proc_ssh_server_host_key(key: bytestring): bool + %{ + if ( ssh_server_host_key ) + BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), + bytestring_to_val(${key})); return true; %} @@ -14,12 +40,30 @@ refine flow SSH_Flow += { return true; %} + function debug(loc: uint8): bool + %{ + printf("DEBUG: %d", loc); + return true; + %} + }; refine typeattr SSH_Version += &let { proc: bool = $context.flow.proc_ssh_version(this); }; +refine typeattr SSH_KEXINIT += &let { + proc: bool = $context.flow.proc_ssh_kexinit(this); +}; + +refine typeattr SSH_DH_GEX_REPLY += &let { + proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); +}; + +refine typeattr SSH_DH_GEX_GROUP += &let { + proc: bool = $context.flow.proc_ssh_server_host_key(p.val); +}; + refine typeattr SSH_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS); -}; +}; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 84b1bc1f6a..aea112ff10 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -41,7 +41,7 @@ enum message_id { type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { VERSION_EXCHANGE -> version: SSH_Version(is_orig); KEY_EXCHANGE_CLEARTEXT -> kex: SSH_Key_Exchange(is_orig); - ENCRYPTED -> unk: bytestring &length=100; + ENCRYPTED -> ciphertext: bytestring &length=1 &transient; } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { @@ -71,12 +71,13 @@ type SSH_Payload(is_orig: bool, packet_length: uint32) = record { }; type SSH_Message(is_orig: bool, msg_type: uint8, packet_length: uint32) = case msg_type of { - SSH_MSG_KEXINIT -> kexinit: SSH_KEXINIT(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(is_orig, packet_length); - default -> unknown: bytestring &length=packet_length; + SSH_MSG_KEXINIT -> kexinit: SSH_KEXINIT(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(is_orig, packet_length); + SSH_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(is_orig, packet_length); + SSH_MSG_NEWKEYS -> new_keys: bytestring &length=packet_length; } &let { detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == SSH_MSG_NEWKEYS); }; @@ -113,6 +114,10 @@ type SSH_DH_GEX_REQUEST(is_orig: bool, length: uint32) = record { max: uint32; } &length=12; +type SSH_DH_GEX_REQUEST_OLD(is_orig: bool, length: uint32) = record { + payload: bytestring &length=length; +} &length=length; + type SSH_DH_GEX_GROUP(is_orig: bool, length: uint32) = record { p: mpint; g: mpint; From 0a50688afc15dd10dac58e7ebcda4fff3088bfe7 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 28 Aug 2014 18:23:30 -0400 Subject: [PATCH 003/121] Move auth method detection into script-land, to make it easier to change. --- scripts/base/protocols/ssh/main.bro | 24 ++++++++++++++++++------ src/analyzer/protocol/ssh/SSH.cc | 23 ++++------------------- src/analyzer/protocol/ssh/SSH.h | 1 - src/analyzer/protocol/ssh/events.bif | 4 ++-- 4 files changed, 24 insertions(+), 28 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index b9768b6dbb..2ac289750a 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -22,7 +22,7 @@ export { host_key: string &log &optional; ## Auth result result: string &log &optional; - ## Auth method + ## Auth method (password, pubkey, etc.) method: string &log &optional; }; @@ -70,21 +70,34 @@ event ssh_client_version(c: connection, version: string) c$ssh$client = version; } -event ssh_auth_successful(c: connection, method: string) +function determine_auth_method(middle_pkt_len: int, first_pkt_len: int): string + { + if ( middle_pkt_len == 96 ) + return "password"; + if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) + return "challenge-response"; + if ( ( first_pkt_len >= 112 ) && ( first_pkt_len <= 432 ) ) + return "pubkey"; + if ( first_pkt_len == 16 ) + return "host-based"; + return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); + } + +event ssh_auth_successful(c: connection, middle_pkt_len: int, first_pkt_len: int) { if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "success"; - c$ssh$method = method; + c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); Log::write(SSH::LOG, c$ssh); } -event ssh_auth_failed(c: connection, method: string) +event ssh_auth_failed(c: connection, middle_pkt_len: int, first_pkt_len: int) { if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "failure"; - c$ssh$method = method; + c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); Log::write(SSH::LOG, c$ssh); } @@ -93,7 +106,6 @@ event connection_closed(c: connection) if ( c?$ssh && !c$ssh?$result ) { c$ssh$result = "unknown"; - c$ssh$method = "unknown"; Log::write(SSH::LOG, c$ssh); } } diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index c89a77b9e7..1d942c5097 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -68,7 +68,6 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - printf(" **** %s\n", e.c_msg()); ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); } } @@ -92,19 +91,18 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) relative_len = len - initial_client_packet_size; else relative_len = len - initial_server_packet_size; - // printf("Encrypted packet of length %d from %s.\n", len, orig?"client":"server"); if ( num_encrypted_packets_seen >= 4 ) { int auth_result = AuthResult(relative_len, orig); if ( auth_result > 0 ) { num_encrypted_packets_seen = 1; - //printf("Have auth\n"); - StringVal* method = new StringVal(AuthMethod(relative_len, orig)); if ( auth_result == 1 ) - BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); + BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), + packet_n_1_size, packet_n_2_size); if ( auth_result == 2 ) - BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), method); + BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), + packet_n_1_size, packet_n_2_size); } } if ( num_encrypted_packets_seen >= 2 ) @@ -132,16 +130,3 @@ int SSH_Analyzer::AuthResult(int len, bool orig) return -1; } -const char* SSH_Analyzer::AuthMethod(int len, bool orig) - { - if ( packet_n_1_size == 96 ) // Password auth - return fmt("password (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); - if ( packet_n_1_size == 32 && ( packet_n_2_size == 0 || packet_n_2_size == 48 ) ) // Challenge-response auth - return fmt("challenge-response (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); - if ( packet_n_2_size >= 112 && - packet_n_2_size <= 432 ) // Public key auth - return fmt("pubkey (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); - if ( packet_n_2_size == 16 ) // Host-based auth - return fmt("host-based (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); - return fmt("unknown (L=%d, L-1=%d, L-2=%d)", len, packet_n_1_size, packet_n_2_size); - } diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index b0d8aade57..7ded40c32c 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -44,7 +44,6 @@ protected: void ProcessEncrypted(int len, bool orig); int AuthResult(int len, bool orig); - const char* AuthMethod(int len, bool orig); bool had_gap; diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index cefb591a6e..1389b2e0da 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -2,9 +2,9 @@ event ssh_server_version%(c: connection, version: string%); event ssh_client_version%(c: connection, version: string%); -event ssh_auth_successful%(c: connection, method: string%); +event ssh_auth_successful%(c: connection, middle_packet_len: int, first_packet_len: int%); -event ssh_auth_failed%(c: connection, method: string%); +event ssh_auth_failed%(c: connection, middle_packet_len: int, first_packet_len: int%); event ssh_server_capabilities%(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string%); From 51373b0592307b9b5957294c8d315959b5fa4195 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 2 Sep 2014 00:15:32 -0400 Subject: [PATCH 004/121] SSH: Misc. updates to the new analyzer. --- scripts/base/protocols/ssh/main.bro | 103 ++++++++++++++++----- src/analyzer/protocol/ssh/SSH.cc | 27 ++++-- src/analyzer/protocol/ssh/ssh-analyzer.pac | 4 - src/analyzer/protocol/ssh/ssh-protocol.pac | 62 ++++++------- 4 files changed, 128 insertions(+), 68 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 2ac289750a..bba3f8ac88 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -1,7 +1,5 @@ ##! Implements base functionality for SSH analysis. Generates the ssh.log file. -# Generated by binpac_quickstart - module SSH; export { @@ -14,20 +12,33 @@ export { uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; + ## Auth result + result: string &log &optional; + ## Auth method (password, pubkey, etc.) + method: string &log &optional; + ## Direction of the connection. If the client was a local host + ## logging into an external host, this would be OUTBOUND. INBOUND + ## would be set for the opposite situation. + ## TODO: handle local-local and remote-remote better. + direction: Direction &log &optional; ## The client's version string client: string &log &optional; ## The server's version string server: string &log &optional; ## The server's key fingerprint host_key: string &log &optional; - ## Auth result - result: string &log &optional; - ## Auth method (password, pubkey, etc.) - method: string &log &optional; + ## This connection has been logged (internal use) + logged: bool &default=F; }; + ## If true, we tell the event engine to not look at further data + ## packets after the initial SSH handshake. Helps with performance + ## (especially with large file transfers) but precludes some + ## kinds of analyses. + const skip_processing_after_detection = F &redef; + ## Event that can be handled to access the SSH record as it is sent on - ## to the loggin framework. + ## to the logging framework. global log_ssh: event(rec: Info); } @@ -43,6 +54,24 @@ event bro_init() &priority=5 Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); } +function determine_auth_method(middle_pkt_len: int, first_pkt_len: int): string + { + # This is still being tested. + # Based on "Analysis for Identifying User Authentication Methods on SSH Connections" + # by Satoh, Nakamura, Ikenaga. + + if ( middle_pkt_len == 96 ) + return "password"; + if ( middle_pkt_len == 16 ) + return "gssapi"; + if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) + return "challenge-response"; + if ( middle_pkt_len < 256 ) + return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); + if ( first_pkt_len == 16 ) + return "host-based"; + return fmt("pubkey (~%d bits)", (first_pkt_len - 16)*8); + } event ssh_server_version(c: connection, version: string) { @@ -70,46 +99,74 @@ event ssh_client_version(c: connection, version: string) c$ssh$client = version; } -function determine_auth_method(middle_pkt_len: int, first_pkt_len: int): string - { - if ( middle_pkt_len == 96 ) - return "password"; - if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) - return "challenge-response"; - if ( ( first_pkt_len >= 112 ) && ( first_pkt_len <= 432 ) ) - return "pubkey"; - if ( first_pkt_len == 16 ) - return "host-based"; - return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); - } - event ssh_auth_successful(c: connection, middle_pkt_len: int, first_pkt_len: int) { + print "ssh_auth_successful"; if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "success"; c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); - Log::write(SSH::LOG, c$ssh); } +event ssh_auth_successful(c: connection, middle_pkt_len: int, first_pkt_len: int) &priority=-5 + { + c$ssh$logged = T; + Log::write(SSH::LOG, c$ssh); + } + event ssh_auth_failed(c: connection, middle_pkt_len: int, first_pkt_len: int) { + print "ssh_auth_failed"; if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "failure"; c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); + } + +event ssh_auth_failed(c: connection, middle_pkt_len: int, first_pkt_len: int) &priority=-5 + { + c$ssh$logged = T; Log::write(SSH::LOG, c$ssh); } -event connection_closed(c: connection) +event connection_state_remove(c: connection) { if ( c?$ssh && !c$ssh?$result ) { c$ssh$result = "unknown"; - Log::write(SSH::LOG, c$ssh); } } +event ssh_server_capabilities(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string) + { + # print "kex_algorithms", kex_algorithms; + # print ""; + # print "server_host_key_algorithms", server_host_key_algorithms; + # print ""; + # print "encryption_algorithms_client_to_server", encryption_algorithms_client_to_server; + # print ""; + # print "encryption_algorithms_server_to_client", encryption_algorithms_server_to_client; + # print ""; + # print "mac_algorithms_client_to_server", mac_algorithms_client_to_server; + # print ""; + # print "mac_algorithms_server_to_client", mac_algorithms_server_to_client; + # print ""; + # print "compression_algorithms_client_to_server", compression_algorithms_client_to_server; + # print ""; + # print "compression_algorithms_server_to_client", compression_algorithms_server_to_client; + # print ""; + # print "languages_client_to_server", languages_client_to_server; + # print ""; + # print "languages_server_to_client", languages_server_to_client; + # print ""; + } + +event connection_state_remove(c: connection) &priority=-5 + { + if ( c?$ssh && !c$ssh$logged ) + Log::write(SSH::LOG, c$ssh); + } + event ssh_server_host_key(c: connection, key: string) { if ( !c?$ssh ) diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index 1d942c5097..c6ac74f5dc 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -91,12 +91,12 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) relative_len = len - initial_client_packet_size; else relative_len = len - initial_server_packet_size; - if ( num_encrypted_packets_seen >= 4 ) + + if ( num_encrypted_packets_seen >= 6 ) { int auth_result = AuthResult(relative_len, orig); if ( auth_result > 0 ) { - num_encrypted_packets_seen = 1; if ( auth_result == 1 ) BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), packet_n_1_size, packet_n_2_size); @@ -105,28 +105,35 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) packet_n_1_size, packet_n_2_size); } } - if ( num_encrypted_packets_seen >= 2 ) + if ( ( num_encrypted_packets_seen >= 2 ) && + ( orig != packet_n_1_is_orig ) ) { packet_n_2_is_orig = packet_n_1_is_orig; packet_n_2_size = packet_n_1_size; } - packet_n_1_is_orig = orig; - packet_n_1_size = relative_len; - num_encrypted_packets_seen++; + + if ( orig == packet_n_1_is_orig ) + packet_n_1_size += len; + else + { + packet_n_1_is_orig = orig; + packet_n_1_size = relative_len; + num_encrypted_packets_seen++; + } } int SSH_Analyzer::AuthResult(int len, bool orig) { - if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) + if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) { + printf("Auth result = %d\n", len); if ( len == -16 ) return 1; - else if ( len >= 16 && - len <= 32 ) + else if ( len >= 16 && len <= 32 ) return 2; return 0; } - return -1; + return -1; } diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 05cf20d4b4..e4dd71bc39 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -60,10 +60,6 @@ refine typeattr SSH_DH_GEX_REPLY += &let { proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); }; -refine typeattr SSH_DH_GEX_GROUP += &let { - proc: bool = $context.flow.proc_ssh_server_host_key(p.val); -}; - refine typeattr SSH_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS); }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index aea112ff10..03f47fd67a 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -5,37 +5,37 @@ enum state { }; enum message_id { - SSH_MSG_DISCONNECT = 1, - SSH_MSG_IGNORE = 2, - SSH_MSG_UNIMPLEMENTED = 3, - SSH_MSG_DEBUG = 4, - SSH_MSG_SERVICE_REQUEST = 5, - SSH_MSG_SERVICE_ACCEPT = 6, - SSH_MSG_KEXINIT = 20, - SSH_MSG_NEWKEYS = 21, - SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH_MSG_KEX_DH_GEX_GROUP = 31, - SSH_MSG_KEX_DH_GEX_INIT = 32, - SSH_MSG_KEX_DH_GEX_REPLY = 33, - SSH_MSG_KEX_DH_GEX_REQUEST = 34, - SSH_MSG_USERAUTH_REQUEST = 50, - SSH_MSG_USERAUTH_FAILURE = 51, - SSH_MSG_USERAUTH_SUCCESS = 52, - SSH_MSG_USERAUTH_BANNER = 53, - SSH_MSG_GLOBAL_REQUEST = 80, - SSH_MSG_REQUEST_SUCCESS = 81, - SSH_MSG_REQUEST_FAILURE = 82, - SSH_MSG_CHANNEL_OPEN = 90, - SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91, - SSH_MSG_CHANNEL_OPEN_FAILURE = 92, - SSH_MSG_CHANNEL_WINDOW_ADJUST = 93, - SSH_MSG_CHANNEL_DATA = 94, - SSH_MSG_CHANNEL_EXTENDED_DATA = 95, - SSH_MSG_CHANNEL_EOF = 96, - SSH_MSG_CHANNEL_CLOSE = 97, - SSH_MSG_CHANNEL_REQUEST = 98, - SSH_MSG_CHANNEL_SUCCESS = 99, - SSH_MSG_CHANNEL_FAILURE = 100, + SSH_MSG_DISCONNECT = 1, + SSH_MSG_IGNORE = 2, + SSH_MSG_UNIMPLEMENTED = 3, + SSH_MSG_DEBUG = 4, + SSH_MSG_SERVICE_REQUEST = 5, + SSH_MSG_SERVICE_ACCEPT = 6, + SSH_MSG_KEXINIT = 20, + SSH_MSG_NEWKEYS = 21, + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, + SSH_MSG_USERAUTH_REQUEST = 50, + SSH_MSG_USERAUTH_FAILURE = 51, + SSH_MSG_USERAUTH_SUCCESS = 52, + SSH_MSG_USERAUTH_BANNER = 53, + SSH_MSG_GLOBAL_REQUEST = 80, + SSH_MSG_REQUEST_SUCCESS = 81, + SSH_MSG_REQUEST_FAILURE = 82, + SSH_MSG_CHANNEL_OPEN = 90, + SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91, + SSH_MSG_CHANNEL_OPEN_FAILURE = 92, + SSH_MSG_CHANNEL_WINDOW_ADJUST = 93, + SSH_MSG_CHANNEL_DATA = 94, + SSH_MSG_CHANNEL_EXTENDED_DATA = 95, + SSH_MSG_CHANNEL_EOF = 96, + SSH_MSG_CHANNEL_CLOSE = 97, + SSH_MSG_CHANNEL_REQUEST = 98, + SSH_MSG_CHANNEL_SUCCESS = 99, + SSH_MSG_CHANNEL_FAILURE = 100, }; type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { From 3ed6dd558518c2de64c83c3936f8df88b6583392 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sat, 27 Dec 2014 17:19:43 -0600 Subject: [PATCH 005/121] A bit of code cleanup. --- src/analyzer/protocol/ssh/ssh-analyzer.pac | 55 ++++---- src/analyzer/protocol/ssh/ssh-protocol.pac | 157 +++++++++------------ 2 files changed, 99 insertions(+), 113 deletions(-) diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index e4dd71bc39..da940fffed 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -1,36 +1,49 @@ -# Generated by binpac_quickstart - refine flow SSH_Flow += { function proc_ssh_version(msg: SSH_Version): bool %{ if ( ssh_client_version && ${msg.is_orig } ) - BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version})); - else if ( ssh_server_version ) - BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.version})); + { + BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.version})); + } + else if ( ssh_server_version ) + { + BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.version})); + } return true; %} function proc_ssh_kexinit(msg: SSH_KEXINIT): bool %{ if ( ssh_server_capabilities ) - BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), - bytestring_to_val(${msg.kex_algorithms}), bytestring_to_val(${msg.server_host_key_algorithms}), - bytestring_to_val(${msg.encryption_algorithms_client_to_server}), - bytestring_to_val(${msg.encryption_algorithms_server_to_client}), - bytestring_to_val(${msg.mac_algorithms_client_to_server}), - bytestring_to_val(${msg.mac_algorithms_server_to_client}), - bytestring_to_val(${msg.compression_algorithms_client_to_server}), - bytestring_to_val(${msg.compression_algorithms_server_to_client}), - bytestring_to_val(${msg.languages_client_to_server}), - bytestring_to_val(${msg.languages_server_to_client})); + { + BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.kex_algorithms.val}), + bytestring_to_val(${msg.server_host_key_algorithms.val}), + bytestring_to_val(${msg.encryption_algorithms_client_to_server.val}), + bytestring_to_val(${msg.encryption_algorithms_server_to_client.val}), + bytestring_to_val(${msg.mac_algorithms_client_to_server.val}), + bytestring_to_val(${msg.mac_algorithms_server_to_client.val}), + bytestring_to_val(${msg.compression_algorithms_client_to_server.val}), + bytestring_to_val(${msg.compression_algorithms_server_to_client.val}), + bytestring_to_val(${msg.languages_client_to_server.val}), + bytestring_to_val(${msg.languages_server_to_client.val})); + } return true; %} function proc_ssh_server_host_key(key: bytestring): bool %{ if ( ssh_server_host_key ) - BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), - bytestring_to_val(${key})); + { + BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${key})); + } return true; %} @@ -40,12 +53,6 @@ refine flow SSH_Flow += { return true; %} - function debug(loc: uint8): bool - %{ - printf("DEBUG: %d", loc); - return true; - %} - }; refine typeattr SSH_Version += &let { @@ -61,5 +68,5 @@ refine typeattr SSH_DH_GEX_REPLY += &let { }; refine typeattr SSH_Message += &let { - proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_MSG_NEWKEYS); + proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH2_MSG_NEWKEYS); }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 03f47fd67a..d14af0a663 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -5,43 +5,43 @@ enum state { }; enum message_id { - SSH_MSG_DISCONNECT = 1, - SSH_MSG_IGNORE = 2, - SSH_MSG_UNIMPLEMENTED = 3, - SSH_MSG_DEBUG = 4, - SSH_MSG_SERVICE_REQUEST = 5, - SSH_MSG_SERVICE_ACCEPT = 6, - SSH_MSG_KEXINIT = 20, - SSH_MSG_NEWKEYS = 21, - SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH_MSG_KEX_DH_GEX_GROUP = 31, - SSH_MSG_KEX_DH_GEX_INIT = 32, - SSH_MSG_KEX_DH_GEX_REPLY = 33, - SSH_MSG_KEX_DH_GEX_REQUEST = 34, - SSH_MSG_USERAUTH_REQUEST = 50, - SSH_MSG_USERAUTH_FAILURE = 51, - SSH_MSG_USERAUTH_SUCCESS = 52, - SSH_MSG_USERAUTH_BANNER = 53, - SSH_MSG_GLOBAL_REQUEST = 80, - SSH_MSG_REQUEST_SUCCESS = 81, - SSH_MSG_REQUEST_FAILURE = 82, - SSH_MSG_CHANNEL_OPEN = 90, - SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91, - SSH_MSG_CHANNEL_OPEN_FAILURE = 92, - SSH_MSG_CHANNEL_WINDOW_ADJUST = 93, - SSH_MSG_CHANNEL_DATA = 94, - SSH_MSG_CHANNEL_EXTENDED_DATA = 95, - SSH_MSG_CHANNEL_EOF = 96, - SSH_MSG_CHANNEL_CLOSE = 97, - SSH_MSG_CHANNEL_REQUEST = 98, - SSH_MSG_CHANNEL_SUCCESS = 99, - SSH_MSG_CHANNEL_FAILURE = 100, + SSH2_MSG_DISCONNECT = 1, + SSH2_MSG_IGNORE = 2, + SSH2_MSG_UNIMPLEMENTED = 3, + SSH2_MSG_DEBUG = 4, + SSH2_MSG_SERVICE_REQUEST = 5, + SSH2_MSG_SERVICE_ACCEPT = 6, + SSH2_MSG_KEXINIT = 20, + SSH2_MSG_NEWKEYS = 21, + SSH2_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH2_MSG_KEX_DH_GEX_GROUP = 31, + SSH2_MSG_KEX_DH_GEX_INIT = 32, + SSH2_MSG_KEX_DH_GEX_REPLY = 33, + SSH2_MSG_KEX_DH_GEX_REQUEST = 34, + SSH2_MSG_USERAUTH_REQUEST = 50, + SSH2_MSG_USERAUTH_FAILURE = 51, + SSH2_MSG_USERAUTH_SUCCESS = 52, + SSH2_MSG_USERAUTH_BANNER = 53, + SSH2_MSG_GLOBAL_REQUEST = 80, + SSH2_MSG_REQUEST_SUCCESS = 81, + SSH2_MSG_REQUEST_FAILURE = 82, + SSH2_MSG_CHANNEL_OPEN = 90, + SSH2_MSG_CHANNEL_OPEN_CONFIRMATION = 91, + SSH2_MSG_CHANNEL_OPEN_FAILURE = 92, + SSH2_MSG_CHANNEL_WINDOW_ADJUST = 93, + SSH2_MSG_CHANNEL_DATA = 94, + SSH2_MSG_CHANNEL_EXTENDED_DATA = 95, + SSH2_MSG_CHANNEL_EOF = 96, + SSH2_MSG_CHANNEL_CLOSE = 97, + SSH2_MSG_CHANNEL_REQUEST = 98, + SSH2_MSG_CHANNEL_SUCCESS = 99, + SSH2_MSG_CHANNEL_FAILURE = 100, }; type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { - VERSION_EXCHANGE -> version: SSH_Version(is_orig); - KEY_EXCHANGE_CLEARTEXT -> kex: SSH_Key_Exchange(is_orig); - ENCRYPTED -> ciphertext: bytestring &length=1 &transient; + VERSION_EXCHANGE -> version: SSH_Version(is_orig); + KEY_EXCHANGE_CLEARTEXT -> kex: SSH_Key_Exchange(is_orig); + ENCRYPTED -> ciphertext: bytestring &length=1 &transient; } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { @@ -51,7 +51,7 @@ type SSH_Version(is_orig: bool) = record { }; type SSH_Key_Exchange_Header(is_orig: bool) = record { - packet_length: uint32; + packet_length : uint32; padding_length: uint8; } &length=5; @@ -61,89 +61,68 @@ type SSH_Key_Exchange(is_orig: bool) = record { pad : bytestring &length=header.padding_length; }; -type SSH_Payload_Header(length: uint32) = record { +type SSH_Payload_Header = record { message_type: uint8; } &length=1; type SSH_Payload(is_orig: bool, packet_length: uint32) = record { - header: SSH_Payload_Header(packet_length); + header: SSH_Payload_Header; message: SSH_Message(is_orig, header.message_type, packet_length); }; type SSH_Message(is_orig: bool, msg_type: uint8, packet_length: uint32) = case msg_type of { - SSH_MSG_KEXINIT -> kexinit: SSH_KEXINIT(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(is_orig, packet_length); - SSH_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(is_orig, packet_length); - SSH_MSG_NEWKEYS -> new_keys: bytestring &length=packet_length; + SSH2_MSG_KEXINIT -> kexinit: SSH_KEXINIT(packet_length); + SSH2_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(packet_length); + SSH2_MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(packet_length); + SSH2_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(packet_length); + SSH2_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(packet_length); + SSH2_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(packet_length); + SSH2_MSG_NEWKEYS -> new_keys: bytestring &length=packet_length; } &let { - detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == SSH_MSG_NEWKEYS); + detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == SSH2_MSG_NEWKEYS); }; -type SSH_KEXINIT(is_orig: bool, length: uint32) = record { - cookie : bytestring &length=16; - kex_algorithms_len : uint32; - kex_algorithms : bytestring &length=kex_algorithms_len; - server_host_key_algorithms_len : uint32; - server_host_key_algorithms : bytestring &length=server_host_key_algorithms_len; - encryption_algorithms_client_to_server_len : uint32; - encryption_algorithms_client_to_server : bytestring &length=encryption_algorithms_client_to_server_len; - encryption_algorithms_server_to_client_len : uint32; - encryption_algorithms_server_to_client : bytestring &length=encryption_algorithms_server_to_client_len; - mac_algorithms_client_to_server_len : uint32; - mac_algorithms_client_to_server : bytestring &length=mac_algorithms_client_to_server_len; - mac_algorithms_server_to_client_len : uint32; - mac_algorithms_server_to_client : bytestring &length=mac_algorithms_server_to_client_len; - compression_algorithms_client_to_server_len : uint32; - compression_algorithms_client_to_server : bytestring &length=compression_algorithms_client_to_server_len; - compression_algorithms_server_to_client_len : uint32; - compression_algorithms_server_to_client : bytestring &length=compression_algorithms_server_to_client_len; - languages_client_to_server_len : uint32; - languages_client_to_server : bytestring &length=languages_client_to_server_len; - languages_server_to_client_len : uint32; - languages_server_to_client : bytestring &length=languages_server_to_client_len; - first_kex_packet_follows : uint8; - reserved : uint32; +type SSH_KEXINIT(length: uint32) = record { + cookie : bytestring &length=16; + kex_algorithms : ssh_string; + server_host_key_algorithms : ssh_string; + encryption_algorithms_client_to_server : ssh_string; + encryption_algorithms_server_to_client : ssh_string; + mac_algorithms_client_to_server : ssh_string; + mac_algorithms_server_to_client : ssh_string; + compression_algorithms_client_to_server : ssh_string; + compression_algorithms_server_to_client : ssh_string; + languages_client_to_server : ssh_string; + languages_server_to_client : ssh_string; + first_kex_packet_follows : uint8; + reserved : uint32; } &length=length; -type SSH_DH_GEX_REQUEST(is_orig: bool, length: uint32) = record { +type SSH_DH_GEX_REQUEST(length: uint32) = record { min: uint32; n : uint32; max: uint32; } &length=12; -type SSH_DH_GEX_REQUEST_OLD(is_orig: bool, length: uint32) = record { +type SSH_DH_GEX_REQUEST_OLD(length: uint32) = record { payload: bytestring &length=length; } &length=length; -type SSH_DH_GEX_GROUP(is_orig: bool, length: uint32) = record { - p: mpint; - g: mpint; +type SSH_DH_GEX_GROUP(length: uint32) = record { + p: ssh_string; + g: ssh_string; } &length=length; -type SSH_DH_GEX_INIT(is_orig: bool, length: uint32) = record { - e: mpint; +type SSH_DH_GEX_INIT(length: uint32) = record { + e: ssh_string; } &length=length; -type SSH_DH_GEX_REPLY(is_orig: bool, length: uint32) = record { +type SSH_DH_GEX_REPLY(length: uint32) = record { k_s : ssh_string; - f : mpint; + f : ssh_string; signature: ssh_string; } &length=length; -#type SSH_NEWKEYS(is_orig: bool, length: uint32) = record { -# blah: ; -#} &let { -# detach: bool = $context.connection.detach(); -#} &length=0; - -type mpint = record { - len: uint32; - val: bytestring &length=len; -}; - type ssh_string = record { len: uint32; val: bytestring &length=len; From 727eada9ac6e92679d5d2bfd3a5ded6c97633051 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Sat, 27 Dec 2014 17:46:42 -0600 Subject: [PATCH 006/121] Move SSH analyzer to new plugin architecture. --- src/analyzer/protocol/ssh/Plugin.cc | 7 ++++++- src/analyzer/protocol/ssh/SSH.cc | 4 ++-- src/analyzer/protocol/ssh/SSH.h | 21 +++++++-------------- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index 5887b7a2c6..d2e0116b09 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -1,5 +1,10 @@ // See the file in the main distribution directory for copyright. + +#include "plugin/Plugin.h" + +#include "SSH.h" + namespace plugin { namespace Bro_SSH { @@ -7,7 +12,7 @@ class Plugin : public plugin::Plugin { public: plugin::Configuration Configure() { - AddComponent(new ::analyzer::Component("SSH", ::analyzer::ssh::SSH_Analyzer::Instantiate)); + AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); plugin::Configuration config; config.name = "Bro::SSH"; diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index c6ac74f5dc..184dbba914 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -1,4 +1,4 @@ -// Generated by binpac_quickstart +// See the file "COPYING" in the main distribution directory for copyright. #include "SSH.h" @@ -72,7 +72,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } } -void SSH_Analyzer::Undelivered(int seq, int len, bool orig) +void SSH_Analyzer::Undelivered(uint64 seq, int len, bool orig) { tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); had_gap = true; diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 4d587b4426..73a5420166 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -1,18 +1,16 @@ +// See the file "COPYING" in the main distribution directory for copyright. + #ifndef ANALYZER_PROTOCOL_SSH_SSH_H #define ANALYZER_PROTOCOL_SSH_SSH_H #include "events.bif.h" - #include "analyzer/protocol/tcp/TCP.h" - #include "ssh_pac.h" namespace analyzer { namespace SSH { -class SSH_Analyzer - -: public tcp::TCP_ApplicationAnalyzer { +class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer { public: SSH_Analyzer(Connection* conn); @@ -20,20 +18,15 @@ public: // Overriden from Analyzer. virtual void Done(); - virtual void DeliverStream(int len, const u_char* data, bool orig); - virtual void Undelivered(int seq, int len, bool orig); + virtual void Undelivered(uint64 seq, int len, bool orig); + + // Overriden from tcp::TCP_ApplicationAnalyzer. + virtual void EndpointEOF(bool is_orig); static analyzer::Analyzer* Instantiate(Connection* conn) { return new SSH_Analyzer(conn); } - static bool Available() - { - return ( ssh_server_version || ssh_client_version || - ssh_auth_successful || ssh_auth_failed || - ssh_server_capabilities || ssh_server_host_key ); - } - protected: binpac::SSH::SSH_Conn* interp; From 5e206ed108e13a31b0829c0c029880007fd8a884 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 6 Jan 2015 20:27:20 -0600 Subject: [PATCH 007/121] Add support for SSH1 --- scripts/base/protocols/ssh/dpd.sig | 11 +- scripts/base/protocols/ssh/main.bro | 55 +++-- src/analyzer/protocol/ssh/SSH.cc | 65 ++++-- src/analyzer/protocol/ssh/SSH.h | 4 +- src/analyzer/protocol/ssh/events.bif | 4 +- src/analyzer/protocol/ssh/ssh-analyzer.pac | 8 +- src/analyzer/protocol/ssh/ssh-protocol.pac | 240 +++++++++++++++------ 7 files changed, 275 insertions(+), 112 deletions(-) diff --git a/scripts/base/protocols/ssh/dpd.sig b/scripts/base/protocols/ssh/dpd.sig index 95e22908ab..e56878275c 100644 --- a/scripts/base/protocols/ssh/dpd.sig +++ b/scripts/base/protocols/ssh/dpd.sig @@ -1,13 +1,6 @@ -signature dpd_ssh_client { +signature dpd_ssh { ip-proto == tcp - payload /^[sS][sS][hH]-/ - requires-reverse-signature dpd_ssh_server + payload /^[sS][sS][hH]-[12]./ enable "ssh" - tcp-state originator } -signature dpd_ssh_server { - ip-proto == tcp - payload /^[sS][sS][hH]-/ - tcp-state responder -} diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index bba3f8ac88..00f387d432 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -12,6 +12,8 @@ export { uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. id: conn_id &log; + ## SSH major version (1 or 2) + version: count &log; ## Auth result result: string &log &optional; ## Auth method (password, pubkey, etc.) @@ -54,23 +56,36 @@ event bro_init() &priority=5 Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); } -function determine_auth_method(middle_pkt_len: int, first_pkt_len: int): string +function determine_auth_method(version: int, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int): string { # This is still being tested. # Based on "Analysis for Identifying User Authentication Methods on SSH Connections" # by Satoh, Nakamura, Ikenaga. - if ( middle_pkt_len == 96 ) - return "password"; - if ( middle_pkt_len == 16 ) - return "gssapi"; - if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) - return "challenge-response"; - if ( middle_pkt_len < 256 ) - return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); - if ( first_pkt_len == 16 ) - return "host-based"; - return fmt("pubkey (~%d bits)", (first_pkt_len - 16)*8); + if ( version == 2 ) + { + if ( first_pkt_len == 0 ) + return "none"; + if ( middle_pkt_len == 96 ) + return "password"; + if ( middle_pkt_len == 16 ) + return "gssapi"; + if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) + return "challenge-response"; + if ( middle_pkt_len < 256 ) + return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); + if ( first_pkt_len == 16 ) + return "host-based"; + return fmt("pubkey (~%d bits)", (first_pkt_len - 16)*8); + } + else if ( version == 1 ) + { + if ( first_pkt_len == 0 ) + return "password"; + if ( first_pkt_len >= 96 && first_pkt_len <= 256 ) + return fmt("pubkey (~%d bits)", first_pkt_len * 8); + return fmt("%d %d %d", first_pkt_len, middle_pkt_len, last_pkt_len); + } } event ssh_server_version(c: connection, version: string) @@ -97,33 +112,37 @@ event ssh_client_version(c: connection, version: string) c$ssh = s; } c$ssh$client = version; + if ( version[4] == "1" ) + c$ssh$version = 1; + if ( version[4] == "2" ) + c$ssh$version = 2; } -event ssh_auth_successful(c: connection, middle_pkt_len: int, first_pkt_len: int) +event ssh_auth_successful(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) { print "ssh_auth_successful"; if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "success"; - c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); + c$ssh$method = determine_auth_method(c$ssh$version, last_pkt_len, middle_pkt_len, first_pkt_len); } -event ssh_auth_successful(c: connection, middle_pkt_len: int, first_pkt_len: int) &priority=-5 +event ssh_auth_successful(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) &priority=-5 { c$ssh$logged = T; Log::write(SSH::LOG, c$ssh); } -event ssh_auth_failed(c: connection, middle_pkt_len: int, first_pkt_len: int) +event ssh_auth_failed(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) { print "ssh_auth_failed"; if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) return; c$ssh$result = "failure"; - c$ssh$method = determine_auth_method(middle_pkt_len, first_pkt_len); + c$ssh$method = determine_auth_method(c$ssh$version, last_pkt_len, middle_pkt_len, first_pkt_len); } -event ssh_auth_failed(c: connection, middle_pkt_len: int, first_pkt_len: int) &priority=-5 +event ssh_auth_failed(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) &priority=-5 { c$ssh$logged = T; Log::write(SSH::LOG, c$ssh); diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index 184dbba914..19ca99417c 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -17,6 +17,7 @@ SSH_Analyzer::SSH_Analyzer(Connection* c) { interp = new binpac::SSH::SSH_Conn(this); had_gap = false; + auth_decision_made = false; num_encrypted_packets_seen = 0; initial_client_packet_size = 0; initial_server_packet_size = 0; @@ -68,6 +69,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { + printf("Binpac exception: %s\n", e.c_msg()); ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); } } @@ -92,17 +94,24 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) else relative_len = len - initial_server_packet_size; - if ( num_encrypted_packets_seen >= 6 ) + if ( !auth_decision_made && ( num_encrypted_packets_seen > 3 ) ) { - int auth_result = AuthResult(relative_len, orig); + int auth_result = AuthResult(relative_len, orig, interp->get_version()); if ( auth_result > 0 ) { + auth_decision_made = true; if ( auth_result == 1 ) - BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), - packet_n_1_size, packet_n_2_size); + BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), + interp->bro_analyzer()->Conn(), + len, + packet_n_1_size, + packet_n_2_size); if ( auth_result == 2 ) - BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), - packet_n_1_size, packet_n_2_size); + BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), + interp->bro_analyzer()->Conn(), + len, + packet_n_1_size, + packet_n_2_size); } } if ( ( num_encrypted_packets_seen >= 2 ) && @@ -111,29 +120,47 @@ void SSH_Analyzer::ProcessEncrypted(int len, bool orig) packet_n_2_is_orig = packet_n_1_is_orig; packet_n_2_size = packet_n_1_size; } - - if ( orig == packet_n_1_is_orig ) + if ( num_encrypted_packets_seen == 0 ) + num_encrypted_packets_seen = 1; + else if ( orig == packet_n_1_is_orig ) packet_n_1_size += len; else { packet_n_1_is_orig = orig; packet_n_1_size = relative_len; - num_encrypted_packets_seen++; + if ( ! ( ( interp->get_version() == binpac::SSH::SSH1 ) && len > 90 ) ) + num_encrypted_packets_seen++; } } -int SSH_Analyzer::AuthResult(int len, bool orig) +int SSH_Analyzer::AuthResult(int len, bool orig, int version) { - if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) - { - printf("Auth result = %d\n", len); - if ( len == -16 ) - return 1; - else if ( len >= 16 && len <= 32 ) - return 2; - return 0; - } + if ( version == binpac::SSH::SSH2 ) + { + if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) + { + if ( len == -16 ) + return 1; + else if ( len >= 16 && len <= 32 ) + return 2; + return 0; + } + } + else if ( version == binpac::SSH::SSH1 ) + { + // On a successful login, the server sends a longer message + if ( !orig && len > 0 ) + { + // To verify a public key, the server sends back a message of the same size + // as the previous one. Ignore that occurrence here. + if ( ! ( packet_n_1_is_orig && ( len == packet_n_1_size ) ) ) + return 1; + } + // If we've seen too many messages without a longer message, treat it as a failure + if ( num_encrypted_packets_seen > 7 ) + return 2; + } return -1; } diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 73a5420166..185e83d4de 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -31,11 +31,13 @@ protected: binpac::SSH::SSH_Conn* interp; void ProcessEncrypted(int len, bool orig); - int AuthResult(int len, bool orig); + int AuthResult(int len, bool orig, int version); bool had_gap; // Packet analysis stuff + bool auth_decision_made; + int initial_client_packet_size; int initial_server_packet_size; int num_encrypted_packets_seen; diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index 1389b2e0da..1b6b80f8df 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -2,9 +2,9 @@ event ssh_server_version%(c: connection, version: string%); event ssh_client_version%(c: connection, version: string%); -event ssh_auth_successful%(c: connection, middle_packet_len: int, first_packet_len: int%); +event ssh_auth_successful%(c: connection, last_packet_len: int, middle_packet_len: int, first_packet_len: int%); -event ssh_auth_failed%(c: connection, middle_packet_len: int, first_packet_len: int%); +event ssh_auth_failed%(c: connection, last_packet_len: int, middle_packet_len: int, first_packet_len: int%); event ssh_server_capabilities%(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string%); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index da940fffed..0e627481a4 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -67,6 +67,10 @@ refine typeattr SSH_DH_GEX_REPLY += &let { proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); }; -refine typeattr SSH_Message += &let { - proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH2_MSG_NEWKEYS); +refine typeattr SSH1_Message += &let { + proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_CMSG_SESSION_KEY); +}; + +refine typeattr SSH2_Message += &let { + proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == MSG_NEWKEYS); }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index d14af0a663..3e1ec95ecc 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -1,41 +1,95 @@ +enum version { + SSH1 = 1, + SSH2 = 2, + UNK = 3, +}; + enum state { VERSION_EXCHANGE = 0, KEY_EXCHANGE_CLEARTEXT = 1, ENCRYPTED = 2, }; -enum message_id { - SSH2_MSG_DISCONNECT = 1, - SSH2_MSG_IGNORE = 2, - SSH2_MSG_UNIMPLEMENTED = 3, - SSH2_MSG_DEBUG = 4, - SSH2_MSG_SERVICE_REQUEST = 5, - SSH2_MSG_SERVICE_ACCEPT = 6, - SSH2_MSG_KEXINIT = 20, - SSH2_MSG_NEWKEYS = 21, - SSH2_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH2_MSG_KEX_DH_GEX_GROUP = 31, - SSH2_MSG_KEX_DH_GEX_INIT = 32, - SSH2_MSG_KEX_DH_GEX_REPLY = 33, - SSH2_MSG_KEX_DH_GEX_REQUEST = 34, - SSH2_MSG_USERAUTH_REQUEST = 50, - SSH2_MSG_USERAUTH_FAILURE = 51, - SSH2_MSG_USERAUTH_SUCCESS = 52, - SSH2_MSG_USERAUTH_BANNER = 53, - SSH2_MSG_GLOBAL_REQUEST = 80, - SSH2_MSG_REQUEST_SUCCESS = 81, - SSH2_MSG_REQUEST_FAILURE = 82, - SSH2_MSG_CHANNEL_OPEN = 90, - SSH2_MSG_CHANNEL_OPEN_CONFIRMATION = 91, - SSH2_MSG_CHANNEL_OPEN_FAILURE = 92, - SSH2_MSG_CHANNEL_WINDOW_ADJUST = 93, - SSH2_MSG_CHANNEL_DATA = 94, - SSH2_MSG_CHANNEL_EXTENDED_DATA = 95, - SSH2_MSG_CHANNEL_EOF = 96, - SSH2_MSG_CHANNEL_CLOSE = 97, - SSH2_MSG_CHANNEL_REQUEST = 98, - SSH2_MSG_CHANNEL_SUCCESS = 99, - SSH2_MSG_CHANNEL_FAILURE = 100, +enum ssh1_message_id { + SSH_MSG_NONE = 0, + SSH_MSG_DISCONNECT = 1, + SSH_SMSG_PUBLIC_KEY = 2, + SSH_CMSG_SESSION_KEY = 3, + SSH_CMSG_USER = 4, + SSH_CMSG_AUTH_RHOSTS = 5, + SSH_CMSG_AUTH_RSA = 6, + SSH_SMSG_AUTH_RSA_CHALLENGE = 7, + SSH_CMSG_AUTH_RSA_RESPONSE = 8, + SSH_CMSG_AUTH_PASSWORD = 9, + SSH_CMSG_REQUEST_PTY = 10, + SSH_CMSG_WINDOW_SIZE = 11, + SSH_CMSG_EXEC_SHELL = 12, + SSH_CMSG_EXEC_CMD = 13, + SSH_SMSG_SUCCESS = 14, + SSH_SMSG_FAILURE = 15, + SSH_CMSG_STDIN_DATA = 16, + SSH_SMSG_STDOUT_DATA = 17, + SSH_SMSG_STDERR_DATA = 18, + SSH_CMSG_EOF = 19, + SSH_SMSG_EXITSTATUS = 20, + SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, + SSH_MSG_CHANNEL_OPEN_FAILURE = 22, + SSH_MSG_CHANNEL_DATA = 23, + SSH_MSG_CHANNEL_CLOSE = 24, + SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, + SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, + SSH_SMSG_X11_OPEN = 27, + SSH_CMSG_PORT_FORWARD_REQUEST = 28, + SSH_MSG_PORT_OPEN = 29, + SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, + SSH_SMSG_AGENT_OPEN = 31, + SSH_MSG_IGNORE = 32, + SSH_CMSG_EXIT_CONFIRMATION = 33, + SSH_CMSG_X11_REQUEST_FORWARDING = 34, + SSH_CMSG_AUTH_RHOSTS_RSA = 35, + SSH_MSG_DEBUG = 36, + SSH_CMSG_REQUEST_COMPRESSION = 37, + SSH_CMSG_MAX_PACKET_SIZE = 38, + SSH_CMSG_AUTH_TIS = 39, + SSH_SMSG_AUTH_TIS_CHALLENGE = 40, + SSH_CMSG_AUTH_TIS_RESPONSE = 41, + SSH_CMSG_AUTH_KERBEROS = 42, + SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, + SSH_CMSG_HAVE_KERBEROS_TGT = 44, +}; + +enum ssh2_message_id { + MSG_DISCONNECT = 1, + MSG_IGNORE = 2, + MSG_UNIMPLEMENTED = 3, + MSG_DEBUG = 4, + MSG_SERVICE_REQUEST = 5, + MSG_SERVICE_ACCEPT = 6, + MSG_KEXINIT = 20, + MSG_NEWKEYS = 21, + MSG_KEX_DH_GEX_REQUEST_OLD = 30, + MSG_KEX_DH_GEX_GROUP = 31, + MSG_KEX_DH_GEX_INIT = 32, + MSG_KEX_DH_GEX_REPLY = 33, + MSG_KEX_DH_GEX_REQUEST = 34, + MSG_USERAUTH_REQUEST = 50, + MSG_USERAUTH_FAILURE = 51, + MSG_USERAUTH_SUCCESS = 52, + MSG_USERAUTH_BANNER = 53, + MSG_GLOBAL_REQUEST = 80, + MSG_REQUEST_SUCCESS = 81, + MSG_REQUEST_FAILURE = 82, + MSG_CHANNEL_OPEN = 90, + MSG_CHANNEL_OPEN_CONFIRMATION = 91, + MSG_CHANNEL_OPEN_FAILURE = 92, + MSG_CHANNEL_WINDOW_ADJUST = 93, + MSG_CHANNEL_DATA = 94, + MSG_CHANNEL_EXTENDED_DATA = 95, + MSG_CHANNEL_EOF = 96, + MSG_CHANNEL_CLOSE = 97, + MSG_CHANNEL_REQUEST = 98, + MSG_CHANNEL_SUCCESS = 99, + MSG_CHANNEL_FAILURE = 100, }; type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { @@ -46,40 +100,76 @@ type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { type SSH_Version(is_orig: bool) = record { version: bytestring &oneline; + pad: bytestring &length=0 &transient; } &let { - update_state: bool = $context.connection.update_state(KEY_EXCHANGE_CLEARTEXT, is_orig); + update_state : bool = $context.connection.update_state(KEY_EXCHANGE_CLEARTEXT, is_orig); + update_version: bool = $context.connection.update_version(version, is_orig); }; -type SSH_Key_Exchange_Header(is_orig: bool) = record { - packet_length : uint32; +type SSH_Key_Exchange(is_orig: bool) = case $context.connection.get_version() of { + SSH1 -> ssh1_msg: SSH1_Key_Exchange(is_orig); + SSH2 -> ssh2_msg: SSH2_Key_Exchange(is_orig); +}; + +type SSH1_Key_Exchange(is_orig: bool) = record { + packet_length: uint32; + pad_fill : bytestring &length = 8 - (packet_length % 8); + msg_type : uint8; + message : SSH1_Message(is_orig, msg_type, packet_length-5); + crc : uint32; +} &length = packet_length + 4 + 8 - (packet_length % 8); + +type SSH2_Key_Exchange_Header = record { + packet_length : uint32; padding_length: uint8; -} &length=5; - -type SSH_Key_Exchange(is_orig: bool) = record { - header : SSH_Key_Exchange_Header(is_orig); - payload: SSH_Payload(is_orig, header.packet_length - header.padding_length - 2); - pad : bytestring &length=header.padding_length; -}; - -type SSH_Payload_Header = record { - message_type: uint8; -} &length=1; - -type SSH_Payload(is_orig: bool, packet_length: uint32) = record { - header: SSH_Payload_Header; - message: SSH_Message(is_orig, header.message_type, packet_length); -}; - -type SSH_Message(is_orig: bool, msg_type: uint8, packet_length: uint32) = case msg_type of { - SSH2_MSG_KEXINIT -> kexinit: SSH_KEXINIT(packet_length); - SSH2_MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(packet_length); - SSH2_MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(packet_length); - SSH2_MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(packet_length); - SSH2_MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(packet_length); - SSH2_MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(packet_length); - SSH2_MSG_NEWKEYS -> new_keys: bytestring &length=packet_length; + msg_type : uint8; } &let { - detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == SSH2_MSG_NEWKEYS); + payload_length: uint32 = packet_length - padding_length - 2; +} &length=6; + +type SSH2_Key_Exchange(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH1_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_SMSG_PUBLIC_KEY -> public_key: SSH1_PUBLIC_KEY(length); + SSH_CMSG_SESSION_KEY -> session_key: SSH1_SESSION_KEY(length); +} &let { + detach: bool = $context.connection.update_state(ENCRYPTED, is_orig); +}; + +type SSH1_PUBLIC_KEY(length: uint32) = record { + cookie : bytestring &length=8; + server_key : uint32; + server_key_p : ssh1_mp_int; + server_key_e : ssh1_mp_int; + host_key : uint32; + host_key_p : ssh1_mp_int; + host_key_e : ssh1_mp_int; + flags : uint32; + supported_ciphers : uint32; + supported_auths : uint32; +} &length=length; + +type SSH1_SESSION_KEY(length: uint32) = record { + cipher : uint8; + cookie : bytestring &length=8; + session_key : ssh1_mp_int; + flags : uint32; +} &length=length; + +type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + MSG_KEXINIT -> kexinit: SSH_KEXINIT(length); + MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(length); + MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(length); + MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(length); + MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(length); + MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(length); + MSG_NEWKEYS -> new_keys: bytestring &length=length; +} &let { + detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); }; type SSH_KEXINIT(length: uint32) = record { @@ -123,6 +213,11 @@ type SSH_DH_GEX_REPLY(length: uint32) = record { signature: ssh_string; } &length=length; +type ssh1_mp_int = record { + len: uint16; + val: bytestring &length=(len+7)/8; +}; + type ssh_string = record { len: uint32; val: bytestring &length=len; @@ -132,19 +227,25 @@ refine connection SSH_Conn += { %member{ int state_up_; int state_down_; + int version_; %} %init{ state_up_ = VERSION_EXCHANGE; state_down_ = VERSION_EXCHANGE; + version_ = UNK; %} function get_state(is_orig: bool): int %{ if ( is_orig ) + { return state_up_; + } else + { return state_down_; + } %} function update_state(s: state, is_orig: bool): bool @@ -156,4 +257,21 @@ refine connection SSH_Conn += { return true; %} + function get_version(): int + %{ + return version_; + %} + + function update_version(v: bytestring, is_orig: bool): bool + %{ + if ( is_orig && ( v.length() >= 4 ) ) + { + if ( v[4] == '2' ) + version_ = SSH2; + if ( v[4] == '1' ) + version_ = SSH1; + } + return true; + %} + }; \ No newline at end of file From 245bd07af7d58af2fc3772a7a3363a573db7a6fa Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 6 Jan 2015 21:23:18 -0600 Subject: [PATCH 008/121] Add host key support for SSH1. --- scripts/base/protocols/ssh/main.bro | 21 +++++++++++++++++---- src/analyzer/protocol/ssh/events.bif | 4 +++- src/analyzer/protocol/ssh/ssh-analyzer.pac | 16 ++++++++++++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 00f387d432..24e11779b7 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -186,11 +186,24 @@ event connection_state_remove(c: connection) &priority=-5 Log::write(SSH::LOG, c$ssh); } +function generate_fingerprint(c: connection, key: string) + { + local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30)); + lx[0] = ""; + c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, ""); + } + +event ssh1_server_host_key(c: connection, p: string, e: string) + { + if ( !c?$ssh ) + return; + generate_fingerprint(c, e + p); + } + event ssh_server_host_key(c: connection, key: string) { if ( !c?$ssh ) return; - local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30)); - lx[0] = ""; - c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, ""); - } \ No newline at end of file + generate_fingerprint(c, key); + } + diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index 1b6b80f8df..7505dfd6db 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -8,4 +8,6 @@ event ssh_auth_failed%(c: connection, last_packet_len: int, middle_packet_len: i event ssh_server_capabilities%(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string%); -event ssh_server_host_key%(c: connection, key: string%); \ No newline at end of file +event ssh_server_host_key%(c: connection, key: string%); + +event ssh1_server_host_key%(c: connection, p: string, e: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 0e627481a4..1af96a4c5c 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -47,6 +47,18 @@ refine flow SSH_Flow += { return true; %} + function proc_ssh1_server_host_key(p: bytestring, e: bytestring): bool + %{ + if ( ssh_server_host_key ) + { + BifEvent::generate_ssh1_server_host_key(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${p}), + bytestring_to_val(${e})); + } + return true; + %} + function proc_newkeys(): bool %{ connection()->bro_analyzer()->ProtocolConfirmation(); @@ -73,4 +85,8 @@ refine typeattr SSH1_Message += &let { refine typeattr SSH2_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == MSG_NEWKEYS); +}; + +refine typeattr SSH1_PUBLIC_KEY += &let { + proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); }; \ No newline at end of file From 05ecac24971cba58f58c28704cdb2b77bee2dbf1 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 13 Jan 2015 12:02:31 -0500 Subject: [PATCH 009/121] Refactored the SSH analyzer. Added supported for algorithm detection and more key exchange message types. --- scripts/base/init-bare.bro | 37 ++ scripts/base/protocols/ssh/dpd.sig | 11 +- scripts/base/protocols/ssh/main.bro | 251 ++++++----- src/analyzer/protocol/ssh/CMakeLists.txt | 1 + src/analyzer/protocol/ssh/SSH.cc | 147 +++--- src/analyzer/protocol/ssh/SSH.h | 12 +- src/analyzer/protocol/ssh/events.bif | 8 +- src/analyzer/protocol/ssh/ssh-analyzer.pac | 98 +++- src/analyzer/protocol/ssh/ssh-protocol.pac | 502 ++++++++++++++++----- src/analyzer/protocol/ssh/ssh.pac | 1 + src/analyzer/protocol/ssh/types.bif | 5 + 11 files changed, 745 insertions(+), 328 deletions(-) create mode 100644 src/analyzer/protocol/ssh/types.bif diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index efce524fc5..f71ebe7718 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -2222,6 +2222,43 @@ export { const heartbeat_interval = 1.0 secs &redef; } +module SSH; + +export { + ## SSH Capability record + type Capabilities: record { + ## Key exchange algorithms + kex_algorithms : string_vec; + ## The algorithms supported for the server host key + server_host_key_algorithms : string_vec; + ## Acceptable symmetric encryption algorithms for c->s, + ## in order of preference + encryption_algorithms_client_to_server : string_vec; + ## Acceptable symmetric encryption algorithms for s->c, + ## in order of preference + encryption_algorithms_server_to_client : string_vec; + ## Acceptable MAC algorithms for c->s, + ## in order of preference + mac_algorithms_client_to_server : string_vec; + + ## Acceptable MAC algorithms for s->c, + ## in order of preference + mac_algorithms_server_to_client : string_vec; + ## Acceptable compression algorithms for c->s, + ## in order of preference + compression_algorithms_client_to_server : string_vec; + ## Acceptable compression algorithms for c->s, + ## in order of preference + compression_algorithms_server_to_client : string_vec; + ## Language tags in order of preference for c->s + languages_client_to_server : string_vec &optional; + ## Language tags in order of preference for s->c + languages_server_to_client : string_vec &optional; + ## Are these the capabilities of the server? + is_server : bool; + }; +} + module GLOBAL; ## An NTP message. diff --git a/scripts/base/protocols/ssh/dpd.sig b/scripts/base/protocols/ssh/dpd.sig index e56878275c..816e7929b3 100644 --- a/scripts/base/protocols/ssh/dpd.sig +++ b/scripts/base/protocols/ssh/dpd.sig @@ -1,6 +1,13 @@ -signature dpd_ssh { +signature dpd_ssh_client { ip-proto == tcp - payload /^[sS][sS][hH]-[12]./ + payload /^[sS][sS][hH]-[12]\./ + requires-reverse-signature dpd_ssh_server enable "ssh" + tcp-state originator } +signature dpd_ssh_server { + ip-proto == tcp + payload /^[sS][sS][hH]-[12]\./ + tcp-state responder +} \ No newline at end of file diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 24e11779b7..8db2e4d023 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -15,22 +15,40 @@ export { ## SSH major version (1 or 2) version: count &log; ## Auth result - result: string &log &optional; - ## Auth method (password, pubkey, etc.) - method: string &log &optional; + auth_success: bool &log &optional; + + ## Auth details + auth_details: string &log &optional; ## Direction of the connection. If the client was a local host ## logging into an external host, this would be OUTBOUND. INBOUND ## would be set for the opposite situation. ## TODO: handle local-local and remote-remote better. direction: Direction &log &optional; + ## The encryption algorithm in use + cipher_alg: string &log &optional; + ## The signing (MAC) algorithm in use + mac_alg: string &log &optional; + ## The compression algorithm in use + compression_alg: string &log &optional; + ## The key exchange algorithm in use + kex_alg: string &log &optional; + + ## The server host key's algorithm + host_key_alg: string &log &optional; + ## The server's key fingerprint + host_key: string &log &optional; ## The client's version string client: string &log &optional; ## The server's version string server: string &log &optional; - ## The server's key fingerprint - host_key: string &log &optional; + ## This connection has been logged (internal use) logged: bool &default=F; + ## Number of failures seen (internal use) + num_failures: count &default=0; + ## Store capabilities from the first host for + ## comparison with the second (internal use) + capabilities: Capabilities &optional; }; ## If true, we tell the event engine to not look at further data @@ -48,146 +66,167 @@ redef record connection += { ssh: Info &optional; }; -const ports = { 22/tcp }; - event bro_init() &priority=5 { Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]); - Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); } -function determine_auth_method(version: int, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int): string - { - # This is still being tested. - # Based on "Analysis for Identifying User Authentication Methods on SSH Connections" - # by Satoh, Nakamura, Ikenaga. - if ( version == 2 ) - { - if ( first_pkt_len == 0 ) - return "none"; - if ( middle_pkt_len == 96 ) - return "password"; - if ( middle_pkt_len == 16 ) - return "gssapi"; - if ( ( middle_pkt_len == 32 ) && ( first_pkt_len == 0 || first_pkt_len == 48 ) ) - return "challenge-response"; - if ( middle_pkt_len < 256 ) - return fmt("unknown (mid=%d, first=%d)", middle_pkt_len, first_pkt_len); - if ( first_pkt_len == 16 ) - return "host-based"; - return fmt("pubkey (~%d bits)", (first_pkt_len - 16)*8); - } - else if ( version == 1 ) - { - if ( first_pkt_len == 0 ) - return "password"; - if ( first_pkt_len >= 96 && first_pkt_len <= 256 ) - return fmt("pubkey (~%d bits)", first_pkt_len * 8); - return fmt("%d %d %d", first_pkt_len, middle_pkt_len, last_pkt_len); - } - } +function init_record(c: connection) + { + local s: SSH::Info; + s$ts = network_time(); + s$uid = c$uid; + s$id = c$id; + c$ssh = s; + } + event ssh_server_version(c: connection, version: string) { if ( !c?$ssh ) - { - local s: SSH::Info; - s$ts = network_time(); - s$uid = c$uid; - s$id = c$id; - c$ssh = s; - } + init_record(c); + c$ssh$server = version; } event ssh_client_version(c: connection, version: string) { if ( !c?$ssh ) - { - local s: SSH::Info; - s$ts = network_time(); - s$uid = c$uid; - s$id = c$id; - c$ssh = s; - } + init_record(c); + c$ssh$client = version; + if ( version[4] == "1" ) c$ssh$version = 1; if ( version[4] == "2" ) c$ssh$version = 2; } -event ssh_auth_successful(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) +event ssh_auth_successful(c: connection, auth_method_none: bool) { - print "ssh_auth_successful"; - if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) + if ( !c?$ssh || ( c$ssh?$auth_success && c$ssh$auth_success ) ) return; - c$ssh$result = "success"; - c$ssh$method = determine_auth_method(c$ssh$version, last_pkt_len, middle_pkt_len, first_pkt_len); - } -event ssh_auth_successful(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) &priority=-5 - { - c$ssh$logged = T; - Log::write(SSH::LOG, c$ssh); - } - -event ssh_auth_failed(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) - { - print "ssh_auth_failed"; - if ( !c?$ssh || ( c$ssh?$result && c$ssh$result == "success" ) ) + # We can't accurately tell for compressed streams + if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || + c$ssh$compression_alg == "zlib" ) ) return; - c$ssh$result = "failure"; - c$ssh$method = determine_auth_method(c$ssh$version, last_pkt_len, middle_pkt_len, first_pkt_len); - } - -event ssh_auth_failed(c: connection, last_pkt_len: int, middle_pkt_len: int, first_pkt_len: int) &priority=-5 - { - c$ssh$logged = T; - Log::write(SSH::LOG, c$ssh); - } + + c$ssh$auth_success = T; -event connection_state_remove(c: connection) - { - if ( c?$ssh && !c$ssh?$result ) + if ( auth_method_none ) + c$ssh$auth_details = "method: none"; + + if ( skip_processing_after_detection) { - c$ssh$result = "unknown"; + skip_further_processing(c$id); + set_record_packets(c$id, F); + } + } + +event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=-5 + { + if ( c?$ssh && !c$ssh$logged ) + { + c$ssh$logged = T; + Log::write(SSH::LOG, c$ssh); } } - -event ssh_server_capabilities(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string) + +event ssh_auth_failed(c: connection) { - # print "kex_algorithms", kex_algorithms; - # print ""; - # print "server_host_key_algorithms", server_host_key_algorithms; - # print ""; - # print "encryption_algorithms_client_to_server", encryption_algorithms_client_to_server; - # print ""; - # print "encryption_algorithms_server_to_client", encryption_algorithms_server_to_client; - # print ""; - # print "mac_algorithms_client_to_server", mac_algorithms_client_to_server; - # print ""; - # print "mac_algorithms_server_to_client", mac_algorithms_server_to_client; - # print ""; - # print "compression_algorithms_client_to_server", compression_algorithms_client_to_server; - # print ""; - # print "compression_algorithms_server_to_client", compression_algorithms_server_to_client; - # print ""; - # print "languages_client_to_server", languages_client_to_server; - # print ""; - # print "languages_server_to_client", languages_server_to_client; - # print ""; + if ( !c?$ssh || ( c$ssh?$auth_success && !c$ssh$auth_success ) ) + return; + + # We can't accurately tell for compressed streams + if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || + c$ssh$compression_alg == "zlib" ) ) + return; + + c$ssh$auth_success = F; + c$ssh$num_failures += 1; + } + +function array_to_vec(s: string_array): vector of string + { + local r: vector of string; + + for (i in s) + r[i] = s[i]; + return r; + } + +function find_client_preferred_algorithm(client_algorithms: vector of string, server_algorithms: vector of string): string + { + for ( i in client_algorithms ) + for ( j in server_algorithms ) + if ( client_algorithms[i] == server_algorithms[j] ) + return client_algorithms[i]; + } + +function find_client_preferred_algorithm_bidirectional(client_algorithms_c_to_s: vector of string, + server_algorithms_c_to_s: vector of string, + client_algorithms_s_to_c: vector of string, + server_algorithms_s_to_c: vector of string): string + { + local c_to_s = find_client_preferred_algorithm(client_algorithms_c_to_s, server_algorithms_c_to_s); + local s_to_c = find_client_preferred_algorithm(client_algorithms_s_to_c, server_algorithms_s_to_c); + + return c_to_s == s_to_c ? c_to_s : fmt("To server: %s, to client: %s", c_to_s, s_to_c); + } + +event ssh_capabilities(c: connection, cookie: string, capabilities: Capabilities) + { + if ( !c?$ssh || ( c$ssh?$capabilities && c$ssh$capabilities$is_server == capabilities$is_server ) ) + return; + + if ( !c$ssh?$capabilities ) + { + c$ssh$capabilities = capabilities; + return; + } + + local client_caps = capabilities$is_server ? c$ssh$capabilities : capabilities; + local server_caps = capabilities$is_server ? capabilities : c$ssh$capabilities; + + c$ssh$cipher_alg = find_client_preferred_algorithm_bidirectional(client_caps$encryption_algorithms_client_to_server, + server_caps$encryption_algorithms_client_to_server, + client_caps$encryption_algorithms_server_to_client, + server_caps$encryption_algorithms_server_to_client); + + c$ssh$mac_alg = find_client_preferred_algorithm_bidirectional(client_caps$mac_algorithms_client_to_server, + server_caps$mac_algorithms_client_to_server, + client_caps$mac_algorithms_server_to_client, + server_caps$mac_algorithms_server_to_client); + + c$ssh$compression_alg = find_client_preferred_algorithm_bidirectional(client_caps$compression_algorithms_client_to_server, + server_caps$compression_algorithms_client_to_server, + client_caps$compression_algorithms_server_to_client, + server_caps$compression_algorithms_server_to_client); + + c$ssh$kex_alg = find_client_preferred_algorithm(client_caps$kex_algorithms, server_caps$kex_algorithms); + c$ssh$host_key_alg = find_client_preferred_algorithm(client_caps$server_host_key_algorithms, + server_caps$server_host_key_algorithms); } event connection_state_remove(c: connection) &priority=-5 { - if ( c?$ssh && !c$ssh$logged ) + if ( c?$ssh && !c$ssh$logged && c$ssh?$client && c$ssh?$server ) + { + if ( c$ssh?$auth_success && !c$ssh$auth_success ) + c$ssh$auth_details = fmt("%d failure%s", c$ssh$num_failures, c$ssh$num_failures == 1 ? "" : "s"); + + c$ssh$logged = T; Log::write(SSH::LOG, c$ssh); + } } function generate_fingerprint(c: connection, key: string) { + if ( !c?$ssh ) + return; + local lx = str_split(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30)); lx[0] = ""; c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, ""); @@ -195,15 +234,11 @@ function generate_fingerprint(c: connection, key: string) event ssh1_server_host_key(c: connection, p: string, e: string) { - if ( !c?$ssh ) - return; generate_fingerprint(c, e + p); } event ssh_server_host_key(c: connection, key: string) { - if ( !c?$ssh ) - return; generate_fingerprint(c, key); } diff --git a/src/analyzer/protocol/ssh/CMakeLists.txt b/src/analyzer/protocol/ssh/CMakeLists.txt index 1266e4f496..de9abeb31f 100644 --- a/src/analyzer/protocol/ssh/CMakeLists.txt +++ b/src/analyzer/protocol/ssh/CMakeLists.txt @@ -6,6 +6,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI bro_plugin_begin(Bro SSH) bro_plugin_cc(SSH.cc Plugin.cc) + bro_plugin_bif(types.bif) bro_plugin_bif(events.bif) bro_plugin_pac(ssh.pac ssh-analyzer.pac ssh-protocol.pac) bro_plugin_end() \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index 19ca99417c..4cf05c8c54 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -6,6 +6,7 @@ #include "Reporter.h" +#include "types.bif.h" #include "events.bif.h" using namespace analyzer::SSH; @@ -18,10 +19,10 @@ SSH_Analyzer::SSH_Analyzer(Connection* c) interp = new binpac::SSH::SSH_Conn(this); had_gap = false; auth_decision_made = false; - num_encrypted_packets_seen = 0; - initial_client_packet_size = 0; - initial_server_packet_size = 0; - } + skipped_banner = false; + service_accept_size = 0; + userauth_failure_size = 0; + } SSH_Analyzer::~SSH_Analyzer() { @@ -59,7 +60,13 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) if ( interp->get_state(orig) == binpac::SSH::ENCRYPTED ) { - ProcessEncrypted(len, orig); + if ( ssh_encrypted_packet ) + BifEvent::generate_ssh_encrypted_packet(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), + orig, len); + + if ( !auth_decision_made ) + ProcessEncrypted(len, orig); + return; } @@ -69,7 +76,6 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } catch ( const binpac::Exception& e ) { - printf("Binpac exception: %s\n", e.c_msg()); ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); } } @@ -83,84 +89,65 @@ void SSH_Analyzer::Undelivered(uint64 seq, int len, bool orig) void SSH_Analyzer::ProcessEncrypted(int len, bool orig) { - if (orig && !initial_client_packet_size) - initial_client_packet_size = len; - if (!orig && !initial_server_packet_size) - initial_server_packet_size = len; - - int relative_len; - if (orig) - relative_len = len - initial_client_packet_size; - else - relative_len = len - initial_server_packet_size; - - if ( !auth_decision_made && ( num_encrypted_packets_seen > 3 ) ) + // We're interested in messages from the server for SSH2 + if (!orig && (interp->get_version() == binpac::SSH::SSH2)) { - int auth_result = AuthResult(relative_len, orig, interp->get_version()); - if ( auth_result > 0 ) + // The first thing we see and want to know is the length of + // SSH_MSG_SERVICE_REQUEST, which has a fixed (decrypted) size + // of 24 bytes (17 for content pad-aligned to 8-byte + // boundaries) + if (!service_accept_size) + { + service_accept_size = len; + return; + } + + // If our user can authenticate via the "none" method, this + // packet will be a SSH_MSG_USERAUTH_SUCCESS, which has a + // fixed (decrypted) size of 8 bytes (1 for content + // pad-aligned to 8-byte boundaries). relative_len would be + // -16. + if (!userauth_failure_size && (len + 16 == service_accept_size)) { auth_decision_made = true; - if ( auth_result == 1 ) - BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), - interp->bro_analyzer()->Conn(), - len, - packet_n_1_size, - packet_n_2_size); - if ( auth_result == 2 ) - BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), - interp->bro_analyzer()->Conn(), - len, - packet_n_1_size, - packet_n_2_size); + if ( ssh_auth_successful ) + BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), true); + return; + } + + // Normally, this packet would be a SSH_MSG_USERAUTH_FAILURE + // message, with a variable length, depending on the + // authentication methods the server supports. If it's too + // big, it might contain a pre-auth MOTD/banner, so we'll just + // skip it. + if (!userauth_failure_size) + { + if ( !skipped_banner && (len - service_accept_size) > 256 ) + { + skipped_banner = true; + return; + } + userauth_failure_size = len; + return; + } + + // If we've already seen a failure, let's see if this is + // another packet of the same size. + if (len == userauth_failure_size) + { + if ( ssh_auth_failed ) + BifEvent::generate_ssh_auth_failed(interp->bro_analyzer(), interp->bro_analyzer()->Conn()); + return; + } + + // ...or a success packet. + if (len - service_accept_size == -16) + { + auth_decision_made = true; + if ( ssh_auth_successful ) + BifEvent::generate_ssh_auth_successful(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), false); + return; } } - if ( ( num_encrypted_packets_seen >= 2 ) && - ( orig != packet_n_1_is_orig ) ) - { - packet_n_2_is_orig = packet_n_1_is_orig; - packet_n_2_size = packet_n_1_size; - } - if ( num_encrypted_packets_seen == 0 ) - num_encrypted_packets_seen = 1; - else if ( orig == packet_n_1_is_orig ) - packet_n_1_size += len; - else - { - packet_n_1_is_orig = orig; - packet_n_1_size = relative_len; - if ( ! ( ( interp->get_version() == binpac::SSH::SSH1 ) && len > 90 ) ) - num_encrypted_packets_seen++; - } - } - - -int SSH_Analyzer::AuthResult(int len, bool orig, int version) - { - if ( version == binpac::SSH::SSH2 ) - { - if ( !orig && packet_n_1_is_orig && !packet_n_2_is_orig ) - { - if ( len == -16 ) - return 1; - else if ( len >= 16 && len <= 32 ) - return 2; - return 0; - } - } - else if ( version == binpac::SSH::SSH1 ) - { - // On a successful login, the server sends a longer message - if ( !orig && len > 0 ) - { - // To verify a public key, the server sends back a message of the same size - // as the previous one. Ignore that occurrence here. - if ( ! ( packet_n_1_is_orig && ( len == packet_n_1_size ) ) ) - return 1; - } - // If we've seen too many messages without a longer message, treat it as a failure - if ( num_encrypted_packets_seen > 7 ) - return 2; - } - return -1; } diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index 185e83d4de..af6dcbf090 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -31,22 +31,16 @@ protected: binpac::SSH::SSH_Conn* interp; void ProcessEncrypted(int len, bool orig); - int AuthResult(int len, bool orig, int version); bool had_gap; // Packet analysis stuff bool auth_decision_made; + bool skipped_banner; - int initial_client_packet_size; - int initial_server_packet_size; - int num_encrypted_packets_seen; + int service_accept_size; + int userauth_failure_size; - bool packet_n_1_is_orig; - int packet_n_1_size; - bool packet_n_2_is_orig; - int packet_n_2_size; - }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index 7505dfd6db..4a8d959de4 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -2,11 +2,13 @@ event ssh_server_version%(c: connection, version: string%); event ssh_client_version%(c: connection, version: string%); -event ssh_auth_successful%(c: connection, last_packet_len: int, middle_packet_len: int, first_packet_len: int%); +event ssh_auth_successful%(c: connection, auth_method_none: bool%); -event ssh_auth_failed%(c: connection, last_packet_len: int, middle_packet_len: int, first_packet_len: int%); +event ssh_auth_failed%(c: connection%); -event ssh_server_capabilities%(c: connection, kex_algorithms: string, server_host_key_algorithms: string, encryption_algorithms_client_to_server: string, encryption_algorithms_server_to_client: string, mac_algorithms_client_to_server: string, mac_algorithms_server_to_client: string, compression_algorithms_client_to_server: string, compression_algorithms_server_to_client: string, languages_client_to_server: string, languages_server_to_client: string%); +event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); + +event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabilities%); event ssh_server_host_key%(c: connection, key: string%); diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 1af96a4c5c..0a76b7c8f4 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -1,3 +1,53 @@ +%extern{ +#include +#include +#include +%} + +%header{ +VectorVal* name_list_to_vector(const bytestring nl); +%} + +%code{ +// Copied from IRC_Analyzer::SplitWords +VectorVal* name_list_to_vector(const bytestring nl) + { + VectorVal* vv = new VectorVal(internal_type("string_vec")->AsVectorType()); + + string name_list = std_str(nl); + if ( name_list.size() < 1 ) + return vv; + + unsigned int start = 0; + unsigned int split_pos = 0; + + while ( name_list[start] == ',' ) + { + ++start; + ++split_pos; + } + + string word; + while ( (split_pos = name_list.find(',', start)) < name_list.size() ) + { + word = name_list.substr(start, split_pos - start); + if ( word.size() > 0 && word[0] != ',' ) + vv->Assign(vv->Size(), new StringVal(word)); + + start = split_pos + 1; + } + + // Add line end if needed. + if ( start < name_list.size() ) + { + word = name_list.substr(start, name_list.size() - start); + vv->Assign(vv->Size(), new StringVal(word)); + } + + return vv; + } +%} + refine flow SSH_Flow += { function proc_ssh_version(msg: SSH_Version): bool %{ @@ -18,20 +68,26 @@ refine flow SSH_Flow += { function proc_ssh_kexinit(msg: SSH_KEXINIT): bool %{ - if ( ssh_server_capabilities ) + if ( ssh_capabilities ) { - BifEvent::generate_ssh_server_capabilities(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${msg.kex_algorithms.val}), - bytestring_to_val(${msg.server_host_key_algorithms.val}), - bytestring_to_val(${msg.encryption_algorithms_client_to_server.val}), - bytestring_to_val(${msg.encryption_algorithms_server_to_client.val}), - bytestring_to_val(${msg.mac_algorithms_client_to_server.val}), - bytestring_to_val(${msg.mac_algorithms_server_to_client.val}), - bytestring_to_val(${msg.compression_algorithms_client_to_server.val}), - bytestring_to_val(${msg.compression_algorithms_server_to_client.val}), - bytestring_to_val(${msg.languages_client_to_server.val}), - bytestring_to_val(${msg.languages_server_to_client.val})); + RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities); + result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); + result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); + result->Assign(2, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); + result->Assign(3, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); + result->Assign(4, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); + result->Assign(5, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); + result->Assign(6, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); + result->Assign(7, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); + if ( ${msg.languages_client_to_server.len} ) + result->Assign(8, name_list_to_vector(${msg.languages_client_to_server.val})); + if ( ${msg.languages_server_to_client.len} ) + result->Assign(9, name_list_to_vector(${msg.languages_server_to_client.val})); + result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL)); + + BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), + result); } return true; %} @@ -49,7 +105,7 @@ refine flow SSH_Flow += { function proc_ssh1_server_host_key(p: bytestring, e: bytestring): bool %{ - if ( ssh_server_host_key ) + if ( ssh1_server_host_key ) { BifEvent::generate_ssh1_server_host_key(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), @@ -75,10 +131,6 @@ refine typeattr SSH_KEXINIT += &let { proc: bool = $context.flow.proc_ssh_kexinit(this); }; -refine typeattr SSH_DH_GEX_REPLY += &let { - proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); -}; - refine typeattr SSH1_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == SSH_CMSG_SESSION_KEY); }; @@ -87,6 +139,14 @@ refine typeattr SSH2_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == MSG_NEWKEYS); }; +refine typeattr SSH_DH_GEX_REPLY += &let { + proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); +}; + +refine typeattr SSH_ECC_REPLY += &let { + proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); +}; + refine typeattr SSH1_PUBLIC_KEY += &let { - proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); + proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 3e1ec95ecc..36bfcaedf3 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -5,104 +5,143 @@ enum version { }; enum state { - VERSION_EXCHANGE = 0, - KEY_EXCHANGE_CLEARTEXT = 1, - ENCRYPTED = 2, + VERSION_EXCHANGE = 0, + KEX_INIT = 1, + KEX_DH_GEX = 2, + KEX_DH = 3, + KEX_ECC = 4, + KEX_GSS = 5, + KEX_RSA = 6, + ENCRYPTED = 7, +}; + +# diffie-hellman-group1-sha1 [RFC4253] Section 8.1 +# diffie-hellman-group14-sha1 [RFC4253] Section 8.2 +enum KEX_DH_message_id { + SSH_MSG_KEXDH_INIT = 30, + SSH_MSG_KEXDH_REPLY = 31, +}; + +# diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 +# diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 +enum KEX_DH_GEX_message_id { + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, +}; + +# rsa1024-sha1 [RFC4432] +# rsa2048-sha256 [RFC4432] +enum KEX_RSA_message_id { + SSH_MSG_KEXRSA_PUBKEY = 30, + SSH_MSG_KEXRSA_SECRET = 31, + SSH_MSG_KEXRSA_DONE = 32, +}; + +# gss-group1-sha1-* [RFC4462] Section 2.3 +# gss-group14-sha1-* [RFC4462] Section 2.4 +# gss-gex-sha1-* [RFC4462] Section 2.5 +# gss-* [RFC4462] Section 2.6 +enum KEX_GSS_message_id { + SSH_MSG_KEXGSS_INIT = 30, + SSH_MSG_KEXGSS_CONTINUE = 31, + SSH_MSG_KEXGSS_COMPLETE = 32, + SSH_MSG_KEXGSS_HOSTKEY = 33, + SSH_MSG_KEXGSS_ERROR = 34, + SSH_MSG_KEXGSS_GROUPREQ = 40, + SSH_MSG_KEXGSS_GROUP = 41, +}; + +# ecdh-sha2-* [RFC5656] +enum KEX_ECDH_message_id { + SSH_MSG_KEX_ECDH_INIT = 30, + SSH_MSG_KEX_ECDH_REPLY = 31, +}; + +# ecmqv-sha2 [RFC5656] +enum KEX_ECMQV_message_id { + SSH_MSG_ECMQV_INIT = 30, + SSH_MSG_ECMQV_REPLY = 31, }; enum ssh1_message_id { - SSH_MSG_NONE = 0, - SSH_MSG_DISCONNECT = 1, - SSH_SMSG_PUBLIC_KEY = 2, - SSH_CMSG_SESSION_KEY = 3, - SSH_CMSG_USER = 4, - SSH_CMSG_AUTH_RHOSTS = 5, - SSH_CMSG_AUTH_RSA = 6, - SSH_SMSG_AUTH_RSA_CHALLENGE = 7, - SSH_CMSG_AUTH_RSA_RESPONSE = 8, - SSH_CMSG_AUTH_PASSWORD = 9, - SSH_CMSG_REQUEST_PTY = 10, - SSH_CMSG_WINDOW_SIZE = 11, - SSH_CMSG_EXEC_SHELL = 12, - SSH_CMSG_EXEC_CMD = 13, - SSH_SMSG_SUCCESS = 14, - SSH_SMSG_FAILURE = 15, - SSH_CMSG_STDIN_DATA = 16, - SSH_SMSG_STDOUT_DATA = 17, - SSH_SMSG_STDERR_DATA = 18, - SSH_CMSG_EOF = 19, - SSH_SMSG_EXITSTATUS = 20, + SSH_MSG_NONE = 0, + SSH_MSG_DISCONNECT = 1, + SSH_SMSG_PUBLIC_KEY = 2, + SSH_CMSG_SESSION_KEY = 3, + SSH_CMSG_USER = 4, + SSH_CMSG_AUTH_RHOSTS = 5, + SSH_CMSG_AUTH_RSA = 6, + SSH_SMSG_AUTH_RSA_CHALLENGE = 7, + SSH_CMSG_AUTH_RSA_RESPONSE = 8, + SSH_CMSG_AUTH_PASSWORD = 9, + SSH_CMSG_REQUEST_PTY = 10, + SSH_CMSG_WINDOW_SIZE = 11, + SSH_CMSG_EXEC_SHELL = 12, + SSH_CMSG_EXEC_CMD = 13, + SSH_SMSG_SUCCESS = 14, + SSH_SMSG_FAILURE = 15, + SSH_CMSG_STDIN_DATA = 16, + SSH_SMSG_STDOUT_DATA = 17, + SSH_SMSG_STDERR_DATA = 18, + SSH_CMSG_EOF = 19, + SSH_SMSG_EXITSTATUS = 20, SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, SSH_MSG_CHANNEL_OPEN_FAILURE = 22, - SSH_MSG_CHANNEL_DATA = 23, - SSH_MSG_CHANNEL_CLOSE = 24, + SSH_MSG_CHANNEL_DATA = 23, + SSH_MSG_CHANNEL_CLOSE = 24, SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, - SSH_SMSG_X11_OPEN = 27, + SSH_SMSG_X11_OPEN = 27, SSH_CMSG_PORT_FORWARD_REQUEST = 28, - SSH_MSG_PORT_OPEN = 29, + SSH_MSG_PORT_OPEN = 29, SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, - SSH_SMSG_AGENT_OPEN = 31, - SSH_MSG_IGNORE = 32, - SSH_CMSG_EXIT_CONFIRMATION = 33, + SSH_SMSG_AGENT_OPEN = 31, + SSH_MSG_IGNORE = 32, + SSH_CMSG_EXIT_CONFIRMATION = 33, SSH_CMSG_X11_REQUEST_FORWARDING = 34, - SSH_CMSG_AUTH_RHOSTS_RSA = 35, - SSH_MSG_DEBUG = 36, + SSH_CMSG_AUTH_RHOSTS_RSA = 35, + SSH_MSG_DEBUG = 36, SSH_CMSG_REQUEST_COMPRESSION = 37, - SSH_CMSG_MAX_PACKET_SIZE = 38, - SSH_CMSG_AUTH_TIS = 39, - SSH_SMSG_AUTH_TIS_CHALLENGE = 40, - SSH_CMSG_AUTH_TIS_RESPONSE = 41, - SSH_CMSG_AUTH_KERBEROS = 42, + SSH_CMSG_MAX_PACKET_SIZE = 38, + SSH_CMSG_AUTH_TIS = 39, + SSH_SMSG_AUTH_TIS_CHALLENGE = 40, + SSH_CMSG_AUTH_TIS_RESPONSE = 41, + SSH_CMSG_AUTH_KERBEROS = 42, SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, - SSH_CMSG_HAVE_KERBEROS_TGT = 44, + SSH_CMSG_HAVE_KERBEROS_TGT = 44, }; enum ssh2_message_id { - MSG_DISCONNECT = 1, - MSG_IGNORE = 2, - MSG_UNIMPLEMENTED = 3, - MSG_DEBUG = 4, - MSG_SERVICE_REQUEST = 5, - MSG_SERVICE_ACCEPT = 6, - MSG_KEXINIT = 20, - MSG_NEWKEYS = 21, - MSG_KEX_DH_GEX_REQUEST_OLD = 30, - MSG_KEX_DH_GEX_GROUP = 31, - MSG_KEX_DH_GEX_INIT = 32, - MSG_KEX_DH_GEX_REPLY = 33, - MSG_KEX_DH_GEX_REQUEST = 34, - MSG_USERAUTH_REQUEST = 50, - MSG_USERAUTH_FAILURE = 51, - MSG_USERAUTH_SUCCESS = 52, - MSG_USERAUTH_BANNER = 53, - MSG_GLOBAL_REQUEST = 80, - MSG_REQUEST_SUCCESS = 81, - MSG_REQUEST_FAILURE = 82, - MSG_CHANNEL_OPEN = 90, - MSG_CHANNEL_OPEN_CONFIRMATION = 91, - MSG_CHANNEL_OPEN_FAILURE = 92, - MSG_CHANNEL_WINDOW_ADJUST = 93, - MSG_CHANNEL_DATA = 94, - MSG_CHANNEL_EXTENDED_DATA = 95, - MSG_CHANNEL_EOF = 96, - MSG_CHANNEL_CLOSE = 97, - MSG_CHANNEL_REQUEST = 98, - MSG_CHANNEL_SUCCESS = 99, - MSG_CHANNEL_FAILURE = 100, + MSG_DISCONNECT = 1, + MSG_IGNORE = 2, + MSG_UNIMPLEMENTED = 3, + MSG_DEBUG = 4, + MSG_SERVICE_REQUEST = 5, + MSG_SERVICE_ACCEPT = 6, + MSG_KEXINIT = 20, + MSG_NEWKEYS = 21, }; +## SSH Generic + type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { - VERSION_EXCHANGE -> version: SSH_Version(is_orig); - KEY_EXCHANGE_CLEARTEXT -> kex: SSH_Key_Exchange(is_orig); - ENCRYPTED -> ciphertext: bytestring &length=1 &transient; + VERSION_EXCHANGE -> version: SSH_Version(is_orig); + KEX_INIT -> kex: SSH_Key_Exchange(is_orig); + KEX_DH_GEX -> kex_dh_gex: SSH_Key_Exchange_DH_GEX(is_orig); + KEX_DH -> kex_dh: SSH_Key_Exchange_DH(is_orig); + KEX_ECC -> kex_ecc: SSH_Key_Exchange_ECC(is_orig); + KEX_GSS -> kex_gss: SSH_Key_Exchange_GSS(is_orig); + KEX_RSA -> kex_rsa: SSH_Key_Exchange_RSA(is_orig); } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { version: bytestring &oneline; pad: bytestring &length=0 &transient; } &let { - update_state : bool = $context.connection.update_state(KEY_EXCHANGE_CLEARTEXT, is_orig); + update_state : bool = $context.connection.update_state(KEX_INIT, is_orig); update_version: bool = $context.connection.update_version(version, is_orig); }; @@ -111,6 +150,8 @@ type SSH_Key_Exchange(is_orig: bool) = case $context.connection.get_version() of SSH2 -> ssh2_msg: SSH2_Key_Exchange(is_orig); }; +## SSH1 + type SSH1_Key_Exchange(is_orig: bool) = record { packet_length: uint32; pad_fill : bytestring &length = 8 - (packet_length % 8); @@ -119,20 +160,6 @@ type SSH1_Key_Exchange(is_orig: bool) = record { crc : uint32; } &length = packet_length + 4 + 8 - (packet_length % 8); -type SSH2_Key_Exchange_Header = record { - packet_length : uint32; - padding_length: uint8; - msg_type : uint8; -} &let { - payload_length: uint32 = packet_length - padding_length - 2; -} &length=6; - -type SSH2_Key_Exchange(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - type SSH1_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { SSH_SMSG_PUBLIC_KEY -> public_key: SSH1_PUBLIC_KEY(length); SSH_CMSG_SESSION_KEY -> session_key: SSH1_SESSION_KEY(length); @@ -160,19 +187,35 @@ type SSH1_SESSION_KEY(length: uint32) = record { flags : uint32; } &length=length; +type ssh1_mp_int = record { + len: uint16; + val: bytestring &length=(len+7)/8; +}; + +## SSH2 + +type SSH2_Key_Exchange_Header = record { + packet_length : uint32; + padding_length: uint8; + msg_type : uint8; +} &let { + payload_length: uint32 = packet_length - padding_length - 2; +} &length=6; + +type SSH2_Key_Exchange(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - MSG_KEXINIT -> kexinit: SSH_KEXINIT(length); - MSG_KEX_DH_GEX_REQUEST -> dh_gex_request: SSH_DH_GEX_REQUEST(length); - MSG_KEX_DH_GEX_REQUEST_OLD -> dh_gex_request_old: SSH_DH_GEX_REQUEST_OLD(length); - MSG_KEX_DH_GEX_GROUP -> dh_gex_group: SSH_DH_GEX_GROUP(length); - MSG_KEX_DH_GEX_INIT -> dh_gex_init: SSH_DH_GEX_INIT(length); - MSG_KEX_DH_GEX_REPLY -> dh_gex_reply: SSH_DH_GEX_REPLY(length); - MSG_NEWKEYS -> new_keys: bytestring &length=length; + MSG_KEXINIT -> kexinit: SSH_KEXINIT(length, is_orig); + default -> unknown: bytestring &length=length; } &let { detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); }; -type SSH_KEXINIT(length: uint32) = record { +type SSH_KEXINIT(length: uint32, is_orig: bool) = record { cookie : bytestring &length=16; kex_algorithms : ssh_string; server_host_key_algorithms : ssh_string; @@ -182,21 +225,52 @@ type SSH_KEXINIT(length: uint32) = record { mac_algorithms_server_to_client : ssh_string; compression_algorithms_client_to_server : ssh_string; compression_algorithms_server_to_client : ssh_string; - languages_client_to_server : ssh_string; - languages_server_to_client : ssh_string; - first_kex_packet_follows : uint8; - reserved : uint32; + languages_client_to_server : ssh_string; + languages_server_to_client : ssh_string; + first_kex_packet_follows : uint8; + reserved : uint32; +} &let { + proc_kex : bool = $context.connection.update_kex(kex_algorithms.val, is_orig); } &length=length; -type SSH_DH_GEX_REQUEST(length: uint32) = record { +# KEX_DH exchanges + +type SSH_Key_Exchange_DH(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH_Key_Exchange_DH_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXDH_INIT -> init : SSH_DH_GEX_INIT(length); + SSH_MSG_KEXDH_REPLY -> reply : SSH_DH_GEX_REPLY(length); +}; + +# KEX_DH_GEX exchanges + +type SSH_Key_Exchange_DH_GEX(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH_Key_Exchange_DH_GEX_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH_Key_Exchange_DH_GEX_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH_DH_GEX_REQUEST_OLD; + SSH_MSG_KEX_DH_GEX_REQUEST -> request : SSH_DH_GEX_REQUEST; + SSH_MSG_KEX_DH_GEX_GROUP -> group : SSH_DH_GEX_GROUP(length); + SSH_MSG_KEX_DH_GEX_INIT -> init : SSH_DH_GEX_INIT(length); + SSH_MSG_KEX_DH_GEX_REPLY -> reply : SSH_DH_GEX_REPLY(length); +}; + +type SSH_DH_GEX_REQUEST = record { min: uint32; n : uint32; max: uint32; } &length=12; -type SSH_DH_GEX_REQUEST_OLD(length: uint32) = record { - payload: bytestring &length=length; -} &length=length; +type SSH_DH_GEX_REQUEST_OLD = record { + n: uint32; +} &length=4; type SSH_DH_GEX_GROUP(length: uint32) = record { p: ssh_string; @@ -213,9 +287,106 @@ type SSH_DH_GEX_REPLY(length: uint32) = record { signature: ssh_string; } &length=length; -type ssh1_mp_int = record { - len: uint16; - val: bytestring &length=(len+7)/8; +# KEX_RSA exchanges + +type SSH_Key_Exchange_RSA(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH_Key_Exchange_RSA_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH_Key_Exchange_RSA_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH_RSA_PUBKEY(length); + SSH_MSG_KEXRSA_SECRET -> secret : SSH_RSA_SECRET(length); + SSH_MSG_KEXRSA_DONE -> done : SSH_RSA_DONE(length); +}; + +type SSH_RSA_PUBKEY(length: uint32) = record { + k_s: ssh_string; + k_t: ssh_string; +} &length=length; + +type SSH_RSA_SECRET(length: uint32) = record { + encrypted_payload: ssh_string; +} &length=length; + +type SSH_RSA_DONE(length: uint32) = record { + signature: ssh_string; +} &length=length; + +# KEX_GSS exchanges + +type SSH_Key_Exchange_GSS(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH_Key_Exchange_GSS_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH_Key_Exchange_GSS_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXGSS_INIT -> init : SSH_GSS_INIT(length); + SSH_MSG_KEXGSS_CONTINUE -> cont : SSH_GSS_CONTINUE(length); + SSH_MSG_KEXGSS_COMPLETE -> complete : SSH_GSS_COMPLETE(length); + SSH_MSG_KEXGSS_HOSTKEY -> hostkey : SSH_GSS_HOSTKEY(length); + SSH_MSG_KEXGSS_ERROR -> error : SSH_GSS_ERROR(length); + SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH_DH_GEX_REQUEST; + SSH_MSG_KEXGSS_GROUP -> group : SSH_DH_GEX_GROUP(length); +}; + +type SSH_GSS_INIT(length: uint32) = record { + output_token: ssh_string; + e : ssh_string; +} &length=length; + +type SSH_GSS_CONTINUE(length: uint32) = record { + output_token: ssh_string; +} &length=length; + +type SSH_GSS_COMPLETE(length: uint32) = record { + f : ssh_string; + per_msg_token : ssh_string; + have_token : uint8; + parse_token : case have_token of { + 0 -> no_token: empty; + default -> token: ssh_string; + }; +} &length=length; + +type SSH_GSS_HOSTKEY(length: uint32) = record { + k_s: ssh_string; +} &length=length; + +type SSH_GSS_ERROR(length: uint32) = record { + major_status: uint32; + minor_status: uint32; + message : ssh_string; + language : ssh_string; +} &length=length; + +# KEX_ECDH and KEX_ECMQV exchanges + +type SSH_Key_Exchange_ECC(is_orig: bool) = record { + header : SSH2_Key_Exchange_Header; + payload : SSH_Key_Exchange_ECC_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; +} &length=header.packet_length + 4; + +type SSH_Key_Exchange_ECC_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEX_ECDH_INIT -> init : SSH_ECC_INIT(length); + SSH_MSG_KEX_ECDH_REPLY -> reply : SSH_ECC_REPLY(length); +}; + +# This deviates from the RFC. SSH_MSG_KEX_ECDH_INIT and +# SSH_MSG_KEX_ECMQV_INIT can be parsed the same way. +type SSH_ECC_INIT(length: uint32) = record { + q_c: ssh_string; +}; + +# This deviates from the RFC. SSH_MSG_KEX_ECDH_REPLY and +# SSH_MSG_KEX_ECMQV_REPLY can be parsed the same way. +type SSH_ECC_REPLY(length: uint32) = record { + k_s : ssh_string; + q_s : ssh_string; + signature : ssh_string; }; type ssh_string = record { @@ -223,17 +394,35 @@ type ssh_string = record { val: bytestring &length=len; }; +type ssh_host_key = record { + len: uint32; + key_type: ssh_string; + key: ssh_string; +} &length=(len + 4); + +## Done with types + refine connection SSH_Conn += { %member{ int state_up_; int state_down_; int version_; + + bool kex_orig_; + bool kex_seen_; + bytestring kex_algs_cache_; + bytestring kex_algorithm_; %} %init{ state_up_ = VERSION_EXCHANGE; state_down_ = VERSION_EXCHANGE; version_ = UNK; + + kex_seen_ = false; + kex_orig_ = false; + kex_algs_cache_ = bytestring(); + kex_algorithm_ = bytestring(); %} function get_state(is_orig: bool): int @@ -274,4 +463,103 @@ refine connection SSH_Conn += { return true; %} + function update_kex_state_if_equal(s: string, to_state: state): bool + %{ + if ( strcmp(c_str(kex_algorithm_), s.c_str()) == 0 ) + { + update_state(to_state, true); + update_state(to_state, false); + return true; + } + return false; + %} + + function update_kex_state_if_startswith(s: string, to_state: state): bool + %{ + if ( (uint) kex_algorithm_.length() < s.length() ) + return false; + + if ( strcmp(std_str(kex_algorithm_).substr(0, s.length()).c_str(), s.c_str()) == 0 ) + { + update_state(to_state, true); + update_state(to_state, false); + return true; + } + return false; + %} + + function update_kex(algs: bytestring, orig: bool): bool + %{ + if ( !kex_seen_ ) + { + kex_seen_ = true; + kex_orig_ = orig; + kex_algs_cache_.init(${algs}.data(), ${algs}.length()); + + return false; + } + else if ( kex_orig_ == orig ) + return false; + + VectorVal* client_list = name_list_to_vector(orig ? algs : kex_algs_cache_); + VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs); + + for ( unsigned int i = 0; i < client_list->Size(); ++i) + { + for ( unsigned int j = 0; j < server_list->Size(); ++j) + { + if ( strcmp((const char *) client_list->Lookup(i)->AsStringVal()->Bytes(), + (const char *) server_list->Lookup(j)->AsStringVal()->Bytes()) == 0 ) + { + kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(), + client_list->Lookup(i)->AsStringVal()->Len()); + + // UNTESTED + if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) ) + return true; + // UNTESTED + if ( update_kex_state_if_equal("rsa2048-sha256", KEX_RSA) ) + return true; + + // UNTESTED + if ( update_kex_state_if_equal("diffie-hellman-group1-sha1", KEX_DH) ) + return true; + // UNTESTED + if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) ) + return true; + + if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) ) + return true; + if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha256", KEX_DH_GEX) ) + return true; + + if ( update_kex_state_if_startswith("gss-group1-sha1-", KEX_GSS) ) + return true; + if ( update_kex_state_if_startswith("gss-group14-sha1-", KEX_GSS) ) + return true; + if ( update_kex_state_if_startswith("gss-gex-sha1-", KEX_GSS) ) + return true; + if ( update_kex_state_if_startswith("gss-", KEX_GSS) ) + return true; + + if ( update_kex_state_if_startswith("ecdh-sha2-", KEX_ECC) ) + return true; + if ( update_kex_state_if_equal("ecmqv-sha2", KEX_ECC) ) + return true; + if ( update_kex_state_if_equal("curve25519-sha256@libssh.org", KEX_ECC) ) + return true; + + + bro_analyzer()->Weird(fmt("ssh_unknown_kex_algorithm=%s", c_str(kex_algorithm_))); + return true; + + } + } + } + + return true; + + %} + + }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh.pac b/src/analyzer/protocol/ssh/ssh.pac index b3181c4fa1..2358f056da 100644 --- a/src/analyzer/protocol/ssh/ssh.pac +++ b/src/analyzer/protocol/ssh/ssh.pac @@ -8,6 +8,7 @@ %include bro.pac %extern{ + #include "types.bif.h" #include "events.bif.h" %} diff --git a/src/analyzer/protocol/ssh/types.bif b/src/analyzer/protocol/ssh/types.bif new file mode 100644 index 0000000000..38e51600f3 --- /dev/null +++ b/src/analyzer/protocol/ssh/types.bif @@ -0,0 +1,5 @@ +module SSH; + +type Capabilities: record; + +module GLOBAL; \ No newline at end of file From 3190ca275e4c64ea0eb6c8ddbd81bc6afe95bc04 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Fri, 6 Feb 2015 19:32:08 -0500 Subject: [PATCH 010/121] SSH: Fix some memleaks. --- src/analyzer/protocol/ssh/ssh-protocol.pac | 167 +++++++++++---------- 1 file changed, 89 insertions(+), 78 deletions(-) diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 36bfcaedf3..e642e87cea 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -6,44 +6,44 @@ enum version { enum state { VERSION_EXCHANGE = 0, - KEX_INIT = 1, - KEX_DH_GEX = 2, - KEX_DH = 3, - KEX_ECC = 4, - KEX_GSS = 5, - KEX_RSA = 6, - ENCRYPTED = 7, + KEX_INIT = 1, + KEX_DH_GEX = 2, + KEX_DH = 3, + KEX_ECC = 4, + KEX_GSS = 5, + KEX_RSA = 6, + ENCRYPTED = 7, }; -# diffie-hellman-group1-sha1 [RFC4253] Section 8.1 -# diffie-hellman-group14-sha1 [RFC4253] Section 8.2 +# diffie-hellman-group1-sha1 [RFC4253] Section 8.1 +# diffie-hellman-group14-sha1 [RFC4253] Section 8.2 enum KEX_DH_message_id { SSH_MSG_KEXDH_INIT = 30, SSH_MSG_KEXDH_REPLY = 31, }; -# diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 -# diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 +# diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 +# diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 enum KEX_DH_GEX_message_id { - SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH_MSG_KEX_DH_GEX_GROUP = 31, - SSH_MSG_KEX_DH_GEX_INIT = 32, - SSH_MSG_KEX_DH_GEX_REPLY = 33, - SSH_MSG_KEX_DH_GEX_REQUEST = 34, + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, }; -# rsa1024-sha1 [RFC4432] -# rsa2048-sha256 [RFC4432] +# rsa1024-sha1 [RFC4432] +# rsa2048-sha256 [RFC4432] enum KEX_RSA_message_id { - SSH_MSG_KEXRSA_PUBKEY = 30, - SSH_MSG_KEXRSA_SECRET = 31, - SSH_MSG_KEXRSA_DONE = 32, + SSH_MSG_KEXRSA_PUBKEY = 30, + SSH_MSG_KEXRSA_SECRET = 31, + SSH_MSG_KEXRSA_DONE = 32, }; -# gss-group1-sha1-* [RFC4462] Section 2.3 -# gss-group14-sha1-* [RFC4462] Section 2.4 -# gss-gex-sha1-* [RFC4462] Section 2.5 -# gss-* [RFC4462] Section 2.6 +# gss-group1-sha1-* [RFC4462] Section 2.3 +# gss-group14-sha1-* [RFC4462] Section 2.4 +# gss-gex-sha1-* [RFC4462] Section 2.5 +# gss-* [RFC4462] Section 2.6 enum KEX_GSS_message_id { SSH_MSG_KEXGSS_INIT = 30, SSH_MSG_KEXGSS_CONTINUE = 31, @@ -56,8 +56,8 @@ enum KEX_GSS_message_id { # ecdh-sha2-* [RFC5656] enum KEX_ECDH_message_id { - SSH_MSG_KEX_ECDH_INIT = 30, - SSH_MSG_KEX_ECDH_REPLY = 31, + SSH_MSG_KEX_ECDH_INIT = 30, + SSH_MSG_KEX_ECDH_REPLY = 31, }; # ecmqv-sha2 [RFC5656] @@ -67,74 +67,74 @@ enum KEX_ECMQV_message_id { }; enum ssh1_message_id { - SSH_MSG_NONE = 0, - SSH_MSG_DISCONNECT = 1, - SSH_SMSG_PUBLIC_KEY = 2, - SSH_CMSG_SESSION_KEY = 3, - SSH_CMSG_USER = 4, - SSH_CMSG_AUTH_RHOSTS = 5, - SSH_CMSG_AUTH_RSA = 6, - SSH_SMSG_AUTH_RSA_CHALLENGE = 7, - SSH_CMSG_AUTH_RSA_RESPONSE = 8, - SSH_CMSG_AUTH_PASSWORD = 9, - SSH_CMSG_REQUEST_PTY = 10, - SSH_CMSG_WINDOW_SIZE = 11, - SSH_CMSG_EXEC_SHELL = 12, - SSH_CMSG_EXEC_CMD = 13, - SSH_SMSG_SUCCESS = 14, - SSH_SMSG_FAILURE = 15, - SSH_CMSG_STDIN_DATA = 16, - SSH_SMSG_STDOUT_DATA = 17, - SSH_SMSG_STDERR_DATA = 18, - SSH_CMSG_EOF = 19, - SSH_SMSG_EXITSTATUS = 20, + SSH_MSG_NONE = 0, + SSH_MSG_DISCONNECT = 1, + SSH_SMSG_PUBLIC_KEY = 2, + SSH_CMSG_SESSION_KEY = 3, + SSH_CMSG_USER = 4, + SSH_CMSG_AUTH_RHOSTS = 5, + SSH_CMSG_AUTH_RSA = 6, + SSH_SMSG_AUTH_RSA_CHALLENGE = 7, + SSH_CMSG_AUTH_RSA_RESPONSE = 8, + SSH_CMSG_AUTH_PASSWORD = 9, + SSH_CMSG_REQUEST_PTY = 10, + SSH_CMSG_WINDOW_SIZE = 11, + SSH_CMSG_EXEC_SHELL = 12, + SSH_CMSG_EXEC_CMD = 13, + SSH_SMSG_SUCCESS = 14, + SSH_SMSG_FAILURE = 15, + SSH_CMSG_STDIN_DATA = 16, + SSH_SMSG_STDOUT_DATA = 17, + SSH_SMSG_STDERR_DATA = 18, + SSH_CMSG_EOF = 19, + SSH_SMSG_EXITSTATUS = 20, SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, SSH_MSG_CHANNEL_OPEN_FAILURE = 22, - SSH_MSG_CHANNEL_DATA = 23, - SSH_MSG_CHANNEL_CLOSE = 24, + SSH_MSG_CHANNEL_DATA = 23, + SSH_MSG_CHANNEL_CLOSE = 24, SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, - SSH_SMSG_X11_OPEN = 27, + SSH_SMSG_X11_OPEN = 27, SSH_CMSG_PORT_FORWARD_REQUEST = 28, - SSH_MSG_PORT_OPEN = 29, + SSH_MSG_PORT_OPEN = 29, SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, - SSH_SMSG_AGENT_OPEN = 31, - SSH_MSG_IGNORE = 32, - SSH_CMSG_EXIT_CONFIRMATION = 33, + SSH_SMSG_AGENT_OPEN = 31, + SSH_MSG_IGNORE = 32, + SSH_CMSG_EXIT_CONFIRMATION = 33, SSH_CMSG_X11_REQUEST_FORWARDING = 34, - SSH_CMSG_AUTH_RHOSTS_RSA = 35, - SSH_MSG_DEBUG = 36, + SSH_CMSG_AUTH_RHOSTS_RSA = 35, + SSH_MSG_DEBUG = 36, SSH_CMSG_REQUEST_COMPRESSION = 37, - SSH_CMSG_MAX_PACKET_SIZE = 38, - SSH_CMSG_AUTH_TIS = 39, - SSH_SMSG_AUTH_TIS_CHALLENGE = 40, - SSH_CMSG_AUTH_TIS_RESPONSE = 41, - SSH_CMSG_AUTH_KERBEROS = 42, + SSH_CMSG_MAX_PACKET_SIZE = 38, + SSH_CMSG_AUTH_TIS = 39, + SSH_SMSG_AUTH_TIS_CHALLENGE = 40, + SSH_CMSG_AUTH_TIS_RESPONSE = 41, + SSH_CMSG_AUTH_KERBEROS = 42, SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, - SSH_CMSG_HAVE_KERBEROS_TGT = 44, + SSH_CMSG_HAVE_KERBEROS_TGT = 44, }; enum ssh2_message_id { - MSG_DISCONNECT = 1, - MSG_IGNORE = 2, - MSG_UNIMPLEMENTED = 3, - MSG_DEBUG = 4, - MSG_SERVICE_REQUEST = 5, - MSG_SERVICE_ACCEPT = 6, - MSG_KEXINIT = 20, - MSG_NEWKEYS = 21, + MSG_DISCONNECT = 1, + MSG_IGNORE = 2, + MSG_UNIMPLEMENTED = 3, + MSG_DEBUG = 4, + MSG_SERVICE_REQUEST = 5, + MSG_SERVICE_ACCEPT = 6, + MSG_KEXINIT = 20, + MSG_NEWKEYS = 21, }; ## SSH Generic type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { - VERSION_EXCHANGE -> version: SSH_Version(is_orig); - KEX_INIT -> kex: SSH_Key_Exchange(is_orig); - KEX_DH_GEX -> kex_dh_gex: SSH_Key_Exchange_DH_GEX(is_orig); - KEX_DH -> kex_dh: SSH_Key_Exchange_DH(is_orig); - KEX_ECC -> kex_ecc: SSH_Key_Exchange_ECC(is_orig); - KEX_GSS -> kex_gss: SSH_Key_Exchange_GSS(is_orig); - KEX_RSA -> kex_rsa: SSH_Key_Exchange_RSA(is_orig); + VERSION_EXCHANGE -> version: SSH_Version(is_orig); + KEX_INIT -> kex: SSH_Key_Exchange(is_orig); + KEX_DH_GEX -> kex_dh_gex: SSH_Key_Exchange_DH_GEX(is_orig); + KEX_DH -> kex_dh: SSH_Key_Exchange_DH(is_orig); + KEX_ECC -> kex_ecc: SSH_Key_Exchange_ECC(is_orig); + KEX_GSS -> kex_gss: SSH_Key_Exchange_GSS(is_orig); + KEX_RSA -> kex_rsa: SSH_Key_Exchange_RSA(is_orig); } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { @@ -425,6 +425,11 @@ refine connection SSH_Conn += { kex_algorithm_ = bytestring(); %} + %cleanup{ + kex_algorithm_.free(); + kex_algs_cache_.free(); + %} + function get_state(is_orig: bool): int %{ if ( is_orig ) @@ -514,6 +519,9 @@ refine connection SSH_Conn += { kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(), client_list->Lookup(i)->AsStringVal()->Len()); + Unref(client_list); + Unref(server_list); + // UNTESTED if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) ) return true; @@ -556,6 +564,9 @@ refine connection SSH_Conn += { } } } + + Unref(client_list); + Unref(server_list); return true; From 46713fb5c705b8ff1f6a6312141307801577db3a Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sat, 14 Feb 2015 13:16:48 -0800 Subject: [PATCH 011/121] Init RDP analyzer --- scripts/base/init-default.bro | 1 + scripts/base/protocols/rdp/__load__.bro | 4 + scripts/base/protocols/rdp/consts.bro | 287 +++++++++++++++++++ scripts/base/protocols/rdp/dpd.sig | 19 ++ scripts/base/protocols/rdp/main.bro | 200 +++++++++++++ src/analyzer/protocol/CMakeLists.txt | 2 +- src/analyzer/protocol/rdp/CMakeLists.txt | 9 + src/analyzer/protocol/rdp/Plugin.cc | 22 ++ src/analyzer/protocol/rdp/RDP.cc | 70 +++++ src/analyzer/protocol/rdp/RDP.h | 48 ++++ src/analyzer/protocol/rdp/events.bif | 60 ++++ src/analyzer/protocol/rdp/rdp-analyzer.pac | 101 +++++++ src/analyzer/protocol/rdp/rdp-protocol.pac | 313 +++++++++++++++++++++ src/analyzer/protocol/rdp/rdp.pac | 26 ++ 14 files changed, 1161 insertions(+), 1 deletion(-) create mode 100644 scripts/base/protocols/rdp/__load__.bro create mode 100644 scripts/base/protocols/rdp/consts.bro create mode 100644 scripts/base/protocols/rdp/dpd.sig create mode 100644 scripts/base/protocols/rdp/main.bro create mode 100644 src/analyzer/protocol/rdp/CMakeLists.txt create mode 100644 src/analyzer/protocol/rdp/Plugin.cc create mode 100644 src/analyzer/protocol/rdp/RDP.cc create mode 100644 src/analyzer/protocol/rdp/RDP.h create mode 100644 src/analyzer/protocol/rdp/events.bif create mode 100644 src/analyzer/protocol/rdp/rdp-analyzer.pac create mode 100644 src/analyzer/protocol/rdp/rdp-protocol.pac create mode 100644 src/analyzer/protocol/rdp/rdp.pac diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro index 04dc2a4910..2af8f3bc3d 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.bro @@ -49,6 +49,7 @@ @load base/protocols/mysql @load base/protocols/pop3 @load base/protocols/radius +@load base/protocols/rdp @load base/protocols/snmp @load base/protocols/smtp @load base/protocols/socks diff --git a/scripts/base/protocols/rdp/__load__.bro b/scripts/base/protocols/rdp/__load__.bro new file mode 100644 index 0000000000..baa1dd2eca --- /dev/null +++ b/scripts/base/protocols/rdp/__load__.bro @@ -0,0 +1,4 @@ +# Generated by binpac_quickstart +@load ./consts +@load ./main +@load-sigs ./dpd.sig diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.bro new file mode 100644 index 0000000000..5d93e6ea5d --- /dev/null +++ b/scripts/base/protocols/rdp/consts.bro @@ -0,0 +1,287 @@ +module RDP; + +export { + # http://www.c-amie.co.uk/technical/mstsc-versions/ + const builds = { + [0419] = "RDP 4.0", + [2195] = "RDP 5.0", + [2221] = "RDP 5.0", + [2600] = "RDP 5.1", + [3790] = "RDP 5.2", + [6000] = "RDP 6.0", + [6001] = "RDP 6.1", + [6002] = "RDP 6.2", + [7600] = "RDP 7.0", + [7601] = "RDP 7.1", + [9200] = "RDP 8.0", + [9600] = "RDP 8.1", + [25189] = "RDP 8.0 (Mac)", + [25282] = "RDP 8.0 (Mac)" + } &default = function(n: count): string { return fmt("client_build-%d", n); }; + + const encryption_methods = { + [0] = "None", + [1] = "40bit", + [2] = "128bit", + [8] = "56bit", + [10] = "FIPS" + } &default = function(n: count): string { return fmt("encryption_method-%d", n); }; + + const encryption_levels = { + [0] = "None", + [1] = "Low", + [2] = "Client compatible", + [3] = "High", + [4] = "FIPS" + } &default = function(n: count): string { return fmt("encryption_level-%d", n); }; + + const results = { + [0] = "Success", + [1] = "User rejected", + [2] = "Resources not available", + [3] = "Rejected for symmetry breaking", + [4] = "Locked conference", + } &default = function(n: count): string { return fmt("result-%d", n); }; + + # http://msdn.microsoft.com/en-us/goglobal/bb964664.aspx + const languages = { + [1078] = "Afrikaans - South Africa", + [1052] = "Albanian - Albania", + [1156] = "Alsatian", + [1118] = "Amharic - Ethiopia", + [1025] = "Arabic - Saudi Arabia", + [5121] = "Arabic - Algeria", + [15361] = "Arabic - Bahrain", + [3073] = "Arabic - Egypt", + [2049] = "Arabic - Iraq", + [11265] = "Arabic - Jordan", + [13313] = "Arabic - Kuwait", + [12289] = "Arabic - Lebanon", + [4097] = "Arabic - Libya", + [6145] = "Arabic - Morocco", + [8193] = "Arabic - Oman", + [16385] = "Arabic - Qatar", + [10241] = "Arabic - Syria", + [7169] = "Arabic - Tunisia", + [14337] = "Arabic - U.A.E.", + [9217] = "Arabic - Yemen", + [1067] = "Armenian - Armenia", + [1101] = "Assamese", + [2092] = "Azeri (Cyrillic)", + [1068] = "Azeri (Latin)", + [1133] = "Bashkir", + [1069] = "Basque", + [1059] = "Belarusian", + [1093] = "Bengali (India)", + [2117] = "Bengali (Bangladesh)", + [5146] = "Bosnian (Bosnia/Herzegovina)", + [1150] = "Breton", + [1026] = "Bulgarian", + [1109] = "Burmese", + [1027] = "Catalan", + [1116] = "Cherokee - United States", + [2052] = "Chinese - People's Republic of China", + [4100] = "Chinese - Singapore", + [1028] = "Chinese - Taiwan", + [3076] = "Chinese - Hong Kong SAR", + [5124] = "Chinese - Macao SAR", + [1155] = "Corsican", + [1050] = "Croatian", + [4122] = "Croatian (Bosnia/Herzegovina)", + [1029] = "Czech", + [1030] = "Danish", + [1164] = "Dari", + [1125] = "Divehi", + [1043] = "Dutch - Netherlands", + [2067] = "Dutch - Belgium", + [1126] = "Edo", + [1033] = "English - United States", + [2057] = "English - United Kingdom", + [3081] = "English - Australia", + [10249] = "English - Belize", + [4105] = "English - Canada", + [9225] = "English - Caribbean", + [15369] = "English - Hong Kong SAR", + [16393] = "English - India", + [14345] = "English - Indonesia", + [6153] = "English - Ireland", + [8201] = "English - Jamaica", + [17417] = "English - Malaysia", + [5129] = "English - New Zealand", + [13321] = "English - Philippines", + [18441] = "English - Singapore", + [7177] = "English - South Africa", + [11273] = "English - Trinidad", + [12297] = "English - Zimbabwe", + [1061] = "Estonian", + [1080] = "Faroese", + [1065] = "Farsi", + [1124] = "Filipino", + [1035] = "Finnish", + [1036] = "French - France", + [2060] = "French - Belgium", + [11276] = "French - Cameroon", + [3084] = "French - Canada", + [9228] = "French - Democratic Rep. of Congo", + [12300] = "French - Cote d'Ivoire", + [15372] = "French - Haiti", + [5132] = "French - Luxembourg", + [13324] = "French - Mali", + [6156] = "French - Monaco", + [14348] = "French - Morocco", + [58380] = "French - North Africa", + [8204] = "French - Reunion", + [10252] = "French - Senegal", + [4108] = "French - Switzerland", + [7180] = "French - West Indies", + [1122] = "French - West Indies", + [1127] = "Fulfulde - Nigeria", + [1071] = "FYRO Macedonian", + [1110] = "Galician", + [1079] = "Georgian", + [1031] = "German - Germany", + [3079] = "German - Austria", + [5127] = "German - Liechtenstein", + [4103] = "German - Luxembourg", + [2055] = "German - Switzerland", + [1032] = "Greek", + [1135] = "Greenlandic", + [1140] = "Guarani - Paraguay", + [1095] = "Gujarati", + [1128] = "Hausa - Nigeria", + [1141] = "Hawaiian - United States", + [1037] = "Hebrew", + [1081] = "Hindi", + [1038] = "Hungarian", + [1129] = "Ibibio - Nigeria", + [1039] = "Icelandic", + [1136] = "Igbo - Nigeria", + [1057] = "Indonesian", + [1117] = "Inuktitut", + [2108] = "Irish", + [1040] = "Italian - Italy", + [2064] = "Italian - Switzerland", + [1041] = "Japanese", + [1158] = "K'iche", + [1099] = "Kannada", + [1137] = "Kanuri - Nigeria", + [2144] = "Kashmiri", + [1120] = "Kashmiri (Arabic)", + [1087] = "Kazakh", + [1107] = "Khmer", + [1159] = "Kinyarwanda", + [1111] = "Konkani", + [1042] = "Korean", + [1088] = "Kyrgyz (Cyrillic)", + [1108] = "Lao", + [1142] = "Latin", + [1062] = "Latvian", + [1063] = "Lithuanian", + [1134] = "Luxembourgish", + [1086] = "Malay - Malaysia", + [2110] = "Malay - Brunei Darussalam", + [1100] = "Malayalam", + [1082] = "Maltese", + [1112] = "Manipuri", + [1153] = "Maori - New Zealand", + [1146] = "Mapudungun", + [1102] = "Marathi", + [1148] = "Mohawk", + [1104] = "Mongolian (Cyrillic)", + [2128] = "Mongolian (Mongolian)", + [1121] = "Nepali", + [2145] = "Nepali - India", + [1044] = "Norwegian (Bokmål)", + [2068] = "Norwegian (Nynorsk)", + [1154] = "Occitan", + [1096] = "Oriya", + [1138] = "Oromo", + [1145] = "Papiamentu", + [1123] = "Pashto", + [1045] = "Polish", + [1046] = "Portuguese - Brazil", + [2070] = "Portuguese - Portugal", + [1094] = "Punjabi", + [2118] = "Punjabi (Pakistan)", + [1131] = "Quecha - Bolivia", + [2155] = "Quecha - Ecuador", + [3179] = "Quecha - Peru CB", + [1047] = "Rhaeto-Romanic", + [1048] = "Romanian", + [2072] = "Romanian - Moldava", + [1049] = "Russian", + [2073] = "Russian - Moldava", + [1083] = "Sami (Lappish)", + [1103] = "Sanskrit", + [1084] = "Scottish Gaelic", + [1132] = "Sepedi", + [3098] = "Serbian (Cyrillic)", + [2074] = "Serbian (Latin)", + [1113] = "Sindhi - India", + [2137] = "Sindhi - Pakistan", + [1115] = "Sinhalese - Sri Lanka", + [1051] = "Slovak", + [1060] = "Slovenian", + [1143] = "Somali", + [1070] = "Sorbian", + [3082] = "Spanish - Spain (Modern Sort)", + [1034] = "Spanish - Spain (Traditional Sort)", + [11274] = "Spanish - Argentina", + [16394] = "Spanish - Bolivia", + [13322] = "Spanish - Chile", + [9226] = "Spanish - Colombia", + [5130] = "Spanish - Costa Rica", + [7178] = "Spanish - Dominican Republic", + [12298] = "Spanish - Ecuador", + [17418] = "Spanish - El Salvador", + [4106] = "Spanish - Guatemala", + [18442] = "Spanish - Honduras", + [22538] = "Spanish - Latin America", + [2058] = "Spanish - Mexico", + [19466] = "Spanish - Nicaragua", + [6154] = "Spanish - Panama", + [15370] = "Spanish - Paraguay", + [10250] = "Spanish - Peru", + [20490] = "Spanish - Puerto Rico", + [21514] = "Spanish - United States", + [14346] = "Spanish - Uruguay", + [8202] = "Spanish - Venezuela", + [1072] = "Sutu", + [1089] = "Swahili", + [1053] = "Swedish", + [2077] = "Swedish - Finland", + [1114] = "Syriac", + [1064] = "Tajik", + [1119] = "Tamazight (Arabic)", + [2143] = "Tamazight (Latin)", + [1097] = "Tamil", + [1092] = "Tatar", + [1098] = "Telugu", + [1054] = "Thai", + [2129] = "Tibetan - Bhutan", + [1105] = "Tibetan - People's Republic of China", + [2163] = "Tigrigna - Eritrea", + [1139] = "Tigrigna - Ethiopia", + [1073] = "Tsonga", + [1074] = "Tswana", + [1055] = "Turkish", + [1090] = "Turkmen", + [1152] = "Uighur - China", + [1058] = "Ukrainian", + [1056] = "Urdu", + [2080] = "Urdu - India", + [2115] = "Uzbek (Cyrillic)", + [1091] = "Uzbek (Latin)", + [1075] = "Venda", + [1066] = "Vietnamese", + [1106] = "Welsh", + [1160] = "Wolof", + [1076] = "Xhosa", + [1157] = "Yakut", + [1144] = "Yi", + [1085] = "Yiddish", + [1130] = "Yoruba", + [1077] = "Zulu", + [1279] = "HID (Human Interface Device)", + } &default = function(n: count): string { return fmt("keyboard-%d", n); }; +} diff --git a/scripts/base/protocols/rdp/dpd.sig b/scripts/base/protocols/rdp/dpd.sig new file mode 100644 index 0000000000..35aa8f9257 --- /dev/null +++ b/scripts/base/protocols/rdp/dpd.sig @@ -0,0 +1,19 @@ +# Generated by binpac_quickstart + +signature dpd_rdp_client_request { + ip-proto == tcp + payload /.*Cookie: mstshash\=.*/ + enable "rdp" +} + +signature dpd_rdp_client_header { + ip-proto == tcp + payload /.*Duca.*(rdpdr|rdpsnd|drdynvc|cliprdr).*/ + enable "rdp" +} + +signature dpd_rdp_server_response { + ip-proto == tcp + payload /.*McDn.*/ + enable "rdp" +} diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro new file mode 100644 index 0000000000..94aa26b6ec --- /dev/null +++ b/scripts/base/protocols/rdp/main.bro @@ -0,0 +1,200 @@ +@load ./consts + +module RDP; + +export { + redef enum Log::ID += { LOG }; + + type Info: record { + ## Timestamp for when the event happened. + ts: time &log; + ## Unique ID for the connection. + uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. + id: conn_id &log; + ## Cookie value used by the client machine. + ## This is typically a username. + cookie: string &log &optional; + ## Keyboard layout (language) of the client machine. + keyboard_layout: string &log &optional; + ## RDP client version used by the client machine. + client_build: string &log &optional; + ## Hostname of the client machine. + client_hostname: string &log &optional; + ## Product ID of the client machine. + client_product_id: string &log &optional; + ## Name of the server. + server_name: vector of string &log &optional; + ## Authentication result for the connection. This value is extracted from the payload for native authentication. + ## TODO: Perform heuristic authentication determination for NLA. + authentication_result: string &log &optional; + ## Encryption level of the connection. + encryption_level: string &log &optional; + ## Encryption method of the connection. + encryption_method: string &log &optional; + ## Track status of logging RDP connections. + done: bool &default=F; + }; + + ## Variable to track if NTLM authentication is used. + global ntlm = F; + + ## Size in bytes of data sent by the server at which the RDP connection is presumed to be successful (NTLM authentication only). + const authentication_data_size = 1000 &redef; + + ## Event that can be handled to access the rdp record as it is sent on + ## to the loggin framework. + global log_rdp: event(rec: Info); +} + +const ports = { 3389/tcp }; +redef likely_server_ports += { ports }; + +event bro_init() &priority=5 + { + Log::create_stream(RDP::LOG, [$columns=Info, $ev=log_rdp]); + Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); + } + +redef record connection += { + rdp: Info &optional; + }; + +function rdp_done(c: connection, done: bool) + { + if ( done ) + { + c$rdp$done = T; + + # Not currently implemented +# if ( ntlm && use_conn_size_analyzer ) +# { +# if ( c$resp$size > authentication_data_size ) +# c$rdp$authentication_result = "Success (H)"; +# else c$rdp$authentication_result = "Undetermined"; +# } + + if ( c$rdp?$authentication_result && ( ! c$rdp?$encryption_method || ! c$rdp?$encryption_level ) ) + Reporter::error(fmt("Error parsing RDP security data in connection %s",c$uid)); + + Log::write(RDP::LOG, c$rdp); + skip_further_processing(c$id); + set_record_packets(c$id, F); + } + } + +event rdp_tracker(c: connection) + { + if ( c$rdp$done ) + return; + + local id = c$id; + + if ( ! connection_exists(id) ) + { + rdp_done(c,T); + return; + } + + lookup_connection(id); + + if ( connection_exists(id) ) + { + # If the RDP connection has been alive for more than 5secs, log it + # This duration should be sufficient to collect the data that needs to be logged + local diff = network_time() - c$rdp$ts; + if ( diff > 5secs ) + { + rdp_done(c,T); + return; + } + } + + # schedule the event to run again if necessary + schedule +5secs { rdp_tracker(c) }; + } + +function set_session(c: connection) + { + if ( ! c?$rdp ) + { + c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; + add c$service["rdp"]; + } + } + +event connection_state_remove(c: connection) &priority=-5 + { + # Log the RDP connection if the connection is removed but the session has not been marked as done + if ( c?$rdp && ! c$rdp$done ) + rdp_done(c,T); + } + +event rdp_native_client_request(c: connection, cookie: string) &priority=5 + { + if ( "Cookie" in clean(cookie) ) + { + set_session(c); + local cookie_val = sub(cookie,/Cookie.*\=/,""); + c$rdp$cookie = sub(cookie_val,/\x0d\x0a.*$/,""); + + schedule +5secs { rdp_tracker(c) }; + } + } + +event rdp_native_client_info(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string) &priority=5 + { + set_session(c); + c$rdp$keyboard_layout = languages[keyboard_layout]; + c$rdp$client_build = builds[build]; + c$rdp$client_hostname = gsub(cat(hostname),/\\0/,""); + c$rdp$client_product_id = gsub(cat(product_id),/\\0/,""); + + schedule +5secs { rdp_tracker(c) }; + } + +event rdp_native_authentication(c: connection, result: count) &priority=5 + { + set_session(c); + c$rdp$authentication_result = results[result]; + + schedule +5secs { rdp_tracker(c) }; + } + +event rdp_native_server_security(c: connection, encryption_method: count, encryption_level: count, random: string, certificate: string) &priority=5 + { + set_session(c); + c$rdp$encryption_method = encryption_methods[encryption_method]; + c$rdp$encryption_level = encryption_levels[encryption_level]; + + schedule +5secs { rdp_tracker(c) }; + } + +event rdp_ntlm_client_request(c: connection, server: string) &priority=5 + { + set_session(c); + ntlm = T; + + if ( ! c$rdp?$server_name ) + c$rdp$server_name = vector(); + c$rdp$server_name[|c$rdp$server_name|] = server; + + schedule +5secs { rdp_tracker(c) }; + } + +event rdp_ntlm_server_response(c: connection, server: string) &priority=5 + { + set_session(c); + ntlm = T; + + if ( ! c$rdp?$server_name ) + c$rdp$server_name = vector(); + c$rdp$server_name[|c$rdp$server_name|] = server; + + schedule +5secs { rdp_tracker(c) }; + } + +event rdp_debug(c: connection, remainder: string) + { + Reporter::error(fmt("Debug RDP data generated in connection %s: %s",c$uid,remainder)); + } diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt index d0fa1ded66..783f1e7469 100644 --- a/src/analyzer/protocol/CMakeLists.txt +++ b/src/analyzer/protocol/CMakeLists.txt @@ -21,7 +21,6 @@ add_subdirectory(irc) add_subdirectory(login) add_subdirectory(mime) add_subdirectory(modbus) -add_subdirectory(mysql) add_subdirectory(ncp) add_subdirectory(netbios) add_subdirectory(netflow) @@ -29,6 +28,7 @@ add_subdirectory(ntp) add_subdirectory(pia) add_subdirectory(pop3) add_subdirectory(radius) +add_subdirectory(rdp) add_subdirectory(rpc) add_subdirectory(snmp) add_subdirectory(smb) diff --git a/src/analyzer/protocol/rdp/CMakeLists.txt b/src/analyzer/protocol/rdp/CMakeLists.txt new file mode 100644 index 0000000000..445e853f2c --- /dev/null +++ b/src/analyzer/protocol/rdp/CMakeLists.txt @@ -0,0 +1,9 @@ +include(BroPlugin) + +include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) + +bro_plugin_begin(Bro RDP) + bro_plugin_cc(RDP.cc Plugin.cc) + bro_plugin_bif(events.bif) + bro_plugin_pac(rdp.pac rdp-analyzer.pac rdp-protocol.pac) +bro_plugin_end() diff --git a/src/analyzer/protocol/rdp/Plugin.cc b/src/analyzer/protocol/rdp/Plugin.cc new file mode 100644 index 0000000000..770bdfc730 --- /dev/null +++ b/src/analyzer/protocol/rdp/Plugin.cc @@ -0,0 +1,22 @@ +#include "plugin/Plugin.h" + +#include "RDP.h" + +namespace plugin { +namespace Bro_RDP { + +class Plugin : public plugin::Plugin { +public: + plugin::Configuration Configure() + { + AddComponent(new ::analyzer::Component("RDP", ::analyzer::rdp::RDP_Analyzer::InstantiateAnalyzer)); + + plugin::Configuration config; + config.name = "Bro::RDP"; + config.description = "RDP analyzer"; + return config; + } +} plugin; + +} +} diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc new file mode 100644 index 0000000000..70cad773fe --- /dev/null +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -0,0 +1,70 @@ +#include "RDP.h" + +#include "analyzer/protocol/tcp/TCP_Reassembler.h" + +#include "Reporter.h" + +#include "events.bif.h" + +using namespace analyzer::rdp; + +RDP_Analyzer::RDP_Analyzer(Connection* c) + +: tcp::TCP_ApplicationAnalyzer("RDP", c) + { + interp = new binpac::RDP::RDP_Conn(this); + + had_gap = false; + + } + +RDP_Analyzer::~RDP_Analyzer() + { + delete interp; + } + +void RDP_Analyzer::Done() + { + + tcp::TCP_ApplicationAnalyzer::Done(); + + interp->FlowEOF(true); + interp->FlowEOF(false); + + } + +void RDP_Analyzer::EndpointEOF(bool is_orig) + { + tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); + interp->FlowEOF(is_orig); + } + +void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) + { + tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); + + assert(TCP()); + if ( TCP()->IsPartial() ) + return; + + if ( had_gap ) + // If only one side had a content gap, we could still try to + // deliver data to the other side if the script layer can handle this. + return; + + try + { + interp->NewData(orig, data, data + len); + } + catch ( const binpac::Exception& e ) + { + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + } + } + +void RDP_Analyzer::Undelivered(uint64 seq, int len, bool orig) + { + tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); + had_gap = true; + interp->NewGap(orig, len); + } diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h new file mode 100644 index 0000000000..cb5197cffe --- /dev/null +++ b/src/analyzer/protocol/rdp/RDP.h @@ -0,0 +1,48 @@ +#ifndef ANALYZER_PROTOCOL_RDP_RDP_H +#define ANALYZER_PROTOCOL_RDP_RDP_H + +#include "events.bif.h" + + +#include "analyzer/protocol/tcp/TCP.h" + +#include "rdp_pac.h" + +namespace analyzer { namespace rdp { + +class RDP_Analyzer : public tcp::TCP_ApplicationAnalyzer { + +public: + RDP_Analyzer(Connection* conn); + virtual ~RDP_Analyzer(); + + // Overriden from Analyzer. + virtual void Done(); + + virtual void DeliverStream(int len, const u_char* data, bool orig); + virtual void Undelivered(uint64 seq, int len, bool orig); + + // Overriden from tcp::TCP_ApplicationAnalyzer. + virtual void EndpointEOF(bool is_orig); + + + static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) + { return new RDP_Analyzer(conn); } + +// static bool Available() +// { + // TODO: After you define your events, || them together here. + // See events.bif for more information + //return ( rdp_event ); +// } + +protected: + binpac::RDP::RDP_Conn* interp; + + bool had_gap; + +}; + +} } // namespace analyzer::* + +#endif diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif new file mode 100644 index 0000000000..dad76f801b --- /dev/null +++ b/src/analyzer/protocol/rdp/events.bif @@ -0,0 +1,60 @@ +## Generated for client-to-server RDP requests when NTLM authentication is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## server: The RDP server name requested by the client. +event rdp_ntlm_client_request%(c: connection, server: string%); + +## Generated for server-to-client RDP responses when NTLM authentication is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## server: The RDP server name responsed by the server. +event rdp_ntlm_server_response%(c: connection, server: string%); + +## Generated for X.224 client requests when native RDP encryption is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## cookie: The cookie included in the request. +event rdp_native_client_request%(c: connection, cookie: string%); + +## Generated for MCS client requests when native RDP encryption is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## keyboard_layout: The 16-bit integer representing the keyboard layout/language of the client machine. +## +## build: The 16-bit integer representing the version of the RDP client. +## +## hostname: The hostname of the client machine (optional). +## +## product_id: The product ID of the client machine (optional). +event rdp_native_client_info%(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string%); + +## Generated for MCS server responses when native RDP encryption is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## result: The 8-bit integer representing the GCC Conference Create Response result. +event rdp_native_authentication%(c: connection, result: count%); + +## Generated for MCS server responses when native RDP encryption is used. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## encryption_method: The 32-bit integer representing the encryption method used in the connection. +## +## encryption_level: The 32-bit integer representing the encryption level used in the connection. +## +## random: The random value used to derive session keys (optional). +## +## certificate: The certificate containing the server's public key information. +event rdp_native_server_security%(c: connection, encryption_method: count, encryption_level: count, random: string, certificate: string%); + +## Generated for unknown elements in RDP connections. Used for debugging and development purposes only. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## remainder: The data to be debugged. +event rdp_debug%(c: connection, remainder: string%); diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac new file mode 100644 index 0000000000..f95ff9f589 --- /dev/null +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -0,0 +1,101 @@ +refine flow RDP_Flow += { + function proc_rdp_debug(debug: Debug): bool + %{ + BifEvent::generate_rdp_debug(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${debug.remainder})); + + return true; + %} + + + function proc_rdp_ntlm_server_response(ntlm_server: NTLMServerResponse): bool + %{ + BifEvent::generate_rdp_ntlm_server_response(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${ntlm_server.server_name})); + + return true; + %} + + function proc_rdp_ntlm_client_request(ntlm_client: NTLMClientRequest): bool + %{ + BifEvent::generate_rdp_ntlm_client_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${ntlm_client.server_name})); + + return true; + %} + + function proc_rdp_native_client_request(client_request: ClientRequest): bool + %{ + BifEvent::generate_rdp_native_client_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${client_request.cookie})); + + return true; + %} + + + function proc_rdp_native_authentication(gcc_response: GCC_Server_CreateResponse): bool + %{ + BifEvent::generate_rdp_native_authentication(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${gcc_response.result}); + + return true; + %} + + + function proc_rdp_native_client_info(ccore: ClientCore): bool + %{ + BifEvent::generate_rdp_native_client_info(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ccore.keyboard_layout}, + ${ccore.client_build}, + bytestring_to_val(${ccore.client_name}), + bytestring_to_val(${ccore.dig_product_id})); + + return true; + %} + + function proc_rdp_native_server_security(ssd: ServerSecurityData): bool + %{ + BifEvent::generate_rdp_native_server_security(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ssd.encryption_method}, + ${ssd.encryption_level}, + bytestring_to_val(${ssd.server_random}), + bytestring_to_val(${ssd.server_certificate})); + + return true; + %} +}; + +refine typeattr Debug += &let { + proc: bool = $context.flow.proc_rdp_debug(this); +}; + +refine typeattr NTLMServerResponse += &let { + proc: bool = $context.flow.proc_rdp_ntlm_server_response(this); +}; + +refine typeattr NTLMClientRequest += &let { + proc: bool = $context.flow.proc_rdp_ntlm_client_request(this); +}; + +refine typeattr ClientRequest += &let { + proc: bool = $context.flow.proc_rdp_native_client_request(this); +}; + +refine typeattr ClientCore += &let { + proc: bool = $context.flow.proc_rdp_native_client_info(this); +}; + +refine typeattr GCC_Server_CreateResponse += &let { + proc: bool = $context.flow.proc_rdp_native_authentication(this); +}; + +refine typeattr ServerSecurityData += &let { + proc: bool = $context.flow.proc_rdp_native_server_security(this); +}; diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac new file mode 100644 index 0000000000..ea68040314 --- /dev/null +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -0,0 +1,313 @@ +type RDP_PDU(is_orig: bool) = record { + type: uint16; + switch: case type of { + 0x1603 -> ntlm_authentication: NTLMAuthentication; # NTLM authentication appears to be flagged by this 16-bit integer + default -> native_encryption: NativeEncryption; # assume native encryption, this should be the value of the TPKT version + }; +} &byteorder=bigendian; + +###################################################################### +# Native Encryption +###################################################################### + +type NativeEncryption = record { + pad: padding[2]; # remaining TPKT values + cotp: COTP; +}; + +type COTP = record { + length: uint8; + pdu: uint8; + switch: case pdu of { + 0xe0 -> cRequest: ClientRequest; + 0xf0 -> hdr: Header; + default -> data: bytestring &restofdata &transient; + }; +} &byteorder=littleendian; + +type Header = record { + tpdu_number: uint8; + application_defined_type: uint8; # this begins a BER encoded multiple octet variant, but can be safely skipped + application_type: uint8; # this is value for the BER encoded octet variant above + switch: case application_type of { + 0x65 -> cHeader: ClientHeader; # 0x65 is a client + 0x66 -> sHeader: ServerHeader; # 0x66 is a server + default -> data: bytestring &restofdata &transient; + }; +} &byteorder=littleendian; + +###################################################################### +# Client X.224 +###################################################################### + +type ClientRequest = record { + destination_reference: uint16; + source_reference: uint16; + flow_control: uint8; + cookie: bytestring &restofdata; # cookie value is a variable length field, so everything is captured +}; + +###################################################################### +# Client MCS +###################################################################### + +type ClientHeader = record { + type_length: padding[3]; # BER encoded long variant, can be safely skipped for now + calling_domain_selector: ASN1OctetString; + called_domain_selector: ASN1OctetString; + upward_flag: ASN1Boolean; + target_parameters: ASN1SequenceMeta; + targ_parameters_pad: padding[target_parameters.encoding.length]; + minimum_parameters: ASN1SequenceMeta; + min_parameters_pad: padding[minimum_parameters.encoding.length]; + maximum_parameters: ASN1SequenceMeta; + max_parameters_pad: padding[maximum_parameters.encoding.length]; + user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now + gcc_connection_data: GCC_Client_ConnectionData; + gcc_client_create_request: GCC_Client_CreateRequest; + core_header: DataHdr; + core_data: ClientCore; + remainder: bytestring &restofdata &transient; # everything after core_data can be discarded +}; + +type GCC_Client_ConnectionData = record { + key_object_length: uint16; + key_object: uint8[key_object_length]; + connect_data_connect_pdu: uint16; +} &byteorder=bigendian; + +type GCC_Client_CreateRequest = record { + extension_bit: uint8; + privileges: uint8; + numeric_length: uint8; + numeric: uint8; + termination_method: uint8; + number_user_data_sets: uint8; + user_data_value_present: uint8; + h221_nonstandard_length: uint8; + h221_nonstandard_key: RE/Duca/; # &check would be better here, but it is not implemented + user_data_value_length: uint16; +}; + +type ClientCore = record { + version_major: uint16; + version_minor: uint16; + desktop_width: uint16; + desktop_height: uint16; + color_depth: uint16; + sas_sequence: uint16; + keyboard_layout: uint32; + client_build: uint32; + client_name: bytestring &length=32; + keyboard_type: uint32; + keyboard_sub: uint32; + keyboard_function_key: uint32; + ime_file_name: bytestring &length=64; + post_beta_color_depth: uint16; + product_id: uint16; + serial_number: uint32; + high_color_depth: uint16; + supported_color_depth: uint16; + early_capability_flags: uint16; + dig_product_id: bytestring &length=64; +}; + +###################################################################### +# Server MCS +###################################################################### + +type ServerHeader = record { + type_length: padding[3]; # BER encoded long variant, can be safely skipped for now + connect_response_result: ASN1Enumerated; + connect_response_called_id: ASN1Integer; + connect_response_domain_parameters: ASN1SequenceMeta; + domain_parameters_pad: padding[connect_response_domain_parameters.encoding.length]; # skip this data + user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now + gcc_connection_data: GCC_Server_ConnectionData; + gcc_create_response: GCC_Server_CreateResponse; + core_header: DataHdr; + core_data: padding[core_header.length - 4]; # skip this data + network_header: DataHdr; + net_data: padding[network_header.length - 4]; # skip this data + security_header: DataHdr; + security_data: ServerSecurityData; # there is some issue / bug where the length reported by the security header overruns the end of the packet +}; + +type GCC_Server_ConnectionData = record { + key_object_length: uint16; + key_object: uint8[key_object_length]; + connect_data_connect_pdu: uint8; +} &byteorder=bigendian; + +type GCC_Server_CreateResponse = record { + extension_bit: uint8; + node_id: uint8[2]; + tag_length: uint8; + tag: uint8; + result: uint8; + number_user_data_sets: uint8; + user_data_value_present: uint8; + h221_nonstandard_length: uint8; + h221_nonstandard_key: RE/McDn/; # &check would be better here, but it is not implemented + user_data_value_length: uint16; +}; + +type DataHdr = record { + type: uint16; + length: uint16; +} &byteorder=littleendian; + +type ServerCoreData = record { + version_major: uint16; + version_minor: uint16; + client_requested_protocols: uint32; +}; + +type ServerNetworkData = record { + mcs_channel_id: uint16; + channel_count: uint16; +}; + +type ServerSecurityData = record { + encryption_method: uint32; + encryption_level: uint32; + server_random_length: uint32 &byteorder=littleendian; + server_cert_length: uint32 &byteorder=littleendian; + server_random: bytestring &length=server_random_length; + server_certificate: bytestring &length=server_cert_length-8; # arbitrarily cutting off 8 chars so the certificate doesn't overrun the end of the packet +}; + +###################################################################### +# NTLM Authentication +###################################################################### + +type NTLMAuthentication = record { + type: uint16; + switch: case type of { # there may be further type bytes that need to be added to this switch + 0x0100 -> client_request: NTLMClientRequest; + 0x0300 -> client_request2: NTLMClientRequest; + 0x0103 -> server_response: NTLMServerResponse; + 0x0104 -> server_response2: NTLMServerResponse; + default -> data: bytestring &restofdata &transient; + }; +}; + +###################################################################### +# NTLM Client +###################################################################### + +type NTLMClientRequest = record { + payload_length: uint8; # total payload length + pad1: padding[3]; # arbitrary 3 bytes + remaining_length1: uint8; # remaining length of the payload + pad2: padding[36]; # arbitrary 36 bytes + unknown_length: uint8; # an unknown length value + unknown_value1: padding[unknown_length]; # arbitrary padding for the length value above + pad3: padding[3]; # arbitrary 3 bytes + remainder_length2: uint8; # remaining length of the payload + unknown: uint8; # this unknown field affects the length between here and the beginning of the requested server name + switch: case unknown of { + 0x00 -> case1: uint8[7]; # jump 7 bytes + 0xff -> case2: uint8[12]; # jump 12 bytes + default -> case3: Debug; # debug if an unknown value is seen + }; + server_length: uint8; + server_name: bytestring &length=server_length; + data: bytestring &restofdata &transient; +}; + +###################################################################### +# NTLM Server +###################################################################### + +type NTLMServerResponse = record { + unknown_value1: uint8; # 1 variable byte + unknown_value2: uint8[3]; # 3 bytes that may be static + unknown_value3: uint8; # 1 variable byte + unknown_value4: uint8[2]; # 2 bytes that may be static + unknown_length1: uint8; # an unknown length value + pad1: padding[unknown_length1]; # arbitrary padding for the length value above + unknown_value5: uint8[3]; # 3 bytes that may be static + unknown_value6: uint8; # 1 variable byte + unknown_value7: uint8[3]; # 3 bytes that may be static + unknown_value8: uint8; # 1 variable byte + unknown_value9: uint8[7]; # 7 bytes that may be static + unknown_value10: uint8[16]; # 16 bytes that may be static + unknown_value11: uint8[16]; # 16 bytes that may be static + unknown_value12: uint8; # 1 variable byte + unknown_value13: uint8; # 1 byte that may be static + unknown_value14: uint8; # 1 variable byte + unknown_value15: uint8; # 1 byte that may be static + unknown_value16: uint8; # 1 variable byte + unknown_value17: uint8[6]; # 6 bytes that may be static + server_length: uint8; # length of server name + server_name: bytestring &length=server_length; # server name + data: bytestring &restofdata &transient; +} &byteorder=bigendian; + +###################################################################### +# Debugging +###################################################################### + +type Debug = record { + remainder: bytestring &restofdata; +}; + +###################################################################### +# ASN.1 Encodings +###################################################################### + +type ASN1Encoding = record { + meta: ASN1EncodingMeta; + content: bytestring &length = meta.length; +}; + +type ASN1EncodingMeta = record { + tag: uint8; + len: uint8; + more_len: bytestring &length = long_len ? len & 0x7f : 0; +} &let { + long_len: bool = len & 0x80; + length: uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f; +}; + +type ASN1SequenceMeta = record { + encoding: ASN1EncodingMeta; +}; + +type ASN1Integer = record { + encoding: ASN1Encoding; +}; + +type ASN1OctetString = record { + encoding: ASN1Encoding; +}; + +type ASN1ObjectIdentifier = record { + encoding: ASN1Encoding; +}; + +type ASN1Boolean = record { + encoding: ASN1Encoding; +}; + +type ASN1Enumerated = record { + encoding: ASN1Encoding; +}; + +###################################################################### +# ASN.1 Conversion Functions +###################################################################### + +function binary_to_int64(bs: bytestring): int64 + %{ + int64 rval = 0; + + for ( int i = 0; i < bs.length(); ++i ) + { + uint64 byte = bs[i]; + rval |= byte << (8 * (bs.length() - (i + 1))); + } + + return rval; + %} diff --git a/src/analyzer/protocol/rdp/rdp.pac b/src/analyzer/protocol/rdp/rdp.pac new file mode 100644 index 0000000000..1d0f7f6197 --- /dev/null +++ b/src/analyzer/protocol/rdp/rdp.pac @@ -0,0 +1,26 @@ +%include binpac.pac +%include bro.pac + +%extern{ + #include "events.bif.h" +%} + +analyzer RDP withcontext { + connection: RDP_Conn; + flow: RDP_Flow; +}; + +# Our connection consists of two flows, one in each direction. +connection RDP_Conn(bro_analyzer: BroAnalyzer) { + upflow = RDP_Flow(true); + downflow = RDP_Flow(false); +}; + +%include rdp-protocol.pac + +flow RDP_Flow(is_orig: bool) { + #flowunit = RDP_PDU(is_orig) withcontext(connection, this); + datagram = RDP_PDU(is_orig) withcontext(connection, this); +}; + +%include rdp-analyzer.pac From 2fcddc6441fc202543e6e932fc7e09b92ad855d0 Mon Sep 17 00:00:00 2001 From: jshlbrd Date: Sat, 14 Feb 2015 13:31:23 -0800 Subject: [PATCH 012/121] Update init-default.bro Commented out mysql --- scripts/base/init-default.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro index 2af8f3bc3d..b4f0769737 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.bro @@ -46,7 +46,7 @@ @load base/protocols/http @load base/protocols/irc @load base/protocols/modbus -@load base/protocols/mysql +#@load base/protocols/mysql @load base/protocols/pop3 @load base/protocols/radius @load base/protocols/rdp From d0e2d64cfcec9c8de81e453ac63a184e59989041 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sat, 14 Feb 2015 13:59:59 -0800 Subject: [PATCH 013/121] Add btest for Wireshark sample pcap (native RDP encryption) http://wiki.wireshark.org/RDP --- testing/btest/Traces/rdp/RDP-004.pcap | Bin 0 -> 142910 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testing/btest/Traces/rdp/RDP-004.pcap diff --git a/testing/btest/Traces/rdp/RDP-004.pcap b/testing/btest/Traces/rdp/RDP-004.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a26dd5637f82d2d4ad3d74b79c84814644c6ea53 GIT binary patch literal 142910 zcmbTe1ymf{wguX_yF+ky4esu4A-E^F1cJM}2X_hX?!gHVT!Xt?fS|wOyxjMadw$0F zzX!W1s;lRkYwcNUR##Os^`$x+6aWtR^>}&$06>6$bn6pK*u6yr2m_a&2LO)|^41Ul zk;3~C01XfW0N4h21ObAOq;jPg-pH`)*lZAl2z(03P!Z1?dxJhbH4p&+py1$#AYfpi zARyqNUx0|Jum3@NL43jb2lpSuJ6!<41M-6U8SNPrfe(U^Tkj+oh#KjQDhQA@ct(V% z1tJ1|A?5%P*?|$C$A5988VG*j2>%DiNFZv6BJ$Je2oC`8%nOzi05AapJdgiE(HIDM zMj=`HR}}20Q*J{501NKj(_-PXC1->mT&efb`md zmHjq?{SV6F-%$)+P+0yI1swqRx&;9A0!!rq3jG%)PUt*mghTtEjEE5Uk|?mNpX>Up zL|v=jmH3PZxBh<+|ICi<&iF-%r2mH(5$@S32N1R9S&67Gi2tj^XGC=%;{Ur6C(@od zV&DA1u?C3B`K-h^iGMOx-Gu&&5+~AMPzL@L1*k-T&HpDQJ{RbjI#dtL-;`+bGD&!U z6oV63jP++FTHpVsL{Oj-e*s7I!2s5QdVd~&?pGjF6ARDTU?KjI%{s6qGC<%1hoEO* zkW$c7Z!Z&HkSuWEP7eZnJTc*bf{=iMfP#VmfUV_!o`Dk$T=o1CaLs>yUN!&)CwhMA z73lLep!ZlWzyEk6xG#tR00MyS4gm3C2d01w0O+F}6!;s9lU0zd*l4^RaDmIsKwU@?GYym7F2uSsL{Mpn%T<%PtrBt=_hm>TJC~zYcu^-8-lU`3POY zeL=*4{Sr94Ot>%84YZM$+5G1j4DfUVoK)bn5&qA#(V#oQf`B|vo1BrTwGT81Jp9YF zJ#z+wM+O{#fddY~j=+w=PQXCn4*}2Z64+W=Y_>XCQ%>*FXSq%J6%=EZRO01v=I8D}fTT zfs=1W7LO}6Ba&CYJs~@}F)Xu0jFfFFu~g!P(_!1Shrq?VyP(6A4P3E0|8%T+hI@WM z10(_B%^)}lt~-T?kl?EtSxRal=rD8mKdpbz)w`}d38yDCOWpOoMTdW<5a2gaJRb`? z&8GtX>09xcZn|N8zd0NH_VgJ%VC$V1Iirw!!B5ow^*;yKJM@)j2d#MyW za9Y5D1%5%aDS`#?1JR$ypSw1IX%hPd(eV$&lwXLjoDpO2ni#(z=dxO?|+ zt@f-Cm}oh0{{SZg`VLUCNI;6fx&tBq0ZmSZ{~OJeXPQ{Yf6y!k(yRy4jE1=Ujpo5K z&1r9hztMdELKF9oO4b8uHY;L3+%V|=PV)fl1vJYS;cqnOUuahRL9-c1vlmD+9AfD= znupIcZH*ECM$_VjCe9x;dx13jfHV*36n>|92=)TXW%{?n-YLu%n)ZLt>;uxA0@4hD z`0^Xgqdp)_GoTRuGU=8tG_n7nIR&IS0i?M~BltVbBd`}xCZNp<1C{hV{%Z$hn^JnA z$?*rx2_Vf4Ak6@XlHX_^Khq>w{wqzZ7n)dq(A)shTn5sdqGJA?<}ug{=;g{^X@)-2 z#C-gN<}#4xIgq9gMBHyQPo8NSw1WJtn$|BgG5?@>4y3scq&YxA@;l8Fuouu?K2ShB zu#nH=zp5EHwemt!;}4qqxM$}eK$;#7F)yIH!2Qw~xLY3BDuMt_K@tcRW}c?jFo3K1 zLC;Vh@GhbJV{?N#sq~0RmBF#S!1Oh56fy^1bfzPhzZs*wM%1Vv0q}i*9UX zKL-1bT|=uEugRoCDKGmOTm8IYRi`{P1Rg5gXUWn(^atJDz*j%awZJ%7!Ec^1oAT&0 z+7^wCX>ZG?)IVtwi4bg#R9E?8XbP*1SeevWIz)C1-d&yS8+*+@Da{O*4Pv_|UuBT$ zjLk<~iNH&{5B^Ny@5#EQON1bD%yY6ub5mPvJ7n2mK9nLAw_a6e%J}|$u=0~)=>7Vt zPhqH6TLq1g`3-rlp zj6bG`W93$QxC%~Ays`A8);|R(3%yH5W!hG(_<%NcDTvaEx5gPdKD*(S>E;H&h0vQ1 zZ0lvY;|?)X0IR>IRxszG1ns5k?n;5BTkeU2HCA*E@Rq~;c1U(5U-zO~Zm_>OoXv}B z$$nSuIY<)4s}4ovyNej$f&DW|0zVi)A2@5zJ-xG1&wi#0C58ah13ix>a{Gy>)JJpPOaQhaCk z9IqTU^3_Ca~c@fNZs$wwfdLRKE9!(`%>cE_1@-m zfgRG&_MI;)rO3|wCJQ%9-(z?}-z%Z7uJ9M6#Q8{WL9blY?W4P=aMLq4$VXO|;55Ku zxm*r?go1ty1~QO)|Cna~xZ#8+28P#PRAA1jvq!D+Q?bIY`pqI`2)gtsBB+3J(UOjG z1^K>Lyo9}4mPV+_#j1ErpiYc60-OSNf&^W}+yWvSc8GYChX%grLnTc?mkguFIAN}i zm49@GLAds1!=T$PNiVv0A}fNJ=2%E}ZWRzs>z>qV>sZuIu3lQ2MI`y3pF7Uoq8n6=fw4xL8G z$7+d2Zu|rZQx(`d0h=EP7jt>nAEIn9=v!UJZcb$xF|||*6W<91h9VIR(O8Jcjq$_( z6yHs%12D;W>YxzqDJj{}4MM}2>u%AuMjcxi7=zqgK8 z9k^!~Wxx-osNs44sIO}W44?>XY|rD*1_UZRP56w0{`Ox{u%A$quAbEZiu<1i&tvAkY00e#h~7jqQ^Jzh=Bo@R7YYCX)HA!35sj(ROsZ6g>+4_57p+_IC`_Mv%**X&ei^ zgHG#6m7>ok5Za*O>YoCcVlIT$;bYlLkw&b+`eVs_XlV^N+jlQervuy zr6>rz0IyF17YDbTzUHNE~bwG;_e29W+tO72cGyD^Y zx!gl!$Ogwpqz~T_Qf^mdF#}Vr`&Tw5UrTtYYCXY{a?XXR(F5tOxi z_oalNfoz6@57*&;?-WwQ~>36oGa$Q%ZR92c)ft&mAOSP8ZZ7_8@e9k;pPEpDJ&&?P<4>YFI zc||49D&^P%1DFCO@jU+27eI5G=tZTXzw3)&{zaugeenT5X9Ew8nf{|M5-K1}Ie~B% z9u)@cBHvKetVlDAnP(bI(#8SGnImqKz~pn(IbhWHz%8H0e?`@vCVq)3@OxB3m|sx= zUN2GE{u7k~8VHkEymsFpap_87vwkp!C5-IP7vT?54qeZ!d?&r_Fyt&|_#9bo|F4lr zULy1V5t;8-!{b*0=Wc{eCG7NGtR>eJ8#{co;T+rD#GGgal<&Mp4H2b7Tw@ z@V`}>^d+*;ACc{TMYh8Kv(nEw5Ae?F=T<$ru?Cna==&@HdPDfq2U|-Y)sztk$fKU4 z_ELfaNFV?&5PFUZ5%Hf&2Y5mQhv7E)nV@tCkVgQYGzu1Y69WNrFPKvVdnx_O4p4E@()wqZQ(N8_FQKLdHdPhYDj+ znm_E&XA`0x^WAED96oFM{Ra%*lnGTxIp9LhC0>sWY-X=J=mUP>Dc&03ljj zu3l)>qLMt@VXeSq0=i!0C;t2;Qe!j4Eb8*Nr=ONIklrYnQT8zSUoVmm($w6|nt1g2 z%@U8u%1`gf@hnh}tGNhAPU^jQ;9Y0DDU_Yw=N>J*J?6b$r4P4cOW#oS(8xJf$R=Uo zLYC-a5fzL`Xd72GUCmY@a{#HtHM!$%%h^3HY^$Q1AxsOvm-R#HDWZe%$;R32-2*HO z`g@|#6Mt2Mr!Q&D%iNhbg^P2A-~!qCC|Wy2LNHl9st&`{W^KqL5A7@+aC=s43;rsE z1Odu8a9%{&=3~<=Et^6Uf>ewUZlL0%>s#mUVDJ4T7%PIA_;A>hM^wAFmO^b~k5$#*+9o3DJy{&Ab^;=d%DpKs}lL|>pdlya5=PrbZ9)PYrY`{R*5M8qN?pfkRTqYPh8 z7|a+!JO3d}qz{tH_F$1{Qy;I_LPFmqI0}0(JZI3>{;FyfY{P{TiCsKT=2Og2>q$pQ z=X(sO{>o6zDmp-g!5J*CH@)mgO6O(ck-B^+aFi?i>u z53wJ9;NnWWv4!2nUATbifzG5i+4<^@T4xECOiLacA!T+HZ{PkI#paZ;bO+O=yuf&_ z=r}$*l<1YlEdr^!h=@=dx)G0XtiVIN1d$QrH)Ls{mZo4T12IN)l09(Mer#P->{6%n zIeQq()v$s#tTGTYX#~?i)@k(~D4xlt1HynzdkfLdMr5VNLv{^1G8^cjry#M4@XOk8 z*A1_rj#O0F$q&LxUZ~oRC*kju?nqnQ9rNrvhC-IDuPIbOMG#?-T{Qa{-p!R`O|*L@m^^>%;k_&$<3ik`TIHzY#B;|?rUC~5+x*M; zvtt4Vr^%l?CdTOR9g{5LSDzNh0(MO5XxYrrC5r97{T1#$swVP>P_eLF{>7EhYxD4j zVxMAEq6-vGO}K-)&u_;;enLC3!eS1kG+NR_&ARnV8BiBX>hvfZH~RLx-cimBWZF&% z?!ntQd^`S~$`BUEa!&Nfty1)G!;7`+Rei_zEt&Rkxvg)RU*?+gH72;w@HKtkcgenU zS)evLq`*_%qP0)#&}R7zUDA}2WYPSH!NTqG^*K!{>c1KT#fvfc{+=c|!!Kjt!v0rd zFgIQd^!JV+#J3E@qct06sj7CzhYGftRrbff$d;?%)6!-Apx8sg=K$twb+Ap!l^&UJ z1lthtMvQas#$qVxyh*BfiBhFc_^vfy|D!?~vZp=x6P+l|+?OEbQS_6pdXZZjxFcxB z*&|xNJo!zZtCq>dp&eqOgV=et56&vp_|3gf47IKtL;-^xw|I5? ztAgNDhNCR?PG&qE*>!CCJYMv!&Lb2vTr;lZPB=~K=9wCXL4VUu4jWDJPH^-+CGqHv zg@7UfKE|$tI+Uc_vcvDNKXoQ|B)^-9QJeJ3LodKCtlDAQtw6k~)@1jR{rH(~S(Z<& zfrhEph}NS3p}%t3jrTZWX}``x1d%y^A(gg-Q3wZn8oVejpDeao^xiBuV5!}&#Mrqqb@n^8F*=Tzuy%C$l1DUlG47aNW|Fzs;MR}yDIg*kV}AP zaAR}v6-r_757E6smDP|sH7?DV9d1Zhuz-mK^gBZkK^8|t778;QW@`Jng*Bh^@F_P~ zPVhSpL{BP(iHmADaP-D`X6qV0Ww7MyM`R5&M$NA~fcHmF73itC_*y}81P_B?*sE?I z{UWjOv_}}SV2p>F!ccO?cFiV1F7|hk9-?UqOK0FZsWe6qXd+5H((MV_6R$NNdk$dd zQA=A~CyKsr1}II~a>RZ$eHZbmHCZ$z)Ty6Y~pl z=lCgIt-@FCcd0v+`&D8aGU7&nDT=8Tqun6HB6h0~SXDAwi^9*k3O}y=b>V|#%LBx% zK6ni+4oPqF4>VbFl|Qo1zl~@S^o2tq;Im#IW_E^ z*n{F79mDVwL5S&cB^$i(R zPtP559@sJeVhofo#_;v`j!A?2%NVSt007L!y3W&gF=wdN90l(>`Ddsz@r_0H@mJks z@C6o*S|LGhC^Jd;`;RixyJy-%j0U6C+G0{PY=g`wbQ%t<<8p5S~US5V}Lvc0B*<49Z1{;M{_nBIPnX;lfvzmw` zIu1WQ4sCR!aAo2nZ1pc^9NxWNiJBMdY8O|eBvea&PE(KOuf{<2VhrAYq}lSz7$#Z% z)fnnb?pKKJ#QfQr20!tjS`>bGht`akAne19@)X|1VDGKVE_8M}FGbJ%ahNo>8K1}c zX!&XqW$)Vjpn+33AFXSJ;_?PGC2N9nVu5CF3K0tm+iKEQRAGO|5}yx@ed5D*U65)Y zi3wX@N=b4hi5cSNH>?{=7pfP!^jgip->IBii7(2ygM;?gm>R ziimo;@UU1iC7)4?BLLpJzNYh1AENQ_{wQUGinxI(+@nL+i)mfF1{*{I^=gldE})T{ zFnDpVppN%sV(>#-fT7GcZJnq)scedfFEmGh7UR|h@Nay3Qp(c3>DJJz^V%m+6z&!k zq4TI$tuQP(q|wW4+i?a|Zgy%~Jyt{?oQ_jMsLC9TH<7;TthPodpuH^ zN&Cddxd=N1fflM z@UnEFj~Caz((*aWvJJl~$j-|X9tbKqe!XkmM;kUXL$_(sImnX6+B_S-?4tX)?l{O^ zT?Pv({{0qZf+^7wSAhJs$o{R+HnK)&R?}=$m-`H)4evF0F%dhcos4SejXjbf#k}9` zsT=mBW^4~^u=jXWg0n7nhkTCl8b;b1|Avb08B9P$PlMQ!S_TH%wjaCi?dYAeYygIS z_Cfkex1A~Y;_SYX>pO$R{f*D86r#wm)}Gz^oRheIf{uJ3W-WDqs?o^XvA*rEG1t{& z0@NJ_X`9LrTbK+452upYkGTCtDKf>^-MJjv9-rT!&{1KEZcFnP{y4RG> zbK34_^|@$&fvk*;SxYyiweexgOj-VPXry0{f zdP9H@p`P7Jh&q&qmw9DT++CK|5U)KJiog=wMr*H5y9UMeZ>*)H-B&;KCd`F>X(zF8 zR#PbO2y4mAZN+mJl5@ox+Fg=Y*)w!YB`x6=D5UQsXMUqCcN4CoY5v-ZXRvk(;E>OX zH@SMHO>c5fhN8Kw0V1-seB4BEz5hnO#d@?WF3vWHE4 zcWh{{v(giK|1YbAmeHXEm#;iNy=vO0b?(Jq_PL6DN7`V1eSN_npkeAaYE%i1k^+{05|7R^_%HRjj*~u@c2k-+14` zzMppK8;7{e@Qa2pS_Su+x^)p_7>yrnzN2_VY!x!g+Mw_o6c8peOk2N^#b3pbO!lPg zkk)_hm;lxF&6$ZhIh#TfNQQQeNH2^Xk7)m53lCJEVq)ggcQ3^ zT#Nmdr<=sU%{OpflpK=9vKV2iT6fs$J(j3%lf6q&OINv1c^Rk9-`so4z*`h$w#al) zCj;&#O59(kT5Vm*-!dEra`46vX9dmQ8^k>^A|&cbY5C5P1^?JF;OM*HA@Xm!%< ze?}pxiuX>;W^**NE{}5}+E0Vmu z;I*)SPH1a9{i`tyhG1gO$bwsH>cmWtFGmk33Ris(_!c%^K)6E>!6bzqKA}{0(-X@L zxO6;z8#B*@kEh0s_$k3TwX8Q7pvu^^lcIG^rC!*X&$y)_Ph)1=GJL79^b}*>Th=w- z7pN5#(>9DyI1~FIAD0SY+;k)u$V84kCwuS$J9{E*NkH)9$5l@j+fwFiFmoRn^<%k|>ZrZHJdbs=}u05a&^waBGFdVm5 ztncMnS8v3rF2uu3m(1^f#*Mb^I>*O~7!c0xPpjZkQ1fk89&1fKMU16sdyuG=N_m$) zZ6r*M%5x{7P<}Ng^eJ1#R$KCdoN*y|BMu@7dPI1hrdbQ!ZyAa^bzS~#QtdlzhNu(X z?N4|U?OQWccyk$uHh(_l_Y~nY41zd6ypL zuNBbs3HNx zg|K2Rl&R8^z0pJ?=B^Y4NO*)*?$Y{0^$ItZbxW^;DFWqGxCN9)$P_>sMtre!zc+F` zu66p`X|4Ap-BiSB-DZ)6Zep#RG|x=nwndGQr4G9U@y*fgB%sw(RC>oK)AGrmgc-7av{8Ru4OvO(Sz7MU zR?OOtWO>P~RQBPxu|fchlCjR{@h*7;x(&(>0F~mnX(PwHWfDi^xp?r|SrT(&tW+4m zqTe$%ah6WubMY{L$(i?EKCzzhgr7_w>d$phswxcQYsOs$iLK5R#AXk1>ZX9!M*W)h z!@Fse zQ@Hhh6ogR!cn#i}3GwFI6t$ISBI4DmyJk$dwTPt9W-7dH@*WtzS-ST8o-}jCWBZ(% z_xJ1jZEVMy!nv>kNC|D1DpM)hf5A=`qpjxX| z5W!98Qc%Z{=p{Z*wW#RmFFblqjar3GRH-~XDj2=Fs$H;iM-;#&Gha+MEOAEjX|6TZ zha(u&h2ngte&|FT;QzF+yLlZ2sZ$##z`pYFbcgXuo>^n+^aeM95~ofpsTXgr6jAoN ztl9p!QH9dztNtFL0EK*wcE+M(Rac&1z8>72P+HC5@OV4D;`=xGU-Tp?CK(Ggz{klP-??`P)P36>X(;XF#Hy-IAbucSlPjeZTYumam`UB$G+*Z~d7A=CF`g~W zg;5`MO}+nZIaxns)F{nZ#~UyR|8J4;`){W6AH;HjiSCdv+h@Ndd|?>P9f9k6K? zK#8@Rki5Cm0dIBIBzVBQJiosQCa|y)V^fZ{jT>-YX)N$?9L=yG26v3hG4s#cCJ9$q zP!7$FVZlh+k6?t)C4CIv6xqzjG+#5E0koni@5r$2PYm+ZQjWn{?hdG~`+1maVTwY& zW#LBK-DJs}q-E;opO@j7AlVx`f|k>& zk{le*D)MDom);6I1aBjmL#rsYjNBH!GtSCRqUBja0%&@@>(a3R;ABBj2=GlYpAQ&G zCfFNJpT2g#Pk@04>we4c8$9b_s^PN8J{D3UW4?rrr$9Ue;?G>L=Me)z7hV2RAeA0UZ4}Rz6j`q*M6n z`pJ&ckvV5JN;kP;W+bsSm;E?!yG;T2IVHDk&J^2-YMRgthZsLC-JC`pSL#FBzYjH; zWFS<-F#endNyW`_?&pC8k8bTPpYrGzLx`&#m6SJa$!JgdBJTVNZoP4Htx?n3T(XKZ zFnFS^X81|943zZA_6(qbx7sgQ&Sp*XjxKdbpN{K$B z*OuG;{9y3M`Zv3nBQbbVsqLnrFf1z~FLKo0C5|2l9ni9&K&^g?FrT%2vQ5HkRu~2v z2H&|?t@DPPdQ9|R3MT4WS%!9S8M6JoU&}LiPH?tbDSD;+l+0iae5j2Hs5S@Qo*_9i zL2+^SRHoBq^E!{UDdtP$LV8}huM#xapH4_Aw0sU{Lr4*;@Qd)-Os$rYOSmN%A|#bk7=Y} zC%QX9uMS2NrK0VH$)LgLWW>)+B6X)ffM7VA*|(UHSXl=YmQtUMQ^|uWvg+r3SC@Oh zXIqM^JB@{kiMD}Wo-R@MiT}d#Hk%%9y;m`e$J){7+BqVB&)Bt9QaEO|&bV0UN-Cg( zx41Pa>}x{{YdkHivW8Lm-uXo~Sexvp?rW~4U>cg0MC-3>ZK5CE&NvtKD=NF-rbqXM z$u;FNC+?aE5IdjRd?kfG$MSw~c94AwxO_s0GfqyqMN_kIhI9!x3(vN0oNqUw#4z8H zPiTv8BL3V!%(e|FE{QoP)76P~6PM^}yTW(QB^~4?MS;RMg3vr`dlqRZPa^on~rnD^i3uor`6W*#!9Q+Gz4d zfxMs*uTs?M!|O)$Fc|X9E$^S_)1L%s?4)I1^Z046_-*y2M#u5=^BM>do*LXNbH9N~ zI%j5dNZA!RmZ5inGV)<|G(is*9@(yWvLx{x-*Zu$IxiuNJ;RVA$5SVCAb<3dfkIZH zuK$LW&;5{*+pt#JeqJox#%<6CLJZ6M4MGa?^8uuo(oAGFRf3Vac_%`R)8Ko6Hm)M5 zYNWtufE{ZqecOZg{)UklLW#ajPV*g1V*IOPY~n{^SK-(mJ-eehJcJ}CNs_*r(VY9# zW(|Z-3*Nb_qnr=n-b^^=S`qmEOpc?v7`<>l+aYB3b7GIBS3=)ZMVOvWD`%3q_TpBv zw>C7qlN7R6awG6- z{v~yHKt5YLG%-U3xE^*;-){jD7vQUgc1rbKsn)J?vzh;*y=#?5k)ne zx2LbZEsOak{PJy9Q~y`5_eAP|S`tvKt_+`OoCOY_)=5>kF6PoD2>r;6RLd=-p`YqJ z142EQu8PJ^cu1W5Fbu6*vgr-MID8n!gNpkhr4Y&69G`f5R>WF;wsGL$uhEI99_{8 zL!Xul$-TLrRw#)MNPt-hNCH^Y1?RIThEPeZ=_uUoak>ecjK27B4xggLe!Eip`pIKz zv(i|~%U<{_yom{n3i4GTObTj>6s;)Xa^{b`*zq^ zVmJ;3eViqKh8kEN(IRh7#cMjgV||rr7W5I9zCsndHg3x?M5}F^CSiM#p&6DPE1{AH zQfSUz7)gahh;dltR3W7T9@(Pd-Pg0*NTMHeE}x~|WBKR8^N0GPJwfof8WnYg@c3cn zd8o|vzSX@uDzgr*%D#UMt>5GytP`AvbqeOq z{J467DIqItCz&~r!EI*A$&Py$0>cmd1E;IGB!xTH);Mw=uX3^md1pDUkoggV zs2KlxybD!KkvQd17qz)7i3wRq7(K|<*2T61nkN|I2Rws|#@TUgTKk1Hp0JUASe^b( zRT#e_DB2XV3)6P9;!5YY=tVMrOv3%xhGLad{b`tUuP7=V-!}qnm24{HF&2!IC1%=1QB83%yl}6Zk+HQBVp8WKXwg3VyE@Qiw z%0rh^gKBQU7?eoLsGB&>dmxIP{ccdVO^ z3_e3!HQ`~%$=|7#gSv6!Gm82waqM{1&qmTQvJ{ZwVU*Tnchb=y6t0U;Xl@pIJBD3N zyE4s3DmQZQW?9?Ltln&>M|%Jt4XsCcV>Q)%OSDi-sc&kATB8$+c@|XQ8RrA-W!j^n zPsO!n>$Ga*ATvB8%<&bKqna$j^;a0*wM;>ibQ7RHQe*c`O)apAdRyK@WkBj};84r< zeBAi~+FkS%S6fb!d9Yn15rYhw2oaoACR=^?uGit3a0`@)12m z*BoSMYw7qnd&mewdWM6AQz8FK#?;TT6{+BWE3jzQd$iyUUWCY@9 z@7r!Eox81>f2yBxGHJ+9(a4WR4+Ol?DoSSfvTZ^$!>hN?4&nLM>)PZg9SD@xug%<+)*Ee49xgt+HFp!&6h)M9OdzMCqOcxfuQ2Y08ZhD6u^WqW>+}eI z@QF@L(o6N02JQDT=&4Smml153k$k_f5j$8lt{0jbgc)Ks8^MEm*;kNm7(imDJz{o+ zPZxU$hkKiR=}LynIP9n?M8Y_Az0i><8;2@i{px*q_1F&vtn7gyG=e6p@yHv8n_%P` z@DG_|>|7}`PByiTl}ZV)beFrO*tk_Z$%NdiKDtgp?2hlP`_M;@hl%F0$^x?OQZ<`aCf2n~_7E{ML=P6kCnoJAxg?I@C}Aa&~bt{YOv1sJ?c5w*CF#oGsVN`WK`lI z&q`d9V|jGh{0ZSjUltn!(=C6Q_aHQ(GK0*3Aggw^j85+%(kg@5As-qWHx0V)dp&r~ z$aYp=zDWVj`j%`=^J>cGYxkhi%4UU~w5!N;aW;nB`^wTt(2hlcfp-}UTljJQJsaWPypm+c$n5VcdAdrE=>L=IC=0tc6;^yQzhCyMjZ|kEU|!k7Sj1 zCKEH-0jj}eaBEZY!y(SGJiN~C3ts&CyogV>VNh9#nB4^s^H{D$Bu0>ZRau8!k0Wbw zs{1v)p>st_`Me%k3DKi11H0RO(*=4=8-Y-0Sxlp`XM-U71cGCxO%$%m)SdW0spkPH zMcKr94{}0}QtqUy9d`&-5rQ02tMd6#5nBr!ecUjwH|n$ssBtrFpp1q4zmB3ulh(e~O=1x3(A;?u6Ia3%MbVOwo@ou_+kk5kd! z1)6zl+jks8@v8rPB85ko{p)O6_YTOZVrh)d{ko4o{J;@3!Uy+x$~2VOa{X_{m~1J0 zA+Ofnm|tt%l@wBhlE5}s+p)FZ&K*(0PraYz{EHf|q;IMuR))1VMDRID z9=_7&OxBibADAe+A=G?q)n3O$M0p$EW2|w3Wca3At`B)WGdnMylNwx8Oeo*@N$*;F zAqqoLrRbh$=Sj=(yg?YGBsT~?mjy1}HYOj862Eaefuy6x_sN1OZ2Sj(tt%sD3x*r| z$UsMhLvkm{*=<`e#pfu<;$kB%1P7JiWvKoyj;oBXjrR6sJ=DhUZr?$SVY77Eg71C0 z*Vui>Cm=#v9g@+1n|EIb2@-ttVa=`n+N#V9u0-WTp#1TYXeVGk@GD*T&v~&#O?4%+h@TI!X1>~bsTL~2D?$xt}v!C902z=`euWX5> zW8M-7!Ip!GK?pqI_x^5ECEGvT!OwuPK_%c$kz4PHP5z!_T~8k@A46a2LzTT*Ti5s% zS5pL{RhwocQfcbulvr7iFu8kGVN+>?^2K-U(Y1rKK1g1*eA|-W34?x&53yy=(m+%i zl|tDG`W%J##qEuy2Bv4qiPd?hug);z@)k+^s0SOiIe$ZtxISV>wiqEUb2l?kcDaVZ zfm1n6E#imhwp7W#>>4zmb7T<^Cn;XH*zAh$NtF!|OsqLWwVZ)XWw+BOz1;2=Px1f4 zIPAZP`5roMAd`R`CLpP9DJH&MAszfXmdJ5@hX$kj!n6oRP^|4w8`9w%vh~+tDP*7A zPOD; z{dV%spyCMU84n)5$A-00r;RGE-(l>G(k$aVt=rHui1D+vo|f%?5uYwW5QsXH4^xZlL6w|=>jpK`L6zw_^xBckE@@3T;GevY* z^#bbF*kx$LA`X(DO|g3FLBj@XouwTZbO2vqG@3UjX?u$}Pi_xL9(Hp$di(-kMXq-i5D6`Oa#b4rT6Vn3vAwyAdrGg(q-bg0$I& zZRDz+)BM2vS7Ts%F@`_B`!4&>H%5TpV_+!!S7V?a*6|*v?#vh`P>L8VIR64^ncnz4 z&h?#tL%v&^s^}ecpOT`(3W{;d2)xEp=Z2XK@sFQ=Z}V%UN~LDIc%iaX#6yb9dR|pu z>FKXM-Ye=ZbS*C+bc9Bh8aIN|pEhtyNrZ%?uV&$t7T*6L29q*|hL*s3{-CTjd`$O0aOU&FZetnRcoSWAuF>?;XheqC%)ArajqR+}&qZxEuh2q#(# zPEpp+Wj5z`eFu-`3t|Dj1&F5XD{pC2`~qbcR_mm(9cU|6H9Xf*F(DZfm!P~qOCODbHhpsL$XKdotL^7FRQQliwxhs~ zrSCS1mr+l!smOz9dRv}(MQADe%U21?K10*fjflDtW!Z?-2`R_7A`bz_ud|s_}Swl`x)LO zF6regAmu9uP^Nj5uPMawm_|p7YRuuI_4(qkN2#AgR?v~zXMWPz9dwxyg)FWoR((Y0 zJ-dP{?fRt3MJrcNoc;#80Fw24Q`eQ(w7E?695;v0Tap0Tie)}`I^yd_!G+I9+%R~V z;VE_c>F;>4b@^x=uhlvw(K)p?@l+y281M}%z*N1ihHG+Lm$Rwf)hCsha4OT2TZxTN zHjj!-s?aH>HMJ9av2KlmoAO5%S!*o&Tg3^5!%#0a2Xrk4AtpW;9VXX%%MLWScQmDk zlZ=tiS!^+kq)N!Im3H#b@e5UaV8^co-g04gm2V}wi|fx}@@ed3u|}IZ$pVKbx_$Nu zsU(D7;|_#H0Ax|cW;8t{Je`NRwur*rS9k?%l3vG_WMzgR14!8`zS_>xDQ=oV)QM2)4}h#V`8xU)fisC7(@H-#-RA)mocdC z007Ea_Kvtt9%{v7^GU&7(UbRD-Yfjf4yLZKI?TXMp5q2v&E~+yDv-!uynH&eXfA=@ zv2nHw6CQ4<{>V3_b>v8)RV^~#i-P8bh=(gdkY3pAj_X3U5>eQp2D@8ARTdF~E@yE6 zN%=IW{lWY8L0v2y0kq)0mPRJu3!xCHTTNik8nhN2fu?Q#UV~$DO-LeB*iV+lzj=`H zOu!UBcL(h`%_Lx&f4TU~{$dP&{Obs%#9yBnlnwsX7-pm;)2E&_erGmG8&>Zp_Jmz$0V}EY)lC3Cp9-1ozl(NP0@7G4DGIT-aS?o{2EIsq5SG50uTbN%v8N$_ba4+2^(d(w7hqd{B>!=Zzb&LZOMo{ z#atUSYBpA|t1irDdN!nX>Xa=HWhlSAiodS$l&0uScZ~Cu;&{dUpx3*>_w_P>`$>XJ z*=aRz$C6iw{5~kZ5`w*X_TDifGOD{)n4D}`u`jrpw5{^4--NEAigdHsBxM}EdHvM& z@z`@w+*u4Y&Jd-IMd^(7>vDg$j^>6Kv!XlPktNf?2{rD}e7(c4*E=YPPwtaR~+*-RzJcH^b6&8jX@)3={$aOWp%Rn5L;Yo zQX1bdUxv@*GB9kDWR5;uzQZkJuXqut!6XHK1{7r)5Dv}9UL_5N^UZJYma&~*?SaRT zT67|88AqmPEIapw+b~A_KYX2KSX@i6u5ot{9w4~81^3_(B)GdvkPw2qy9OsfaCdii zcXxNY13CMivy=VgNB@1RR!z@WH9ftmXr48L@r=7GT(7=)ii{h!Gm=K8k<;3|;X4?H z#n}~b;FvEy*ppDaGrLRs7$j@W0rr7=t&ONrxH|AIz;Gea^F7Q`yRVHdUjrvZH|4`= z_H%?)w@{0I2%~qHiCa_iCz`x@P0!|X!HygYO^5DYl{u||W}__Jk04!LQr#CzlUpIT zKGbDaqm$Ia6dB1Rjul*IRo897Znn9~;c%_V*rqd<(-|>loYY#9L4_xJ$u{h6ih@_Y zZ{+73{hng(Z-b;{`y-qWSc7H+M7Ans=^Pf{YBNlpt3Vxm6ugW_XF^+nJ8UtpD2!dW z#x@Ffp6UnfS^Y*oU;4;X!<+jBzkI@UbyXKy=_wTLe&qusF3`yHhpuQX_)6FtCgRz^ zQ1ct4A#IPS3Kic3YDV_cj3f5ZME+WN;Ul6P-@JhqQ2)4fAgV(vKJq7;V3Y16Kr)cYSif{e?lmTMh!uL$owjWseR@xge?MXB zhhR<#ol&{K0MlmLPpF^QRoQ35I)_#gd7RHiXUF2V*nOA2jK<6L5jN5J?v`mWs1E4B zH+^=pc@K$A2Tltuc+k50hDZTRY9rAwtC?(@lNb>**4_AKH^|fG3oAvV%tb#W7csXp zPkcX$#L#s?u4kO5XXO$}kWHZ+UtMR;TVm|~g+rPWJuQZ%_(8;K2_S}HH_FJX zeux{+GBHqF{X0r=VF4F7vM(W*x~REOVVZ~k?*LU%Y@OGBr?VC`@8s~*^r1-Od{tM3mDZlzJ zTmmS6NiXcL>Bair!BQsvC%t5x{%3lrNPMGZu6k8nzw6Q&WVOLw7-RL&epP!1Wl~oiHdU zjU}|{)5RAN?<4>->~9A4{B6Twe(4;_H4p=F{p>u@Q7Mm`Cd^Me;99%Ro3dnj{yC!-u!I7EvQ-E830$_Su`tlLF8Q2pH#)5Q+Tb0?ZF zED+TXgiX?e+(b@Y2X+Zxd~?N;8dh5WOjnp?gX9kZwO@*{7i5^xf$v}Uc@lxNYsFU^ zOy+ClxBAP$YC;mTVFzBJ*Ox?NhCJN)Z7m#4MScmhzR(Sru!4;ji78! z{1D#<``K;wqjE{^hMJeDx>B%x8}*y4B7=WL>euBk>cIg>AzMaOHtgH)scLJb1#g=^ ztyt=|MUSF0is&56_+-bb!gmSBPb!nu3^*yP#3N|&mHr3uU3&OIpXt-OvW zB4)uX9nCuYTdA_pWicj}y|}NT@NT4F2)r;?25A%c?YXy;Ud2gYopS}()LP&TwpA0b z7O#NU`~xIA@FVQ0Vr-=_b*6`RQf|&zvA_bEt!3Wv!W%;iuc=Tb%$a#WWO(TzOyzIl zZtkskG)Iuy)RJ+4#pFGA?I3V&-_JJ8N_>fD>k=05yWwpE{9w*aTu8hZ4+WYLW@f<~ zH;mBUS30^HL#jL|pMk0$=nwhm=_*+$Ty(1H@GvMkv()Akd4>c})o(h2EY1TK@8>2B z^S$qTlml!@ORO)8D8ybAKE9-LB;BRRh}n8lMibKb7^K-8^$RaG`#5 z0fk6APB;Xw`CtSly3jGXXTms5!0bnb9Z*=azWGywOj8MTFNw$_e7NbpPVTWY;a1Wq zxUKx!YAmF%!x|!Lf>&wf^r?Z$3D^J|9x^A;5Vq^_tLun*FhAiD>zYaDl4jyL9gXvo z#2feiy3Z`<7kdF5O*j)#7pxOL~@cnv*&0-(K zNcao?85w1*#~)gt0`FS<)N_<#Cb{N7hk<=*bKU((5c>MqvvGdawQ zV!n11`PDCp2nq@WR0>m6#={Q`Lv^6$l9_nu+ZB|k&SQ_l5WfMaj;h~_)x;sN|LrL9 zyH)jj`&X;`zgb;;ReOL{{@qurFC9gGStWh3`usf%UP_mp8%x{9ngoOseZ=!4lm&im zv}VZZ!7yI%u2lYuVJ{TQ zmH$Ke-GB0Xhu3U{|8M^16y;(X0kmjBLH|KkhR(=8GM z5Kv!6&e*XF?gQ}A`;ED9$+UY3M9b)ad35V#ga}5Bt^kX=cR$GT4Ht@wG+Yl`@Xf7; z1CY--V-py71|u^I^7v06L2&K^nc{!MG_y0tH6=(BijU5Q>qW|>sF^$u{mmrd?MQ7h?m zrW#bYM|!&ak9H*81J-wD$Tl@z9q4)b-%n;~Mfx;0gZ6h>f&)6A(islYVX$muD;<*% z+}vV1WWl#DOEWgN3daQ=eUSDXt~gzCYYAxna_D`nqm8H+3Bfa5 zLv}Pa;S`q6vde1n0Y4MHoFa0Mct;VwA6=Ce=&3JPi{wRSp-bZxYC$qnNhaUmvB!QH zKvAzG9CTQ#V#s!funRV(#L(~5-C(K?vg@=Hck`l?IbD=F)`r*0} zG`Ddz^Q&kp|HicR7h6gm-C6+xTZg2;b$SS+i?wX%#EP)|u4^HLZ2a4{Eu2c=vwpsb zILBayk0j&w5oIp#C_}mWdadiR!@sV*>x3?xb@?>T5aW0x9qwOdgKXc42qU7u%!Wj8 zH-B6W&g&8WDGXg(n7sb-)=ElWbSG^5zK# zuB*=ww5oc#>b}|D^M;50uz{bd0k3 zawpE4P*$#FT`(-&$oJ8UFxPYo+|(jv-ovSua7NNTEAqHi?z5lIhg z`!KrPCEqqBXzn+wBbuZmi)r|adX!X3EatmU@P~qCA zsJn8P&Dl04OAA`Al1AUL7g9xP3H-naf!o@j$V_Q7SwO^wip`+&9HK&V-hPUD-Sjzl z1@rD8Y_`Y9J!?IfDEfIvOWQovT#glf3ieS=YGTUO8&k2z8O zv6d_U0?PM$-KB7#tQX7JYk$@1*H-_?7XQ|2?R!Ap5C*iRJrDu(z{-Osbktt1n0lTO z;I)0+8fam|<+#Pae`mQPFya!7$Z6x^oX1hVp%^MvSz^-|-^<|5((MU{ zRMY@^ca&plBvl8D1!Xq1m+FkYzrik8bQFua&_^?sdrSy0Qn$IMpUTlVpzlnd{6vNqd|@#rSEsqHGIHBY38tP^V}kyyPw zw@Y?FJ6aJ~xw9k=%^137*yQA;@Ovp)8D92bVfgg-9h;)G_ue{MPiMAW2APp458QI= z#~Q764W-mkot4TKKZEVooMOuqEbD`)9;!!_3BW<|yM%_Csz3INX`K~+Za`1c1-hRj zTio*;^K*f z@Gq~0D1IqG#ASajBU|duX|zJYVLcEzU4Y{^T#Bv6B0}b@AT5#_s~4qBB2dnJ{{s?H z>8_9J(#FS(yD(4DOu(*_gtN(=mabdOfIdsl`pAq8mO;pwd30#Ip<*noGA*f6q*)wQ zU3tiX$=g6NpCYAJxq0Jg0c4;CZ`o%u;;pn^${9zsY`uR^uxT@=aaK`H^`4J*(7>@1VH1E;a4VB^R6vS-sK) z$;Hqt?}p?RzToL77~(oPJU%~?9<#zO7Ud-q)wSzwt0!!Ed%~(8-cWVQi%=dKt&`7$ z(ZYR|B4hGU#MaGae(sZP)bpakHlP>hMnH#KHG{xO?hA5=A{@e6tFgf1y2+mGN#GVM zGlLwLY*(DpJD8hF5$fi??E6e;6hepa5q}&x_U$s0Xk=#45Xx9tl38Ja(T{%TdV#)7 zkaxpSY~cvLcX>$rw)aRgmhUDDR~A-Iw1OwSPVGyt6Mo>j6(EMrc&$&p5B7@_<^PZY z(dw=BhMhl#`w5;8$jIsaNS;U8mbf*>08F0%Y?Fm6`r3OGn+a#}CsTw`%P7zrMZv5C zgXR%D%H_0{qf=h=_s~s#B)jI><3I7;yg~gAdj$=SKdsmQ;8$<3ZH>GQaeM$XnB1HF zVgGKTwc0-xWDn1Q`6%|Htr8jaxI5>B0g>MDl7^c^iNIBn`y$6kMax}gn(Cb=qgGXZ zbpy&7ZDPB&W+Ixv`)aeFQv!0GWAuo3=!v6KFi64nt2Es@2+Jl2f(oL6}4<`bT{Qn3kNPTAyw%;IdLU!%hy=)-Ee^=+^bxqGaxZyiEmFJ3Mxi!0LQ231X(nA+|W!FU!a}_Op4Ql>9B<)Jiv`=m2h< zuVlnSvYsO=ua2h8C<#6t{e){`fsbEKEuRI}{Vi!nSt%Tw&fpW1xNeG}uX7hgYKQ%Hh_}^+|?$;XG{NK83u>Ftj)&tIkWS-`& zw7NdpC^(sU8H%PofSmDP8SM$flVEx3bd@Qc&h*RVCPO5JBk#bQV9AQlDuuo#?I zaFVb4iS8uWiLf&HCH(L+VQ3K)WO5X&`d|=32-%~K@kp}=NYU2D`!blmKE{R)Qo~0Z z!|CjDh)wdr&}2bFSu|jTI%G7(U{V8{x>tkGk9O?>IDM$WHsOM%(WExUoU^w3k z9@52uHt_}o<~t|H*!-7Gjow6p(`cKD)u!CD5jIJS@iQc*cE_gM(KwIv-iEw*slu3U z4tE;n6q-1XI*!c}_y0%?c%$r$gQ#0k=g${?d2scU#MqwV<_gwhvWYZ7Y~~DFwN9}5 z%Mx&gq?%P$r;=ULu%q$HLoVA0??*RfN#XiigYWx|O1@edB)~)tDwPXRx|8{m1m>7o zHiodNMQ8>Jd=+)pUD(&(0q+yyWhT?rye!kssR8z!50j_UdY`%LgJfcoi7$L`l1iCO zb>z^@*|je;5)x5rFs^kh;iNG``aZW2Ur-R#eA}i&159EpD1AAE)GlE6D+X0g&d;** zXBznMK$9F_84dMxcJ)cMf#RMx8AUq0-qji_<<7EYj0=i1b+DEI4`g8J;}lIrwaQaM zr46isr4@6YXW{z%x~S@R_(TbJ{9M=!WtQx%zDw3i{_Pg5K6v-MNz9j&Za9_817F5k;O{Rwn zGPF=oJ4`*IR#6OL@K+?5u4H0=NTo{&*;0IO;M?=NTTg6m#mzj(3Zju+h5oqR5rp@A zo&|?ONt*d{O+wCvkyf{T&LE>-w%jsf3dS1K15pEb;%rbh1K}?gWyd6B03!qLA0X|K zG`h{1ri7FqlK2ZS@>oD5&4nq(Mb36913fjz113&BL@dhm=J7ND%qwwNxOl=SafM_@GALBR7l9!sVh3N*kC_yGE>m*k9QDz!o!%; z>0J_k9NdV4TqV$8RFMnI>m3_x!=2>Io+&gpB|?>;)1EXaMP!D+^gPSB$u+$kBj#0Tc}iG&4N|4e(dy-ZicX+1+ERw2IWo~019uHN0tZ7a8A2K#W~Sm9+H^IR zPp^)bY6is{n_`&HeUtTPVzDP3H104LTJR3AH31*J*lFi3NCb_KRQA+a%vyn6fJ)oF zp1#C{AgMslFG6dFguzt4IFl~|W{g-;pdX*W`6{<{qb8Y9sOz&7>Yl4ub%4T{CrC0& z=GHO@gDbrP-HGYs9A`O)MJ;$RWHlZ!-1zWy{SB0R+qu(mbr{Mh5J%fQqO%y31mje# zZ!UE5t<^_chp2%YS>HDf@hxU1bqX!_5PH12m9WX4v(U_5Rt@GLxgt}h$5?x<`f0Ek zXcWGHi$JuY1sfskHdeb|c01dn3*Xk-m#eSewOV`JYUdRV4Sk1-w75cU>!3iBq69H2alfd zNh5|Rzffp<@|ZH*!OcSOb@b4TUYr;)?8}x5)nubCQZ~!(qC_jfiE%=!KUasOeOuHe zpUUca5i9;tQ^00OSSqsR{Au%3{jRuJ2hJM%DRMmm{RWBdkngdnCNb<5?thYve`9;sx@`#Z zFt+xp7Xpy&3ZAF(T#p{ZbEZeQx9!s~Nerrk2Zca}XOUb2v3gdne1>UL|3Yr&WE37D zpWYoF=7Lnvxc+B!Gq)c?G^7EEIOUp1T%4S#pPrlGhW8{dN~=>2^=RAAeOAyv0h28k zHypz^ON3^FT=E_0f#eS=HHzDELCmik&3|>~6mR;5z;YFwGemTV6D_417aRwyybsw7 zMk0JigN}b{@g2EcozL*dGKau=%*H3?nzqm%_UVdOPmw4N9h2-GX;?rnLIZ$(B zcEROzl9SbknH#Ml*Ic%br=MXXjh!jF3jwbWEEfv*YxP+-Dh=pm!{TYviRA3@qMQtP zVpVRY1+Wc{D>RkprZZ`3&ni)hpS)g5!QlUErTY1`QpNr4RN;Rr)w>S?fPT#{x{GY` zSBmp1<+q72FZC`Zwk*zv{G z3lLD;yPuoy^YZpR-sMr~;OGS)WT|egf^exE$P?v91X0lGG%iCzVqt;aL81MSmb`ls z?fb%t6Wh~ZsLFp+(np;Vb>+uS8g^qSvk;@iR;`swmEGsqp`0Foi{Wc*9v~NiEZKc3 zuMl^_kL|=;-7_^&2q8I_t#&RkLAXqyYFEOgaKdeyqgPd0kJf&)8TyeuqS{b@ETXX# z;V2?HC0O-2ElRC}Y}kMQOV#dj-SE+rzZ=qrqS<|j$1Y~NT<5iF^~9%E&536bK_Y%A zt)Gt%%o-?|3*{6e4)V3~t|2cFfy#dPfLsc}qPkKkwO(eEOq-I*8PxDN`spQ9i=|J^#*Biv>Qc&W@Vyn+5Qro9^K>z|EkY2y zcb14**SBdbN_lJ`P6+b^B7DFlUtb3PBuD1&yiVR+=a0>$*S2YhgJ?t*p22tG@;!a! zIay^7mbcyyWLNftqM|lrXt^%)@+7Ol(y*JXLv;uz-Xs|sPI z8ouY-$7e#OX}HLDs?S{;1edgp`1l$}87{PQK_8~us6gINeOB79qfgO@yOD?{l{Cs2 z9n60R`LO4zu;P4-`UsQMBLNxDoH5w)c7cBh{!4AQh(WW!X3CpcFb7$#F8R5hq)qS` zi5NRalEjVZ=UzTQ2}cTgnnYuGHIks zP>!Bah5w1nTbH5`O>}~Gl~UA9Bj{4O;;F_2Gx+=^QVZ~>)#U$glm4yirA<1r70h?M zNoIV<>4xsro5#K7tjlLZew-krASK3f1XkzOHp~x*2rR+c%%LkdQl{y|A%(_9{@wDt zeqzm68kwgbfHFpezBrB{FmhPEa^OS}gte)@a(xub})v8?V$eHa|18p3}$dq20r@ z1at5LFR}SunZ~<>xPkCJodt_Mn&j-~9CZ;jSTGMs5-Pw${ogM8fM?p131w`KK;z^k zO8#=ezQ_5l6QiJaZt+1?rFc4gb^h!cD+TSpDYyCm_@amp@wej{&sPfapAO@K=h*D+T4hDYyCmJW;jm zUnyR%l-C)$FNqH@^%gK|^yM=Wo`3m_{_zD&{;w48R|?{vzPwPL*>wAVJ(0=hzfyc& zDF}a3J{Z6F@((4|<*yXqR|@=pQ=Zv0cz*ekUi?>z-zx>~Pm1j2i!c9B@=E?n@qeYj z{x{{BO}X@!FNTYMr3AcEVE&{idA|7a52bJEuav-73iN+dp4sF{e)$3m0r|JR8}v$n z`jeuL_~Oey6bs0|Qi5M8kpE42W|NHj<;(TEzfwY8DG+~BwC`VbooK-?iX$f^kR{+o z!pr)->;uxC~8)k`=AkC|JY*x{~3+)C80qy=Mqt6*+tB;Hrw8_@<|IG zdT$=jDMQn$eM3f4xjk)**b9uHcv1bgT#&D`*u?(JI_D(ct95~Y7oGO>|5$GWywKEx zvO^|iKry(6FG9o}mlex*{=%IT{%dSPUt^IBKaijqM0hSBBUoF%A&&8XA6T+8^H)0vnK>D}y z(x5eWs<{w2mL^h`<(JhxofPlhzP|GYT>O7x_UC9V{@2~5@Z0VZ0PHS6HSjdSZ15{) zqkyqN=YR_5W&Q3s=;nR&i|54xzj+Rr3;N6Ri*mqNUav-SKzCxorCgOr>5xDi*ZV&0 zaj>mbBJdUT?9g;X=S+g?30(cBy=&Q9RZaLe0ezaifwA5XG2fcni$eJKlnWvaK`Pfh?)6!~@0P8#~W-cX;oiZ1Ide4*3)}ChO&ZZN?7Unw`P2HCY zQ9DR!k(unjpI31ohdTJcmCNJUhB$Zag3{Toy!piI$HMw_3DZVmh2)5%kXPg&=RHnY zuQg{Ex}@E_wj0j_o`+Ydk0A^hx>Q73X@s@VOQgk`OP37E-|I&UEuv;-WqwRo?^4C* zI!zD<&(u#VU|ux8CvvSHF8n;ZTf(B@FJpc#AsHZAX)-E2w!7a^DXy4TcWHnftxn$Zen`|{2G%n z*>DHf!jz_%O8VdzuZ#8L;@AVhZ9U}Afriv3JmCth#uKtFzV%q2}ZAQlmT8?KC9t=Sa* zAU9>P{uyUOU*cRU>3Vc~LF52w-V&4IkpAGr%Qb=0OF&Z7jE;k+5)YUOwlgNbdBG+7 zdmt%Sy)<^$jnV2BjOy$jb6z=DByEl=ZKQA1SGv-WFXwBt?xwN;CCC0z-! ze4=(P8XG-DwwYq@GnPQoGyB8scMb8DETPT!Udr*svUx*~yk>#J9h#Y@6zLg0?!@Io@*G40%Q9}W*^+;nDM7%y2UYJxLKbzWFRAYp7)KjoqZn7?@+2?X{2q~Kfd_5 z$5kGv^&-B?lu$siV1U_Sfc3isfcf9YyhuP%>c1u6M*klP=+g#BfVVb(U6K_ux++mP z-&qe46qhB6c$qvbo0R-dp7nd>!5J1HD-CLNrKJIhg8A~wM;vu3&ojh|kA6(7MpYK?~k%k|{)RTFb`wIT9T9IuM|c`u7p@g2z!VD{HM)*&3Qwd@JN>UYcswcl79%Zj=6s}O(OC8(#+1vVz`Spz&IqID*8T;r6T zOPmJHP7;W^hJXkk-;6`rPf4m7C8DWgQU!fQx(%tLB;)JPMr znmxpjIq^97P|FRlQ#Ww%zH0ZyFeoVa_F>r&ZqGStZhno@6BGex%djxU=krS*9$3AJ z^>Y5Zc}S_ZsWxCZ@M_(`Q2AD&NQ+2oXd+peEulm{@Cp!3%LL83R&(@M_`dZI*0g!T z)FsTA4*Q|+u-oL&C{k1&Q|VitL$ddmvd^9c^YPv0S4B_Y1mT*Fhz=X4Q?(*ie4GwY zHcrs!^hXG?-{_%XJ#8;QT4KpXv5}m)jfCjD$>H*@mhXJbtgH9veyp|{wZf0sh^@)jZp5lHw-f}j zpze~Hi{%T;we;r${<}g-F5rT8=f5 z_aISbmB%Mm$Omv+Ukt+JWCYr%MRKr*= z8}OTWCK!D< zLWQl4*)J<9ts%L@$BYh_k(*Y-w9#b81-)(4w5>ObN$Dbl(xS%A1SI4+6jcD2N-w8g zyx&{d6ry8eIddY&5{AF6(K%YnE4pN_n=`V;JXF;n0d(kJK#nxK&pS`&Xn7s zBSEH1oirB8&zszQE^{`g^)EuNH>!&OD)pBe#saV9j{KkH&O-;FL_DFQ{#EXPDE%MG zpSLGsUkkOze{0=CM;xiW0DzK41vm$OQOuQ8C?Hi}px5=gVgi4-k9(n%&i*F_>p9Iq z0HBy2#5~c_@ZoQ5pN3s2cu&k}B?Y z?aFfXVfB;;>*V|K6oY!Iv$TXqL9$uR=egniJ_;F^_2ZvyKbOAxxAuxtp1Lbi1z5i7ReH#Luy z6T9ykezL#l0*Zm71&>f4v9UDs#Xt9rAdEZ7*PU1vX-$3!^rs9cAVNT(U)CRiM!AoF z{kVQRO?ljY{kQ;uHj4rT`rF=2(e}xlSgtTS1gCLGc9h<-OH&i}OJg)_l2ouE9OF)Kg&}w>XJQ!AHtn zf$GdNt5vC7i6m+`t-_%PQ51mA1YKa`pO!tnh?k+2p^^Vc!n{_mnB)2NTfDyoLT{jy zR1JMx@v)5OJtm09ARZXnAe@*vsvk9DGIjKQ<3L_^;W!+PG(ws3PZ7y?<}-r_q0+-oXfnIuhB> zY9=G-vVPo3&SAy57vDNyp@EbEz?bz0Rs25jl{)hqb@d@@_Ee}>>01P}skim$&y;7|+mzdz`H z|8b=>`Qep<^Pd!~XKmu0|Nn#TWi0!FHQ)yw5YW4kq=D+&z0>A9#4}9xDZneKDuW~9 z*NCPl`!Fw_Gt|KV0R-lC{c%`fIVt&S6XZ9W*4U>2&jB{kXJ2iK{Lf*-GD53Jv(zwQCHf9-)Y(4&9$K!G_B(3IL}2}<-d#W-lWIA9v%XV+q}un$B>(kwow zTI8%K3Oq;JTBOWd!1~>CJC0tiq9TCC{kGVZ{y`C-FTZLXFvI8jsr$AngF$5 zb6m>PvSab7+p1|~dyuWpL2BiW_pPuWhE}^TVLl%7R5Wr^oZIM(@H;XxH3-3oThZjt zW`D#g(NbVlSR~5mp_jf%A4}NaIa?3+)*(18Ji!-5El!1*!5)Ric=}Oxo$0yiHSi|) zR^6K*=OqA_fB*pG|8@NlSLR9S*SK>27T4~VxPAld&I&_72Qy%B7;HdLu+PBqUWi6Z zF#mg#@3)Kwj&`5+64IjIj@zC=UPB7VXcbm~ua!@(%U5&*agaE^t>ZASa^`QJroI`y zzp{SAxi}6qQfmo<7c!E8?p6)-d4EB?n^saxys#nwBkp3 zeDTl=(*)t7J38jLbxON@ldXz<2go(bx=Y zm(TcFG-&PBwC0oU4OIu&^vIhat3!<8%3ar(#ZiGFrA9oofjkBjrnFMcJVp5~b&2oj zIE`t;y1cUcRwhTQ_|v1TXHQ%3II#9LBct@#X{d;TN9K|$ZSV~g3QJ%PoqTjP_LmX{ zh}^`n#HDGo7Cjwo>NR^L$Qaa8R8LC+*%ww(HQu1o*q_Titbcq2c6N*2l5d)-mMj06 zC6f+>uf`>3kQF6Yv0LLUJ^TiajylL6?ngWy`(>+^)IAWI;K*YXk>jEti}Tdwhbu4< zSaCi!5f9Z{OB3w{w!$J#S!?HSKaC(j_0Hz(4`9(3Kf9r;)OUTGe3%tlHaxXk_&!~u z-frO6yuu6T!)R%~;cuFn^g~TaMUQBl3H)o$=L%4W&$FfTv*K7|zwENxGIbnZln?ra+k9rh}qC^NEdz?lQ9R=Fr z`EKK?!{exlBL1{$H}=DYR86aMhl_pF?nJ*eJ}E!wa&#l)=ORJiG=sA#3z<=6#^(9_ep0+mc#?uy(s4< z)EU5ph%$NhNo$|qWf@E^qm0d~@qt>zPuM^yKv(i0l%p~ z9F`#BRz0r)2VC6Xiq+!pW*E^aGAMvhX@0N`UUBK$wC5_V@^?#Rh2)gDTQ-BH;yYuO zOq7)uLXS4F(xmud^c96sTmVc6up$Cx2Y zx!e|33Jg=D#{+lGJ$Y+}D6oI6Mw06srPE~EQtP_7V!akdW;X1#HaDiyi7V^$qL_p$ zFn_BMWL`B`_zw*R=JCg{Jx0e^nFf4! z%3-QcMFnG3kux)fy)1Q`yppr>1frnDklf*-G!HaOBBmI8kOjL@htIk@4o&@8c^u*x zR@+T9ssIaH3D0|2_EIOQ715r^0%Yfk$#3!)=8q|=(J&GuQB9p1 z?=zwrM>3K$?co*#A-G)hWfC1 zVWz{;@({E&M9AJM$tXVmxgm@voglmsfjehYUxOWfbnH*l3Q5g6nIgymIF%-9qZ1SW7eW7?n{V?sI?uiW!=MYZr8zr8p zMl3C3u^k;6!>GwZ;OXvl-b&tx;QzLu93STJ8gA{Q4|UTVpZSSPFEj}JkF#kJ@06;z z(#;Im1k#f!iSAE(XDOje0w_p(R;_u;4aLs%`1C)D6Xm>8tjHDKLT~Ae7q{-Nl|)H( zBIpZSg@R9?dJld-mkK_Fv7|J~oauzdNDr_l9 z?P~ZlG&kvBrVMpcDSph`Y;p765c2e!n2a4oIV;5a!_OOzhuF;O;GAIIcK0a@PqKQ> z1w3rP& zoBdIyUH0m1`IZmUrT!}4t(`|O zdmA^`Ytuw0Hcbw)pnwCEKCSgICG?(^Vs=dOXBkwUd zVHM58*0i4L30!z{$_evzZd_Y`}dhIidjta@8Tai=AYtUtQv3!uj&g<{;(Gq zudw)L>JO;r3X#mUDxiX$YAzUVjFmqAzW7UxBPHJka-B_v9E5jSv{yhKwK3bJ?zZnW zZ(4g54p`zl<3hr+vzlr+o*CKd)XieYdyp?a)5SGbF2(&Ia1ek9svljh-my+O%sadp zahTmU&i}#XZCKu|5D(eLqSf2Q5)Nu&sHbTbmXSn8hq`e&X%twd(7HM-hw!eEZo@DcqeklVM51lUTttfY z@5}Kos%A8ySE}uqHnJrKQGu<8gfpk&N7FQiC?o@7CS(Ydsts^FEssMtpe7Ttx|b>8 zfHW~zO!F(Id||o^MCiZ7F(&A|LC~V?Otq#yM5+_o*7kkhuiHm*K}H@Zd|6jm=25r% zkhrkwD5kZ$wlqIt=Xb53$m)JsD`dWxt5PmvOrXx2+nS;zRB?x zB%5%~X%;vhF2d_VYQ~Xv!uk^r-z|?U{?YIvLFB3Vq-JAje0;1#h z&gL6st-+SaM-hykQ@ltl8)@|HKs?D#6L0kfth@SsUB;cjW12YXdHK5lXniLRM z!wN$p_o)v(sd@ctl9#Egw?y>x-KfiuZEbm(2Iik&FY1zG$n_HJ^OZ2pTxH_hp^(fF zbL0H_I-=B|XlUZs76M=p5xs>ebND9u5>5hc;~Pq<2|4u5P)7VK%5pKN*GLnn6-D=U zw_uq4m`*1yy+?20Wx*i>}`CU8d()1vnA*4XVXS@?6zGy2<+hcALh-(swAU9{vdyW7%!9GYW$lIbqB1_@^1dQkS>rzx zmtdRrNjx)o+!noghnFoN?jwv9MD4I-yKwEnR7s=Aw@qOY)%qhZ4Z~7?r5R}m(kaAo zC6T7)3BqN1ZjWlKXSrJ{#NqL+VCO>D$rfvroBz(2Q+!zdA+xKt=+L#5BrPuaPx)oN zc`H6=tqj=AD!dapS+eao6DhdTP-HJcumli-znoIZz7}9Ye->cyfbj*-C)lXJ3b5j% zzZPIwuLan@Zyub%tNc@d0ZvnZS^`A_7mt-g6)$T|c`S7O_qw5LW^hG1Mzc!yss$w3kS+re#fodP9)D7pDM9|&vlgSL%06DEIEb&{^Ild8+iurZWnDI}UQ)e^J zH-sh$%Q&6!24|W}T^;^;F|JEY@AQ>2fGAYIuj+aB(U=HkDSC+?U=TG~_p;g-YYL6Z zJY6sY83-R=c)6dvJJ7|-q%yV(IxhK?Ce}4P4?p6f{tar!dWt(g355E3yy})ITt?Vi zh-BgPJy&_s7c~Fa=o1Y}`7@>lwaie&vW8=BzuMhML5IeYb ze_!C`rIac0rBq5+^6%r9>nX!Gctg2lW*`q z=j^-X1E9j%3x=K5|Hs!i$A`HD?Z#2!UW9ue4_k8!B zbG~2yn16R?_MLs6*?nhbDf6@&JQ;1%y?Zziz>*Ds_RVjK(TAmzS~c3WA;qhW(Z^xo z=R7vS9Ubt*;F0Q#Qdc5pJ(>{HP8DxsISsh$CoG2pi{MWbvXm1GF|R~%MJ9&>NTEeq z8L3nXw{AD7su00WPj*d=E}DRSLnVWbnD?z#D?({!e_bBrUc-=Dz#>36EQ**SLO9T_ z*x_f$2ZQa`4IA9yZ?@V@?Qf_ohVHrNM>n%3hGR(-(Iy2E2i|Rd+szO1lOfBr`U_}`mw}L60AxY3{8gtDfd3zfKFFhl*#wG;PA6CYs$hl5^3~!(eNw52Sgr%cxH-Dbk4% zcD~ALBJ?1H;O!M?&I0Yc-oR+t3DD=rr2Rg}l^u*V-6$WRd=2JUy69qG^=O(uVXi4k zQFSZeCSg^2TwrV;2qZ7|=`t6tg`o7{npveta}oa6K0M<~u}BpIwnEQAhvdngQhR&G zYOuE;n51@AMYFa$YO%p7;sdWx;IyVLgPAC-!OVhF2@=B1{N`RjN5Q$0f|s5b>n!c! zD0d^zT66-eX#v;cKwlXdsgU&eQh=+bd>gt%O59p;ec*_JW4o+qvZ)yS40}g!sk*xl zd^B|GRsR5q0_DS0R=0fWrT5~YTRK@Sn>h=xSmeefLlaGRj@BoQ23S!e(tMD}z7Txw zoUrtjGS%AvS7N)(m^6>(0*kL`NIS?oRM}YogOWKBvQ?J^PYA&uJ@10f{)m`GABg$S zEUODd;lB~H^exLOkoS<+e-v_v1Pa6pCLU3;N(aT_*hp6J9GQJ~g>8!8_=v|mzw9tA z(9$)=ad>cp=o_D9IXx>-!Q_wt0kV#Gp|Ie+c^VNf)k?bY#xL+s<=VFG^iuv=#06$(A`(5acyuA?o5ZCX`vFzRv9_o6d45(v^C-5Mg z7rei(4uO?Kar#=@gz_Z`I_4H^Xz}+HwsbeVTh7wwkh}OzY-7j~MAqr&$-}tm!bE6m ztO#;7y`rG%_O4?G1NbD|XSWnXO({HWi%Q4}@S7Lo?sR_+Sb^^@t2qRxu2XgvSvvH0 zsihjuytX<~&kTftYR0;4WDWdQdje{g}BA$@MvmGdUWQ%&v|Xr1MJ#`=@Bixx?w zP`r-0w|_}Cb}Y8unygrP{t0}jS|L>L^eviAQYaJR*E}x>mV?7Kkv>?}_6_?-Cxe!8 z>^}Lq(Go+eXyUMYu7mt56b1LSelOr@Mq#Um*&V)Tpg83AEeU}a(5G8H(B5|KwU<~< zQSqR+ujOw==oJeuWqkp)7QaHhKa5c`iz?(WYr0yX<@9*GZlEu+i>Di(G+@k%P(=IQuN+(0mH^OrTP|LxGI%5Wi^Js#zYu?kn!}ZS^>_0 z^yx@ATzJI{pTYM~`Oh;nD;MTV-JsBjsRi-wDMn|`i*ZC=n z$=skMf;NOj)41|5<42=uvV}20w+o(TkENo>FRF`ChVZDcjx{fb(t2+m!j^m#HVz?wdWBrb@dTdfn3-_(sVZ$AA_{uZB=7NcBx;pnYWIz$;IGQ*kZ`Dbats-t76DC>F2suW9)nwlXY#UoOViT$*s;V9l8}E_w-L6wYpWrpA zH#vnE;TK!nHW3IMzL2dFjo_n1Q51P=I-!kq>jL?eyo&XEiN_EbyW94~3K`m3;K{;D zR-=7Jbf%zh!uxKVmaWwsivb9eF(caqGCs1@`*n?Yp_Y7ty5sTlUE{;Dsd$oKhP^_~ zQN>_ixZF#k5QSc{g&OdcLsJ~ADW^MPTapz5?zKC7<=sqZ=^PABX2Hr6jDT%FSH8ER ztQ09AIM0J0;=C&{%+sC$Czzm0^JYKorrT21d!*XQ+nM)W{(bNTNPR4R$K5)ge;$0%=>I;WvBgAEy?`{-;5*vmnPkHCK92)aoBRbUQl5s*; zn5AOn#p5c>RP9ryf?-EvL7nz@XQ6oWsXCXok|0?ns^m`>oQ*Yq`svbb+lZ&P4Z5RJ zwMUa2@-%4{#m+1hXUtw(%+=ozVFRuZkM~f?P(!w)5*~dRz1O+F70IG}hJDG-R=%Of z4ygT2VT+B6cDuxRm#V_}7WR84?HIuO&EKpR$i|cV8u^FgZ6)wJh~Ek})cRznVK=nXhzWV`|C1BhuF&#*Iw8k)5q z_AAS`yGxp$lN4N8r0ARU!#phJKFPEx4*LRg`exCl0L;%S%gy$QOC2`i631XT2=#YP zwO^6@Z+Acy%hwO%PnVlWmMo<0_a;bt27vwCSOcuIv0w!VfHBhI6j`j7A2Xchpkri` zqAG-X>N}v95?PQlHMlpVvb>(?5@383%z=?>*>R%oO%uqFlI73g6xQ|H6rO(0KoM(- zip?#`{qnd1BbmMnFFZ5Fm=2pHF^$nrRZXlq&uJUp-bQO6YI{B-9}G49p-X!YZrZNAFUBfDvLR0L${oU-0ZMU>Y2clqC`p?V$8Ti>}OZh zXKpY!4jkKrkJI9aJZ2yt zW8^mWrAPa;>1E)7-|Fxh*;o029?l3Q_!ny}?wT7`D>w(e>aLrq&OJEtqqz^UvO( zda*-KelaPLcD=j@R48>B(CJ)`+sirVfcrV>yud+K#ySkK-E}~ls(3v3qxA}d)5T8} z`b4#2Plje{WKJDj71ugTQrbyI=wVXi)QzI2d2$X#S#ZM!FZ`WkY{dA5{6C4aDuIz) zhh1JJt|xmOSP!5JRKE;OXI`3Low?=<{#FO7+>ceT1Twi@I3vr!OMnUfafeNVLE1*A zmg^l?FjHOzJVC)eYb{8K>|S_*kJ~qZ(2yZ2G=wm< z=Ab44I}G1fz3$)0a}8x-4_rrQvkCC&2Ta4?>{o;6i~1=R-duIUeWK&zpDN%y`0dJ2 zWwoJzsU^$&1xCR_4U{aqjVbcg;Cvd|uoDu2GR5j_=L9eS&efOjGfo)(vhFp0$>&}f zgz&x8gK1l$hUOx8^F4om>TS-lg*Xi5RT8*4lxpeF&^#m&Z|tOUlrKI%lPs~&XBf7} zSeC|d=c@tPNmiW=S5euq@;Dg#ty~%*9tEdKc3iZv$~7-qS0SbR`(ZZYwb97i^75CG zblv&!>WZm~6gAWE5^@{EW{Do%0b^CjA?j_zQx;^YcQnCz$)2GH z(~$z{X({(kq-H#8v9rcc-esB%YlxcB6~VH6M@+-3Kaz#Q2U+~P++zUq0z2}ZEFd@j zB8#K9Q9Ryw;$8kj7FLgCA7oMdPuwMN{hKU^-fl@xF1t|lno9%vCGeg zC`Z#Ci$$50tnLJUte1l7%gac%14Vy^S1V_VBpa&xv!R>Gg-TGhSmylQxuaSzznFCp~6W8sJ zwvqxCe%@eMz+~znQt!}C!$cE)(u0fTR{xyG;;vKXJk2k`%SM^sGcGcCba(vOnE+dW z{~P!M3|~w{lUI836VB*Y#5N_KE0`D-by04qZ=Vl}9mTP*SCi^f3$|K!N;WY|{?^SMtKRa0oktGx-v#2T$Dd>KR* z8jY6G!E6Vj7~`12iPub^WPT0g8u1qwEz3hZyQw|QC-~UWxQb3#;4l8|0U%Uq=w%hF z%<_#Pm#gz-lxiGgF#{N8G8w8~r!MsxNo^P5FL<-3gX+3*aCiH2%gMH_;7SE8iA1tq zd_>rorQ8KvUqN+=n;OHPtrb^Fr6{d6BOFK;{3kNACXq~=Uw3oXi402=3~x|;VSk`X z!oT(3gfmQOyZMD{W8T!t&Jb;o)KGwkeVj>=><)hovR@|c6G|Qm7%jv2DNhCok7yz4 zhy|cE{X|<(sp5EAYW(pWcArW3zU!u$a%d*WuH&H}GJ5H|qJhtG5nv9EDg~UJ(bU!6V43JXjfSn7tr1 zcawFQ6#9Y!l_BOE1g5fiwgn8{g6%OGbr$V(d3k+Ap@p+^K}?tRLX)bonPxqr7VZZ1(_%=j1k^)JT7s@Y-DY23YJ7OE}tCpxzfP)Is zyUz`l0f7lA3WM;MxWbBMkWGO`!s#8DbJB6r0aun{OdQEl-XUtzkQ3ZtPJkx(q|p)w zauqG6fyKni+oZ^YGpFGbIye5NCh@0>G41p^;;Za(I9W6dGseJ=r>{Rd>4n(bfaXKL z6-`GvGas3o@sB+p!prV0^2g#wn1&ExK8x0e!>hUBL|mr{T_W;^EL~72^nRV`mHyPO zK<3VuP`xV>n5xT*bxDnNnbehFv_yLuitO7!o1TuBA~j-%%)AAwNUN}qmIz`y!vjiEde|* zhg6MC-d4#zcuUY!FeEpA=p8W`-w^W;2N0zX4CenY1{1Wsa|&q9Uz}2U_eb0<|G?dU zW<9?l_TRYs$^9*skG1A4UPzS-c_0vbvI{CkPSU?)9_zqhhI$P6MV4I_o>QoD%@5f5 zEbf%1PfF~j)_OQ~hgJnU*u3NcQnwycpU`~LZtGmgs7mpwIB9}E=qPFyE3-}?kOVNx`bcb*gA0w{b0%3E7dkTH8%e7zO*}&;TBiv%kUPO zZJ!=negzG!+un_aZVxO@4FD+dF!>A4&;?dZ+H=m+sW?Q&lVXjhuHdf=ofw^43%$%! zuiXlJ!p5|OCGn&Dbo#8EU`-l0xY(yGcPp*Bnl1(vjkwOk!&^^$!7mwO%kbx?``dsb zGS3T-Z?7+}_ZUL?qJk|?JWN(&7iNq;)}>b+Qn#QUq;4hGq6&Me7e;0mMVV{2AmTa| zs^cJVz}K{#;GUL)t5W#65NAuJ3fjVt;C};QTbslq!@e@bPMHQmY17PQ05tlHqrD$# zuUJ5j7Xy6OJ&Vp_pV(G6I))nBmtKYix)C=%_DOGSWRy3=9M6jVJ!1F758CwW6a zfGRQ;>hay#dq*91u9~V^{#Vh-OH~K_G>KtB(t6nuLEpeY89b>@2PgmMief&j2y=~z zq;=OYt~Ha-EV%w;tnKsZ6G`+rmmveufkWjpWQn^%2|u2ts93$!Wkjbskw_eIsr1WL z5+=;zo@|J73*Lg&_I1zVNsct_NjQfL@{ z!B4yS3h!FT0v-2Seiwv8-esWEI%{`LLQM*SXhLX3?>xQ0JS8_NDQM$#aF%pDv~#Md z?sNC^5Z?QgNH!rE*D1oLlZ%g*Ak3s~2o30@w7XBUqe$7P6Yo-e@czIy!@G$n3gv;6 zs52H=wXw47^@!&JfxXv&Q7>0w3zmZ#_4Mi^t5)+9)St3yD?SkO>7S7*>04RsUv(nN zg8%^IC~8{U5#1V$@jb^Dw$Er5Kq z3=@v^T5&o;iBp-*tAt(jiX#-E6%t(2$K969w#Rtimd>IjQp?W4^zE7FX%OP`9Eh$@ zxish6A|SnH1Y_37Xq*UayI`U(xS%el%uiwb*Hq>| zGUr<%SF5*9zm-?RHi|z6AdNvfC5|nnFjycvt2y^c$1OApp7ARtxj|IQq9T1mL4mZqh2|esa+0pCPntux@SH_ZI5e=is}&fA@(yYR zVfPq$YCdmBZ0O&FQ8SUZ*9Nw%T+Jr_%ELEN;h(@|^jy3C2K+;?|c>yw5~jKg(|`MMfm`d3q|gI;kU9&~nt zm2jxxBKDvfY9aXF=NQ`TAy9@TF2eDGqp4@Ps3J?7`x@AC9Th4r5girWzb{CAYVp>j zX0t_?6Hr<83=Wo#|QdUFDUIbz3@}!fpmfG=$BvhSo_^;{tL1Y_wzQQ{Z&Y??S}I~&Z`S9(0*u|4pl zhxpjld9bkjs*-&pSe#KEK?3wXa_%V#9cv&$YjkBfmT+s!RtZ0@M0f@)7f5Ud+vJ<@ zaMbydXCKnr0b$$tx zL!O#>JUOf??L&FfTas$|EH|++emqq!m|%!s1_Dx)bYf7n8_oblL^_z^eBo3fB9*W* zS`oWKtl))H|du}Ywo1o90W6`UXkYEw3YSmk!t=MV*VjgRsM)n`TiTJQYFg4KYP4L{}riL1%YSY^CLgOlZa;YbiM#Z^f8T!KvO7aHuzZacWzuO+&P zqvUIYo`sg~l@t*95@ftH?{@Hb*;ec_&F*Me^)DvBEus0pb$gV0i@qBk+>>9i0kp63rLmtH*uMc003|x2^2?y zk+h$dqV*Z}gHDVLQ@8KuWDW`v#AtpOGvERDl+{6b%g7xcLhUuV4e6zyg22igs)gCI z&``@6A$%e##TeY&XgqOc!won~SYLUJd*aP3zpNJ*^W{C$kRY14qodbX+L#Y2FT7_L zkyyDjL4v&@hG8U5_+e~EAR4S_cl%{eLvmnd*qL*vh0oaeyH6+yodoT-SoZdGPTKIC zq2|id6UoQDDudkUWm6G728<2X$&|s&*rm}KUZ|+=@X;}VT$8rL0s@Ns=OG{{_{A+e zKa8FATl7lu0ua)e+J@(SZ;imt)W0~7DwvT)PFvLMf)p_z@T|?=SHykVpx3XY$#nv4 zptex(lA?IVQ^);52_pC7aAO4c_a#!yfYP({j$YRrCrVs~xvGs*Uo?!_dv@x|c|_c- zvd#8O%w^MI4NiCfULKp`!zOQ&BRHd^KvNHKme!SX>AQ6)lyl8zl&xSBNRd`-{eBoT z9v%hMSC>v&x?Oy6R4vcnJhQmd+2D0En?M{YS~drzK<1ED6c)T8_>m8P$ibAUED%p-pJwd<1Wp=jgFbHq=ax?VPP`HmbJH^bbEyA@_Ubz}D~ zrec3%IDXPrEUW3wB>pVVm0vHxu6&=nxsn*_N;~sZI0M;!*YTnrzIKuOy;^?dCM1dM zH&dY2Kz^C&nY^0h22xSQxP$h(vIOhEJ4a%G23sQmh8W?df8aje?GGpp5Zy3!bCl?N zeVh%hu6(aUK@s~5dyP7(6@6|%hglD5FB@KvMxJa zdzf&tI#7{LXs6`N*b`q8)SgW7tI+Rt#{GJqJkS_!2lEMUR4Eu)a@U1Y?ApM~&e=n4 zB}+uwXA^P@Z4oZ}*)_hVjrO}$;q%$VMEA2IgYs9)Ilv?u8w7$yJlnSbX0lM3G?>ci z5HhHqcj$&gIxnE1Z?SpSeSio0d?f<$pvOQ;cfd2y34!m-Q#lqptzyuz#_s@=HhugM~ z47f$wWjf-;f`caIgZ0~fmK~MleU;Tvp1Ho6xp}cA+5mBbK0pazy^`f zttBq=2!Fs1mXkOR3j@ipWi!CB;0VEkHU6`n4zD}lg!YO5UPrWsOx#xF&>`bTnRg0{ zn5P@$YoRK)B8ureJ-<$D1x=i-%GI-Gv(Ejlbo$JE?7ab2nIVwKI1WGhROPi1FbiAa z1=qM+y;l0|c`s)Bz@Y-7#CJ3}J)BwkH{+oB*`XEdJ52i5A3 zrM{jD$Zve>I`RYtGM%g`u0?2=B!|^WvrazFR$JX~zs;&Q*Q3l>hK(RJS-!5u` ztj-UZ4~B=6a0JY9S@ouG*bM^x7_ON+xG(i64^GEMkFCfD z>a5H-jJ-XiXTCny;gZ!&1}dn^TI!JDZs-R;M+ke9h9XVyYR z-LG7c(lM4p7KfbY(9@rk+aC91Vy*rWQP;vM67Yu}AB?PAnt>ggKyHW?)sg&vDq37@@nt@7Pm<0Za;Hc0@dSqIa)?$Zxar^1^rb`4ml!_u4YqD8b_Q>@oG0%RbO~^0w*DwZU?hc@ zXNZo|s=Ayn0$*!T(bFMlmN|zMpA|`W1QqB#X<wF zA>Cq2ra5E_$zS*Il`{D&Jd8_|?e~;lc@dtB8zVa=2karuP~DEc>fG545V(b_10_Z1 zdrkroI+{W}Y9m)b6Xr9U^(}(*CC^4l8O{PDnVbnf(_TMvVL^zlyueOq#aEqn z+50;uoWb_HCrt=h)I{Cl6_l0Y+`+}I07AQx31VGABJKF1BDdf1yYX1}*#io0=FuK4 zRHanuV$vJ%8&yc0#c!|1%6qJ9UFH)7Ozdy-7D0m!Vhm;+ur=(PUp-iGx;o0x3Z0G^ z7i<0+kh@y4D>QC1Sl}fn{0UjtG#2;+nO2R@Za-Pq)w$NxewUXLWV$_>IgGQyvT%Yw zwIey(f92Thkv?|hj);ob*g(XziGR-m?^`{x0IN7vzR%mN1fk}XLhzI(X4 z5iH4z<}A*8cjU-1-99bc^H(e`uQLJKG@Q+DM6;^KSQ%9UzA{6YWo#ruzWr9!MG2{t z^2z<6{dns$(;FQ>T5-;A+vS?%_c}Rv2X}5M!@r9Ic_sYbel!h}gz6}_?ubS9K@Pj! zhP0Ys?iwN)c*Hzhz1(faDn;7;-t%H;B%elT2d>jT#;H-9cQ?{AZws8cp4*-%e#jeM z$OFJk`{OfafwkC=qD4jURzqkzoU6Om&u zF`TnnT#yqa&e&K$SS2xTzNlFkLpdd5V9}Ftiwjgq6-`&;B%eBI@Il06SF8mDtQkX_ z?+Rm+!XUUMx~X(!(?u2mu5<+_^a1JpzDXrv=nUL&49J~ifLDU$ehT@{`E6}Uf*-?B z7TmbUzYB4a+Cbok%@?@)`QdGy4uMtJX`v&t80k)69zeO&IyiI|WTGI6Ba-&q)~7Yp zh*z!1qjbhS+|QjMfdlBwGZqa;+=SVUWl0P6@^ehg`QuW^|)#~whcF zCK)uB1MA`rvv~GgRxkeQ4_aq_d(xv3pEOy8^Mg+mDdQRV$MbJ-`C=shT%K+E8@-f< zs|FAwn=gZdZ1BHSk#iDpxgzZRP+Op!;-EuEPfin3-H3ETlKT2PFX6QzN)NvtNd}wd z^jA1#sG{AdY|)_1?09-a-hN|>x&NJedKEsA0PdCnK9_pyP7K1j^9W@kPPGppyhJ*a zy+?i=VEC7D0fangv)Jnc3|rRSFUBh0V^;V#{?80>@C z;+z)UM#IeG7BKcWYm4?nL5XDJ+eE#i1H|J3HthDvoM1!NVu%AWiD?gf^ZIxdXG6iz zRN5F4@5X?OH8hnT8GqEf@8&c}?KjIwebO=qn?E%K4Y3)TXOq$_NVf_UUu zp8ee~DZDQn0^heN>E-_yn*6($1^KM{M}Wii-vEdGTn_$$@anAv#QP|}Z~u6(Z2ve| z{_}0o3-Xy8w#|D+*MY z3|f#0b=e3CjiQIZ$bmV#2T=l5S=5#j9)I-4<2t|>q#8W0bO=PoRf!-8?bJ^D;;rSe zl*H}HvF9h!-V*_tCsU_0bb`j}9}I*n9+KXH_%K>K!J_)mZL911Oo^u`rR7WCLAKOE zssg!uZpj!KvDUHMTQ20A)i1AqrU#0P&?|c}Q#Qu13YZZAz$*+w!Zpcs;t3g#B&ExS zSa+P+J6skLPRY`PjwSl(Q`hDXzl^>8106V&_1mVo)>kSn=`O_fyF{}B*YSrxN#jE% zh~WN&8%*eHVX~B}a3#Z&8Rmx)bxr}`>|;+Cg{vb_GtX)-zS8X!`%_oLF-*N*vv(lLG4Hv@dkxS1+Ckc z&bcB2uq;jMb-8g#uxx7M9^zLD2~n9fnMcMh|rMYU6X*^gdVls5-* zSnVD?Q|2a!DMM%>Xa343Jn))K&OdXU)>e3&608-1lQBsb>Vlok(d4P;{JObbcpu_M z$4y*)v9H7AV0YyZRy1{5zv}2f39V3Skf>?Xd>$A!x67oW$k#PaSCL9o@oC^>3tZU} zQ5Ut>&7aBix3OSEi^JKn+Y9E+uV8D}A7FKN-V^tQ`}*3OaI2UiJ`!xiRzSs~y|W>8 z#+<+FF}vn60}QDWmIfVy=dVKI)Bz%x2VEwEt#YNAY$9XK{bTOZ7NEhuDc=s)bY>8Trvn6;^=*kUAWf(;grQm3k_fx8x{mR%ksu>g7Bu;!i7Puya zIk>QezT8Oe^fCa}WWxiBwJwy=yNb{Zl~?W^+eSMjkU_Og@TJ&%g5=9qEoHK%WWx9% zxELkA$o=r}FpG}gY}6-1Pke3H(8lc0y=++HjyqAJp^BLnPhWOo?}Q|-=TBIZO(DD( ze{3Yah$RxQjz2h>L^JKt)}@Lfr%j`MqVph0??pW{%)(*b?A*oe>*r1G*`$N}>6)|mJiTQsZ>XdL4AVlN=Wj!#Z5E!&sabTV1=R^u0~ z!zeht9_sDx5zsc)1PXN#xVdNw>l$uYR=t*i^CKh~ga_mMGPIl)4Y1(%)zmIEfTNT| zBlr9TSMwK^&#-hsCol7<37LJGT_`1k5MmyCNyq zcvM?DnlxJ<6sA6h}3ov#hN`pFpiB85S4HEtF(hp8^*uFni<`I!f>SF5Y2AnR2(*&E-^>x2fx1Hr#fhghfeqBrLlE;t|!KbNF|aOZneDf5JUp*Ij0IxnoT)1S^*J1xhZo`FVD7OH224WI_J&qKOCqvKKSOp zJ#H>|W98uQ+Rotr;+ystD1eu@WAMBDd-Xuh9y>pd!Z80_J>J;ASI;`){U|*6geLG} zWwOi|RMe`f2yq|zgSowR%?MyCgQFo;95XHj+DiuK)`9aBJjL>P9!N8cVE6I$ zqHRYTG1wQO12Re z?eXp(6JMF@Dfb6s=ZH4u?=WY<=uhs{;D6qjhhw+7Z0h9D?yd&9l3fjES{-sVV?be; zA~*V#Q|zl$5szZ{sZ*6@KD@H<;^o5U zJ7lw#o)01*_3C(Q6lKyOB$|T`Co=rB9^i})9JR*LWGWjHIUtp?3N|nbyyw-W4yIyP zY|mHXXNvCgducO$?533XJQyr|qj{}a7e>Y|JMc!#{;v|h{eR#L)Kd#%M@Z9%rRPps zHEEEUwy*nnkTB9Xs=!iLZ#(bO2>`KfinYbx_4b?OtlMW7F@BcxU%at|kbo=0&kR1a zHM{55Y16HL={kdG&FSV3@ZVCurTIk2zB#R#P5&xY0}G8dgqwL(y1R;(L=0^l)vYYa zr)0@7p(;RRF~(aVoyyiOwdZEJoEm~B)hxvE`LmxQ6boFOEmx@Ct6V;Zqtd*JSad7q zxLUU%wZ#miUOQ?do=Do~v(kILaVg}c5T4xvLn2eBVx)$rzKPEcmbQ1UvB|$G;R3v8 zk2ddrVSp5&m;1{M-SYF(#Y~j`XfYM{vb$v8vh|i-imXA_fhMHyRJ+$5u_qJo3fE!F zt0cT=a9Si4{J~xy7~FZ0Jai$r9y{mtvp+J_IKFV$VT}_>iuPcY%4sYf>{7{*kjZ2I zp)|zrPi@w`Kpl4sc zMBW*k3=<2}D=VR1Pnz+h4z zC$0U>IiJLv68lY?jpD&KPDajV zeujaJgA|%f^y6YeM&9=e+ssroT1Gn+T)cA$Z5Z^QFjeydQ#t+{!wadt=Yehi-;(Lv zWoUqBK!6YVH>LufK6brhYVE%;RY>)3OjUWyE$;RoK(m4WxoSGIjHP7}mN1Q5NXBH+ zyJoU9b){WGKlSr+r=bXzfE*;H@Z$GnawTko5wBH@&;(Ye2uE*Vvsm+trNAeKnCev; z+)!C%vSbD-btlnA1<59tS z0OkmWJm$_!yn=e=hM#wZi^$7**N4RznU*BBO6CB;vw-wSDf8DOn~DrCODk<05!23b zK!tnUCpkg_Xqtk`g3D|=d7d?-ltz794ns0aOETRPONLc8qB>DXO*!}NS#Z@ee69_5 zdV7a!8Tk}`**zZ>naI}+(mk7y;h{ynzj9c)3hrv|E%)uvAJb`P)QxklEkx zLAC$sSugS4v)+(xXIK0LHGfrr)!^v|O|PddNnX!Fde+8}8e#lTIFaL>tsiU5wrkjP zuV1=wr{(N@Q7uLTFYx6X^P7k(S##{|xzP;l-?ejj)9w#Jgz<;N)BV@sMO@w--fZ)& zkK+3%CF{`tuZ`osZ{<}Udp>L|{AUm$;_|nRA(8*n#?cG_5cs1ne+)p2;;k>P&$o@! zl21LbCaSYJoQW{|ExgqEdFH+EbNc;)1_*y!(s%h!i$Bjr4jQNEO6w=K<1c6a@-B{Rs8Qa-1STJCJh$&ugIH z6KdTLiYEwu3tKH3U161fFQzn#Z2D!Kh7I?w7~2*!fYX~!@A4nTOlD0#6g&N=V$PVD z7a|{urFecQ#``~t(Z4GOzbeKEI2#nvAHpHKv6KP>_lOAfiy>m87XG0N?{wTc2inVJfNfTkD6Hh|P?@K5N4y%%48%^T#M= z|LZ8|FA+#-|J!Hv-8W5^a;YzrZ)V27$8W~l-yath^mBzG5QBDq*PLh?=1+AQFCTNt z|7*^v56$1^G*tbVQ}}PBG1t1%b14s2LzhjIy-{Ym> z-g9Ln?8$K)_xx(2$Nq8wHuG_=aC+0^4_o7{DejwtJ^kxDs$pJyMt$2F{J$LkTEiGY zSb!2BfDifi_6JIPqI$RI>+L`7`HcFvJvx@}_5j)cUwe-10u0^_dPdRLWYz2f&th($ z3)>-2qbm-!p%vQFbt9uKe^3;V=AkaK)znF66;Ij74Bw*b+LfJVP;mh@OC4Qy#}Z`A zhJNXQ-HyGK(dyURNzvj>zoqyUFisgU6gm?kwOYI%)PK;~5(NhBZtxtHp2fY@RLDoi zpMXaS#g`k#l&?+4SD|Lu_jQ-dv)k(+28!vv3VEe1ngf|8Djz-aw4lPv*zM7ovvNR? zw%1{6z0rnI$Z`-chLS+lJ`$HW4d*jm7FaTIC1WGc2d?4a3LALU2AL&Ggu{Bz zQf}|lje5mxKHnr*7V4&L$X6V7i}-9%4TvP^nQdo_w!!c~)j>2UK4h=1nRZX^Ucp)Pm%Rs(uH; z^~q4KwzNDeKDVIh>nY_O0u_Cjj=jf5b@K_!0gnK?55^pulGz!JQS-DmjHVg_{kr4O zJ<`K2>mVEYM9|%A{5?AA4T1_!osXqpCWQ8g`P_8P?A!(b>dS?ZV)c4J8xnx>RsA=K$E3VL_8JxzQO zL85i>ZiyAuwji77&N!g^#+fkvTgE0r@nIcDsfZ~>Vq}mCiiN3`D8-0b`bA}Z>9G6W z<*yDn(XS!4rK(z^vQ7KxL$(Nf^u9=;Dc!j&2C^B}wvaAgKHpF(iMh1Rz+=$?*kcv% z*QbBw8IOskm2nCmdkvzPJ<^v+M;rU_A{*8%`|q2(Ou2xyMzqL$Oef>0 zY_HhJI8cf`?zXd2U@<^^egiZE^h<>6I?Mcwlk3f*{}~mM2U903pnd|S5Wk$=czS_l za0Vhs)Io(F`{1?gfm`wUA_Z|2YXnRPBac5}bSHITC*~-GkDh)N$J1!e4da0kSNAtK zbd4K&lv2&FfFs?}2iK$XD=Di|LZ+@A3U| z&tI6n@ivOq+rD_0e{T)|nJ1bLj^h94=8#1HdvoaSd~g)$|8Nxg``-ACr*`kpw7HRt z_ifslJ$Wh!+mY{GW4TsX0Kd0s-sL}YIXuyQ%!T>Sx#TGSo=fPhKHOXRQG+EgjE_ss zwHK&w`4|-}u>OvEtLeFXWuw zN4)5Q{X-7;6YaZ&Rqp?^P?GnEM#K|Gq@V;@$V`F`y7i@86D zm*GpX7CO2bBc7}K{R3BS;r-+(e1RXMXy_O}qXa*D7FOt#qkWbs+`!KXS?kE`w-+Xe zXghp2<|S}puBBa52Y2Z!h9^?=Z%`lIZ3;{0Gp<)9X^Mkwb;K_<_V0UV(q8sdvwvy2 zEO(%i44=Er)fPQ%NG2i_s+r%JY9^<(5 ziQ=UCS+dZx^5ZJw<$BhP&aa&mIrxKqkI)KxYcd|ABT6o|)7@897o?PYnqPt^fzDT~ zajSJi?d$rIh)<~nZLrWY#3%a?UqYj`G&iZT>Zub5U0y0ug(YR*QFyL{pv1NPSlWt@ z+OA6|jpkOEwQt`$pDmwlsqfa*1Qn<13t=`#n(8~HW0 zck9(OYNZ$&JVcZpAt0jpk7c=Eyk@R7lDsjLht}+Ia8$uRF zc5k?!zO*aA-~5hT@>nv3@)FrM+_d@YNYA?B$YfL_0{vvDfQ65-9a%u>Q_k!gx?ZI; z+blWM>ZdTCg|}2gvz0q7arWWrH2gK25T&?Cmu<9QKyIpx;px z|7wwAuI6qO5xkEj_dsW2UgXU%fmK$n!l3!!Rv4n99ts`VLaI)fI0PDtcQfVLY>0~n zausdwj_j^sU%FaQS~fa!Mw&by+huyNH`{PP0*|XV0-~0o@Pl@&Osrpxw&k7MKkFr% z57!fR9Dgnn9J`455XaoF^C=LCDJRe4kmXL_c|5(4vZK9Z>ZL z+x3+N*#OD|#@!O`|HfT4x2u(f3Mfppgzz7>cyZjX;AhFf`4VL96R6=6Tb##NYe@G% z){ZroMS`sNvQJp^1@*SO_Ah#rQHSZH!`J{+W7p(H!6yEPwp8f#cKhb9i@8|BINH7V zPR?pfK79G81kDlo+>A$2;YUds(=1J2T&WrKkflYZ8h_#Z)J9SiM{eOV=+y2wL)~&) zd@e-z{-?Io+_JjJ0+T0--2=k54$sv$ZYdxQ_f@7TU%FV~80A%za~SjDyo#!s9o1BKLYaN7GcW?A1%p zB^iW@vWH%Ft2B?-P{|4L|DD%C^3WGaK@W7HgFHzo!4qT6@<*7-d*4$4_t>N{aTS!8hO|hAP2; z%AD08H`!hLVV}4k;+fmw2h33vgwE-4GX=ytY$wJ~XwHP5F!=|T=UFqz<-WJ&?B%_z zWZ$A*;Tp~cUToV4T*dkuc@6jX-<){!oOtuo zDe*m-7iGAJ?GwU;>JPgxOb+}hrvjC%+M)3WlP9!R{6rm`x|Tf&v6&1+cnjG9BT4BH z*}DQ^O$fj@@RiP)t?`9RE2i&q=lpC=0~?SY#Hpk!c?s*@KPnM8_!&c4lvUuzK2^lm zA`kJM(HDJmp5*9YNjc`JfB*P{;tRr|V%?lJ;fb%1v2LHbTba)0p?1{1UuCUZ@VE5| zJLKf6@1Ko5#Bw)Q%+jxoNI@~`M|`!w^1knT2NR+`w%;O?Lmr}{s>dB^tM##!%e)-& z$H?uk3fH0fx3L9@#nGBNf1MgZdMjc*=*Sc#k9vp}vNt?}5Sd)x)yYA5q}#i+snJY3 zX~Sl2Xm?7MQXxdohnLRKv?LTVFob9$`v)H%lVJVM?zFF9yZXBdv{lV786B458 zs`QcO66ZCfG}qx`mW`@&y%-7l>uaDjH~Rj1zVYFv!o=(*@+K~=Vr{{X-6nNg=D=?` zZ-J|*oc$cpf`v#ziXukq(g=Fq))CbFh{!a@?9kZt@|+iw%_;LH8a1bMhrTapbl1sH z-db@^m~1?f(EWAeQ{x;3m7j6`tR!TF%I89b0q#*0SBj6>C#p zzqAlpQW=gTzWW7#$Ac?Z^VLu<+F&w6k9FCnhK3ZijHIvI{jUZjrY6j!ytHr`8HS*p ztOK;u`GcLpu*jR$?dgMWT1my)IPZ{5TBaddmRpgNz z10qil_frD*rC+&;TMPb<#$vT^4B2j*bl{t9yN7bv&p3&=`C$%*D?YD3Uro%r<;Z+D zGzKjci*+$Q49nn`cTKfDoACWd>ovW$zMnOHNKZ?=n#QXtMi)9OWc_zXN2qW7;5k7b z*?&qwjhu;lJnAQIStB-HR>mmGXy76X;n#g*rKeY}CS~_R6{&PfeYhU8J>%D`i}18) zbENa5l}=}RQYKfEht#^B`!}I!Nf)@tYlDMDL(KLF_`JTl$-8?-W}1gp%ZkFO#>q}= zHBX<>H-E;qy-58+g<4tbAS~|5Si*qyeeTP-rE8_YO!peaAOXStq?O4q>(CQ*qlP27 zDY^5fI1JPIwwyY6vZ6Jn3>i4BeB)`yUAMT!jJ#ar6VEl3(wgpYFd$52Q@oGYpI=)k zuFB6Qri>eQJw!y(TWk3d{NAJI>38-Tvz+~A-7(%ZN7=qaw-9LkMD~=uO&%d6i<$Ru z{Y{{4$(e+M^1Wz>s(QYcygzF{rpM$`cg1(Dy=fAy{>5#u^r_yBGx?+#Pw_#pPn7Q| zVT=Te1mj1>l3SeL{R>V6%o@DHEWL(Qa2-Pkr1KE*%w6+ZzDL*ZxN>C?^b?vwCd%m6 zVxjlq*FDfEbw9}680S;?O|P55L!)q>-bAcaE;?a%U~H(nM|IASORZ+V_>}c&?lCj< z&5Y>gY&_a|8HL?s6pI%%17zZ)x|yt#knX19ZzS_Uif<~iX>0Dj4=zvTpp+p3ovwog z7v9z{6Sim`{k>>ve*+iIA;49^UYyx+;cZrK!!|4K|8-sMZ&#ZY!Fzz~h7koOO{G!l zV1z#oofvr4eo&adW$zN%XXit8W}BGwa9+0Q!2+i6z**nEABmmF@7~9q7=~*WKTYX| z`-a9P@!vcl1;Wu~n@^Uo;{Hv`FhzWO*!iNv`;toF<;)EU7=2Fp>b#T*I3EM zIrNK_8oTdP!btyPeLm@tG0P5tpPz5{=M*thkHs9Bz~^iItriagmZ%I(Ilg=fE`GG~ z>wGXH2O2ot+}?dkK*aD7xYZk5@f&mlC;DEZwB^0 z)N%PnN=z+FjPlSuUiyU{|fI;juSy6K_qi){tk%YFD|9 zIBDZfU6x+aN!C;QH3q|)jG(UYl}<@^<^tW_gH2o$WCL4o=7=;Fo6x?7oD7dPn)ysu7ZS?vD!Xfr~n+OS%o0 z4P)bt_lCo7iFIjCI)Wo| zNdk>hGmPv|L~V{NyAMO6ukdfR$d|~uD3l&MzpWbMP%GZ~=vkV;%WjPtIsf4>v)aqF@ZfS3FEoM?rSmP!UN?v6@Aq_2M4?^*BF%mhg+Iz>@ zScpA?q_Z*z9fe> zizo5Fq_m`oamnLKpg$MggImu%Tj z)Dn7G6e$$Fd=|oUwJc2)SEFK44(F0+w}QSp24OsV?r3iooP|sHwfS48fzZpC#1>L| z7Y+_+tbu!wkO@}!jomh%53lG9F3h-x*nU~5(1qf2n&#_DbiY$C=79)4KyNN4bKMO8 z>NN}lX_pA2Bi-q;Lw@SodkP{ciAZ9K6h=|y zTl9iiKm7Di!p!;SIUNcV9J;L1=kceNIPul@_NZRnE%#Iw>&y*QEzbnkrvpH3IEPkQ zuvPBx?^VuV6I|tbc7TdM&`YKruq^~uJg{B28KMD{AC{o8|JP;)n^!i&^#l_%{uWi< zE|2|p+wHMDm`yI4rChe%*>+^O+QHU(Zw?1B^mfs{JSXm?!_)SZZE6HQ`bm^&lR zDCr0-5xt(y!hSh~_1XQ)Qsfq~9?2pSz5(Zp@jS2ibIN{18ZA4^8o_D|zVq}AmUb7f zbsaXRIHZD;vXTqcJ+af1*TZG#T-%oEq1c(NNq`DCjz{iV@JY1DIBhSOURC^ zUXc9I5EA4)T&=*=WCWs@-6Z->ax`juP{(=bO*shmivvC{)VY*mh#O0{9e-x>JH3e& zrKPfH+_ZI-V%`1bx2zYxP3@v3&=dL&CmcV_oItyNTLbL(jgdh(c26d7$?jEQ zs_QKaSYwd~ythJKsV71B?SU<CTm?vV>Mr6x=@rX~xIDf(a0eZiyF?wcVp ze4pESSK3J=>bo$XX1$T7HI-vE)U(jM9e=K#zujVq`tF^b6JAji|AS>0){v0yU4sTI za&F;da6nvM2oNX``oMO5Dk1DZ1z}U^+DW`I?bTGu2dC1ru7d7S#A)F;6%#4s^z^Lf zl6_=&N*qW&6oUB2zQ*pda+Gfm7Sa0F$VB&&IZru7E%HoECK-p_!>G8a{5^z)V$4fV z>Qi`|rAh-)Kj_J_E>MJb{OWK%eDr00)9;cn(`+cXTT-yeJ^A=Y&j&J;cFCKX1=^x{ zcVaXiwq5v)Ip8=B2y4rfJ$*1UZbI{_$v{s$({hsj6U4RFL9ZMX@-^lo+A$JQ;DympGBMIdpF| z-@7k<%+0?Lj9C#$`xs0yvn-~YDMBb-GgA^($TIOsZWt|Q!d)ImoX#@t9j!ASa~@O=Z@8u>}0;~qb$J{G6=^K4=YmeN3H zQif7d8Kq&4aKpE0UVLezq#;>aRgp_&2-u)6M0q1XfNKG;cHI{smQW$k7ba#lS97LX*dS^-l*k@GZfC?7KJC%1o` zqcSdkA7!~~Sz!Bv1PetjNMR130B3!egw3z|Yx8TFV&9Y=xEQk3CGux|P>Mu=b1?*Z z2R0DS{|>~I9vH~78rk`!nGkH2a{bQ%80@#LvZRL?p)6u<8+mse@6J|DmMkc1l6Xv1 zD2Tt=1(}OQ!^ISaVRBri|qRYE8k^s{4mp0f1UxI*?#n0I0TX2%mlow(&1 zY$feYB952l1aeEfj|4dcoC$1yIn#Hj3D|4-wVkMG^i{9e-9WE_O_p+LqSIjtlF!_9 z=pGkz=_}A3OJls^^(Pv~l^SD3RGlun&tmw*b)|$!c^vM~EGnN2X(e@hxL1LHU+8c5X zc+a9x+`c^aJ7PR>?BypctjoQT8MqE=@J$*Cj(x^uVD?e{+dgJWV7Ai%WH(?hOtMH2 zRv_UM zq_UL72C3qpXZrQ-2NTPok4b!P(H&2JFHptj7n-0Tu8fjM{H8|Pgj(DF_IoeOEJ~TI z;|-KlZLC;MqT6r7TYDdIA^lvUp%q!2dlG(YsDQu}O0K}I{~o_>+lzeDUBfQn=94vZ zBf9Bxe3JN38)BZpxO=)^t)tq%7$4k`M-)SCJEwq135*}4yl&=Fxv6{ul0!bZI%2k}&M`R0cJPG?{$16tF>H9P2b6QB0WM;0!L$3bG`TH@O zx@_LqUu|r9ltJC%H<2OF0m;C2T{nm~)DouK?0@~*96Y#%MFHj^KsWVLf#;8EY)P9% z66SekS2K*BOy^wIEt>Q%0#=9?=SKn6NWwaQ+JY4F?Ml*4&uF(m&5|9(nMu(Kp7#~3BXlRzgj33(8XK>P+g1#Mso9$j+} z;3w4XhrlASa~l{%i{QFltp)A7z}2!=x$ms`Jdqj!ls0nG0^4Kv&wzqEj~szTWE*8$ zmJROtD@&$s!!L3ISgs(p-aUAKC;xU2rl8g}1rI6qEf@hG@M(+r;{!CGZU8T_0ox!@ zudxhgQmn8nXJJp#<6g74gNM6(>h9DfGgR>feERY64+9HmL99xC zcqgM1FJME!xHbe~U1M-jPPI2weSWQ3j^vG zatZ*9S=xQH*=Zg+t3K}D#^x5_p*p%#QM;Chvf06kT$~o{=tX6#iTxS`TN*-uCy&EF z!LqKvjsY)eVP+EkP}#)Td&dTER;7biduSY||MFD#{(}kos5T-A>x9wCh7u49V+3A4 zGpP#7LvZbvydI!DU4T65t;2uhDGWk_$Ji0Z_}VWkEV`~37kmR5H)_iBA~5s3OuFB? zBrqOh_2lb%c+=D;lug_wXgBpxly8LVZIE%%ED}Tuumafrnu4;E10ZAkcmFWx7T}X| zO&SnLAFXloo8h(r16%59Rq=s_w|f6E!Rat6#0XFXY=3#E8q^ua_}aUfmIPOfaZLcm ztP-|*^@zb4C}k%O9kCnvXsLVx9V< z!_#LC)CaHlANrU8`mnc(|Iz0I7Y4i;{20dgTKu#$xng`73ovFOGV$%QIJzHC8IK~F zT>sN+$6_s|xDIB1qY76ce62PyPu8+?D;~J{f+XJd#=7HjmzY zuX=DM!k>yyy4FNg2f_3%@=*%P>7VyNQmtGM)Bv$weTDbY=kym)9^9UP$Wsi+L)wb+ zN1oSV*zg#;!WjR$X3*j*#u`f?V`JU;<%C5=lFN1lJ=TWsmA%JW5i4UWbUIr$y4cE2 z4rWKZfgodEpdtxpa=F2<&aPpNUSW-vfLQPE-IC^iVAo5Fv7PEhE=!{NJ3_LX?7?WK zC+hjelB*?>-%J{a<;n@K`Z@CwrVjc))HwsxL2l`TKze{)a^n%;ExztB#=F-TpItHj z=?gICwuyF?KO3}XqE?aSkYb4<`w-oE*Rci5809CANsOp3U%IT;rdJd-VT80V*>@0> zUjhl9$9lj(kN*p51w3r^$B90IPQ>EO9*WTymS&dDOMx0k+k;6XGU{*ALt{sea{4ss zu5+>I?LfX*5KLDR-o9xTh~N^aI4pnbWTgu1Yj;~B|LCN;iwuvlCyes71kXzKit<+) zkTMqUuzFKhc=Gl;oRs~i#x|V6R&Se>MV|4_h4>gSMvc6Xu(i|C7~7M-n}#;Kf7br@uDA|u?pkaQ)5-BITy!dst65Y6iq zyeK`V1PX*L_YZ+G0D-1k)cy#>2_)Qb@(AyLa?ZHo`~q|&mVnRHjIU{Kc6hkE9ohDK zZH@+Tj1}G`7MLB_PSL@zayp)s)#?W+?;PHM2j&9<+rK6dklp_gi1P*rmL(#ZifB+q zJ9R77Foj2~_)RKJszAn~-C1yqbM4$z}$6nY@6y+be7y0;6uX>Nn1n{R_D6eOu%bac>R> zKs0Alml_@GipZ(LSQ&*g&k^s(3+N4j~4}n`;-+!#mY793* zGzNjUss@vTl~XZ`)T7?In=sx239F-`!>bAh!Jw9}8RPN_D%=Zz0&Z7e&oJ`ZBZ~+j z?kh{x1M4V^;Ps;YE?#vjH*l(BP$uOQA54aQ_y`h7%B} zvT^;7NDWmt;2Aa;#{9>BncHw)F;_tc4SUBUNHg<6uS#)yS7gya>t$(|`rC@His7Wm zemRU@B8Ev12$gX2LCz6IaKm26KhdVyMsW=(_;lFG|XQT zo#mXU-9;)Caxc#6*s3xRZmwQ($=~^0L!ptR=?{VpbRoh63x|QNTmu812>Y|rqbq=5 zu>|)*2?U}J?h`>I8B18?;-NNfYC(=EvMlO@4!tS_dJoL< zG1Ta8Zu{Xp;b_F4aU2&7DkiwdWXwb}zxM!9xs;{j~3ZSR3~tPB;fj&)n| z0r`-R^RNtkcFu`F2iWZiHQWpos4W3=VDZ1Q+upkx!@J+W7+8JA9X01H?iJT;{`SMY zVH(-el)T?hM>Tqr`VGSQE2Pk~%50M)KM)Og3kzOIiiDvpTtl-4&}@O4g!d62h~~e6 z*`RALpIOZv|?Kr}=gG&olNjs=q}{F;?* z0m;Ccxn9HIA1iMi!7VVqgmIp`#u=!Y|KTir0dQs$Yx;gmga3UZfd}Py5oU~EwcO2$ z_bLTQgAT7)Xpep7a-&?gM6#Me(n~oQ@Fa@*CtU3n+>#S0k$cbgo;2FZc(<>F?%$m^ z^s-}9*xJ5TA~n!1LAQ~iL`;2{QAH9U8de^>Uqr1Tff6Cd{X?P!K%xf?@qZ+GsDcG= zIgb9PSr@K269c`pF#XESbyISgBzE3@G0N-=J#yvUEx@uyicE2s#>VL|kyf`f1PQAy z{I5;^_3E|C+6+h-DgJN5b|}C!xGR4SfebOx}l&fJK^8mx*at|I4xH~>3i_$*N?J82< zN}g|1O5ocR6|vdPnqL^c6ev%1;{D=lLX99R0*EQU2{${Ag<($r*W2v)0L&O*hG<~+ zgXUkh9R3wk%o9SHe)>`?)rs1SI(RAu0$c5^R8AMA2a`FE=4z69o z)J(djW(>u?ojzcGmIgea5DD}moCG(=j)QTYy2e@migQ6B$XUGeMKdp9BB~b;)o*30 zd6tL+9qC{rBg)hK?XV5%dF28~Y@JR&hz7X}H#?4pp-o;x3%)|L_zt4A7^fL(OZIpi93BQ6UHpn60l?S0$LO95Ob^~s9p8!*9;+k4TfLiT~bHZID zUcoqz{a0suhAYmb)F5X=+ro`oUXP@!@GhdazP5%qZrK}~km&w0WL9cVlyOd;QY5VG z^8qoqjRE3}Wm^_mve$BhlccKO?!4fQU%YdHO)er(T5QF11=YJ3_6 ze*Z2oZwOI9TjB=M-U5Z^|2rma;=&XP{f9!XfI^G)7=IL^55$JY`8AC5=rzu+SDZU{ zK+fbf;|2E4MQtTL=HfJ4;sQ9Se534I*t~0IBP3Cudi_nc>tjj8LC#KWz;$3?D+;#1 z_M>XhH!!r3YiOxgX!NkHRz5-`qqWBS236a~^`_gO+n=KHx~9r}6;~X=&Zq-!I9BoL z|IWz+(PD4GD+q7?1Qoi>`G-R7fI|Is0}x0*&I?ejG>;PUMsG%4`Bl(!G{K9RW!jxJ_K39i^>rDI|co5A;%x~=fJR@zPn!fc75 zyi5Y(?{zp&9qjMtJAtsc_uz%^tx-^_i z2}|KEh_?}k3U4oz4#OL~hWFqK&m6pDz_NevI$=sW6?ewZ2MMn%?|_@BN*5hzNx_>F zg>^kMN7HgV4yO(TBS?T3MYpR!iO%Q$A(11n!u|XNTrUE9u>`8ZaArWpKP7U!qWl}S zDktfqQ~7E#A`w?6#zb}aW0vWN<;!^aMz5W2qq6I8VzBHf2Q*B=&^B+tyY!I>L;G?~ zprk9bNf$sMwsZyc7h^%Gu2kQGoLMD!Z?mcehL2f$7!WJ!hh1)ZBiJ!6rU>4%1>q95 z;1z~rc`-enLfJD=^oqr_yoB%hBX8n_N(-r9$F@Q8H&M~L73sP)Re!2RGYKFwi zaC+Ab!Mus0Ox-xaal_Gj$r!pv#K$1#H@xtQwY#tq3H17@IIuW6drhGh+x{JqaeG_)-&1x+oqC5;}oS6Wo?pB zKM{~~)&|_<_bm*q=f7xz0mBogI4`L^tV+V1p$Q`YwaPB0ic&y4Y2-i%FcM`j8P>EM>akD)l%QecUFW(DKyUT27PchkeWTcqAljK0yx_TK0aJ+k zA3ih=D3tW^;EzHt5#R>TcQDQ!*Eo+~apr9WInOEZAgb-r+k*;yorf%%@4S%X>C;6C|vKhz-#L z7J0D!wbCm=-~SUz?n)bi+W-_}%)@W*l>54pex{|f4I*%&%8A_-gvLcP{SIKK@uK!{ zZa4ywf`Q`m{~dh}SV3t{?f)T-10apdN1(V0_JUi61CMXfzdXmu;fgPm9prnEU~<6D zQT=UfS~+xJ6VY*ir~oaLVVnHBw>aUFpP#n%BM`}c2L}=ihyu31lyQgF!jPi>>!VJw zS4c5Hp%4iIQU0IX@%O+N|9*7e8u={Vn?h1d@@ziLUN8D%E+P4|JxJI}`sPUe+?{+T zn=L7!4hY)Y1c@8Q_%}zkr3g|j)p%_S?tzqMci{!_gXb^_vHl_9EFhugN6tSITI}Qe z|8Fy1uP8YjgoC}DeEw%IWS5#jMX-T^Z!`Y+I0tx}5dvuh9#~K?t>q?tI+fP-lpqJ= zH%4lxSS68!{lODR>yajRuLiYxKgQ=z)bWSru`lh#YzBexl#nApP5^bm_Ls!#&`&Ul z$*)Nay!q~lrbY&xcC81D8Q2=3U`nYNIqS}gc;~hr^f>sAYSEa8UW@x>wAos?U9taq z^qEqZ5T2(@I#j#gGtI|HTjYZ4h2!>DX|-ZS`s0VU7(&{@930T-vLCoIKE$kQS&F4> z;H=RW++F@XuFBEF6tNq)7b0iC#m+`@ti?6qmX2SkvGYuo+cMz|&Nt*U`B={L=e75t z4-JifyqlidSwPFEL zE0|t)tR3*iKKl5#E>0R*LL$yBGoz~ua$wDdxAGmz!<^z; z!NwDfV&8cNa4n*mTfi@zfnJ7yUVthCto>zBZD<2*B!$;TGIKQ&YM}T6%$ch%N_Kz3 zz9&6G`^nX+Z?+^NH!rBMsjFs=+Noka%_0lEcHA>Q z{$h;&Mt~LKN&s?r4R8Pg6s-MqztQbb5#(@u?U7MWnJW%{0x%9r|8Gj|x`=~Qs{E+$ zz>Cgb5jq?(T&&yiV=B^Q3`_*xIWydi})M@mD3sKL3p&+QDf zptDerkt%Sy^Z;N4w!bWK2igd;#I+p61>?#R1#f_s+>~$gX zf9)>+dXN^{1nc!$8ODVI=rs=b`=5F((;qLP?L&g+CC#v2^8f24|F0J^sJd;=zr5se z9kNBd4e+i*!I|s9D|^AG$^9(!5$;e+Xx1ReoU{LbF~9C5tcS2N)bZIhFNp&zBnRw^ z&#G1bFqd&ghG+wVg6%I=<)ED~<|Wsd1FI!4et?h5deXu5J~=F6Gc8{!k| zmCwO$d&uFXZimA#CvE$O1i-E8i|y+FH^p;C(BM6tF$I$QaIG}p0^F+p;{q!00df&v zRZULgk4{wLSat{x5ucLR97FRE)Vm+d*XtU9$S?u01pe^_nujGNt50T8HP?}%UDw*i~dgMxc`mN;#ZBD%Te~U+Wjs89F@zb z;^b|zN3LzWS~21&x7+hrHQJ4%G4Q?o-%9o@c671t-|l?k%X5lYc1XdrXnxbKmF^HV zQJMUk>o>zg{ED0)F7-ENbJPo=>N5y7LB$1l2C0<47-N2@5l*jCB*osjPB{kjm=j zOTXxVonevjd9mK-Pt!HpH{D+8pT7MBIUxV=mf#Nmo<_LT#F(NrL9VBdea5A>2$Ahm z46j5fW_pLc#0$A*@`Z7#a2o-lATF0kig(0xq(=@h#z}Vix98r-xAY{JY}L4WwQ?^) z*@)_DS9d}VRH6%UQd*}3XHNL5iBiXK9TAv8i9xE{9xaymW_oG(a4SHvJw~SpC!IGeyaY$B{ za3%Ig)LuhhUk}zI)3K*k`ETYNTa=h@MD)9_s-&j+Dqhh$mDnv+X{o2D`U)SP8~i?VOsb90q_c=hRv-^N(zDmcG|+7z?nnMyV5lb#rr|TM1;2PS)?F^%jQnMo>+bIBQ>UvJD{uhP1PGk z8purxFQM^LKSl27%ysl0p)~dSM-F74Kzm@> zlSrExUlzkAuy*vKcH)RR~H2Z4b&oAso_9hX+=bGM5v7` zJ(-G~JT@e7W>8NF?I=lC4?e_=3b7(T4Sy~mh9YIzn1rhHrXfZ7{?Ce-vx$^CixjRS zb*qeCWAcyY;#dl8>EY3d>S^>u2@i$~sD+04Z5PK04OoBu3RmIs%U$>WCN>e72jSn2 ziN5>w*&wo0d57DwqJjxZ@$83+fHD>-&)Y|~OQBrZdKr9$najl75j)@9i8b|tYF_TvQC3&!0QgBz;L|MTHj+JTbXH^jt44H+x^1k*# z6S>P#^a|%DH)STaC!tycGQhhY~tq#qV<&1$|or+!WhQ{RG zurLNfm#D9?cJ$;M7d5vd9PKX#yD9J8(1~6{yh-~78#iQu{hR*Jm%4FzZ@(pkaEex; zE2KJNDsQ4lgb$pEx5w$7%8}cK@LOr^b((G0DErxde;H}OWpg1iwWItQlPy2L;#=Fe zB=-w)!!60PPkmDu#w*X0IS((MvWFoe?=<@H3s*q-lwUo}ruR=rl<3f5Nq?C6Zr?k{ zeWyCjji5XuEV;EJa~RQp;V~mOx)uA*R(zD@i&I3~ts~bpV&UKQnyifX+BIS|*gCcJ zpq$cm-Qt9UXX8vbB>`31taF<|$w~2JPfquDMpu|b-CnFPCKlq-**vnUiA$aK+xXxx z9`bDbyMATymN2%yXdKV`!E%(WXNx`8M8nS z!;cTMRxdBNMDAy8KP_5$()_l~+yNi$b=s@Z(RhVmqNM5lBH>+r#iX`d8;H#HjY%N} zIF{;=2<}G%he|fec0UQ~eFGo!S|fBucd!+&=JANpVh-g;IylgvayWp!C8n2-0nB&3apFP-y?G!Fx0A_aG@ zzP-97TX=+EjPrX_I6fkoj@uTY$QR6P)QX?IStWzF-+ry4R=-&pA&#Gwow=4mrsJ4@;wyJ@7)*kF$7_4#-;u=xle`(k(HvpDJxtfD!6mzZND=3-fm85#2*aJRT(x9;k=h> z?3N%`peu4{H&jmz;{J5MQ(q>#+*#$QPaiu$`+Fowe%XQwQowSizI}?FfnNKoK_mh6 zL}dK8l&9<=L;|`HRGshYr}$+z{8TXHAH?s?$*%)d;I?$pPf{<}71`>->UE%gOK6T{ zT@w|^@zW>6uRkovMU^G31SY@yvU=v%9|y5+@gtY~M7jB~Jbkqc#rPtK*Sy)O)Qjy# z^8y|@h5+i*ZY4_0X@U-eUrDPxzb}8ScvsGORLi!nGDJrixFXiJsC$rBQJ@N} zV5M}Cx~FqyYtT^4r|fzT&U2$J7vlFhOm7JdX@k)+6o{7pcbVuANPdB>RO{bas*f_T z5&ijI<4>ZV=yC({2*}aFc0J}oQt%4FcqQ^>7zyd?$3S}XWx=G?O6QnEND1>=mxPl z9U=x2xoaWcSwcViyqY|^EKAFgm>p4|CqxxwT|=;a?>qw4mGlr-`tfsNp_){j_XiH5f`8h7)51!nHl<>5@~ zzB!-}A=}~+Nr+*qX3J~E`<`Rw?lOXPWbYU+_@GEs#JN5c2ic^Ru`PzOM8-2Y^~9`D zD9OzB0%0FTTUJraE8fVW)zvyYO~`}9WG1HYNi}HTn>6r_yN@_w2DbX!z`h26fj<<6 z|1t3U9xQm(xn-Dv&Hrm)UxO>*{JEU5-Do=s`X~g8gusN7V-?M9O44$T6=iYU_)f>v?ToY*FK}Qy zt~d|^L

1cLqdc=ns%m>9s>l-@+?O_F!r9*~|lUWt(l1Q2#l?*hw#z7KhacLnr|W zB3798Xb{ww&tffX%S^5%FC)>4i1uzp>T`7Kq<8)dUUhyQ8XDnRozY?6C zjbD@HJupgO;zIqP6P@)6Q!zgAdB>q;|JzO%79Ahs*L{!6J(&voPP}g5O!A?r^YiWX z8E3u1CM(1h{gRgaG8oN))2WfwTfHxWu{0&zv~G`0F)L`0KJ#|>p;eo%=VxQN)%S#< z?N~+Bfh~H3#6!@Zkqp0H8$32cnqDEyM!_ON@Qz`r>(13TugLp&oD@}2Q6VuV7l|5o z`Tncp=)CK1XGEWgPHaA6I*b?Cx_3o8 z=f6Kt5$SecG$q4`k!-#ghkOvemEw7q;Ia#udpp|ri|M2XPmBqH5a=NWZt&{2$2g$t zA6>iY;RzHW{6hiPr+>E&+~os$5dyxJKmq~|*sl8-y?nsm57Pr+~W#>CpY8r*(f`ep#s@6h!}SKw_gdo%8yPG{1i%i_v=)f zP4$$?X8+J$pN!wV;H`QYyzsXQ7g2X>zh?3mbqsBI+mp%+;sqxP^Kf*PJ*o6jc(X@u z`RgV9s|AO`eMIRl?Pa9q__Sw%cGe4XBSASvA->BLhuB{4Tp5m;8tiVx<-S=IIk-5D z|2DhNAR9MJuq0TInJFJ!jHW;3KVkm@OEB9yIq(UZYlyqIyrgyTzNb`dRy>hb4k$^F z0ur3N!Y8Dlu!q;q7C>PG9;%UD>@;qIcZKs>*2yX_A*Xwj6EaR`8H9>{QN9p^-# z(jOB3t8~CaKPaojwRL>?N7B4 z6TNs%$+bs9d&BaLRaR*g z;hszLp0exQkJ%jR2ikKsL#a_}O5SH=bg%DG8_7x%`8}P(pc!j}2EO9TSzK^-jI8;h zE3x75&c^dcX4+FLq5GfwE2#HgJj2K}C1?21`}U281iiUxrU>z4wuu_ky>@N(g?hVe z^j8#q(1IW5$_<p>%c%#YVV}&z0RGT(vz;UC13r?;FY^-F{^oX&l_}Xzneh z>;iEUCi`*-YAbzn6Z|T1N$9H3Yp}JT_X-nVj=38)71sV ztll!1L2L2tox34RQ9Whsj5+(r@vF5`A=vL94d_c0r&d2zU*X~s#F~*zk)6^+4Iju_ zvEU;2XO4WJp)2bX%=viUp_eu;WedUrsc`5S78%`F*Dn<6#oMu~KuUp?7(0z6W5ZhXj# zg?u(TpI+axd#=qv?5vS3bxx#kswL|fm@AmCrD)q1s>=1G<8pO9f(WXO4Jph|w)Y`+ zmo0~+=68F=f?R}?Jw8DhxM%o{#DgjJ=8tn7?wy#h8WZb$37t~KQ z{Aj9Q`pb9Uoe3LnG-0*15>Mq)G4wDyeMw)&Y)5R{+1n(`A(&l{+&uCIfu-p+AGV*t zndb<8hx!vUtC->S!)(KQT;oFfYn}aQvEnE6GC|za9TFZZAs#|VONuQHNz)>+cSWPr zoIGq3v=o8~*FWMMIO`BzNc?|%y=7dMTd+5L(=8<}-AZ>i(jC&BqBPRo-3?OGNT+m5 zcT0D7*L&aW*WYut`y4;a*SV(Fe`c*UYc7jqvbtu1AMjmC4y((t5mmCmU9h5(EOp%( z@>&@J5+9lqP!>C@UQb7?#}bQ{zGujJcF)5O78QXsy)U>DobyjCktHiI!AG{givvS3 z)cvYdv=Gu0cKwslzXJ?m+` z{`0zKT4K_KKSsuf`eP>t7iV8_q_S8@~bYVOArmIhCk-+jpffFX8Vkkm!rTd43zK~Ufsl>T; zp~>6XPdqESk?JGu=-9>`|{wSFe zGN`MIAbu+`P)au^bxA=8rE5tpkPC@Q%o{Cls2E zjwP|6?RE$~HaYUDbq z#pe)nm(bCDdvmNY9j0_aE+)b-!(xX4V!mu=ry`zj$`8TjZ|`hY8ce;&)u5+_b8J^M zP}0|08B%o~y+JV+2aK`*dxv;!@{;Un|JXoePtTJH*g`8A)>eav^j+ z|G#pv^cP(!=j05DF#2!G-bmzlsCB&+Y4XM(|ew6(Y zXXrqczVvQvoXIvoZ%MZQB!pnSL2HoA0^3_OTeX76^Ts3Kvqu}A7&Kf9xb2MHU2i=+ zG&YDmLisCJqZrGvN>9;{eaXAj>Rb6&Vl6+lR+l@2Eluh?yD z_{i-JrszAh|48z|x-M%Zx*=YH@8|s;wg%#u>!8oVO<;zp*SY++I)c@k+2m-}3*&U! z>TrA6h1Z!Y+O3bR(Xf%Zqi#+2S;tOkb+6y+QU!b%hrigYMexl360F4?8~TQAynRnx zfaB0`TpJ-9+yUnrp1kCIjWLm0-{nU5Yk_sCdSt{*VA#>?)R=G;fmQcC4zN4PvJ#Xb zJU_n{Mbsj>JrRt;J0~`WuUmtLz2Phv=lHSd$YD5sX)6`1Bb%(=FUN~kXJr}d1K z$1CvE$w+2xr8hFMLs>sO6zQsOD!)0=Bwx-C!m5PzsN$f(uITUc*tS13k46smJg%rOP67Z}GRGFPLnLS4`l~;I>Wz!=iT7g2ax@y0U(A~x8^vLn9O z0CzOKQOP07IZNG~3VVw0={=~?dS|s5)X5lu%aBEh+|I|X*Gw_No(y{%!7!A$Ck_u# z)T5sJm6byV?CA1F(5-~T`0z1Gx1uN=qy_8sXlM1rsV6fBTvLGJnC%Kq@07AV9uM-e z5q}T_IPO6MW*`AC^d|&B_C4af>>>Vmy%UV{8v?k1x2|n|S(tYd9*@LG1#9Dl2vG@X zDzZ*Il0oU%UWFw3KXVmCT=rq+z4RtyYfx*{B|m22u-Y`TY*URiTq-3n_aBA(JT=pL zZ~|z|EgB6BMp(>*u%*JO$$J5n)yK?Sdv&5ZwEE-cpA+PbwyoFu#EPaLG#vOMXL%~G zMNHE~u$O7P7Gj4czwiKhXWm*&n36Uh)n5*W>e~Tb7mvFH&L~PtqitO2xdQ0 zI3LqhRld91)SaL+>m^>a`syd5F-ECxViV@CcZAZ@iu8(CCf^nd>y-;jlV`@|g&a^Y z^rb{g5#tYDFIM0`m!A!U8cfmn`wryVP-TvvS{TtMD&mJAdWCD_yrYcTRB$g3h+XT* zI&9ln)q-=^G#6N~NfE>LB72|cK`@3<{BcfZsz$A?*nY;+QLqttCI!49c`)BVX3v(? z-Y~t=$u1{&S*_kwqZo#}H4Qm;g_{fce!pmQLPs^VJmkm*+^j0Om9nr5cMj{TLs+3g z1-uJWhR~z7E9Zx!u~ogAlJ#nDjP+|P@45@XiqsW7_4dbVt3JdTKjT%R^cMX|-tQNo ztgR?x#d-WEl$c0jDpwZCl}shN5!VpdBaCl)-yT!y|hfs)&M-oZ23 zclpLqOi5X&=R&m9%=4KRW2UO`l}RB~h=#96i)c;ykR;8QP97`l*XBw*k=~zgqD(Gs zJ|^fCwP<+$aFa7+AMAHt%_%fPzvR5Q-L+aCwYsWK1ihVN`OtB zrmRYm-S=|9Tn4;a=5<^oDKwM)L!JlOEA+;mqLJ*?PM+piL$oYQ!hntL>Ypt%AI%+_ z6}hH&nwf3IEVTWeEE1%@9j%6aT8qg(7Pi>qd8m>^hD7e!MhQ$Bx0#hFzKO+&Czxm+ z-ojE7q3yES5x6#0y0sd(^-B_^hQi?w=k_1{QZnGo%}Ta-St=S+Ft@&ke+hAyE`8yG zqphic($zfEVNbVUP>QwCULi`_Bm*`1DsgWH8rL-LEqW$nOh%c=S+6*XLafjcSncjU zgfx7-YZ@yr*o@FMg#SQ=)Vkkz$mm<{K*5QAnM{1%qlo}{srE!7K?{yxtPzWXh#gz) z$-4!bz55USH$IOjoP_$|>8M26=Js%0`neJ}?Jg*0>;#mX7CCcH1f0x*mN8XdsLkbG zd40rYnDWk;>2f{t(gnnZ9hk51IXizQR>I}AjP{_{bJ~y&YV+BG>ty4&O1?gAITBa) zjJmr)>nKEGPe4Qr_w=d=D>Gz4#Y7#a*uM1xd`#>h zX+9+P6*Ui5xwYu5`5`$hv~bfKD2S8v8DRv*0|D<>G0IXg`2(Zjd2v`jhqf&`D{Z=% zyoGNlPlR2I6vTI>Gcw<7BS2f?vE@wNycV%5+60%=CaaL_8r|;Bo~_Db#)ehnu2J=J zq-4w&pBrd|$iG~&$&Q4*Fvuwheu`_F7A4^ycqz)N_W#yga@_|i%Fg@$D5u(S&%%Fz zin4^-e~L2d6X?GkxZu8kW%$4ArSKoW4_vf>{Y7p5f+gq znf?S`ayWLa(SPFQ>#Bo$o_qrV9GbckiqK8wsbsVgg1K#QG?3r8g|(N07+|E;fZ3zy zY*Ay?ygsZ}d8(E7<~Y%xF{^g){p~%>8xE+=@9?_23wVNhAq%=IGuue1aB)r%t@e5y z`fcG6m=E_n9IV5_#Y*pc2M@@}AzDRp-iyZWBp6Zl30?`+zsrDN(Z=+tC>4CG#i&oE z2$2cTi_2K;&FlppjzbqjeiRi>$$UVA5q&q{-MR_?UN0#BP{O%HGS6pM;0H{F_Xy8y z7^EHP#p-KINAhYD;LUnPY2UCayMQ+BLxo!Hx*mqxmwN9pI`Osdj=X`Rdtgep{f_=^ zx?oFkVFNnhxQRp=U}QXdLqg0OkR(jaa+<`-a62+ z80N}GM}TQRF-)<11RONe9Z|Jj8C*(PwazHmfRPF%nC7QE@%@LKGE#I3POzxx?uK9l z-qWwy=DWpw=dpeWMguF4v@H`Taef0z&*tfKltQ;TGZ~6PKYJ?U3}dGk2))qQ5*HUu z8`^NKun?&e|pMwBl1ReP@Kes4wQ2lb*O4` z^i83{4J_tl8=QyveExw@Z?)&KruFAcO$Bws00Hn^70-5Xd)BEjUQ5%QXT{dPF`hjo zd~_%+m1mIf2bl+95jp)~gssQNV)m@8{-hqt4fz@vOF=8mmZJS} z{>W5UqT=GBD2~&!zNitw-7p``4OquWYCBv{8ZNu+2_N3kHxamso$H+l{R_l(N=J#N zS|?d&b?Q3?Z(A*=Z%e!$FK)nOJjtgqC!L63ph<*RKUiEr(peo2H z@|jxN3T~=-5iv1|JT8!Jc72{aq~AC#h?Vt|8~JEWoW)ycFE$UseNVrl&^rs5uyhwdps-n;B@$?4r7gT&*!~V)`g+6k%ZxwhnFgqx0J-uk(+kc%})U`k%}2A`$jR!rMA3)}y*s`b9hcFf&i%75ZY^8GM8IzJe%VQ2yN53b`2oJ4 zdUE95&r9|gyAMiQ50z6New_`I)G9(*k*Eb*_9{bZ1W?aM1lJ6u7wr(Vyid!2J;qgqRhi|3=K1yx--e77PFY->In;I*{%aP+(z;s#o=`gUXez zu_A;U!QYPDMUBb4o;a)bHJSoEI~o+0?94oM%U7-WLrq;Wi{RXZ3-Kda_7R4F9d^c# zm8&7wKjjfZOwz`NZ$P5$07d)DKE3}XCHyhu&=HstVt}uepHHHJcd#HX-e=GNVE5$< z{YOE;NBkEBwg0VP;`VO^)qrn5OBaiz(!Y_$r$z@=7Q`QzX~eTqC;9n$)`QrW0@(`z z*@Ngmox3d811~~0{WovL+yj4vd~zB6`$x!$+qh>*F9J_K{56NYdC6g+{}wm~_`Ld` zO9L9KdH5-*9F5rPGNc1{;}DGucm|fssFIi1F1i38f%01&?W>f-&Zy zTToxQUYc7jf78xdBde0fke30|^IJ62*YDg{;{v|`(^pJNXo0?z z)$+pPx^9%wQRZ0bbl>Quu_Ln-mUEw%bz@13o7y{S)3vkUYdE=SfB4?FHK@x#T5y6W zwxobbqxvW|UwAjKTg?{cCGec0UX^FDmroS#j)T1Bg*H}juc+?)JW=nrF@@0=sh5L2 zHZ~{qQ-xchH{)5ojp&P+nQNy^l{`6)s-RywO@APPym&;)lwvLnuFvtiA8S60>=y6h zWpkd1z2tE==}ZOSHE@|*KGQ@-#e@)iTw|LxYn44Q>>Ep>RlC;`G41wg&_v$I+scQJNoS`Ne7@lVAMbWHq5Ir4!F9^NB$*<`s+SYRjqp0)B1g^c#W|#SH zqxG1eCtToL#)cbo$$LXGXO=TNdBNAXTIxuqnlPEX0GJe{MZtAu+TaY`(X2TAN+nCy z@@FY3$clT^Qt3INnh>SWSnqIZTR&@^f@@&(;T1`%rp(}aY`ZjckM0QIMZd~fYTctm zIV4Hlto^nDCyIWNqq3vOLvVrMe`>vRQ9Ou(G><5hKsmM%qk9?Khlu{f+cC!xwepI# zwWjHecn^D@!!5WDi|~`}3I$W0H>*Q{{}pS zzj$)kGw$st*Gw}bk9F=5%G6a#6m6O)-nIF5#{%OM<*t2cHA2E(0wN5 zpkB*Pgl%rQF}wFPg%j&ojURZMAbUf4^>Dl-p}Lf4%(QojN->&l*}3R(ZZ*w4lncul z>1c(F$m9&K7Jh#yS8ljvVu>+?{b`JFbeUhu%ykeTz*vf?l>)MS$N6l!S#f0`;Gy5H zScH)eTVlOdm$6yy`^Ag_-vkL|2zO{42!nH;{+cKTUoiNO2T7nrkpuuGiZI~gW)K(6 zXK2725X3?BpF}b6NC?8+@;{#Urvb-M{&UtEkO%-AH8+LEKMs@HnS@Eq^-H)*$*Y>| z8D_;QAFmT6_6yZbrZ2z7%+2P-sDK|u*m9zBKV%$HpRux~P+LVaX5-hPoKX;^Vnpg0 zTwc^Wcx1E1(3M*w<6hB@-_@qwbA}5bbbb}Z){eHs*pRqnWIB>COzP^GEb{tDevYYP zayCJE`fe3m6wKwxRKIkMYG;BR?Ja-1;#Vbl59k!QPcFtKdLhOjMT3Bf{v~A%y_oBd z!C3#83zV`pZ+@q&v;*9;^hgj#;IjSOwu|5;Wd;8`WhDWAr!3ewP|Au#yszp)mCTWk zfSnfjY)*9JhcXyiE=N&arT(U-5so$csEB1{2Fptvyu9I{SWoROS+_iL#%yT=AF8o8 zJDLB?B@9|l_soyXctQfmz4@`QMFLt0tEZ|mYWYIRP}K26NnG@JJC9&!Dx&7jpewbL z%SvjryD6jqUowbf2%9@SbHtpaPsS-Gr`=A}8Xiy>E+ra$5owHOTN>Y8(u>VeLzB|C zZxs*OEhFGYCYMpAb>|2mf5foZu2mD&RQD%hZ3Qx;)H9@ZR|^=tQpabLv6XX#?moX? z3X4+>VyGrlZ(VIHQ;oXO|Jr#N-1v%wC!X8GVY)MXTS4VAhAaMN zmcMR;LpMzCPdMCJzN^bFApME6lJtZAQgi3PLrWT~)rxG#^yZ4p8)~IE8kU^SUk$I^ zfr-`Q{#@T-x0hs3@~aTG@Mz2v`jBz@F}CDEr7wn&@M4)ol6wVc-u3JM;M z$zY6R`0V^d??jQ12qfNyh#?GbULsuUza*et%^wjo86ch5OH|NLpW zLoHdO2)pf&Fc5wHo3J07MgtFYKQEI07JS{smlRhyKt#! zBc){Ax(R&homwCnBOyt}NJECJ6k$yI;#_d~7mOixtAa)M$#;%mL)J;8=%Wa&Ub5S3 zW3N4PdzG1{*Wr-g<5e^v-t^#DYNQg-v* zg#@jhH|!Mnn6u3z50 z2I8Z>U2INBa3nv}^4OD^-~`PXJy+R7w61=qFD%0Ce7Jb(`GH_CP6LMS#&xr1Q-w`O zac0js@eg?;wb$-?3kF*op^W|C?;_APQeEQe%cE9X&&#~E?7sI?h7H<-+ojGj1y9p+ zaW3hlH-a~+zb5=vSi(Pen)L<^Q%N-Fhi19Vu`Dw7T9N4^r1adjGP|xPADki`x|%q4 zH`C7zOt!1H!nj4Jg!;+dvra=Y=jYpTc-ZCq3dL|frONA*j`%nB(f!9%mkPEJ63RlV z)Zg<55cr)yh#3n+%)jhyhF>ta`@h?UbkL-|lYrHKQdYsp-~JGD1M$Me^MB<6yn~#L z1+^_*Y;kYJA6ahI%UQ8Y+zNw)>sM6owuhZ8rJGV`{}lhpNdF&%dJN%Ep--xBKYDCtFA^#AcH1|R{SRNJt`U4g$&77 z_wJyMzZmDOQe~lY_tUU*e>{^J-I++<2)ol?PsN_>e-kuR6cOyX!}Bgre^X8COlA9n zR0i!<&DvX&eM(*SYlB5YT`Ehr)>%e2(W}5I{&6~d0Ut-Z3*#`sy>6Q}th5$ircB5) z3AP+l%%%tPO@km0`V^NMs^LS_r)$#aM!kV{illz0OY!%9(tDSFbe(mJVwrV#!$q>4 zFsXjEbF@_pU>a9Fu*6neiA>0jFr#u#uH&O7SAni8ZHpL^wijK;Ee{>SOS%Qe%mD5=98UYHo z|6RBv3g-C72zE^+<}r==vrV2TJL1L6KFbDzvPZJY}u_BhoeXTwlw?hD3@zxW8Upx8~inNqP zYVGX9KyEVQ1z$VT;fT*hrk#KYL+SZo;+-M4?HfzD6=Hr3gVs*t8;B5-CyKVBmXm!1 z1j?hXsLDRSL+Re!Vrxu=tq67f1+(SijGfkuIDv|fm&{(8-v@qfHHX=Rlp*q{mLU4? zRiZ11e$XdZQ$$`#66t_Y2p{oqOe)vhMQtgXD@;1Qr*EycJiHg+j!H>$iW>50=k_d2 z*L-wNLiKm7OfOIXt3AUfjY>n`ExRS%#n)xTSfuS?kNKF`GC_SoupmO?*h^(-DWS0x zU9M{IDU`$R^t-6l6uno#R8tR3?1*K^+|eMuqEJL}8!;75C#`!VAT?Pdj7y4*lgqWK7)n=EX#EVGg+z7n7zTi0*kCNw?;*eMRh8k^KN?+346Iz%+aqT z3?{<`*0XqHZ4Brq~ z%@v#0!*z+}p(PPhKijoG62v$GbRk&-iK_&SNT8$Lhs6;5=afsX??!AO2;S=O&ZFPk z`AI0fJK;o>>F^DPK>8yC-&4 zez?`Pd7n5`%=h0phbYi1&P`zk0sn&~6YCX|+O)cO0=Aue9|qW@C>jzqxXxl(Zcm z^#(_*un|4UZWS0U1tDh6HVi-?c=7_GKlct`N{_@Zdk3+9BWAYi3u0nF5G#cN0PE#K zG_`D;hb9mZ+;huX^*h;h9$=^R zsbnOEFS&h@)au6HBty}~aG0CcdYj8nfBG(td~g1T*pHJ@Z+l-!H{K#i@bRY$#U2~M zt|ToQw@(Ec!FI=8brPFDwX=TPj(?GaV{-tFLBnFsB- z2hXD?wemH>jEOeMEper5ieQoubk*83%r%r9$0*8GZRXoB`sHKC+CqjwKbVAQC})uWuZY##jmZn-qUVNEqV$pd8Y1)#zI@BDcK|C0HF z|HypfxMw+ep#168@K65i*oOf~0Pog8^rzb(xgSYDZu_qDZ@1-u4nNz0?KQ;kz_YAHRE?=M!!r+6kNTCK6xTU@Q%ff8qvE?hZsQf9zV+*pO?7LA~G*L0fkXMnXhdriH;YGT7{NEgZtnbYh zCRNZ%J~WEo4y>A~53n01ZpyLz+DA>5RciOn+k@UC2=Ud5dDWiWol~Z55*s#VqzeW; zWw1=;WDj<@+Yg0A)LUMU_gs2UbM1S(C6wIN%a(j~TiiD?xKj6S z7IXC@{aVEK<+0k&O-EEQERL96Lmsbr9nIaDL0G0=Mu*R zXFY|Rt3%X3>c4yTJ1M>5hdYsod}}X-Gh?d)-o0*rYbg7=feH3$(Zcvd%6y+w_047A z!%XIpO7vSY{XuW!oXR`ORkKy5dL0$}nq&P|ivY5ehw=~5*CbSD5nrd1m7+|zz>aE} zvZ>t^7A4Fp9X5n`#UBfUoJx!1sbtd|&Q=+Gv{ZC{MCJ!KxZFlH4fazWdyRTdU$#Jt z?I+r~i;!i>5qrTy7+puqCpzmnY_YIaq6@Cs@^Wt%s_2u;V^n{3TJ!jDnF%+ZhPx|E zsi?BO^2Rq%>(jZ$N?>Zep32e(J5q%1A)WQNYSm4J1>I@(J>}|M?z2?6Po|Nkld_y!fKNW~x7Ijse@|W<+$PgP%t75BF2FLW~^PXq5p688( zCqne>e_W6k+GH#A)O@udG?m^n7P^b9*x@P0ZMoF80)>TRaUI<|%ElVkAvN|~t93-S z@Ug6>vW_%IHuBZ$bYEiuua=_M>R;<;b;u9^GPKA-0}i-e?0)%Y?Z(GZ-5e&^+Vkzt z8-0}uJ>|_CQ*0lp<5g`NQ@@e5vP?(Zla(#6B2t^_OR)7I(`&C0$3^SdD?l&${Ru1pwns7$uvF;(8(2zme*??w69Aw`NUfadG|jq5 zwMc_B0>sk=$n*a`wz+v3^Lg&{U&zaE@IraouUGwjY*Uhpdsb2f;>d6f0{|X=z0iN8 zG_=mn{=p$(_)yZOTRzgBf)JOv-l%P(=D>% zeQ@gXh|H3aW@vXJfr&5kB`Fz4jzcJJvxy1#$cGZHmo~xkbpWeF`DB(-f8r|kS|fRw zGJEFgC=N|BwgBJjI1=&(iNEM%H+&oVoS6oGSq6zTxT=QVde$>|yKb}Il%I`)3})B% zEZi*El&hjorGYnB3q7Hzt5c0TDx(Kt&xb!B_^k5AJ~yUJ-x<_!_mRt3(+6d3=dZpo zgDNlv6m4@wVA`CL$YD#;g{A591hJTQG0w@GQInT&#+Jvif1Ta%(PPWosI`47Y9ujP zEHg#-<15Rt9PmzuqxC1|`$7lt4N7`()^e=2XH;3=RGfa8nx|;e6yqDrv!Rh`Jvb{E zog0KGT=IQqj&6k^nN+li9dle4rXClpJk>BviEsS!!8OuJzTZ1V?rhOD*EkEnl%eg{ z!f{XZ_7no?k8=#_CftU=$$q%Q)mMp~V^(XG!=?DgOUIlJ3g?Gkt+>rR(GB~oJy(=v zlw*REw2prIj^-cZ zpCau8Rcp-I)wTrCZ{3TsZZLuiW_0r9p~ATGh<9^^lJmUvVe7#=*9XH`T6vr#h(F)T zxiOM=mc|GgIhVjF4%;U=fs$zGbVKIr?UPes3tN<_NIx&d9NMjuZ27?5K5 zYJRcw1N%NYqeo4833=7Io~e@|{^|&gkMj7@X8TxG*-C5@MbZWDqNuVkRNyRR!+`rQ zm_Dtj2zaKPT!OCk_Nf_n_h}TE)sOF{Q;8l%o$_^!BbT34Ah5b@G-^#7F&dl`Rh@m;IIW%^TbdeF>Go_~IY)fQXzglcZa_J(I~vx2~!JuxBBGRoP| z5D;}uow?0C_xhQ&FqEpwlv=l4tvGA@{7o=)Ju-vLMDy7M^3xLb&aSXLcy;sm*A3RB zpvk9u)k2Pmo8r@a<`W08zOIu1mW)MNH~L~G@G(&oo6Zf|{*j`IBtCLt`NzBWi?HHW z)U!0C!lZ+6iPzj1k%LvE^0iXxy0WqDC~(Ota$=uqvSM!@IuWbinuZVhWmg-%lrSmX|ni!AFF-JDh~VPAywYz5TR-RiT4 z%!oxY=LG|=vX{!{_(r|d*bIua!xDh)_6U+2{+Q?N(*qw#jt2*~@(w*Q1zDWTToDL= zKIFW96Sg!nd=lCaPK5Vflv>nKy*M<7bh=oB4G*Oou|z#rZcg2bu+$8q1p22ZANtnS zDr$GP_Z`OiCiyL*^GY$Z8m7#26vn%dU@VWrRAriSfuS`&-DJhhwVSi{Y~^V8U0Ah4 z@{e23@2BFaiAbb4${;lv^&i8o@+(ht51wIIoP1bc&NV6DN&d|rn7W0z5`=d<*(jhMDX*ZS^?oZ~94`Ck}sb|WD( zuPY7%TPTBb^a93uClB8R;|7S4N+xGfvF=XuRy%!dLY&&CmS*gmRz%fCEtcb59WQI*!!ov~`RuDe6LMOOTR8YC z(|HfPJK?Q!>Dvp+1mdBY@;PX<@XEwW>psR)Bd&QJc%~Ubu*mlF_6D@*W3iey)5w|( zMO6^}>{~fewft;=!ybz6c!GBN6jbAbnS&1-4sG@yza*$H>&y!EYY<6QxY@EF0sG!h z;MG3n`KmD%3EyIysADb9{-R}W!Jp;jq~@GJA~J5wq+Fd)srQLdS9FraiEiO}JC`j* zQGMqfEx+gKT=ag9T!D|Q6B?|)MJ-Yj4U_1C$6JnC%-%FqF@mZrp>EdNhUy)PMtC=+9^Z&wr$PLFzw#l~)0rzU+i2kA2@O3aq)?d^`mg znyX4WY~r{biW|JdbS^ndS10Q61rc>S;BB`cG$f5JzgSc)W;#*4!M;^#9R+h2W1(H@ z#_3e3TvGWN9W?w7?_rGT_L}g@z0j*sMj|}lL*kIVZA0uk<~PBvS@w7M^{uqReaN@V z+1CcHdzxK|T{2|wp-YuGIqtE8KWZ|nLZdE*`-+vM*)GN2bJK7se6U;uOf*D$QX4!k z^RpoDmlJV;XQ2*zo=0RrJ7eZ_%!%hai7X}BZ(`CA@uT%d4X;V;M2GT-q24!-jSdBT z!Q7@}e!X_lg<*E*_O5YrYVBd(t5O0=uzt3UFlXm%(YRXuVsQWN6YVirR`!WltoLH& zd#I^-ud>Al)lX>4vMH?&75Ar==TOqPvu~ zet3Vfq7c>!;>DYuqWQ*`>Z)WkV>~6L6_9?N^_F3EvKp!O`ilDQ3Pa*)uVX`(XW{PW zm#E-NAK9!%DgFAihLA@mq|c;qt#362-qMwz_EK`8B)r||Lv9m+_tU(PfmODy6s+2z zSY6G7gB*yzax>tyR3YUdv9@J?ea|yNRB8f7pme;o+vs=b&S7X(+>f%kn~M`@ZYOtf z85#?Se$wtz_Y0nGA|1Wa`*H0>;o#H^5ZMzll@V$fKi17+tv9&f+YvqL1-FW{lFhIf z@i!#Zis9K#>zS2)U4o!*TcZ4HYoAmWk88eA)JB_P@XZPT4dN#&)9>&4c7Aw$CC9^L zm@U+W{^kGbxS*c#ZI&-6h%39`0a?K11foBK7!dnN{Q`-9{HeRD=64X!ECYks;+pQQ zz6Alqnzz9LzlPO~Ezxq+UEGHtQKRWVlQsAQlJl>#p6D9B-eeHq#0b=e&m`IJEvLR@ z@-T5n)T$<=W2Dp}G8Gb_V)3U+_ny-_^18myGOm-Cj_LDlLxkn4C)R6tHQA>1W3mq< z@KyKUeqwSX{Q?4F{{{gkJlwNtB2blOb@dOFR5~L741pSh=s!@RawGG?1?PX|0=(|K z1NLf8(#{hJ{2GLWqoX@2{#x~HIOhKb`oz3>rbaM9~wgtm7Jsv#(iCbFGk%rK30TEnP| z(qFTn@JH@$!#`fqOB-huPD5@iSyHvv(F*SKgVWpfi%sgM*?I6l?2g$j2m~O z3Nr55*dN9f2fC;WI0m+t<|hDf^QkmYWx>JcCjl#?4<;)S=~M-e=XjfO-&9oMq^#Q# zbB?%Jie9cLmsV8U^+->M%qE9fXo2D2%8}N+sn;B92vqigjCV^&v=>2#8WmP?WN=}# zCqYiAZ}jOz=d*!EaL4sygJ?@pb0YQvNa9I^|1k~Z&oQ4=kMBUfsWAI@VNl%#^i8!q z$~~Q(>pwyD;P?t)1S~B;^rwfxR3B+xJp4y_@&9wdzNdSG1u8G-_Mq0wyEv_cp*ROL zI~?1n5LH&_Hs33s_2>kd{jxIndW&^ElSPNpUSqQ!_N`_oZTMa^vFf8n?c9E2mt%`1 zg2*O3v6}=`%WWpHaGyVrYG8srdqpR_G)W#3?zEWOxOpg_Woc~ z|7_uu&TmGvB)@PtM75zXg@U!Kulw4|e8nya^+Mea#I`$vQEt;9Io%#e* z49m|1Ehx>wx}enZ-C4=$jAu1(Mu>0x?BX}1!u&j6!+~)xk1(3^%Geico0Cr-*((2p z{o@Ih;$6d#2!BC>o-Io1PmP@dF^b+?z3H;Mc#!9~yI%o-O;0cMpI8gHX?}^dKaTR8 zs&UV1&VaGzI*$hcoaj`p#k`U-Q~1=q{`rwl0E?||bxb-?6cL%}gWDqOT~i-Lj`7@Q z1M$oUs!*M;*k6U?;thugGHBXF$Jr>Zrg>$SaH_*qjAq;lEqnT`@wnoPpf@cWiU~Ch zI_6@>fHG<&g8ij#xqX4G)2Dy02WPb3GTyR+>K6Ky?In$sdKq`ECDkmyX$zTU8ACb` zd==)C)`+ingu%QEEH{q${7WRG?Bn`6Iiy}Y8OHrwX+D-AW-gM{4{Y&>;+AdVv>_;;|^oF!5?gMPgB{AmgR0CB0y00#sB4G*F}gB{@X$n?Sm^?&7p z{rv0$2Ml)k!sVEZwf#CNsgX)SYc3WcPh_PjMPUVqWetg$Mnpwv?Ag9@G3YUuYmJ!p zOU-qY&#pwLdV`O(X`-*xjzSZ2|?>!wU!q-4j<|JGM`rt?Pk=(X?B~-V0IeH;7dKtw1h7%Hi1g!W# z^ry~X&yOr1oy&s$t#hpq&~kP_?%Vi?pani7naSF}Uf^BKmxioI6;-+E;df4 z{{3L^IyZR)>9Kn*a5P30((ryJ5JJlBL~FGSi8IfnSQ#~RpY+aUsCSM=5rH0`a&?fL zqq_!NLNI?a6rZ7Oh_)z@v0=ov$6LwaWPe<*TQA6Kb}R0eH1FY? zQo$dw0`DKKY%|U$@OAfW|7O{pp<+`~=H>e5tlzX7-`vp}Vj^u}klrqG?f!GoqJg!}rLexCl4c z`gR=5hHR+;2y9e6?4Dw&q2mwU5rqeyrCNe2?Qfy(F_ZOAvWM`ye*kQsjzl#^1dU=a zjTi&mz8{rV$AUBAV6~a3_71Y;1FGm+$E&ap0CyE|Q8#>axW%Vd>1CLTitAxyrz9T; z1KiW9{6wvnzeq@O@FO%=_NTKSknkIP7mB9Zil{Qk*$4(cSurYX?4c+Pt8Dt}Smdpb z8*nQ!hpLs?tf7V-gXJ0_d?;}>JTZ=Imvc)JYsmwVJZy_e8q{v-74aL?*- zfP0)%i*Nrds~|M!|A%LPF3x~Q)|X`k_;-la1K%kB6JoQRz!1|>Ba>Nhrw)BMWa{9a z*wQ65dH`Sd)Lb}%e=P{9eZZ@B2OW&}AYPE-=1e9GO;t!(U)wL%;~#p?J}F-OeO_(Q zOGShCmn1{OeAoktQw)8UOzuxnstLY9OJ%Dtkf!@7Fn<{u{>b(sBmEyTI{ub1su(CE zonpE*%OkeCR|6|?p6okJFr@C(daXJ3u9gH)`N4db^RKtZcpe`>WUK6=# zWMhBpTVwBv)GCm0-x!eo9~S;O(cI|)ct-_fOZbOye!tna0Rd}A{s#%0%k`3*s@5B2 zCp*=Oj_k6~qjJwVn_q}j+7DR+22hM*Q_KVN@*H{E?rt9zDVHhi;Yd(EQxsEZRy1Wq zh1RodyS{G_`2y`}Jg}z@lIkn|UyB;{7dL7B;U?hCne!wN=L0^H{9`iM-dBKBAl!lI zKZqLs5Dn7pDE$xJCV%Tj3EaA07_ZMKTqgN0iJ}EQ#s@OphfCub#!kqw)g$}+MWgz( z*yFsxxR`SJv~as`bc=ioWtMTP+IAm8vtLLHT-k-8YzlW&;cuqNIPYrd&1~d)0>ZVx zu8C};8hA_G1hZvP*h5#S#(@fZaDn}$?tBD)5taPkqPlSY7IhTphMP}{tF$zx$scz= zBQxsc-aurRh#Q-4`D|@adLF%Qox7j#wEfjic6PuwP*b&8HWD%uP%&-Hw`FY8cy(jf zjZC>*`*gwr$9z3X-3N|%X5)g#5;U>l`aG1F?NvaZTxA(K?28EObZS~`4gpEbh4t4| z%=h9VmH)cP1r*gaAQyqSNSuKGO>b9_-iIZB=ncHO{3ohel|Xu5`KEK3!}|~HPMflP z#fYW4mM}-Vp-{Pj){#mG{T6bVGsnAo(`aUo`$_#Nl%uW0+$AtHq-tMzla)vn9s7Gj zyOeJ0+bG-8CPMnVJq^_G3Sv9*38L7L-fK(T?pmCb^HQ(d`i4o>JYY5=7Mlo!{7X2Q+Gqja9;-i_3S9aarF@W58}`(XtFJiM z9`lR?qrdo7Vp`S+61CO%f57^mfK2ts|KcL$|GLQai#*EX#%~t|^FaT_MNhzLNdWrb z@(+c-{8o4fxb$v50bcWunXg>x`1Uk=U~u;@SMg!rmoO@QJgk5>v%!`#g{4TaW`j5*69DpXapBGMO!Y7rt( zAbuZ=2_G#u#4|h+9NGucTk#C$FFWL?ycdbv{*ZX>x5N`0pdB)|{p7=j<~82|&4fM4 zhdiCvUwx-gf6`MnR#Dku8?)idqIAf^5Gz&stSEv$=`->_P6_{OYJnG1EB)8hZpc7W zOMy&10pxNq2=Ny%2D1hUzB~DE!QGI53l6yn0^`s|{B%wBRFd$)44J6$xtpQkd=WyT zPP}KvAvqLO0fSAU^>h3BkAef#?5rQE33=+|`LAw*FS;rIFS_Xh8-eeC>lRiG{g<23oKW7?r-6y!!_S38z;8e&ECf(I1I}1)?3qWq0U*<%0d|o9sC-*CI?nATmw6 ze{@ot28un+Bs^%ml+fQUN3Ik*>3QmYw&6XWACv^v9+W1l!VH0 zIkpQq*@TFq;eA1B1*a?c`Ce^f$>Ab>I6SW?w0Z1LyN*vBx|XB;SBqFg1|U%v)&Ix; zD}O2sY{mnd9Wwum!oYvmAKm^{I1}k_AshWJ>KYv2d@U0LJcva z<4<}Noji7(ewJw)-#zsP&6=tySFN!9sGqas4FDJKM1#yu)b&9MJM}>QCHO*lfkgdL z{9jQ$fnNdv=QD8P+ym$Htp)QN*m{fEdF|YmwYf}=z7~!gW&4u=|F>nfHC<7zIQC%O z0e${!qI?ESBSlCt-X&NJ*B6pq)-0IOiqm*MuA96>5fqSZPWyRMRfY-2taIKYrhC-Y zM`w$oHYD2Z@@cV0NBQwb1~sH1fFw4^{%f=let}5(Pl!CLfc>bVe<4D0h54J_moIv= z{ib)-zj`CLg7h{D-$EFde=_u;PJQ}0N@3G;os5HMJ>fF+agQ|KP~Ae*XE#GwVNCwp zYo&)Q+Ybw(VP2!)f@YvND>}R==-pYypx6*@l8n)J-x8+_uu@e%@p_YQTz_0Bkr?Dppt(2u|=)ftXBd$ zLu(#wKi8@kNogAM&~9<;wQ0qvk6aUN*T5vRLNJAxI|^}{(K_=3YVweo<3ea zNF#K5H$Q7A6hap_O&jjhA!17o=g6yvh^*a{b*w8W0eO^Y)YIm{?#iHytX;V5co_Z~ z9wd)fVOz&h^9N3HtSv4XC3$sm)y+5019mVu*ha?S12PEGrWwlLq>r(ZIxTIlxoy?^ z!TStN28y48_>kjJp$2JZ4q)6dy7E88i;UT59DH)lkdd_Cg0v2R)T%-R{yN=}G@)1Z z?HxK}L(UUA9)A>XVUcH%Ftu0^N|fz`MV-4Dja&hy>!Ck?ciIDMaJ0vO$%j<_44fm+ zGfS{(zZq(p6BMvXno{58k9ZN8(LM_)t3e;bFn!*9-G;xh^PF6L<_8R^3s9y7hHO$3wJ!3Bbf2~X7Kn%UfS81gOd3X z{-U?*TYF>^%GFZ*Ow68Rh%k(vp07KjNlu){pEAK1`5AqFobeugvV&yn#_K1S(hH|N z(n@L`*Fd?RZISJyeZ8};Ecf#$VLj?XTsj>7D7>?@a(s;DGb{(U>9!QV#bv#1dyS2f zk3_Hh0*wzx-f_o#r4s@_dh zVR8s5iDK2){pzVNHq9?9xkE4`$4}>wNTo-#D?q849%ZCij(V!Sm}G%zTnQh76D8}O zAFg(~;FnFAlE;V0gRlISL&d2Z8Opyj?e6`cLS!>10GgIH0DeR>bt>GRgc}{M6~K_K8ryVHHMQq^udN zAoEU>It5{T{0&?4x)q9LBxd-Qud&9O=UYD}GxUq(w0+$oQ&w7*3z86H?3&YZ>9i7K zkZ|h6h<{7lA74U+#DBf0g#+kCZJ;iu9{oRQ+h6t-zy+usi2hK~3?><*;#SjdDz^Qr z;te4Hur4sDsmSC6tx{6`!7g6z^2^myWP#73bB0KLhUtT+_|;j_RGa5eWl(GY^{;hu z?8=zo$*Xr0bqIuf^?ZT#euM}!Ky74t003K{2q5}H4t>~HFLFryCdc!?a?}n20Lvd# zE>;(|4Ji}w-0r?NDP(azbhF3ET zPSA=$`0)dFY~v6Ud2?H_6RCUKv{%b9NeKQ@LE{M#BG&JCpZM)_}g5C5xoDbRy&E%InRG{Wbqesw@0q3Aq|D={OO zsHSBL`G>X9^b|Hi$k;O-6hvy&-)F+4b@V?9dz)Z$n$zK`$JQ)v+)C{i!97Z<@UAV| z+>+Qpge^&7*UQ};a_ZI+4R^^^Jv|bky11@(@Aax=`HdO_Ak*3?#GM7zqL_( zIR2G*a~u@CQUw_y9X6$vIT}j#Zp-_gRAk8`Y0a8bUkPe;$M)!^T28!WBE*wD_PwW_ zQ*Zhqgv5A&b*PmVK|%1UkUzK~0wl*f?EkS~{BuPC+)W1t50T$I2WWpEH=z9m{ZqK${!(A|_6hQ5jHUzaPR@KZ zH)ql7sfHah+C+%BgaJ8cX|oUeU!KlE!Yf(A0f3+1zR>T(f+0Ks9TXU|e!F1Ma`qxT za9GJ`;IKYh-jn$d=GjN&u7db(x{7e6`c}FOEf{{cO4iP;`xv_XhRkTz5lYvAi`idd z52H4z7hfyh|9X(|H=jXIb_@n)K|(5_GV}52qA7VUwc`-VlKMy3hF#6w;Jc1o)$hGy~hAemy96020HONh<-ra`P zS4|@78w7S^&TLng8z(m~)IJ~K$jukOr%&sHHUI3QrOrR(a62cyo+(|0Da5@aS*P`b z+YkB7i&z#8BnS5KUmNnWFB4qwzZ1N53OLjDf&Hy1ofrUM7RY5f@Sl?vIUqOr9fmlB z7pGqn{7swvf3-QJ1BIz%d4t7S7~ZJ5^qI@qn4SP8Q|Fr7)GuS0fl|~_xtyPPCb+jw zjS!XZKkeCR^fO&FFrk%@l$c%!JHY)qx~d6qy)&Posxlt=Rx~d!6oNRbD`p}%kdtr7VSG#b5W>zU^YNr0Q3_Rxu>$3}4W$nbjZaqgZ3ju&vEb(*ki_#ue{GS- zy&xsj~kXgN`-Rea)X@WGjUNf`Z9}-=AKde!cKJQx%=$FevZFXU4NEfJi%RWte4A!}r zw}e@DeT(N_QW3I>Vx(sT@f=7eQ+wSajzq^-h`c!Z9qDB@Sqc4*{l-6JL;@~G`Jh)$ z|0|;((Z4cIvw~zyJ=hWVyip5au1k_qVx=4PyzzEDcuINpjH5NoC6jc8d&G9oR_;&g zX|Nndt(RpbK3m=u)Ulj)_KEGFD_0ev;--^s)psDgQWcKtu@?#NTkmXL6MI7b&?(OV zLL)Z*uiX&&7c}_)M8l5=h(`LqXef!o0HlB}1ESyKJb?E};e`wJ|H8!+c(9)LQ3e?2 zu>>WW&am%CJCx;F92W3DR+Ez-se^+=%vpp107KIY{o$0FNYyW9{H=EI^8}jl00_1J zyHEgNo)v~UmBJmr@JaLzv50vTR+^+d61mtD0Et{i82|cd-y$cLTCy&2om)hjrLfb$ z16&yqG&0o&EC6_H;f4NCi}OkGMJ@W@)H+C{@T&rH{%;T;2g*oM1SzzdQt-Mt@Qtm@8iFGt6M;6v4wSc&)K!2(R7&FJjsj@rQ$7p z!n(>P5|kX2^bp~a1$_r5Y?gDr(d()Mu5r7QGEMibOa#m(_y>#G-UZ;{BSWc~$9U@v%Q}AcTR7j*x`#FKakVY=_ne{Xx=oB2)DFn+6<#cH`hl z2{`t8PLN+oRC#K943M7B0=ajr=PkaPJEx=5+S8yF)%8yIl|Du)TYp_#l8#FIKNi(vc0sHCVsrMLAZqS`%@pBLgl3N?hX#Hp8!*FHBFrNbs}wKo8mnoSE@g4$@IX}<1q3j3D^Td zovp+~#t&Ub{nIwY1?u5gebRbap^?0$TfN#?g(let>4@uGWD6kHn|s}v6iii%uy8H~ ziRN-OvHXlUQXIBnv@~4ioP)FPP(Fhb1_JJR#QTK^PEl0Qf-+-znlI&`Olwk9hSYev zq++P>UA<5nzWz+H>GpyuPnvtLK=yNw@3ERdLoGWU%PeCq-p-QpLb6VReLD-AX9lw} zT?EZp{sXK@T`er>BSttw%B1vq2C;)hFaw91SDh$*6alAdmhktt9JEk#gd@|c4G%LJ zPs|XlnHAWY$N(&5H~3~ezJ5sd<`o*9eEjQySnj)EQNz%y6!{ANvoKp8;+E*upCK+h z1tnVsyalGU?clDFBXp}GeANViD@p&b0g5`DsqyvPAhEI%x{TyF8q{<4B}{qS667J_ zrJK5X6;r0VIEQ)iH>|z-*bY6oILXB^<}0UWjPWkHr=im(sp_o)yq#6jdu=&l?YCcC zm2D)_d5#^w_!>GTVR07_s6k+a7krWcCtT-!#i}CFWy-^kVWT`)v6T;7(-Jhab0j_ z_69Y>EeXMbh(kZ+n=Hy{=;OvNh z2|Um?CWa9z1-$>e@YG3~5`|Q!h4q1tw?ZCv4qj=;ExMKcK0-~A%l2n&Yh_rx-5E|j zP4xs9Y1P#}e|VW5<)47)O!W3BBycL4e!RK8QDnkU|4`{pTP3iH~;Y-32L6 ztAqcNg01a=H>equR8D@Ol%EJNqnGS`+!)xV(st(%y z=ow45;?(||wU~*Pmg;;3E?0NR#qvSoT2iWLh#Yp$sZyLFq8jSCr!Bv|!sEBp$8w)3 zLURM|m|7QtzZ2$GKw=Zzz&m9znA0nYoWBbcm0OD~ee(cEA-sQq9a|q+syWF2DW1(a zN{~91^%nxQhd99->wQVq({xu|$Vm0hW&gBubaCUDV*3MkpE%497hGSKOwr$4V(L(k z4IM)QjN7(LV-W#YWR~=p=N$+wxu+UK!h^#+zt8|{KXX;YxC@F`_p@U`5fkwz0>BrT z5JB`uRtLC(MuL*e;|xj(!w@miigt2m{s1 zUxe5#qUHH(gIqQQ1@9YwjxQ@tFUE!9dz`i}6-x_pbQSDB50dpNdO@V0arn|i5NLn| z5(WzNf47%j4ZY---%d37!{T0ap8&JenevB!veeJpza|3JmqhT}mSFeEzloq7510r- z)JaK7qOQeAu?@3o^;M;Ul&UR5Nxi&Io6V)hW~CU|B~0m9-zn+_JMRW*(w#9E2KwL&ea4^4l#W1FvbqU$O?I&M+X)b@QazWG<&7kqo)bMLjIzy|38qTD3z!jABG!5QDS$SR5oU+^Q`SuQj&1kKs8J<2(5f@v-+`K?41fYE=Ga7ooHI^@o4okf_v0ceHAhS zcgOxSJ+{gsGpR7unhz@Fa@=4U`TO*`+K83_;v0dc(v=A9QWnmqFaG4JF)PH3CjR4N zKe}B|iY!uC@=&yXWsc&l5e!e^1h8%D3{z*#swvw%nDs0_1io6{%6#QvkjVt*cqtG3 z+}TbE5l1B$CrRL&UY@r+J**@Z&x!ysz#lyjYPOvFqa#Yy8?Sp)qkYP}4#tqYU*GzX z>s@Vc{W+R3S$EWRTim8<^$n|+Z>SV##=X*2`GkvZsmeH^38FAV4&dWYFoUS>5mn=C z7Ay}7wvykRUMKf7TO!CX{lGTu*3S}L%tg+bnRm#D%$!oN9_Z|^&>C+Hv=gF$JfjCQ z)+Hcv)h9t*GqzGw{H`?XS~y>SRi~YlSw{O4awd2q>pAAwzGlCMsc5*hKbm{_*@}fG zQ)CIThF49IFOb?ovH!gfKovuqa;5wj4AMdT2fdThgm@#)4D+{~Sd}%*^cg0eWJ2-g z(no>#l2&PcwiUzXU(j!&erd42-fnSYVQ03neE@rB|Dd^ve>$Ak0arM;l^y>1jy|q- zu!#TO@~En*-iCprggU1%0~B{JejxzzAOSD*dm?~Lcv5?bn8W`~1pSNuCITN-0N~lr z^nT?F1XOl#d%P3WK5yeqauz#FItux?-tDT^PXD;ocTQ~*pT{pBHK3Vc3O>e){X{X& z-hPOSw0y;nEQ&5F(aa>NlDRr?xyt-WmOadZ0QWNm?aHPa&5#jMXHUSx(k5?(eowg+ zawo1FhimO?tD1^Y!L4Rk0nMq6+mR$XIP;tLPREJ94qWx;e0JfHZPqBQz(;UrbadKA zD6tyG{F1yF=2I9mr~J+A_VJpgyR++w> zGK-U!SL-};oOP%282FK^NY}f9)b%uPpk0_ruFba7mzG%+sf{#&s}eLV1pb*^VV$?(h62sOhjry|~> zIn+#SE95n6NTasmEuupbb>vgz}qMc7#GR z7Ud=KGBdAB1RSk{#EO$Wo`Sa5yql-DHks;fE`vW&sG@~O5Q2r*GDh)lQtd8d;H?Sz zHS-yo%3TFDolsvtrQw{Xq946ADcrf;znt$MYd<#mJk(gNCZHA4dzA~T^fUNQd426U zy!qMmS$T)%7_B#FLFPh4z|aC=g@z7JywUSR;WJqtEbp#FOx(K&WXJ_jHdgP#Q3W#_MdZkH7u(zNt78=2Syb zTnBG|tS@&RBO0AZ8B3cAcawnWN{1|A;riKJH1Lb=V+j%jT}w3!KY zCH5bm=qeGE`4rsHg{4_xNsMusJ!%kK>%QsYfpfn5@X=@U&Q?JK&pP`<(wDhjsjZMK zi|=}+L>)GCRTabxdVv}UR%ZA<%hXX4tRDR=0T$(HP=QQnMhfq0$eFG=5ez4ly_;c? zW(rZ^Y`#*S5%vkdduT?$(xr)L)ew6nV=Zjq*x^R(4f{YvKpD*(Y-)N!0rHXxnGSBNQKP_i);RUh@M_)U&1#7A1PFYH_i z8gL)HB{y6{B{R-^1KQ`l+RJ>A$!2)KwEcWm=*r)y|B8|V>{4w6_B)fQMl6kCcPH_q zZT3Qgo|4fb5#)KAln{NM9!w`(8~0lhrO2LFwF9~s=)t8;8=vQxpeB=xaiwoXtW z9KK`^UarRx(T3z1P*0l50l|gXi6!*tgJ*YQ%(YK#CH_& zgHFXaY7Ha4?N1=FX#rx{69zhPj<&4z)MI_yTtZVcoT{kwr@mt*w?2TKY%8>{sn&a{ zBWsc4u)*Q>Q#*^dL$-@aZTor6;QN`I?Fr6)g`grP0RKfj%oh8q&!;e}~pL zks&eLexk<8WOlO}iAG0L5^lVUf`{2eTWw7REX?vS(SwK`^g_&#{ew)o5{_r!)&Uk%S|h#W_Aa zm3SL<>B@}SF)^LTQ`=Oh6fcoCHWKoQLnx}Cva<_rp5toLKk~mvB8#w&(6Z3NimY>q_bO>I1`N8xzN@I1gy%$M%K5u`;Vu43y z&*k$>ID*$wI7XZM5anP+#x)`sjbbXY{Pf115kuw3Bh}vEC{yW`M8`8ktmh zX5E0fb}VizyexXu#4`=9hXltxKl!WNR~}gJNGyCceqhIj zHdMs3;xoT4dfzboaDpi(6t`FH{L6?6MKi15MvsMZs$cGnrUKG`z^=AV|ghcjGs94Fr626G{#nFG_e^f6IQ*qQ4DxvN)`v( zOog7wwWd;y^I>P`YmbTaP|m09FKpj^ihxA@5JXNK*w&X7rKbb>&Zs2Y}%k+ zJSOLoDbQ{BRDcuvnQ2gPJA4G?6a+Qbs`F~MMP(1FfJ zU%G35B48zoQ15GUKVs|BzR9Emli`Re6*CS97gZoG0zgPW^v9+R>#LEM-bu@!`EY_2 z^m_vb=D&~TO#tt%Po{u4E&(};1DS#7cccMaPr#F=z=IHEzah=~@2bEX9eABqd<(UW z-Wd6s+gRdEZvze;?8yei84mt`9C!PDpN{I)=!>l1{*-kx1(>@NME3v5-GK;*0Bztb z1kvyEfyq5-f#j=1`mcPGDgVlcb_be?)QvV7_&N7m?y63uC&ywPwlW)3J~2`Nt^PYc0hai#kJ&bpam`5EUUUXqESk zBQnlqwvQ{XJGU4YVc}gyyH4L$Y@1oXDkxy4_@+?$QA!Hy7W4H3`Z@Vr6|R|0v#BK# zDVA@;*|<;^*^b(4sZR|w=e=(hO;@4xE>>v zIGe3B=LI2h=jNW{Tm(lUY8=PaJLaYmV5wBYQLUUV8SQkX#FSpJfuv#zhUf3hg*ffN zIayswXn)AjsF%9v_HRk^Y#gybD)B@Qa(`ATnvjJkGl#a1+iOLuuAAtyh=noV*pR`|4B>69j(}(|}*j5Tc5$%UGxB~R;>wP7eLb! zkX9MFwK6=YVq3E_XPhpawJu426{?;xCOpgO{FpaoW(3RK`x4{F0W(3E^%zZElbVpk zTqmtn7^nIW*lgLl@U;-Eb>BN_w1kxF^vDZZtq6H?M6+&)pNOcaoMyNZ`?jyq9VNlH zPuU83&Q?8J$o&aWytM67c}(W!MihWvSb=nBzLMX8X@<+j!aU|LB%%i_P|fY^Lz+If zJ=wdd&tbSHgd1*lOKYlR1Yv7NHSvl8xN)raW7_`KpeNu5CNZnD1qn?q-38y{crv@)$=b>jCCNS zs5IPJUNtLNGzM5oxo7qE&6rK}QPYkzpO+A2z*sZgbDbt(8J+JCwilvOamNd{`>Av8 z`P{!tiN|MH*N%(q@t%PVJD!?2+Y&}@$|BalN=psZm!}Q3FZxvrd>wGWE@207pSeV z)pDl;i$%$aL2+&IP6N)#Pt=c)F^b&`F!92$zf_OdhOBpNw&@=@K5=qYy$(Pva|U}_ z)t`YF-e>0wOS;Ov7BAws)!si51U!loBhSquwezRmPY`>6to`QVuQ77_1;5Ha@tb)9 z9z$yrlKv+~g25vJEfKVdQwM1;%?0+ZoL)M0k`4eH9oASS#nBtqzS?s z(y4M|$anbE`!3dN3@%7a4MvxJ^R#oW<6(ci^R0X8hEG&vSHaUrjT4_s%ll@*zzh0L z?Z;+RTrdBu6iF-Kb2>(Ba@0{?UW=B-tHU8t;mZ`ot`XHoZ8P(ndP2ftOs*oOM9p$Pb$8zDe)B()wP;E=OFNr%m~KlY?mB!ns;QaZ?hfC*WH=X zs2tyu)aYvM{LCq++hXM`@S`xe+2O?~exAY#CG7*#yJ_8B$W69!{N*Eoz)e2pKF zb;T6Iit}J0cr90+{st8E(u!a)iCo{k5f;ZLIK`x2pRQ6=_&ZNwDtQSUB}PZ2K!y2+ zw)G0Ar4;xqb%(enLb;Y7HF|pdwChj9;hH-|^R1sjZReqNfsm3AQ0=Pk&_Ac6Q=h~V zBfhJyXO6!9dLVbo_7UOx+D?KF4X;f`b}iwA?!FD3`M$OcPF5-0PEKum@|C6n{LOqU zjmeJl!I`7Frlu43W8-F;=2&8Q!TX)h%EyljtNVR6LOjBIn!N`aV?yg>+QVws0Ga^E z!`ERLaU~2hq#BS5zU(;ndXQxDy5Dph;f`Q*UjH;Gp`Lq z6!`YRL+-{R5YgbTo(%~rv|wflU~Z@~qYjRlJO-#yy-OkA`YdP{G*QY-%OR~loCPc$ zC#bZK4cMat|LVf=Z!sa*x+jEgOML1t5%)UjIdWWWXpS)ZIyy(9O$k}s$=@k;R!HOx z;eO+BFsVDhoImwJHM=|-JiEXY+B2-zkOhvbv4`Dx+|8uV*0m5OBl9RYXvV<(WE#+u zh6uow7=_I9O{k9!xRvLnJWoN#zCv81j<%1}-fRoyiB?Zc4PQoR z!W}Qkhq{nuM0S5ZJ#Qwe<3A;9_^VQi@{3$be?S0>I)za$iJclD8eP;16HL9xeZ`#6 za))HhO#=A^>SJ?H2Yyoeq}e{e$GQAf1#DlhEU6hx)}RTJF7x1Ad#u!C5??e7lCsb? z?7+d-OY`_*9L~)Vm!(w(88(r|pd)0b;p%iq1HleWE89#e3HvcjSwfFcNCk{Nt0M1A z_eh!#JruLrlKXREUm)?R+x%>mtXC#(S`prP8BrHfo(B_t(}Hc}-s)e-Eg&Ihg8w+P zwtNt3Pa9RoMld>`QTukm4Zp7Vdx6OV;sUD*pdQ+-yFtIo7ZLcxEy&Lqs2!A-t(6k3(`-)jO|FE zHRykT!shQDWrOS6zI!GG$8TIwG`F;~jo;Tf3F&_x!K35}&6{7tjMCj#50*Qu7b;_XjCqbHNVCA1z%whIlxUtU zu3=2rIAdV4!<=?{jJ=2%m zJ!*2)B;=^yPr?V|e%+JN#)QX&C+=((mj9Epvi#L_O^b8*LW(-oj zv`UYkH+x>@gKVDr*O`;tvQc$^y+%P3zt!k|_vP!?J`tUo_0?iQdiiRl8PwdJGIYZN6*G`ffQ#Lxh#lBH{f3R*>?1IpOk|# z;cYtwBDLqND;!f`r0{fm{97wVMS%2DZ9!r3|78KFVQ)joDV z-}DjpHb0@YOmLU`6=$}y)4Ps1<(s(IW@{;Z`|$B>+_=$@`pT^dUMFWvTFV;`={v++ zv)2RU5+2H*-vPh9U%UCrmUwf*+aFosVnrCtuzR-g#FuA(e&>37;3~<097l{=8}juE zwq(Db^gFO?hQBi3Y|>3^7gt`5<(yXi+!l|kW*$o}SsU=0#m+z2IZLKh=2mrbVd<@{ z4I_lav`7FB@>@CS@CVh4&q6g1IMV67bIfrWKcZVgJf22eZV;`n4XJdsy)B9_{x zB&lUW9}u#?2SyLMy-Yg--&i8Yy3QB zDL`=@xFN{QzDDVA-JPpF=~mg}^WgWcUaMR&zYnSrxi6<%x{oc1Q)N~L0G30&SKn!o z1J^D7RvTVmN(;CZn9bYKhDh!M^NstHH{a)o^7TRHZ4=asiWv_)3c7TIXo!%G1zPnu z)f7sI&(j8mB70o5NXGO_4_8$uyQM|E@H7D7Ib7DsyYPtX`+}2#5^o&K^JugTOL&f1 z5!uBw65*rG@;V;DdS&fnuWLVi>@q_43hMr0Wh|uX0n5zVrYFlaopUkDjbzoRpKcaJ z&ZCsB9}^pmJm`Kjh$HN#Y|H&9&H0XGZ%SB6sFH55#3ToDe_^2e|KDX7GWtu|<@;yZ zwE+n#yEuSLO%NBvmA{r<1}|mTZx;$SApb49(tAN=7Z=?&*!*F?%>Lavz|&1`tS!V% z5&jyi?n2I(cm7@pb9pVni1KUG_SYeft=IzN#e+$+rtz7R8tCn-9PTbHHkKHD{zXF; zt3mLx8|qRR^j5?k@_sg^%YLkl`?I4kz&o7lGXk;R(4w06VP{`n2kW-yc)J2}Ur8MN z(1_uB+l8}%vp}r5|Ef4#^;)##%xGxJAOA8(Yi9lGW6pEbn2c^`cg7ve!|nV@XB$ic zlH14j;X*HVmcW!?NBWU@S`9O_Y2b6Y)n=ov;hA|zME=`iMWmg9d35Od3CgR%%)&Ub z+w&a~NY3G6yfgZSUv{v%LKJ1Yj|%cUC9sYN@DKDOzJ@RAD25gFDhRq`NiOQK-&0z6 zft9sJ^@I;^u5qIO`tk%uSj0yvMjK3Uyr29XyzVwmT!5iugk#)2?WksNxeH#LM@sU< z3l2>6uCpF`Y&Y=9sU;g8W0i_AA9K=^SK?PG*|`WFnz#>*c)5D0Znm07DjMC_Gm-l< z)_v^}7*`$0;yHp3W4j~k98ppvG;QsnQ12WmhGA{r8qQryNqTal5IybvfJBhIEZmXQ z+&HOZtklFw&OsrwDc+>CPm?AYF;sHLEF`rXe1yz^`x?M7< zH%r(`WE$$DHrwpUT`7{sO}uZUj?tL@Pm0P6UnOFN zM0+s|_8R)m3TzHuIYn}GrwCXN>x|L3fgP$9r!pQiC%?B$9l8COB{kz!8Z1U5hxs1n zm$I>W7j*GrYQv9jqIZM{7oy$b1_omTx&mMpNZmTq0dKaA5s0lH)G2-;Q__UG;P4*(XX{XmDD2bh$Uknw_7pJBBsjqP5|lLlaKdg`8kWYi{AqKUwQ?xQJoM z8+@H2ZQtza**9=eRg=CHU|UCsCV;t?>Dn17birHzypICD$KTM=;8gvit*(Rg=e~jS zl#?4zZ3}uZ{rhwa`ZShrQY%|Ng9QLm-1#Jky1hs6H1T>Oi_v!p3lnk@(VtV{c`Uas z+e!_1=5opoezA(*tX&`C?U+E%e`J*tFH{@!E$kzqMm&PAl}d~gWL>AadP|B8?%WKc z*R%D6hNax7eTvkZYGaWchs&(=a5^qc)raa3_EkB+u-;r;yh#uIE8q4jVmLsdF6n7~ z&^b+nlW761$3?YR*1CI=Ea#sdiQTcz~E zyJG)>sSoTeL2*+Se%47GoRT(dZX9O*_u^yllo_nT=(fVwNG?_bOD0A1M+Nus;O7#U zE2O}^em8Lq2Ic&P6@kgXX>GXABHz3Z7uJY%p?nq<3l~;~1fGRDpN$?ZajvLHpTcDf ziEoNbh0{gVt~VzeYy(3LcGd%iJ4CK;Bca1&K6Aq-g!g)Xu zvwj2kQX8=B0?{93m&=pkOWC#h-?Hlm@UkCpp$aU!Jn@0AmWVC~&}X0SqLG*_W`-Fn z2DG1Nq)1a&%Y8WIYOed*1^*%0>gfT=-9TEoTtXUt@5^vOhf#Z2$pmh%b!#Kmh;!mH zjt}5nXb*WDR-{MRH>@vT$x#}6HLn~up-I-rwk*Y-(ka1(@Ey4B2a?WdkF>B*#-BdV zjU3Nbs^t4|sC4RL4tD#Tdc2G91*OV?rRq5r7ri~ED_^L^T~9)nWwE^2e2-Pz?t#P!}< z>pO}yH~mA_rEFTP9eF5JQUOH_Xg#bS^sl$i72J2sMv0CEL&}>sH%l&WGt35K+`(*< zg{B2_?YtstKAE1zH_VJ+*pv<53qP#w#&7@Vht;nQ%$OFmkef^kgsLrR6rSvWP5IKI9zw{im($cdiztVYGGVMsOPO%;L1yRRWRp z6xyoa#h|?(1-c*r&-ZEwbl)eqIwS{YV}xTy(=tU43rn zf5}G9^;14PWSu{#jTfE8@;C5dzKR$6VSmh}jwd_flM(+`FbkHk}^Pb z$b_61V@mJp63c)j-1@~-?D~GoKOPow%G>}k{BEwNBYx*ZmNug=XCu^j8|Q~JFf6$x@^7OygaOx{O_P`5Sl?C()WE)?5}8eml-wI67fQf+kg zZ_QH#j~~!@#tj1Di48__BBYFSV8ifI(o<^uM@AT-DC(K>&pj&k^TG4>>5^UN6YD5u zNzL3hS75M=(U)(SJI(3vei{rEU6?o(i(?A?f@HTt)3}GyxZ>JdjJLY$GC5TSBc7k; zD5E|2To(~QS8hq)t1NJw<3-5?sgDpZ3d5@XIh(SO+qCs~lj&A^UPm73-5^C4?mdwK zf37^N@F8T`67Op-L#EJA7E&fU-xn0wdU{!Xf} zn|5@r;3^L+yF_972>bwcvQ(p{SM5?C#hi5G?Fu|&*uUjoOMGUOhE)b^y&lU3A` zfkQyM?%|XZTh$__v~XBkX_oAcMI_iH*$n&ct`|8JPA@dgvaWkSK~@>lNv`lQ zUc7+)gb+D5Yie9{GX~1jNnl`-nkf#&*oJ%!U#q}jUOyDl^@bfvw;*;NSsSZUJ2e9cU2W(%Pk?dw?GUuU%Y`8=83(kf}f znn~=QyxY}MiCjeb{LoZc2WSl-S@_@KMcq7)RFL(0+QiCrzJc_WlRK6z#mlOT!@BP~ zhr>Dz`W_ZvBOF3Fm}2iKoe>0qaz&mtned)@pYoDRv@J-;TxAt2Znau?kP<^cE*M7` zAGgJ-@3XBImvZQY$R?I*Ns+q37;yKIEMMgR>+7xKs(haJ;X`+KN=SDrDM&~+0@B^x zNOy-)(w&lmbT`s1ty0pR2cC2A=j-{1@2`K%zq51AUNbxQ-n+9=tUuMmi1c#&vPbje z`S+RZixrX3d8v20N;wE$5Me9mUn^F{mlFMQC9g#Cv96qz>Ec*9;Tls6oFatt1=#-0QhF z{V>6k8p_j|o;%r~HF)RqSo3DDZ~LD}NPW>wmiK5cQB|QtwkzmvM@(L)shefH4JcyG zdA*C<-ZOaGr$B|#y7<9UlvfmfIQ0#C6Hj>dQ>0d;m* zgtUGhV>N)fhGzb&FWh8C!80+<7HWbY4X;(P;4MfDaf8ZS=HpHB8DD>O6K%JJw|FOX z(!00&g86;hxl}8IRopKAXL59uW%95dj@$!LCQdo@ZGC8mY7)$sWQ|xw;ffNo_2WW% zP83~m+$}>T!oFI>B!z}fb$dE)%?UGuEe@;ZECjbX!>Uq0Y*YEZ`<&V6vA=DYWIyRz z4;GbU7!BiVcesSzIt{T35M-Te+Rz zB}mY#0wV9{oE?S7r0?6(kG0W$tdfV~ZO3mMFjx%#T+->H0Jc?r+fa{8u&)WJVqGdIV zAwayj1fJF`(6s(zImLNcP9MEx9{~D~eE@EabV&E+*K(S6i~>jimC0avOb)0JpxHyI z{OE-HLCbG)jBSCI(*Rv)+^nD;z6v8xqk^kV1~tZbcJ9U`BjjW^Y|cilqx8fd+pCO= z?9XXMNk8k~;L(|hrJHN|$ZTJe`!(nc0O4gAwx}RYjnhKTHlK1Wh0E%bJp}vU$dgv}m(*>d*#2)rEF3xy-Y#YZWZ;ck9Ko+ZCz~HF z^$s2GP3$asKKFT+YQ9X#G-r>0s3fqx#dm1euo~%mr0%dC^dbF|PvHrIb*rObdjq61 zQuscLyrS_5y;{^x7Ay`kil#%o8=2?W9-y9GXpXC$#)2mWbC96vmDYW-O>Z#O`=t=~ z5}UrQ#ng`x%$hEp$)pas=lw9va9lV#`81X$;F%? zJw(Xd-=IW{7D=7g1@SxF9QvZ-&oL(V6@&{ZM(E8sSnEqEbP3yP>iKl^qv@U6 zn)p|tb>3U}7Fcz)8f))cj2l_?uOe)^*5uI%>?_{RfBNqEk!wh~=%rwim*`fm8=`JQ z^;XS|unUzOiEknLCA89e!(>ciC^YEVDadKcxco>{(>YtvLzL zCi3&7BlX1)Rpssx22Q1@*jrLKHiUU}P1f_QQ3K7whQ_UM2^3Wc;|>RipYN%M4S=ajoR-|1-g#u_ri+$%dug61`|#_WS5NMcz1nfIQDUMZA_ zY!FnumCvfDcgR`VIrdWIh0lr|ozbTOW;JLpUe-6EGtEYbdQ}Jb$V=$qQqxq1D$jyK zU0e+CuTX#c5bF4USI#HIpisxB2HoHWYf10>S7%kUOt6-PAOEQZ{~lj|5PVL_vtT8&O(m>1OED`S9(CqZ@^IxjZUU`>9kl^=}z^ES*s-pfG0d$8F1 z(G=bMw)h=6_`Qs!h27W$ZfLhwG=g`7H#l-QeC8f3U%}c(%Kq87!{WiKk6La#c=ZOv z&U-4PUtV?9h5JVv6%2i_jq}rg+8BuS+s61?aElTfouLeUcQ4Xnv8^4BBtBya*o=2(C57FZO)(%if;B8|Vi zV0k$ZK8=rOecPdQ$Kb`CkUA^}M*2eVpRKDcACS`i&7VMf5Yn*UNH-1P0ZpJ<3@neA zT!@cAE3lS|od47UY8ayjnvHh9p!JHbrcTZoTGZNU4MAOYG>_nvuA=Qd(cBBq%MCRB zL*|6a7hVI>P3z0tHHOq(mg#I*rOnVP*_WRbs=}S$;s^wZDfXjh$cKihDloZ5t6^yu zT3-k+#s?YD8?fYXEVd=1Viw!jQ?kj5JEQp8T>;Fy8qF}LWv}k2;(#10)BPd-@OtTI z>H$m6Udn@`6}BF1f@y3de%Tt}-EdoWXDCDc7E+jS5zCT-B{o{3%Hl48(Du$KrD zFPKdIuqgB>I-h^W`Q+uo7et}K7z=A1@k2&w%*KyJ?Xi<+;%IT-*6mTW6TfbJPMA9P zRF(K*B#)*7CtBhg7Q!HIu=To9V1LI`eS{814z=LURvm{wchQ_W<3NK`6CGYtHbA&( zVm0h?ti@nAyqVIlmZ z%@s!318E1j73 zn|ta`VSj##_&QO=tA-X#@Q@3Hi2whPkGrs`0K0NJqsXj_cF2FPT(6;f*ji_%)&hmjMcvkkkVNNP~mwg0=) z#C-pN67VQAGe9Uuz?CLN&#wT#AVK-ZFaMOg+fKNTzf!iTf+ zOe~0FVSNzzVBoUei8FU6p1{J7%H*kX|Xn@d1D_DJ+h(ti_lGnS4{}}4n`cwUKn0?OSKku6!2^n z4Vh>W*D;_b$mtmRSoY16$;UYKM*@pYLdOde-%>xcj=J?DN0BrqA0V!LmA>TZ~C za6UFMj^rOMN;b_)hXH{bqNao z;Hz9=q$GA}CVQJiS0zIMtHbOB&l#*hiD=}{>UAEd(^IO$SEX*VSkd%2VG&-fU;kGmY=w=qG80f zCX{&+H@VjHOM#Z}+t88Pv0KPOEye8Fu%HM8h@mB_)odcQlrot$Bzh$5O#hn361iFI znFz&K4li#jV|l8^2fqVb<2I$t-O7-TRq;|HY^m+Ssm*dJ{1uQxu+Z&bjEI3-~+Ls#0(oNPrmfEUK3kuuMwDiRUFFGXATkSO zTRGe=4}7tFe8|<$Tbr5lQLb;uJEs!T%|F0@f;&&mmEq$SSybbl*-u>&f2~~A^x9Ug z&NI$LW`ERY)B+3%oAIu$*-AX)bSWlR742EnL<)BGj@6&oF;#|*Q+*Pxs$QM)Qp6(p zPb8rh@z;6HSoaHg5cj?L@#-j>y=3iOnE~tfk3=rd?}hNwRzR5q4wdYUB%OzIUg ztz^;bUbTdya0f`+9H$XT(8WO>yHEL?OfwiI>Ud46>nCqcZQv^IjI`^?cQ$Z_u*Llu;NA)WEv~>6+=4b=A!_Deb(eoDe+U%hLI^hCgHwjw-#u{^GG!EqH~`j#f~8P!?HY7_yixXq*u^23yd{)r?*v6&iV_)-_R4~OYO4~_l=WZoFyiy7p}bA zSi32{3Tqd(Wims#k(BWyHX|k&by+>6fT|N>pN^w(U-+>&bZmdx=Wv=g-t8M=p0A`; znFJ99e;V$4b+nNpGWQc3K9zpU4Re41pAIYHWv;M9%Is+3(s3F3oSR`$&nsLT6gLW| z7L0h>b>XG4Y%YJCBKAN?y+L$zdS!m(48+kuk!mNHP5ipD@^v#v1tkhDG757|Hw9Gg zmG29{@>B9~(eS(+S9@dcNk3aT8?iTiKjkBxd?y&}P5PnUe30I|4EVO6B>bu> zc+pk7?T~IxtZEz3H;5cSF081o%P(3~ErCspztzoPfFuS}$I~oS-HHEmq`_HM23n|8 zhc4;!{mke`Q^bhcz7}dYnyU4T?Ts_n5dz!%Gsc6u0%GU}0fyCfatH&h^CbvM1?k(9 zJQlWQE5?>2lE@s*6CxVR)tOkn^>eiiX>i6oYX4`(ba=>^Tz_WFo3q~;GlUNSu+=?; z6LK;DvJ_qv6v{;)e;u1-t)=v#FS&sysH1ma8Ncl@w!_RLiHS#Ged4AITP1b?&9dQy zD6!UT6TSc;ny^t*NC74BU8%=uVC__rnM0C;3~K}T@CIVrhIYi50S9yNJ#jl;5?|=q zhbsmxSwqE=cQ4ZR+%&lPR7MdPr9uF8RjgO{gVN_lsS7VSnlxZ8^T= zQIQpXdPzdOb6MTgc`TYSjb9_XA*)`0q_wom&SA2kEJ>k@$cWd9s>Cnn9SnpH4z3KnDwa>llI#I)c_B#T~x^4WSkL=J6sfxi^CBNwGF{{Zn>{N-(F9HvwL?;a(~t2z zY+zaBOqV`8VD6YJ>80J2c4g>YBPVrH67@QH{zZU$9Bi`>#sH9#W+FrsP4XGkwCj9p zidVVh_4`gr)kEFS*{YL^wjxy&Ep6zkQ8({a940RdEgID>AYwQ;Fuo_bcX9=}>2uSw z2h9uXY!ioRba=>fop_P+3KHK52YCFXIP5?r`QdNzrD26W)NBoF#eHmI-iUd?!5%8x z=v8TqIvs;5ifzueQ5x0|{4yazID-LOl+ZW9J$;yZlP482+e-7ha~erPy^;VT0-sp% z;Shw4&EVQd?c|i&r5{uImgP390XkZ{@LbPMbEZxTTYwDRQ6*(j`95cSp}Fb|r=;H! zNEeZREc9g?ek*Q?c$*?rpE@))u0tT%lH~!Jp=WH5u>^Cb$XjyE5@8+4s4rVvrWQlN zC(ufVdFxdB>^6nNB{G`{<{O2EObyBknb-I3e%0X3#GCOGZ4}y6z*I~gjVh8xP7ST@ z3omP5&zRs+UL<@vc0L}o36(pDQp$?%MNikBj4X1?iEup!fa4b|atn%hbsZvxPiFeAdWFBsc4QdeLohiXekL>m)+j!a9GG+9$MwGXzE zHOqXyoU&0EXW3!P7`%?9ivO6RWTjJZbiuq&yNN)w!MGGMxI7E7E*&~ZvNDy~9b=_J z1S5x7gbz7+6-kT2JcJ2|aT%~0O?mh613i+7D8Bjl3vY<0+Zj(hO_Ilu9TgQVSS_5z zG;w%xA$zoEP^oxI@RrumifvQ_^Tp2+zE#$i?V)h11S%Q&{D6v_tHJGhqoOH6f%^i#hwtlKkPDkm-N~panGoZ?t)5CMApq=K&~3o8`=-oy)mKsJANeX zg!IRgE20;rxC7`Miqa)|Ch0Wr4Fa5=XfflCUFU@P8pj(Bue7jGUJRzHf1a?SfaU8P z&_c=H?q|UWJL5s8bi|4WXH43Te^#oM;IE0h*i!O@yKG+}EB&r7Q%k!(N?@z=c)nS<7uMaqDdnZ!^W z$f4L4)J^IX1-2k$+k3T zZ?4(h-dIa~7r&4e>eeXnMuu-xk|X1nWSk!P&KVNcN?7)4B3PrYYPckcvf%aQ3xnlq zi{v+lAKH~|GfSVjQ+poBTf^c&;w-cp3+jJxGg0z9Ro{+o*%ZgVv?-o`TV}l2n-z;L z=2gP-9>~`EeAhJ=63+kjLk>Q{*lW>{CD!3|k|&}L)Jo<|LnH1zPoxL7!m+rY@<4~S zM1vaboGUJ=>RdtEbhnvwo}q^pBY%t6Kl*^$vFUw2a6tK8JNKZt!inw!SA=AKLc{+1 z=7r!1EGgvPixRYECf*RL=SjnPMJcyR*@G`nkAoblxVRUGR2uKfN^m#{MvxLP_aNc= z*LGSzS?HU&bz@%&e$;##?ptF_JxF+J(Ar$jSVUxRI33()OKuWd;qz$|a`a%*A~rNr zeg}2VXktvNgx@(t`lZ%t9Diy2MRgkqGigVdAI1bJ-5~9Y7{BWBk#a7nv@IigAMH^w z*9^f_w@*T)t)Qbw>^xI>g)%!q(?Y0eF(+;2BSZ~B-{lN#lC`EgBFHfCl9mIxriNdJE^XWCJwS%I%__LLYJYk+JuE%5b`>fbCF-AEM+xC-l|m$jn_N9Kb);XyH8^43UnLG$G%lU$8<) z%H6KmhGwbwkaf{#0d)u&-)S>WUdA|>@ZJ_R+M(r(`lK!ug+#Aru2`X???x!n}fcNR@ez zbIxf)B4Mb-4Ixjq@gbgmvb>3>d)VmyZG0B{))6P$J2c%vVO|ZNBCoU*QcJUX%Xn-& zT7VQ}8X$orLdGrJ%FsgR&oXhHILhX67P=mgHY<&A&lU6|pAybId2Q3ut#-R8Jk zGRh8RljN1p3ZvJqi4+5qsKardXY0!a1=yXEYe0Qzd}!t#DkbDe!oq-nGM+)r>~KXfSCNQY5@^Tk=Zqah zWgt~cMToZ>R_Jg;?BIFi_oo-02T)x0C33}!XYt{Hj1=prj`N4%ijC#jPeZD?Xwe)`7LvMt=H{9>>ECf?~S zo~Z+Q&1VwYpXVHfuVSy_vr>i7%_!bgZZ`C{J@2mX3Q1f>rBlBaJu@(J`LwrMAmV7U z9@=;#pXTWvGi2Grc;T+AAM}MT54Y+K%7j}85v3Hp_#4t%6{Y~5)6KQAd|qGus3iUI zswT>>{EGJ1oY=GnkWg*g2EP0q6qtgrbV$Tz*eZ)s*sIE?v%dWSJ*|>?P&dUzo!MePXa{XqCfhZ(_z20S~6@M>uDzX)%R3;mDHPi&e8Esq}C_SDva8U57tnwQc^pU3>_BI59DV%rjTMk#zvIXYbmFHy5K%gqa%27j znR?lKh}=%voY*A^axaBOMJ~r`m@D{q+@Z95>ggM5m|WV&3f5QB)^B=<6AU2S@(k5F z=B!RQ3tr~eY)nIu7(0Xy9yHBN3p2dmo80>ZfNVldKcpw&0)!e(L6Ny|&u3*!)&>7q zV~`ru!{~o;(203`%3UCmy0^%mcB!(9r?rr`bN`dp_VnpkhbY5|P0>>khMDw=K;?jd zYV4&a5)s{4=QS*;7;#=+6CV{{I|zyFYG!a7h1g`gxDH?SR1##VzT1&lAld1`mvmQB zLAw8jVMoJd+WegVNFt!j!Eci==*r-!gOMHcoh^5^eN^v}nbMxH8KsMiJ72!8TbC!scc_`B(GnDzu80t}tC0soT7H4H_ZH zO*yaBQYJ{`HE;AK@|04-3EFL$v$!4zeT`-xj<4-JB8-)(Rx_rk8=IHo+i30We0Sj@ z`hHK(Z6PV{JvN2P=nI=*p~PM(d-KF#V<)Fo04J8PKfsM&$+{i_E~A_^%A(NKW4RK{ z+z4&dx6p?VtI{lPOcN6m7pgNxrWkV0J~G`>Y_1;S?~Iv_Qrd5p&g` zx*U*gkeg95Hj5c5j$uLWG}@6II8 zZZru6PaI-xco;WVK)5viutQC$zsg?oixva(=;VW$0x|IzG>P)K>X~SMwZ1|unt7Wm zI{1#pDc)6~E^ca^sd{}h9=%S8Vi}RLcU!2h8HE7;+(g)~iLICf?^k-K!{-QPqN3Cy ztl=;hqOqfL+?|oX#x-K_LHivGRzHyLacczf7+|F9v@`P`y5JZE`55PiFi%#PK7J)qimA`$%K8 z$LUMvyF}de)-;t9vE;epdA#Ris*Y4R>345vdZEdX6kymbVESyd@P#{8&K4aCaOg-= zb?fI%^tioe*#x%7+^Sq-W;54RGL&KcJ(U-tA_P7O@V5VK@>p-Lj|Mff+qZFXbeo*f zi|z8ttpN;W*PC8$lGp?xs*3Z3D>nEZ7y*1ysYQtw2j<~ABE5>kf*1`E!O4#CJ2apG zv?hb)aXx`e2D&_~%OC$-my!8@=M!SkQ#S4Xb~B($#fCKp?~el8;hB zt(l3b3fHT*d81%+Z`x{I52)gjzVR`tckI3^s2=Y}X?cMXrQe#>w`#m*l7c8cuN1i$ zIh~!#mv>FVG2A^MMdxvSn4&Oos9TYiW)s(g3oIK0fvl~C;2tdD}cXmpt zn-Sp?j}!T*sd7)f_HKVzdht3W6)s_FE;l}1!MMu6qF>Eci{JcQ&FWfs`b;DD(0!P~!p9=QFzU2|narXenPl`QJkbauVt1 zu}SkE?|L;pap$hwXG1zD>8#G*j#BCgB55~&f7(k**MmizqbV4h5BKS66e$Xp6w=`+ z@5K$=_{T|k#``TA<;p_`RgMs`5n@*Iw&O27(FBV4Z)R2f0x#kVt*b^;edZO}%TN{zT2y$y96|~ukDQE# z%Iu25<|Glm8i{JI&Bb+0ibAkE9dlJQ!V-r7BN?(ksBMtpl<4|E@`~)gKmD{zo_eR8p%{y%di>;vu@yg$aDt1Vhh-gffe^atLlvex?9pcir2 zCbjm(*!ptp@P-U6(aUJIdriLD7@~(>LfXB@3Ti ze^0y`jrUUz>#||nBdPYJ%%a+6M^4f|#Jt9(ouxTmx5(wmIuGl%V^v&;<`%X@A%<{F zG=I#|;L^vaV_s8y$~ zo(m(rK+*%oc@T{`;kFcy2GZqxLbbiyl0tT9n}a6k5Blz0`3jp(!?$T=hDGLM!x_fHtZDsh%{e~G=vz;osg2mVhv!aA1Esae*4$My8(%b!4}57P zU6W6KmA^HS|K_@a&|7nJtGS~pBPKyt;Zn@2R*xYy6q#n~Jpwj_m~-UXEq-t%@4mQ4 zhWJ~)X17DhozpA^{FZPcU5^Tfj3cZ}n#OM@FLFYA1-}bNy)7hdki-H7@Te&BDbCpE`_`PlBP$YtscY-v3zjrRC0~Z@BIG(jjR)ai%%6>t<@bg|g|uf3n%G9Iu>P>V zgxEnMoGsPo2Qu>>QCRnvY_&0`&WqHX_6(VL!oF@Bvm1jJggvXHWZ5c;Q1}|Md~}1j zsaD6hsz(rg!a<)ra3}h_@3lzDr``8BXv_)F_B227pp*|jHGW09y-umL+SKzttayH9dxmAtP>@Nddra=B!cMfb@7#2ZT=ne4r`}hBIob>N>I{Xm4 zeSZdTkO1KcRv&oThGP1aPUH090I47VVEL=-XB76vgBHpE)B-wfMg;lgu@^ zN5~Y|Anu8_lFefR9J}Tj@MrAr7He2^R>{ql?+Q+8#_JSJwqb3k|3De$9ucUPcH}Oi z=9fbCI6s9o$#hX-Q|@+rLDehDY6w%Fr5ICo*ZUOqx*WoW?K#WQPZu!YerE&#s6>8{ zzf5(*0iBC^0XseU$kdz%z#vm^U;%(Fg$g^H>>!(EbcQt(SfL;>D|&SS^Hl#E9u&d? zdx6F^wXM2l)3KU+RT#g})(U}wofap%pBKXs;XkU5*Yt^YQ52T1i#|*=`VOTpm;0Mr3Q0tOA_yB;{vy*$pw|PL zZvM<`|4$44oq7)lTRRauMKg~K9Ym`@w7-hS3E8(fyx}xNm-Mp~u$f*+NdI!);)Cs8=HC zsdzHag)$nHoV|kAczO_&kq)BJ(7tAn{{MXo#`ihXzwc%;m-O zN2Z@_XHf3@M$Co`cNxKBPs525^Tl)3HRfL#WHi#WzrQOA2)OW{%$4!Id6xEFLID{! zFwc-lK6G8B9BkFs_GV*Ozl<|$ zLHyVAmi`ZpzyD7y_&|Ci&^~B8=A?+SJrbb4$1wyQaJ=B14Yuy2?_VdE2}!}A$6X$Q z9s{|~1mwDY2uc9pD@aT5^}k$4^spk0*8Qgz{QG`g(6y0n43c1T$XESYcl9Jo(ec${ zV6_uKXn+-nXkht^Z92e!2hd+1fi?lTZVkjX0{;&n(Ad)*4JscWTFmN&(%dt!^eWho^FH%EJFbv0W57W0 z*r0Pv-|#uXuuueG$Usg>`#m<*SJ2o2MPE9LHpyR!Pxgs*cLV^@lAhB=#{z;62qz&9 z+@uV)b#f(K3&V20Tx>S=U8ME*5@lTUpI~P=>CJy29pcwKzIhS46S86$hWU|zf-9)E z0Ef}qEiF}3W9cq9rzCcq&J{o6eUpOqv=B1&I_+A9#>aDOxDwUm)loYS$fDubh$jFd zVI&dESF>s6o}y<(sLBW9FQtupFrzQx;subt#^>G^>q(Qb-Jl%V#PSkP8t)Y=;}r}~ z^$w0V$YBOo1PHFgFfEPP36_=&nz1{&6&;q~Cc89f3|pqw%jzC9Q+ey6=`g)fqtm85 zhd#i~*Sn!Pk{3{={ni~4tlg+}=U#dlx=r7{SyvxXcDv}}5s7J=;NVwY0PQ^QgHWYp zMHxvg_3AWSu+T29eCz8wJvg4>!*HLc2-6L(x0yPNSd95+9j_L)r_lYCzpmE_7NB-7 zu{M!NF~qA{TNz+`=dOpBv-kUnCl+zE)=5t2&ON(_QD`ZeMhcgVHZ>`Pn5O#X zWxzt=O%mmN*ugaJHh@yLJ=D2)x0<`m*A1hhn@WMmk#bCOABl+(cYOr&j2uT3Xrg}R zV4Ytkm`j#xPUR7zZxP|vm=0VP8U0V^-ilstxT%8@?omQX1HcDX$b7sGpF2?q*t47H~|-em%vA11w|&uXcg zbK|X5mGTyW^jU@JIsS8b>)Z6tbe-FM!_fVTowTA0PqLk5zjbpK6PhjfF~5Qz(CbvZ zDG}RxyQyM37WHw#p%0kE5x_sh*%%LHPxmG;G z+C?o^W*CZbmb(&}V`YOcc3+eT3c{GjebrHA!O@P|{69(huacS=lwM!Jj$%GaU~7aY z_@ba%ZtRZXR~md7j`Xh&gP@0e_2?TFU-Wm*C>96h3|=U9__|OXHt5m?s@+NrmRoU- z&*Byzya3m;*pjMbBrSLMr2?V0Bo0!Y`{B%5L$i19FJPV*&jgE~ z`Fj|pbON=h7wo$`^xCO z&-PiN#aQwkSa!f?#a4N!eOxeXDD8TZg@`{JpizI&O|~C3a5e31${@rcuvnW+RIaQ* zA4{=+GIP)`QVlxj9v8=}l2?-r?w=>1SI1jm7UPJaS-{Y{r!x{iZr^?K)L8`2C-o|D zMc{bk5XO1)J;s#$PR{jaZ`m?c&wr=C3b{Rudm8kHTxg90>y?Fq4GYkA>mtI3sbm zQoB;&mn?iJj3Rq5ygMt>GN7odU6?l*(v6)Ui{*gz$k*rM08Wo#BVnA@3c0z)%+)NzV`?ctNsJh;&MKU@gDdNz5T@ymsY z`7r-_up|7z_OnMW1ls1q%=YSqqlGOlAW{ zKA3#>r^!U1YdF75K0kUe83AN6xi8qLAkF`|6Z>~oe)nJ$#D5rt2{Nkl+VYoCPKE!o z+wixR4`3}{uK!aD21tv=FD?DP|MQsp-yb7UU}#makDy_KpnU^ From 7773cd6011191c999b0e17c6267bfc5f63fd9f9e Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 23:11:52 -0800 Subject: [PATCH 027/121] Wireshark test trace for native encryption -- generates a binpac error --- testing/btest/Traces/rdp/RDP-004.pcap | Bin 0 -> 142910 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testing/btest/Traces/rdp/RDP-004.pcap diff --git a/testing/btest/Traces/rdp/RDP-004.pcap b/testing/btest/Traces/rdp/RDP-004.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a26dd5637f82d2d4ad3d74b79c84814644c6ea53 GIT binary patch literal 142910 zcmbTe1ymf{wguX_yF+ky4esu4A-E^F1cJM}2X_hX?!gHVT!Xt?fS|wOyxjMadw$0F zzX!W1s;lRkYwcNUR##Os^`$x+6aWtR^>}&$06>6$bn6pK*u6yr2m_a&2LO)|^41Ul zk;3~C01XfW0N4h21ObAOq;jPg-pH`)*lZAl2z(03P!Z1?dxJhbH4p&+py1$#AYfpi zARyqNUx0|Jum3@NL43jb2lpSuJ6!<41M-6U8SNPrfe(U^Tkj+oh#KjQDhQA@ct(V% z1tJ1|A?5%P*?|$C$A5988VG*j2>%DiNFZv6BJ$Je2oC`8%nOzi05AapJdgiE(HIDM zMj=`HR}}20Q*J{501NKj(_-PXC1->mT&efb`md zmHjq?{SV6F-%$)+P+0yI1swqRx&;9A0!!rq3jG%)PUt*mghTtEjEE5Uk|?mNpX>Up zL|v=jmH3PZxBh<+|ICi<&iF-%r2mH(5$@S32N1R9S&67Gi2tj^XGC=%;{Ur6C(@od zV&DA1u?C3B`K-h^iGMOx-Gu&&5+~AMPzL@L1*k-T&HpDQJ{RbjI#dtL-;`+bGD&!U z6oV63jP++FTHpVsL{Oj-e*s7I!2s5QdVd~&?pGjF6ARDTU?KjI%{s6qGC<%1hoEO* zkW$c7Z!Z&HkSuWEP7eZnJTc*bf{=iMfP#VmfUV_!o`Dk$T=o1CaLs>yUN!&)CwhMA z73lLep!ZlWzyEk6xG#tR00MyS4gm3C2d01w0O+F}6!;s9lU0zd*l4^RaDmIsKwU@?GYym7F2uSsL{Mpn%T<%PtrBt=_hm>TJC~zYcu^-8-lU`3POY zeL=*4{Sr94Ot>%84YZM$+5G1j4DfUVoK)bn5&qA#(V#oQf`B|vo1BrTwGT81Jp9YF zJ#z+wM+O{#fddY~j=+w=PQXCn4*}2Z64+W=Y_>XCQ%>*FXSq%J6%=EZRO01v=I8D}fTT zfs=1W7LO}6Ba&CYJs~@}F)Xu0jFfFFu~g!P(_!1Shrq?VyP(6A4P3E0|8%T+hI@WM z10(_B%^)}lt~-T?kl?EtSxRal=rD8mKdpbz)w`}d38yDCOWpOoMTdW<5a2gaJRb`? z&8GtX>09xcZn|N8zd0NH_VgJ%VC$V1Iirw!!B5ow^*;yKJM@)j2d#MyW za9Y5D1%5%aDS`#?1JR$ypSw1IX%hPd(eV$&lwXLjoDpO2ni#(z=dxO?|+ zt@f-Cm}oh0{{SZg`VLUCNI;6fx&tBq0ZmSZ{~OJeXPQ{Yf6y!k(yRy4jE1=Ujpo5K z&1r9hztMdELKF9oO4b8uHY;L3+%V|=PV)fl1vJYS;cqnOUuahRL9-c1vlmD+9AfD= znupIcZH*ECM$_VjCe9x;dx13jfHV*36n>|92=)TXW%{?n-YLu%n)ZLt>;uxA0@4hD z`0^Xgqdp)_GoTRuGU=8tG_n7nIR&IS0i?M~BltVbBd`}xCZNp<1C{hV{%Z$hn^JnA z$?*rx2_Vf4Ak6@XlHX_^Khq>w{wqzZ7n)dq(A)shTn5sdqGJA?<}ug{=;g{^X@)-2 z#C-gN<}#4xIgq9gMBHyQPo8NSw1WJtn$|BgG5?@>4y3scq&YxA@;l8Fuouu?K2ShB zu#nH=zp5EHwemt!;}4qqxM$}eK$;#7F)yIH!2Qw~xLY3BDuMt_K@tcRW}c?jFo3K1 zLC;Vh@GhbJV{?N#sq~0RmBF#S!1Oh56fy^1bfzPhzZs*wM%1Vv0q}i*9UX zKL-1bT|=uEugRoCDKGmOTm8IYRi`{P1Rg5gXUWn(^atJDz*j%awZJ%7!Ec^1oAT&0 z+7^wCX>ZG?)IVtwi4bg#R9E?8XbP*1SeevWIz)C1-d&yS8+*+@Da{O*4Pv_|UuBT$ zjLk<~iNH&{5B^Ny@5#EQON1bD%yY6ub5mPvJ7n2mK9nLAw_a6e%J}|$u=0~)=>7Vt zPhqH6TLq1g`3-rlp zj6bG`W93$QxC%~Ays`A8);|R(3%yH5W!hG(_<%NcDTvaEx5gPdKD*(S>E;H&h0vQ1 zZ0lvY;|?)X0IR>IRxszG1ns5k?n;5BTkeU2HCA*E@Rq~;c1U(5U-zO~Zm_>OoXv}B z$$nSuIY<)4s}4ovyNej$f&DW|0zVi)A2@5zJ-xG1&wi#0C58ah13ix>a{Gy>)JJpPOaQhaCk z9IqTU^3_Ca~c@fNZs$wwfdLRKE9!(`%>cE_1@-m zfgRG&_MI;)rO3|wCJQ%9-(z?}-z%Z7uJ9M6#Q8{WL9blY?W4P=aMLq4$VXO|;55Ku zxm*r?go1ty1~QO)|Cna~xZ#8+28P#PRAA1jvq!D+Q?bIY`pqI`2)gtsBB+3J(UOjG z1^K>Lyo9}4mPV+_#j1ErpiYc60-OSNf&^W}+yWvSc8GYChX%grLnTc?mkguFIAN}i zm49@GLAds1!=T$PNiVv0A}fNJ=2%E}ZWRzs>z>qV>sZuIu3lQ2MI`y3pF7Uoq8n6=fw4xL8G z$7+d2Zu|rZQx(`d0h=EP7jt>nAEIn9=v!UJZcb$xF|||*6W<91h9VIR(O8Jcjq$_( z6yHs%12D;W>YxzqDJj{}4MM}2>u%AuMjcxi7=zqgK8 z9k^!~Wxx-osNs44sIO}W44?>XY|rD*1_UZRP56w0{`Ox{u%A$quAbEZiu<1i&tvAkY00e#h~7jqQ^Jzh=Bo@R7YYCX)HA!35sj(ROsZ6g>+4_57p+_IC`_Mv%**X&ei^ zgHG#6m7>ok5Za*O>YoCcVlIT$;bYlLkw&b+`eVs_XlV^N+jlQervuy zr6>rz0IyF17YDbTzUHNE~bwG;_e29W+tO72cGyD^Y zx!gl!$Ogwpqz~T_Qf^mdF#}Vr`&Tw5UrTtYYCXY{a?XXR(F5tOxi z_oalNfoz6@57*&;?-WwQ~>36oGa$Q%ZR92c)ft&mAOSP8ZZ7_8@e9k;pPEpDJ&&?P<4>YFI zc||49D&^P%1DFCO@jU+27eI5G=tZTXzw3)&{zaugeenT5X9Ew8nf{|M5-K1}Ie~B% z9u)@cBHvKetVlDAnP(bI(#8SGnImqKz~pn(IbhWHz%8H0e?`@vCVq)3@OxB3m|sx= zUN2GE{u7k~8VHkEymsFpap_87vwkp!C5-IP7vT?54qeZ!d?&r_Fyt&|_#9bo|F4lr zULy1V5t;8-!{b*0=Wc{eCG7NGtR>eJ8#{co;T+rD#GGgal<&Mp4H2b7Tw@ z@V`}>^d+*;ACc{TMYh8Kv(nEw5Ae?F=T<$ru?Cna==&@HdPDfq2U|-Y)sztk$fKU4 z_ELfaNFV?&5PFUZ5%Hf&2Y5mQhv7E)nV@tCkVgQYGzu1Y69WNrFPKvVdnx_O4p4E@()wqZQ(N8_FQKLdHdPhYDj+ znm_E&XA`0x^WAED96oFM{Ra%*lnGTxIp9LhC0>sWY-X=J=mUP>Dc&03ljj zu3l)>qLMt@VXeSq0=i!0C;t2;Qe!j4Eb8*Nr=ONIklrYnQT8zSUoVmm($w6|nt1g2 z%@U8u%1`gf@hnh}tGNhAPU^jQ;9Y0DDU_Yw=N>J*J?6b$r4P4cOW#oS(8xJf$R=Uo zLYC-a5fzL`Xd72GUCmY@a{#HtHM!$%%h^3HY^$Q1AxsOvm-R#HDWZe%$;R32-2*HO z`g@|#6Mt2Mr!Q&D%iNhbg^P2A-~!qCC|Wy2LNHl9st&`{W^KqL5A7@+aC=s43;rsE z1Odu8a9%{&=3~<=Et^6Uf>ewUZlL0%>s#mUVDJ4T7%PIA_;A>hM^wAFmO^b~k5$#*+9o3DJy{&Ab^;=d%DpKs}lL|>pdlya5=PrbZ9)PYrY`{R*5M8qN?pfkRTqYPh8 z7|a+!JO3d}qz{tH_F$1{Qy;I_LPFmqI0}0(JZI3>{;FyfY{P{TiCsKT=2Og2>q$pQ z=X(sO{>o6zDmp-g!5J*CH@)mgO6O(ck-B^+aFi?i>u z53wJ9;NnWWv4!2nUATbifzG5i+4<^@T4xECOiLacA!T+HZ{PkI#paZ;bO+O=yuf&_ z=r}$*l<1YlEdr^!h=@=dx)G0XtiVIN1d$QrH)Ls{mZo4T12IN)l09(Mer#P->{6%n zIeQq()v$s#tTGTYX#~?i)@k(~D4xlt1HynzdkfLdMr5VNLv{^1G8^cjry#M4@XOk8 z*A1_rj#O0F$q&LxUZ~oRC*kju?nqnQ9rNrvhC-IDuPIbOMG#?-T{Qa{-p!R`O|*L@m^^>%;k_&$<3ik`TIHzY#B;|?rUC~5+x*M; zvtt4Vr^%l?CdTOR9g{5LSDzNh0(MO5XxYrrC5r97{T1#$swVP>P_eLF{>7EhYxD4j zVxMAEq6-vGO}K-)&u_;;enLC3!eS1kG+NR_&ARnV8BiBX>hvfZH~RLx-cimBWZF&% z?!ntQd^`S~$`BUEa!&Nfty1)G!;7`+Rei_zEt&Rkxvg)RU*?+gH72;w@HKtkcgenU zS)evLq`*_%qP0)#&}R7zUDA}2WYPSH!NTqG^*K!{>c1KT#fvfc{+=c|!!Kjt!v0rd zFgIQd^!JV+#J3E@qct06sj7CzhYGftRrbff$d;?%)6!-Apx8sg=K$twb+Ap!l^&UJ z1lthtMvQas#$qVxyh*BfiBhFc_^vfy|D!?~vZp=x6P+l|+?OEbQS_6pdXZZjxFcxB z*&|xNJo!zZtCq>dp&eqOgV=et56&vp_|3gf47IKtL;-^xw|I5? ztAgNDhNCR?PG&qE*>!CCJYMv!&Lb2vTr;lZPB=~K=9wCXL4VUu4jWDJPH^-+CGqHv zg@7UfKE|$tI+Uc_vcvDNKXoQ|B)^-9QJeJ3LodKCtlDAQtw6k~)@1jR{rH(~S(Z<& zfrhEph}NS3p}%t3jrTZWX}``x1d%y^A(gg-Q3wZn8oVejpDeao^xiBuV5!}&#Mrqqb@n^8F*=Tzuy%C$l1DUlG47aNW|Fzs;MR}yDIg*kV}AP zaAR}v6-r_757E6smDP|sH7?DV9d1Zhuz-mK^gBZkK^8|t778;QW@`Jng*Bh^@F_P~ zPVhSpL{BP(iHmADaP-D`X6qV0Ww7MyM`R5&M$NA~fcHmF73itC_*y}81P_B?*sE?I z{UWjOv_}}SV2p>F!ccO?cFiV1F7|hk9-?UqOK0FZsWe6qXd+5H((MV_6R$NNdk$dd zQA=A~CyKsr1}II~a>RZ$eHZbmHCZ$z)Ty6Y~pl z=lCgIt-@FCcd0v+`&D8aGU7&nDT=8Tqun6HB6h0~SXDAwi^9*k3O}y=b>V|#%LBx% zK6ni+4oPqF4>VbFl|Qo1zl~@S^o2tq;Im#IW_E^ z*n{F79mDVwL5S&cB^$i(R zPtP559@sJeVhofo#_;v`j!A?2%NVSt007L!y3W&gF=wdN90l(>`Ddsz@r_0H@mJks z@C6o*S|LGhC^Jd;`;RixyJy-%j0U6C+G0{PY=g`wbQ%t<<8p5S~US5V}Lvc0B*<49Z1{;M{_nBIPnX;lfvzmw` zIu1WQ4sCR!aAo2nZ1pc^9NxWNiJBMdY8O|eBvea&PE(KOuf{<2VhrAYq}lSz7$#Z% z)fnnb?pKKJ#QfQr20!tjS`>bGht`akAne19@)X|1VDGKVE_8M}FGbJ%ahNo>8K1}c zX!&XqW$)Vjpn+33AFXSJ;_?PGC2N9nVu5CF3K0tm+iKEQRAGO|5}yx@ed5D*U65)Y zi3wX@N=b4hi5cSNH>?{=7pfP!^jgip->IBii7(2ygM;?gm>R ziimo;@UU1iC7)4?BLLpJzNYh1AENQ_{wQUGinxI(+@nL+i)mfF1{*{I^=gldE})T{ zFnDpVppN%sV(>#-fT7GcZJnq)scedfFEmGh7UR|h@Nay3Qp(c3>DJJz^V%m+6z&!k zq4TI$tuQP(q|wW4+i?a|Zgy%~Jyt{?oQ_jMsLC9TH<7;TthPodpuH^ zN&Cddxd=N1fflM z@UnEFj~Caz((*aWvJJl~$j-|X9tbKqe!XkmM;kUXL$_(sImnX6+B_S-?4tX)?l{O^ zT?Pv({{0qZf+^7wSAhJs$o{R+HnK)&R?}=$m-`H)4evF0F%dhcos4SejXjbf#k}9` zsT=mBW^4~^u=jXWg0n7nhkTCl8b;b1|Avb08B9P$PlMQ!S_TH%wjaCi?dYAeYygIS z_Cfkex1A~Y;_SYX>pO$R{f*D86r#wm)}Gz^oRheIf{uJ3W-WDqs?o^XvA*rEG1t{& z0@NJ_X`9LrTbK+452upYkGTCtDKf>^-MJjv9-rT!&{1KEZcFnP{y4RG> zbK34_^|@$&fvk*;SxYyiweexgOj-VPXry0{f zdP9H@p`P7Jh&q&qmw9DT++CK|5U)KJiog=wMr*H5y9UMeZ>*)H-B&;KCd`F>X(zF8 zR#PbO2y4mAZN+mJl5@ox+Fg=Y*)w!YB`x6=D5UQsXMUqCcN4CoY5v-ZXRvk(;E>OX zH@SMHO>c5fhN8Kw0V1-seB4BEz5hnO#d@?WF3vWHE4 zcWh{{v(giK|1YbAmeHXEm#;iNy=vO0b?(Jq_PL6DN7`V1eSN_npkeAaYE%i1k^+{05|7R^_%HRjj*~u@c2k-+14` zzMppK8;7{e@Qa2pS_Su+x^)p_7>yrnzN2_VY!x!g+Mw_o6c8peOk2N^#b3pbO!lPg zkk)_hm;lxF&6$ZhIh#TfNQQQeNH2^Xk7)m53lCJEVq)ggcQ3^ zT#Nmdr<=sU%{OpflpK=9vKV2iT6fs$J(j3%lf6q&OINv1c^Rk9-`so4z*`h$w#al) zCj;&#O59(kT5Vm*-!dEra`46vX9dmQ8^k>^A|&cbY5C5P1^?JF;OM*HA@Xm!%< ze?}pxiuX>;W^**NE{}5}+E0Vmu z;I*)SPH1a9{i`tyhG1gO$bwsH>cmWtFGmk33Ris(_!c%^K)6E>!6bzqKA}{0(-X@L zxO6;z8#B*@kEh0s_$k3TwX8Q7pvu^^lcIG^rC!*X&$y)_Ph)1=GJL79^b}*>Th=w- z7pN5#(>9DyI1~FIAD0SY+;k)u$V84kCwuS$J9{E*NkH)9$5l@j+fwFiFmoRn^<%k|>ZrZHJdbs=}u05a&^waBGFdVm5 ztncMnS8v3rF2uu3m(1^f#*Mb^I>*O~7!c0xPpjZkQ1fk89&1fKMU16sdyuG=N_m$) zZ6r*M%5x{7P<}Ng^eJ1#R$KCdoN*y|BMu@7dPI1hrdbQ!ZyAa^bzS~#QtdlzhNu(X z?N4|U?OQWccyk$uHh(_l_Y~nY41zd6ypL zuNBbs3HNx zg|K2Rl&R8^z0pJ?=B^Y4NO*)*?$Y{0^$ItZbxW^;DFWqGxCN9)$P_>sMtre!zc+F` zu66p`X|4Ap-BiSB-DZ)6Zep#RG|x=nwndGQr4G9U@y*fgB%sw(RC>oK)AGrmgc-7av{8Ru4OvO(Sz7MU zR?OOtWO>P~RQBPxu|fchlCjR{@h*7;x(&(>0F~mnX(PwHWfDi^xp?r|SrT(&tW+4m zqTe$%ah6WubMY{L$(i?EKCzzhgr7_w>d$phswxcQYsOs$iLK5R#AXk1>ZX9!M*W)h z!@Fse zQ@Hhh6ogR!cn#i}3GwFI6t$ISBI4DmyJk$dwTPt9W-7dH@*WtzS-ST8o-}jCWBZ(% z_xJ1jZEVMy!nv>kNC|D1DpM)hf5A=`qpjxX| z5W!98Qc%Z{=p{Z*wW#RmFFblqjar3GRH-~XDj2=Fs$H;iM-;#&Gha+MEOAEjX|6TZ zha(u&h2ngte&|FT;QzF+yLlZ2sZ$##z`pYFbcgXuo>^n+^aeM95~ofpsTXgr6jAoN ztl9p!QH9dztNtFL0EK*wcE+M(Rac&1z8>72P+HC5@OV4D;`=xGU-Tp?CK(Ggz{klP-??`P)P36>X(;XF#Hy-IAbucSlPjeZTYumam`UB$G+*Z~d7A=CF`g~W zg;5`MO}+nZIaxns)F{nZ#~UyR|8J4;`){W6AH;HjiSCdv+h@Ndd|?>P9f9k6K? zK#8@Rki5Cm0dIBIBzVBQJiosQCa|y)V^fZ{jT>-YX)N$?9L=yG26v3hG4s#cCJ9$q zP!7$FVZlh+k6?t)C4CIv6xqzjG+#5E0koni@5r$2PYm+ZQjWn{?hdG~`+1maVTwY& zW#LBK-DJs}q-E;opO@j7AlVx`f|k>& zk{le*D)MDom);6I1aBjmL#rsYjNBH!GtSCRqUBja0%&@@>(a3R;ABBj2=GlYpAQ&G zCfFNJpT2g#Pk@04>we4c8$9b_s^PN8J{D3UW4?rrr$9Ue;?G>L=Me)z7hV2RAeA0UZ4}Rz6j`q*M6n z`pJ&ckvV5JN;kP;W+bsSm;E?!yG;T2IVHDk&J^2-YMRgthZsLC-JC`pSL#FBzYjH; zWFS<-F#endNyW`_?&pC8k8bTPpYrGzLx`&#m6SJa$!JgdBJTVNZoP4Htx?n3T(XKZ zFnFS^X81|943zZA_6(qbx7sgQ&Sp*XjxKdbpN{K$B z*OuG;{9y3M`Zv3nBQbbVsqLnrFf1z~FLKo0C5|2l9ni9&K&^g?FrT%2vQ5HkRu~2v z2H&|?t@DPPdQ9|R3MT4WS%!9S8M6JoU&}LiPH?tbDSD;+l+0iae5j2Hs5S@Qo*_9i zL2+^SRHoBq^E!{UDdtP$LV8}huM#xapH4_Aw0sU{Lr4*;@Qd)-Os$rYOSmN%A|#bk7=Y} zC%QX9uMS2NrK0VH$)LgLWW>)+B6X)ffM7VA*|(UHSXl=YmQtUMQ^|uWvg+r3SC@Oh zXIqM^JB@{kiMD}Wo-R@MiT}d#Hk%%9y;m`e$J){7+BqVB&)Bt9QaEO|&bV0UN-Cg( zx41Pa>}x{{YdkHivW8Lm-uXo~Sexvp?rW~4U>cg0MC-3>ZK5CE&NvtKD=NF-rbqXM z$u;FNC+?aE5IdjRd?kfG$MSw~c94AwxO_s0GfqyqMN_kIhI9!x3(vN0oNqUw#4z8H zPiTv8BL3V!%(e|FE{QoP)76P~6PM^}yTW(QB^~4?MS;RMg3vr`dlqRZPa^on~rnD^i3uor`6W*#!9Q+Gz4d zfxMs*uTs?M!|O)$Fc|X9E$^S_)1L%s?4)I1^Z046_-*y2M#u5=^BM>do*LXNbH9N~ zI%j5dNZA!RmZ5inGV)<|G(is*9@(yWvLx{x-*Zu$IxiuNJ;RVA$5SVCAb<3dfkIZH zuK$LW&;5{*+pt#JeqJox#%<6CLJZ6M4MGa?^8uuo(oAGFRf3Vac_%`R)8Ko6Hm)M5 zYNWtufE{ZqecOZg{)UklLW#ajPV*g1V*IOPY~n{^SK-(mJ-eehJcJ}CNs_*r(VY9# zW(|Z-3*Nb_qnr=n-b^^=S`qmEOpc?v7`<>l+aYB3b7GIBS3=)ZMVOvWD`%3q_TpBv zw>C7qlN7R6awG6- z{v~yHKt5YLG%-U3xE^*;-){jD7vQUgc1rbKsn)J?vzh;*y=#?5k)ne zx2LbZEsOak{PJy9Q~y`5_eAP|S`tvKt_+`OoCOY_)=5>kF6PoD2>r;6RLd=-p`YqJ z142EQu8PJ^cu1W5Fbu6*vgr-MID8n!gNpkhr4Y&69G`f5R>WF;wsGL$uhEI99_{8 zL!Xul$-TLrRw#)MNPt-hNCH^Y1?RIThEPeZ=_uUoak>ecjK27B4xggLe!Eip`pIKz zv(i|~%U<{_yom{n3i4GTObTj>6s;)Xa^{b`*zq^ zVmJ;3eViqKh8kEN(IRh7#cMjgV||rr7W5I9zCsndHg3x?M5}F^CSiM#p&6DPE1{AH zQfSUz7)gahh;dltR3W7T9@(Pd-Pg0*NTMHeE}x~|WBKR8^N0GPJwfof8WnYg@c3cn zd8o|vzSX@uDzgr*%D#UMt>5GytP`AvbqeOq z{J467DIqItCz&~r!EI*A$&Py$0>cmd1E;IGB!xTH);Mw=uX3^md1pDUkoggV zs2KlxybD!KkvQd17qz)7i3wRq7(K|<*2T61nkN|I2Rws|#@TUgTKk1Hp0JUASe^b( zRT#e_DB2XV3)6P9;!5YY=tVMrOv3%xhGLad{b`tUuP7=V-!}qnm24{HF&2!IC1%=1QB83%yl}6Zk+HQBVp8WKXwg3VyE@Qiw z%0rh^gKBQU7?eoLsGB&>dmxIP{ccdVO^ z3_e3!HQ`~%$=|7#gSv6!Gm82waqM{1&qmTQvJ{ZwVU*Tnchb=y6t0U;Xl@pIJBD3N zyE4s3DmQZQW?9?Ltln&>M|%Jt4XsCcV>Q)%OSDi-sc&kATB8$+c@|XQ8RrA-W!j^n zPsO!n>$Ga*ATvB8%<&bKqna$j^;a0*wM;>ibQ7RHQe*c`O)apAdRyK@WkBj};84r< zeBAi~+FkS%S6fb!d9Yn15rYhw2oaoACR=^?uGit3a0`@)12m z*BoSMYw7qnd&mewdWM6AQz8FK#?;TT6{+BWE3jzQd$iyUUWCY@9 z@7r!Eox81>f2yBxGHJ+9(a4WR4+Ol?DoSSfvTZ^$!>hN?4&nLM>)PZg9SD@xug%<+)*Ee49xgt+HFp!&6h)M9OdzMCqOcxfuQ2Y08ZhD6u^WqW>+}eI z@QF@L(o6N02JQDT=&4Smml153k$k_f5j$8lt{0jbgc)Ks8^MEm*;kNm7(imDJz{o+ zPZxU$hkKiR=}LynIP9n?M8Y_Az0i><8;2@i{px*q_1F&vtn7gyG=e6p@yHv8n_%P` z@DG_|>|7}`PByiTl}ZV)beFrO*tk_Z$%NdiKDtgp?2hlP`_M;@hl%F0$^x?OQZ<`aCf2n~_7E{ML=P6kCnoJAxg?I@C}Aa&~bt{YOv1sJ?c5w*CF#oGsVN`WK`lI z&q`d9V|jGh{0ZSjUltn!(=C6Q_aHQ(GK0*3Aggw^j85+%(kg@5As-qWHx0V)dp&r~ z$aYp=zDWVj`j%`=^J>cGYxkhi%4UU~w5!N;aW;nB`^wTt(2hlcfp-}UTljJQJsaWPypm+c$n5VcdAdrE=>L=IC=0tc6;^yQzhCyMjZ|kEU|!k7Sj1 zCKEH-0jj}eaBEZY!y(SGJiN~C3ts&CyogV>VNh9#nB4^s^H{D$Bu0>ZRau8!k0Wbw zs{1v)p>st_`Me%k3DKi11H0RO(*=4=8-Y-0Sxlp`XM-U71cGCxO%$%m)SdW0spkPH zMcKr94{}0}QtqUy9d`&-5rQ02tMd6#5nBr!ecUjwH|n$ssBtrFpp1q4zmB3ulh(e~O=1x3(A;?u6Ia3%MbVOwo@ou_+kk5kd! z1)6zl+jks8@v8rPB85ko{p)O6_YTOZVrh)d{ko4o{J;@3!Uy+x$~2VOa{X_{m~1J0 zA+Ofnm|tt%l@wBhlE5}s+p)FZ&K*(0PraYz{EHf|q;IMuR))1VMDRID z9=_7&OxBibADAe+A=G?q)n3O$M0p$EW2|w3Wca3At`B)WGdnMylNwx8Oeo*@N$*;F zAqqoLrRbh$=Sj=(yg?YGBsT~?mjy1}HYOj862Eaefuy6x_sN1OZ2Sj(tt%sD3x*r| z$UsMhLvkm{*=<`e#pfu<;$kB%1P7JiWvKoyj;oBXjrR6sJ=DhUZr?$SVY77Eg71C0 z*Vui>Cm=#v9g@+1n|EIb2@-ttVa=`n+N#V9u0-WTp#1TYXeVGk@GD*T&v~&#O?4%+h@TI!X1>~bsTL~2D?$xt}v!C902z=`euWX5> zW8M-7!Ip!GK?pqI_x^5ECEGvT!OwuPK_%c$kz4PHP5z!_T~8k@A46a2LzTT*Ti5s% zS5pL{RhwocQfcbulvr7iFu8kGVN+>?^2K-U(Y1rKK1g1*eA|-W34?x&53yy=(m+%i zl|tDG`W%J##qEuy2Bv4qiPd?hug);z@)k+^s0SOiIe$ZtxISV>wiqEUb2l?kcDaVZ zfm1n6E#imhwp7W#>>4zmb7T<^Cn;XH*zAh$NtF!|OsqLWwVZ)XWw+BOz1;2=Px1f4 zIPAZP`5roMAd`R`CLpP9DJH&MAszfXmdJ5@hX$kj!n6oRP^|4w8`9w%vh~+tDP*7A zPOD; z{dV%spyCMU84n)5$A-00r;RGE-(l>G(k$aVt=rHui1D+vo|f%?5uYwW5QsXH4^xZlL6w|=>jpK`L6zw_^xBckE@@3T;GevY* z^#bbF*kx$LA`X(DO|g3FLBj@XouwTZbO2vqG@3UjX?u$}Pi_xL9(Hp$di(-kMXq-i5D6`Oa#b4rT6Vn3vAwyAdrGg(q-bg0$I& zZRDz+)BM2vS7Ts%F@`_B`!4&>H%5TpV_+!!S7V?a*6|*v?#vh`P>L8VIR64^ncnz4 z&h?#tL%v&^s^}ecpOT`(3W{;d2)xEp=Z2XK@sFQ=Z}V%UN~LDIc%iaX#6yb9dR|pu z>FKXM-Ye=ZbS*C+bc9Bh8aIN|pEhtyNrZ%?uV&$t7T*6L29q*|hL*s3{-CTjd`$O0aOU&FZetnRcoSWAuF>?;XheqC%)ArajqR+}&qZxEuh2q#(# zPEpp+Wj5z`eFu-`3t|Dj1&F5XD{pC2`~qbcR_mm(9cU|6H9Xf*F(DZfm!P~qOCODbHhpsL$XKdotL^7FRQQliwxhs~ zrSCS1mr+l!smOz9dRv}(MQADe%U21?K10*fjflDtW!Z?-2`R_7A`bz_ud|s_}Swl`x)LO zF6regAmu9uP^Nj5uPMawm_|p7YRuuI_4(qkN2#AgR?v~zXMWPz9dwxyg)FWoR((Y0 zJ-dP{?fRt3MJrcNoc;#80Fw24Q`eQ(w7E?695;v0Tap0Tie)}`I^yd_!G+I9+%R~V z;VE_c>F;>4b@^x=uhlvw(K)p?@l+y281M}%z*N1ihHG+Lm$Rwf)hCsha4OT2TZxTN zHjj!-s?aH>HMJ9av2KlmoAO5%S!*o&Tg3^5!%#0a2Xrk4AtpW;9VXX%%MLWScQmDk zlZ=tiS!^+kq)N!Im3H#b@e5UaV8^co-g04gm2V}wi|fx}@@ed3u|}IZ$pVKbx_$Nu zsU(D7;|_#H0Ax|cW;8t{Je`NRwur*rS9k?%l3vG_WMzgR14!8`zS_>xDQ=oV)QM2)4}h#V`8xU)fisC7(@H-#-RA)mocdC z007Ea_Kvtt9%{v7^GU&7(UbRD-Yfjf4yLZKI?TXMp5q2v&E~+yDv-!uynH&eXfA=@ zv2nHw6CQ4<{>V3_b>v8)RV^~#i-P8bh=(gdkY3pAj_X3U5>eQp2D@8ARTdF~E@yE6 zN%=IW{lWY8L0v2y0kq)0mPRJu3!xCHTTNik8nhN2fu?Q#UV~$DO-LeB*iV+lzj=`H zOu!UBcL(h`%_Lx&f4TU~{$dP&{Obs%#9yBnlnwsX7-pm;)2E&_erGmG8&>Zp_Jmz$0V}EY)lC3Cp9-1ozl(NP0@7G4DGIT-aS?o{2EIsq5SG50uTbN%v8N$_ba4+2^(d(w7hqd{B>!=Zzb&LZOMo{ z#atUSYBpA|t1irDdN!nX>Xa=HWhlSAiodS$l&0uScZ~Cu;&{dUpx3*>_w_P>`$>XJ z*=aRz$C6iw{5~kZ5`w*X_TDifGOD{)n4D}`u`jrpw5{^4--NEAigdHsBxM}EdHvM& z@z`@w+*u4Y&Jd-IMd^(7>vDg$j^>6Kv!XlPktNf?2{rD}e7(c4*E=YPPwtaR~+*-RzJcH^b6&8jX@)3={$aOWp%Rn5L;Yo zQX1bdUxv@*GB9kDWR5;uzQZkJuXqut!6XHK1{7r)5Dv}9UL_5N^UZJYma&~*?SaRT zT67|88AqmPEIapw+b~A_KYX2KSX@i6u5ot{9w4~81^3_(B)GdvkPw2qy9OsfaCdii zcXxNY13CMivy=VgNB@1RR!z@WH9ftmXr48L@r=7GT(7=)ii{h!Gm=K8k<;3|;X4?H z#n}~b;FvEy*ppDaGrLRs7$j@W0rr7=t&ONrxH|AIz;Gea^F7Q`yRVHdUjrvZH|4`= z_H%?)w@{0I2%~qHiCa_iCz`x@P0!|X!HygYO^5DYl{u||W}__Jk04!LQr#CzlUpIT zKGbDaqm$Ia6dB1Rjul*IRo897Znn9~;c%_V*rqd<(-|>loYY#9L4_xJ$u{h6ih@_Y zZ{+73{hng(Z-b;{`y-qWSc7H+M7Ans=^Pf{YBNlpt3Vxm6ugW_XF^+nJ8UtpD2!dW z#x@Ffp6UnfS^Y*oU;4;X!<+jBzkI@UbyXKy=_wTLe&qusF3`yHhpuQX_)6FtCgRz^ zQ1ct4A#IPS3Kic3YDV_cj3f5ZME+WN;Ul6P-@JhqQ2)4fAgV(vKJq7;V3Y16Kr)cYSif{e?lmTMh!uL$owjWseR@xge?MXB zhhR<#ol&{K0MlmLPpF^QRoQ35I)_#gd7RHiXUF2V*nOA2jK<6L5jN5J?v`mWs1E4B zH+^=pc@K$A2Tltuc+k50hDZTRY9rAwtC?(@lNb>**4_AKH^|fG3oAvV%tb#W7csXp zPkcX$#L#s?u4kO5XXO$}kWHZ+UtMR;TVm|~g+rPWJuQZ%_(8;K2_S}HH_FJX zeux{+GBHqF{X0r=VF4F7vM(W*x~REOVVZ~k?*LU%Y@OGBr?VC`@8s~*^r1-Od{tM3mDZlzJ zTmmS6NiXcL>Bair!BQsvC%t5x{%3lrNPMGZu6k8nzw6Q&WVOLw7-RL&epP!1Wl~oiHdU zjU}|{)5RAN?<4>->~9A4{B6Twe(4;_H4p=F{p>u@Q7Mm`Cd^Me;99%Ro3dnj{yC!-u!I7EvQ-E830$_Su`tlLF8Q2pH#)5Q+Tb0?ZF zED+TXgiX?e+(b@Y2X+Zxd~?N;8dh5WOjnp?gX9kZwO@*{7i5^xf$v}Uc@lxNYsFU^ zOy+ClxBAP$YC;mTVFzBJ*Ox?NhCJN)Z7m#4MScmhzR(Sru!4;ji78! z{1D#<``K;wqjE{^hMJeDx>B%x8}*y4B7=WL>euBk>cIg>AzMaOHtgH)scLJb1#g=^ ztyt=|MUSF0is&56_+-bb!gmSBPb!nu3^*yP#3N|&mHr3uU3&OIpXt-OvW zB4)uX9nCuYTdA_pWicj}y|}NT@NT4F2)r;?25A%c?YXy;Ud2gYopS}()LP&TwpA0b z7O#NU`~xIA@FVQ0Vr-=_b*6`RQf|&zvA_bEt!3Wv!W%;iuc=Tb%$a#WWO(TzOyzIl zZtkskG)Iuy)RJ+4#pFGA?I3V&-_JJ8N_>fD>k=05yWwpE{9w*aTu8hZ4+WYLW@f<~ zH;mBUS30^HL#jL|pMk0$=nwhm=_*+$Ty(1H@GvMkv()Akd4>c})o(h2EY1TK@8>2B z^S$qTlml!@ORO)8D8ybAKE9-LB;BRRh}n8lMibKb7^K-8^$RaG`#5 z0fk6APB;Xw`CtSly3jGXXTms5!0bnb9Z*=azWGywOj8MTFNw$_e7NbpPVTWY;a1Wq zxUKx!YAmF%!x|!Lf>&wf^r?Z$3D^J|9x^A;5Vq^_tLun*FhAiD>zYaDl4jyL9gXvo z#2feiy3Z`<7kdF5O*j)#7pxOL~@cnv*&0-(K zNcao?85w1*#~)gt0`FS<)N_<#Cb{N7hk<=*bKU((5c>MqvvGdawQ zV!n11`PDCp2nq@WR0>m6#={Q`Lv^6$l9_nu+ZB|k&SQ_l5WfMaj;h~_)x;sN|LrL9 zyH)jj`&X;`zgb;;ReOL{{@qurFC9gGStWh3`usf%UP_mp8%x{9ngoOseZ=!4lm&im zv}VZZ!7yI%u2lYuVJ{TQ zmH$Ke-GB0Xhu3U{|8M^16y;(X0kmjBLH|KkhR(=8GM z5Kv!6&e*XF?gQ}A`;ED9$+UY3M9b)ad35V#ga}5Bt^kX=cR$GT4Ht@wG+Yl`@Xf7; z1CY--V-py71|u^I^7v06L2&K^nc{!MG_y0tH6=(BijU5Q>qW|>sF^$u{mmrd?MQ7h?m zrW#bYM|!&ak9H*81J-wD$Tl@z9q4)b-%n;~Mfx;0gZ6h>f&)6A(islYVX$muD;<*% z+}vV1WWl#DOEWgN3daQ=eUSDXt~gzCYYAxna_D`nqm8H+3Bfa5 zLv}Pa;S`q6vde1n0Y4MHoFa0Mct;VwA6=Ce=&3JPi{wRSp-bZxYC$qnNhaUmvB!QH zKvAzG9CTQ#V#s!funRV(#L(~5-C(K?vg@=Hck`l?IbD=F)`r*0} zG`Ddz^Q&kp|HicR7h6gm-C6+xTZg2;b$SS+i?wX%#EP)|u4^HLZ2a4{Eu2c=vwpsb zILBayk0j&w5oIp#C_}mWdadiR!@sV*>x3?xb@?>T5aW0x9qwOdgKXc42qU7u%!Wj8 zH-B6W&g&8WDGXg(n7sb-)=ElWbSG^5zK# zuB*=ww5oc#>b}|D^M;50uz{bd0k3 zawpE4P*$#FT`(-&$oJ8UFxPYo+|(jv-ovSua7NNTEAqHi?z5lIhg z`!KrPCEqqBXzn+wBbuZmi)r|adX!X3EatmU@P~qCA zsJn8P&Dl04OAA`Al1AUL7g9xP3H-naf!o@j$V_Q7SwO^wip`+&9HK&V-hPUD-Sjzl z1@rD8Y_`Y9J!?IfDEfIvOWQovT#glf3ieS=YGTUO8&k2z8O zv6d_U0?PM$-KB7#tQX7JYk$@1*H-_?7XQ|2?R!Ap5C*iRJrDu(z{-Osbktt1n0lTO z;I)0+8fam|<+#Pae`mQPFya!7$Z6x^oX1hVp%^MvSz^-|-^<|5((MU{ zRMY@^ca&plBvl8D1!Xq1m+FkYzrik8bQFua&_^?sdrSy0Qn$IMpUTlVpzlnd{6vNqd|@#rSEsqHGIHBY38tP^V}kyyPw zw@Y?FJ6aJ~xw9k=%^137*yQA;@Ovp)8D92bVfgg-9h;)G_ue{MPiMAW2APp458QI= z#~Q764W-mkot4TKKZEVooMOuqEbD`)9;!!_3BW<|yM%_Csz3INX`K~+Za`1c1-hRj zTio*;^K*f z@Gq~0D1IqG#ASajBU|duX|zJYVLcEzU4Y{^T#Bv6B0}b@AT5#_s~4qBB2dnJ{{s?H z>8_9J(#FS(yD(4DOu(*_gtN(=mabdOfIdsl`pAq8mO;pwd30#Ip<*noGA*f6q*)wQ zU3tiX$=g6NpCYAJxq0Jg0c4;CZ`o%u;;pn^${9zsY`uR^uxT@=aaK`H^`4J*(7>@1VH1E;a4VB^R6vS-sK) z$;Hqt?}p?RzToL77~(oPJU%~?9<#zO7Ud-q)wSzwt0!!Ed%~(8-cWVQi%=dKt&`7$ z(ZYR|B4hGU#MaGae(sZP)bpakHlP>hMnH#KHG{xO?hA5=A{@e6tFgf1y2+mGN#GVM zGlLwLY*(DpJD8hF5$fi??E6e;6hepa5q}&x_U$s0Xk=#45Xx9tl38Ja(T{%TdV#)7 zkaxpSY~cvLcX>$rw)aRgmhUDDR~A-Iw1OwSPVGyt6Mo>j6(EMrc&$&p5B7@_<^PZY z(dw=BhMhl#`w5;8$jIsaNS;U8mbf*>08F0%Y?Fm6`r3OGn+a#}CsTw`%P7zrMZv5C zgXR%D%H_0{qf=h=_s~s#B)jI><3I7;yg~gAdj$=SKdsmQ;8$<3ZH>GQaeM$XnB1HF zVgGKTwc0-xWDn1Q`6%|Htr8jaxI5>B0g>MDl7^c^iNIBn`y$6kMax}gn(Cb=qgGXZ zbpy&7ZDPB&W+Ixv`)aeFQv!0GWAuo3=!v6KFi64nt2Es@2+Jl2f(oL6}4<`bT{Qn3kNPTAyw%;IdLU!%hy=)-Ee^=+^bxqGaxZyiEmFJ3Mxi!0LQ231X(nA+|W!FU!a}_Op4Ql>9B<)Jiv`=m2h< zuVlnSvYsO=ua2h8C<#6t{e){`fsbEKEuRI}{Vi!nSt%Tw&fpW1xNeG}uX7hgYKQ%Hh_}^+|?$;XG{NK83u>Ftj)&tIkWS-`& zw7NdpC^(sU8H%PofSmDP8SM$flVEx3bd@Qc&h*RVCPO5JBk#bQV9AQlDuuo#?I zaFVb4iS8uWiLf&HCH(L+VQ3K)WO5X&`d|=32-%~K@kp}=NYU2D`!blmKE{R)Qo~0Z z!|CjDh)wdr&}2bFSu|jTI%G7(U{V8{x>tkGk9O?>IDM$WHsOM%(WExUoU^w3k z9@52uHt_}o<~t|H*!-7Gjow6p(`cKD)u!CD5jIJS@iQc*cE_gM(KwIv-iEw*slu3U z4tE;n6q-1XI*!c}_y0%?c%$r$gQ#0k=g${?d2scU#MqwV<_gwhvWYZ7Y~~DFwN9}5 z%Mx&gq?%P$r;=ULu%q$HLoVA0??*RfN#XiigYWx|O1@edB)~)tDwPXRx|8{m1m>7o zHiodNMQ8>Jd=+)pUD(&(0q+yyWhT?rye!kssR8z!50j_UdY`%LgJfcoi7$L`l1iCO zb>z^@*|je;5)x5rFs^kh;iNG``aZW2Ur-R#eA}i&159EpD1AAE)GlE6D+X0g&d;** zXBznMK$9F_84dMxcJ)cMf#RMx8AUq0-qji_<<7EYj0=i1b+DEI4`g8J;}lIrwaQaM zr46isr4@6YXW{z%x~S@R_(TbJ{9M=!WtQx%zDw3i{_Pg5K6v-MNz9j&Za9_817F5k;O{Rwn zGPF=oJ4`*IR#6OL@K+?5u4H0=NTo{&*;0IO;M?=NTTg6m#mzj(3Zju+h5oqR5rp@A zo&|?ONt*d{O+wCvkyf{T&LE>-w%jsf3dS1K15pEb;%rbh1K}?gWyd6B03!qLA0X|K zG`h{1ri7FqlK2ZS@>oD5&4nq(Mb36913fjz113&BL@dhm=J7ND%qwwNxOl=SafM_@GALBR7l9!sVh3N*kC_yGE>m*k9QDz!o!%; z>0J_k9NdV4TqV$8RFMnI>m3_x!=2>Io+&gpB|?>;)1EXaMP!D+^gPSB$u+$kBj#0Tc}iG&4N|4e(dy-ZicX+1+ERw2IWo~019uHN0tZ7a8A2K#W~Sm9+H^IR zPp^)bY6is{n_`&HeUtTPVzDP3H104LTJR3AH31*J*lFi3NCb_KRQA+a%vyn6fJ)oF zp1#C{AgMslFG6dFguzt4IFl~|W{g-;pdX*W`6{<{qb8Y9sOz&7>Yl4ub%4T{CrC0& z=GHO@gDbrP-HGYs9A`O)MJ;$RWHlZ!-1zWy{SB0R+qu(mbr{Mh5J%fQqO%y31mje# zZ!UE5t<^_chp2%YS>HDf@hxU1bqX!_5PH12m9WX4v(U_5Rt@GLxgt}h$5?x<`f0Ek zXcWGHi$JuY1sfskHdeb|c01dn3*Xk-m#eSewOV`JYUdRV4Sk1-w75cU>!3iBq69H2alfd zNh5|Rzffp<@|ZH*!OcSOb@b4TUYr;)?8}x5)nubCQZ~!(qC_jfiE%=!KUasOeOuHe zpUUca5i9;tQ^00OSSqsR{Au%3{jRuJ2hJM%DRMmm{RWBdkngdnCNb<5?thYve`9;sx@`#Z zFt+xp7Xpy&3ZAF(T#p{ZbEZeQx9!s~Nerrk2Zca}XOUb2v3gdne1>UL|3Yr&WE37D zpWYoF=7Lnvxc+B!Gq)c?G^7EEIOUp1T%4S#pPrlGhW8{dN~=>2^=RAAeOAyv0h28k zHypz^ON3^FT=E_0f#eS=HHzDELCmik&3|>~6mR;5z;YFwGemTV6D_417aRwyybsw7 zMk0JigN}b{@g2EcozL*dGKau=%*H3?nzqm%_UVdOPmw4N9h2-GX;?rnLIZ$(B zcEROzl9SbknH#Ml*Ic%br=MXXjh!jF3jwbWEEfv*YxP+-Dh=pm!{TYviRA3@qMQtP zVpVRY1+Wc{D>RkprZZ`3&ni)hpS)g5!QlUErTY1`QpNr4RN;Rr)w>S?fPT#{x{GY` zSBmp1<+q72FZC`Zwk*zv{G z3lLD;yPuoy^YZpR-sMr~;OGS)WT|egf^exE$P?v91X0lGG%iCzVqt;aL81MSmb`ls z?fb%t6Wh~ZsLFp+(np;Vb>+uS8g^qSvk;@iR;`swmEGsqp`0Foi{Wc*9v~NiEZKc3 zuMl^_kL|=;-7_^&2q8I_t#&RkLAXqyYFEOgaKdeyqgPd0kJf&)8TyeuqS{b@ETXX# z;V2?HC0O-2ElRC}Y}kMQOV#dj-SE+rzZ=qrqS<|j$1Y~NT<5iF^~9%E&536bK_Y%A zt)Gt%%o-?|3*{6e4)V3~t|2cFfy#dPfLsc}qPkKkwO(eEOq-I*8PxDN`spQ9i=|J^#*Biv>Qc&W@Vyn+5Qro9^K>z|EkY2y zcb14**SBdbN_lJ`P6+b^B7DFlUtb3PBuD1&yiVR+=a0>$*S2YhgJ?t*p22tG@;!a! zIay^7mbcyyWLNftqM|lrXt^%)@+7Ol(y*JXLv;uz-Xs|sPI z8ouY-$7e#OX}HLDs?S{;1edgp`1l$}87{PQK_8~us6gINeOB79qfgO@yOD?{l{Cs2 z9n60R`LO4zu;P4-`UsQMBLNxDoH5w)c7cBh{!4AQh(WW!X3CpcFb7$#F8R5hq)qS` zi5NRalEjVZ=UzTQ2}cTgnnYuGHIks zP>!Bah5w1nTbH5`O>}~Gl~UA9Bj{4O;;F_2Gx+=^QVZ~>)#U$glm4yirA<1r70h?M zNoIV<>4xsro5#K7tjlLZew-krASK3f1XkzOHp~x*2rR+c%%LkdQl{y|A%(_9{@wDt zeqzm68kwgbfHFpezBrB{FmhPEa^OS}gte)@a(xub})v8?V$eHa|18p3}$dq20r@ z1at5LFR}SunZ~<>xPkCJodt_Mn&j-~9CZ;jSTGMs5-Pw${ogM8fM?p131w`KK;z^k zO8#=ezQ_5l6QiJaZt+1?rFc4gb^h!cD+TSpDYyCm_@amp@wej{&sPfapAO@K=h*D+T4hDYyCmJW;jm zUnyR%l-C)$FNqH@^%gK|^yM=Wo`3m_{_zD&{;w48R|?{vzPwPL*>wAVJ(0=hzfyc& zDF}a3J{Z6F@((4|<*yXqR|@=pQ=Zv0cz*ekUi?>z-zx>~Pm1j2i!c9B@=E?n@qeYj z{x{{BO}X@!FNTYMr3AcEVE&{idA|7a52bJEuav-73iN+dp4sF{e)$3m0r|JR8}v$n z`jeuL_~Oey6bs0|Qi5M8kpE42W|NHj<;(TEzfwY8DG+~BwC`VbooK-?iX$f^kR{+o z!pr)->;uxC~8)k`=AkC|JY*x{~3+)C80qy=Mqt6*+tB;Hrw8_@<|IG zdT$=jDMQn$eM3f4xjk)**b9uHcv1bgT#&D`*u?(JI_D(ct95~Y7oGO>|5$GWywKEx zvO^|iKry(6FG9o}mlex*{=%IT{%dSPUt^IBKaijqM0hSBBUoF%A&&8XA6T+8^H)0vnK>D}y z(x5eWs<{w2mL^h`<(JhxofPlhzP|GYT>O7x_UC9V{@2~5@Z0VZ0PHS6HSjdSZ15{) zqkyqN=YR_5W&Q3s=;nR&i|54xzj+Rr3;N6Ri*mqNUav-SKzCxorCgOr>5xDi*ZV&0 zaj>mbBJdUT?9g;X=S+g?30(cBy=&Q9RZaLe0ezaifwA5XG2fcni$eJKlnWvaK`Pfh?)6!~@0P8#~W-cX;oiZ1Ide4*3)}ChO&ZZN?7Unw`P2HCY zQ9DR!k(unjpI31ohdTJcmCNJUhB$Zag3{Toy!piI$HMw_3DZVmh2)5%kXPg&=RHnY zuQg{Ex}@E_wj0j_o`+Ydk0A^hx>Q73X@s@VOQgk`OP37E-|I&UEuv;-WqwRo?^4C* zI!zD<&(u#VU|ux8CvvSHF8n;ZTf(B@FJpc#AsHZAX)-E2w!7a^DXy4TcWHnftxn$Zen`|{2G%n z*>DHf!jz_%O8VdzuZ#8L;@AVhZ9U}Afriv3JmCth#uKtFzV%q2}ZAQlmT8?KC9t=Sa* zAU9>P{uyUOU*cRU>3Vc~LF52w-V&4IkpAGr%Qb=0OF&Z7jE;k+5)YUOwlgNbdBG+7 zdmt%Sy)<^$jnV2BjOy$jb6z=DByEl=ZKQA1SGv-WFXwBt?xwN;CCC0z-! ze4=(P8XG-DwwYq@GnPQoGyB8scMb8DETPT!Udr*svUx*~yk>#J9h#Y@6zLg0?!@Io@*G40%Q9}W*^+;nDM7%y2UYJxLKbzWFRAYp7)KjoqZn7?@+2?X{2q~Kfd_5 z$5kGv^&-B?lu$siV1U_Sfc3isfcf9YyhuP%>c1u6M*klP=+g#BfVVb(U6K_ux++mP z-&qe46qhB6c$qvbo0R-dp7nd>!5J1HD-CLNrKJIhg8A~wM;vu3&ojh|kA6(7MpYK?~k%k|{)RTFb`wIT9T9IuM|c`u7p@g2z!VD{HM)*&3Qwd@JN>UYcswcl79%Zj=6s}O(OC8(#+1vVz`Spz&IqID*8T;r6T zOPmJHP7;W^hJXkk-;6`rPf4m7C8DWgQU!fQx(%tLB;)JPMr znmxpjIq^97P|FRlQ#Ww%zH0ZyFeoVa_F>r&ZqGStZhno@6BGex%djxU=krS*9$3AJ z^>Y5Zc}S_ZsWxCZ@M_(`Q2AD&NQ+2oXd+peEulm{@Cp!3%LL83R&(@M_`dZI*0g!T z)FsTA4*Q|+u-oL&C{k1&Q|VitL$ddmvd^9c^YPv0S4B_Y1mT*Fhz=X4Q?(*ie4GwY zHcrs!^hXG?-{_%XJ#8;QT4KpXv5}m)jfCjD$>H*@mhXJbtgH9veyp|{wZf0sh^@)jZp5lHw-f}j zpze~Hi{%T;we;r${<}g-F5rT8=f5 z_aISbmB%Mm$Omv+Ukt+JWCYr%MRKr*= z8}OTWCK!D< zLWQl4*)J<9ts%L@$BYh_k(*Y-w9#b81-)(4w5>ObN$Dbl(xS%A1SI4+6jcD2N-w8g zyx&{d6ry8eIddY&5{AF6(K%YnE4pN_n=`V;JXF;n0d(kJK#nxK&pS`&Xn7s zBSEH1oirB8&zszQE^{`g^)EuNH>!&OD)pBe#saV9j{KkH&O-;FL_DFQ{#EXPDE%MG zpSLGsUkkOze{0=CM;xiW0DzK41vm$OQOuQ8C?Hi}px5=gVgi4-k9(n%&i*F_>p9Iq z0HBy2#5~c_@ZoQ5pN3s2cu&k}B?Y z?aFfXVfB;;>*V|K6oY!Iv$TXqL9$uR=egniJ_;F^_2ZvyKbOAxxAuxtp1Lbi1z5i7ReH#Luy z6T9ykezL#l0*Zm71&>f4v9UDs#Xt9rAdEZ7*PU1vX-$3!^rs9cAVNT(U)CRiM!AoF z{kVQRO?ljY{kQ;uHj4rT`rF=2(e}xlSgtTS1gCLGc9h<-OH&i}OJg)_l2ouE9OF)Kg&}w>XJQ!AHtn zf$GdNt5vC7i6m+`t-_%PQ51mA1YKa`pO!tnh?k+2p^^Vc!n{_mnB)2NTfDyoLT{jy zR1JMx@v)5OJtm09ARZXnAe@*vsvk9DGIjKQ<3L_^;W!+PG(ws3PZ7y?<}-r_q0+-oXfnIuhB> zY9=G-vVPo3&SAy57vDNyp@EbEz?bz0Rs25jl{)hqb@d@@_Ee}>>01P}skim$&y;7|+mzdz`H z|8b=>`Qep<^Pd!~XKmu0|Nn#TWi0!FHQ)yw5YW4kq=D+&z0>A9#4}9xDZneKDuW~9 z*NCPl`!Fw_Gt|KV0R-lC{c%`fIVt&S6XZ9W*4U>2&jB{kXJ2iK{Lf*-GD53Jv(zwQCHf9-)Y(4&9$K!G_B(3IL}2}<-d#W-lWIA9v%XV+q}un$B>(kwow zTI8%K3Oq;JTBOWd!1~>CJC0tiq9TCC{kGVZ{y`C-FTZLXFvI8jsr$AngF$5 zb6m>PvSab7+p1|~dyuWpL2BiW_pPuWhE}^TVLl%7R5Wr^oZIM(@H;XxH3-3oThZjt zW`D#g(NbVlSR~5mp_jf%A4}NaIa?3+)*(18Ji!-5El!1*!5)Ric=}Oxo$0yiHSi|) zR^6K*=OqA_fB*pG|8@NlSLR9S*SK>27T4~VxPAld&I&_72Qy%B7;HdLu+PBqUWi6Z zF#mg#@3)Kwj&`5+64IjIj@zC=UPB7VXcbm~ua!@(%U5&*agaE^t>ZASa^`QJroI`y zzp{SAxi}6qQfmo<7c!E8?p6)-d4EB?n^saxys#nwBkp3 zeDTl=(*)t7J38jLbxON@ldXz<2go(bx=Y zm(TcFG-&PBwC0oU4OIu&^vIhat3!<8%3ar(#ZiGFrA9oofjkBjrnFMcJVp5~b&2oj zIE`t;y1cUcRwhTQ_|v1TXHQ%3II#9LBct@#X{d;TN9K|$ZSV~g3QJ%PoqTjP_LmX{ zh}^`n#HDGo7Cjwo>NR^L$Qaa8R8LC+*%ww(HQu1o*q_Titbcq2c6N*2l5d)-mMj06 zC6f+>uf`>3kQF6Yv0LLUJ^TiajylL6?ngWy`(>+^)IAWI;K*YXk>jEti}Tdwhbu4< zSaCi!5f9Z{OB3w{w!$J#S!?HSKaC(j_0Hz(4`9(3Kf9r;)OUTGe3%tlHaxXk_&!~u z-frO6yuu6T!)R%~;cuFn^g~TaMUQBl3H)o$=L%4W&$FfTv*K7|zwENxGIbnZln?ra+k9rh}qC^NEdz?lQ9R=Fr z`EKK?!{exlBL1{$H}=DYR86aMhl_pF?nJ*eJ}E!wa&#l)=ORJiG=sA#3z<=6#^(9_ep0+mc#?uy(s4< z)EU5ph%$NhNo$|qWf@E^qm0d~@qt>zPuM^yKv(i0l%p~ z9F`#BRz0r)2VC6Xiq+!pW*E^aGAMvhX@0N`UUBK$wC5_V@^?#Rh2)gDTQ-BH;yYuO zOq7)uLXS4F(xmud^c96sTmVc6up$Cx2Y zx!e|33Jg=D#{+lGJ$Y+}D6oI6Mw06srPE~EQtP_7V!akdW;X1#HaDiyi7V^$qL_p$ zFn_BMWL`B`_zw*R=JCg{Jx0e^nFf4! z%3-QcMFnG3kux)fy)1Q`yppr>1frnDklf*-G!HaOBBmI8kOjL@htIk@4o&@8c^u*x zR@+T9ssIaH3D0|2_EIOQ715r^0%Yfk$#3!)=8q|=(J&GuQB9p1 z?=zwrM>3K$?co*#A-G)hWfC1 zVWz{;@({E&M9AJM$tXVmxgm@voglmsfjehYUxOWfbnH*l3Q5g6nIgymIF%-9qZ1SW7eW7?n{V?sI?uiW!=MYZr8zr8p zMl3C3u^k;6!>GwZ;OXvl-b&tx;QzLu93STJ8gA{Q4|UTVpZSSPFEj}JkF#kJ@06;z z(#;Im1k#f!iSAE(XDOje0w_p(R;_u;4aLs%`1C)D6Xm>8tjHDKLT~Ae7q{-Nl|)H( zBIpZSg@R9?dJld-mkK_Fv7|J~oauzdNDr_l9 z?P~ZlG&kvBrVMpcDSph`Y;p765c2e!n2a4oIV;5a!_OOzhuF;O;GAIIcK0a@PqKQ> z1w3rP& zoBdIyUH0m1`IZmUrT!}4t(`|O zdmA^`Ytuw0Hcbw)pnwCEKCSgICG?(^Vs=dOXBkwUd zVHM58*0i4L30!z{$_evzZd_Y`}dhIidjta@8Tai=AYtUtQv3!uj&g<{;(Gq zudw)L>JO;r3X#mUDxiX$YAzUVjFmqAzW7UxBPHJka-B_v9E5jSv{yhKwK3bJ?zZnW zZ(4g54p`zl<3hr+vzlr+o*CKd)XieYdyp?a)5SGbF2(&Ia1ek9svljh-my+O%sadp zahTmU&i}#XZCKu|5D(eLqSf2Q5)Nu&sHbTbmXSn8hq`e&X%twd(7HM-hw!eEZo@DcqeklVM51lUTttfY z@5}Kos%A8ySE}uqHnJrKQGu<8gfpk&N7FQiC?o@7CS(Ydsts^FEssMtpe7Ttx|b>8 zfHW~zO!F(Id||o^MCiZ7F(&A|LC~V?Otq#yM5+_o*7kkhuiHm*K}H@Zd|6jm=25r% zkhrkwD5kZ$wlqIt=Xb53$m)JsD`dWxt5PmvOrXx2+nS;zRB?x zB%5%~X%;vhF2d_VYQ~Xv!uk^r-z|?U{?YIvLFB3Vq-JAje0;1#h z&gL6st-+SaM-hykQ@ltl8)@|HKs?D#6L0kfth@SsUB;cjW12YXdHK5lXniLRM z!wN$p_o)v(sd@ctl9#Egw?y>x-KfiuZEbm(2Iik&FY1zG$n_HJ^OZ2pTxH_hp^(fF zbL0H_I-=B|XlUZs76M=p5xs>ebND9u5>5hc;~Pq<2|4u5P)7VK%5pKN*GLnn6-D=U zw_uq4m`*1yy+?20Wx*i>}`CU8d()1vnA*4XVXS@?6zGy2<+hcALh-(swAU9{vdyW7%!9GYW$lIbqB1_@^1dQkS>rzx zmtdRrNjx)o+!noghnFoN?jwv9MD4I-yKwEnR7s=Aw@qOY)%qhZ4Z~7?r5R}m(kaAo zC6T7)3BqN1ZjWlKXSrJ{#NqL+VCO>D$rfvroBz(2Q+!zdA+xKt=+L#5BrPuaPx)oN zc`H6=tqj=AD!dapS+eao6DhdTP-HJcumli-znoIZz7}9Ye->cyfbj*-C)lXJ3b5j% zzZPIwuLan@Zyub%tNc@d0ZvnZS^`A_7mt-g6)$T|c`S7O_qw5LW^hG1Mzc!yss$w3kS+re#fodP9)D7pDM9|&vlgSL%06DEIEb&{^Ild8+iurZWnDI}UQ)e^J zH-sh$%Q&6!24|W}T^;^;F|JEY@AQ>2fGAYIuj+aB(U=HkDSC+?U=TG~_p;g-YYL6Z zJY6sY83-R=c)6dvJJ7|-q%yV(IxhK?Ce}4P4?p6f{tar!dWt(g355E3yy})ITt?Vi zh-BgPJy&_s7c~Fa=o1Y}`7@>lwaie&vW8=BzuMhML5IeYb ze_!C`rIac0rBq5+^6%r9>nX!Gctg2lW*`q z=j^-X1E9j%3x=K5|Hs!i$A`HD?Z#2!UW9ue4_k8!B zbG~2yn16R?_MLs6*?nhbDf6@&JQ;1%y?Zziz>*Ds_RVjK(TAmzS~c3WA;qhW(Z^xo z=R7vS9Ubt*;F0Q#Qdc5pJ(>{HP8DxsISsh$CoG2pi{MWbvXm1GF|R~%MJ9&>NTEeq z8L3nXw{AD7su00WPj*d=E}DRSLnVWbnD?z#D?({!e_bBrUc-=Dz#>36EQ**SLO9T_ z*x_f$2ZQa`4IA9yZ?@V@?Qf_ohVHrNM>n%3hGR(-(Iy2E2i|Rd+szO1lOfBr`U_}`mw}L60AxY3{8gtDfd3zfKFFhl*#wG;PA6CYs$hl5^3~!(eNw52Sgr%cxH-Dbk4% zcD~ALBJ?1H;O!M?&I0Yc-oR+t3DD=rr2Rg}l^u*V-6$WRd=2JUy69qG^=O(uVXi4k zQFSZeCSg^2TwrV;2qZ7|=`t6tg`o7{npveta}oa6K0M<~u}BpIwnEQAhvdngQhR&G zYOuE;n51@AMYFa$YO%p7;sdWx;IyVLgPAC-!OVhF2@=B1{N`RjN5Q$0f|s5b>n!c! zD0d^zT66-eX#v;cKwlXdsgU&eQh=+bd>gt%O59p;ec*_JW4o+qvZ)yS40}g!sk*xl zd^B|GRsR5q0_DS0R=0fWrT5~YTRK@Sn>h=xSmeefLlaGRj@BoQ23S!e(tMD}z7Txw zoUrtjGS%AvS7N)(m^6>(0*kL`NIS?oRM}YogOWKBvQ?J^PYA&uJ@10f{)m`GABg$S zEUODd;lB~H^exLOkoS<+e-v_v1Pa6pCLU3;N(aT_*hp6J9GQJ~g>8!8_=v|mzw9tA z(9$)=ad>cp=o_D9IXx>-!Q_wt0kV#Gp|Ie+c^VNf)k?bY#xL+s<=VFG^iuv=#06$(A`(5acyuA?o5ZCX`vFzRv9_o6d45(v^C-5Mg z7rei(4uO?Kar#=@gz_Z`I_4H^Xz}+HwsbeVTh7wwkh}OzY-7j~MAqr&$-}tm!bE6m ztO#;7y`rG%_O4?G1NbD|XSWnXO({HWi%Q4}@S7Lo?sR_+Sb^^@t2qRxu2XgvSvvH0 zsihjuytX<~&kTftYR0;4WDWdQdje{g}BA$@MvmGdUWQ%&v|Xr1MJ#`=@Bixx?w zP`r-0w|_}Cb}Y8unygrP{t0}jS|L>L^eviAQYaJR*E}x>mV?7Kkv>?}_6_?-Cxe!8 z>^}Lq(Go+eXyUMYu7mt56b1LSelOr@Mq#Um*&V)Tpg83AEeU}a(5G8H(B5|KwU<~< zQSqR+ujOw==oJeuWqkp)7QaHhKa5c`iz?(WYr0yX<@9*GZlEu+i>Di(G+@k%P(=IQuN+(0mH^OrTP|LxGI%5Wi^Js#zYu?kn!}ZS^>_0 z^yx@ATzJI{pTYM~`Oh;nD;MTV-JsBjsRi-wDMn|`i*ZC=n z$=skMf;NOj)41|5<42=uvV}20w+o(TkENo>FRF`ChVZDcjx{fb(t2+m!j^m#HVz?wdWBrb@dTdfn3-_(sVZ$AA_{uZB=7NcBx;pnYWIz$;IGQ*kZ`Dbats-t76DC>F2suW9)nwlXY#UoOViT$*s;V9l8}E_w-L6wYpWrpA zH#vnE;TK!nHW3IMzL2dFjo_n1Q51P=I-!kq>jL?eyo&XEiN_EbyW94~3K`m3;K{;D zR-=7Jbf%zh!uxKVmaWwsivb9eF(caqGCs1@`*n?Yp_Y7ty5sTlUE{;Dsd$oKhP^_~ zQN>_ixZF#k5QSc{g&OdcLsJ~ADW^MPTapz5?zKC7<=sqZ=^PABX2Hr6jDT%FSH8ER ztQ09AIM0J0;=C&{%+sC$Czzm0^JYKorrT21d!*XQ+nM)W{(bNTNPR4R$K5)ge;$0%=>I;WvBgAEy?`{-;5*vmnPkHCK92)aoBRbUQl5s*; zn5AOn#p5c>RP9ryf?-EvL7nz@XQ6oWsXCXok|0?ns^m`>oQ*Yq`svbb+lZ&P4Z5RJ zwMUa2@-%4{#m+1hXUtw(%+=ozVFRuZkM~f?P(!w)5*~dRz1O+F70IG}hJDG-R=%Of z4ygT2VT+B6cDuxRm#V_}7WR84?HIuO&EKpR$i|cV8u^FgZ6)wJh~Ek})cRznVK=nXhzWV`|C1BhuF&#*Iw8k)5q z_AAS`yGxp$lN4N8r0ARU!#phJKFPEx4*LRg`exCl0L;%S%gy$QOC2`i631XT2=#YP zwO^6@Z+Acy%hwO%PnVlWmMo<0_a;bt27vwCSOcuIv0w!VfHBhI6j`j7A2Xchpkri` zqAG-X>N}v95?PQlHMlpVvb>(?5@383%z=?>*>R%oO%uqFlI73g6xQ|H6rO(0KoM(- zip?#`{qnd1BbmMnFFZ5Fm=2pHF^$nrRZXlq&uJUp-bQO6YI{B-9}G49p-X!YZrZNAFUBfDvLR0L${oU-0ZMU>Y2clqC`p?V$8Ti>}OZh zXKpY!4jkKrkJI9aJZ2yt zW8^mWrAPa;>1E)7-|Fxh*;o029?l3Q_!ny}?wT7`D>w(e>aLrq&OJEtqqz^UvO( zda*-KelaPLcD=j@R48>B(CJ)`+sirVfcrV>yud+K#ySkK-E}~ls(3v3qxA}d)5T8} z`b4#2Plje{WKJDj71ugTQrbyI=wVXi)QzI2d2$X#S#ZM!FZ`WkY{dA5{6C4aDuIz) zhh1JJt|xmOSP!5JRKE;OXI`3Low?=<{#FO7+>ceT1Twi@I3vr!OMnUfafeNVLE1*A zmg^l?FjHOzJVC)eYb{8K>|S_*kJ~qZ(2yZ2G=wm< z=Ab44I}G1fz3$)0a}8x-4_rrQvkCC&2Ta4?>{o;6i~1=R-duIUeWK&zpDN%y`0dJ2 zWwoJzsU^$&1xCR_4U{aqjVbcg;Cvd|uoDu2GR5j_=L9eS&efOjGfo)(vhFp0$>&}f zgz&x8gK1l$hUOx8^F4om>TS-lg*Xi5RT8*4lxpeF&^#m&Z|tOUlrKI%lPs~&XBf7} zSeC|d=c@tPNmiW=S5euq@;Dg#ty~%*9tEdKc3iZv$~7-qS0SbR`(ZZYwb97i^75CG zblv&!>WZm~6gAWE5^@{EW{Do%0b^CjA?j_zQx;^YcQnCz$)2GH z(~$z{X({(kq-H#8v9rcc-esB%YlxcB6~VH6M@+-3Kaz#Q2U+~P++zUq0z2}ZEFd@j zB8#K9Q9Ryw;$8kj7FLgCA7oMdPuwMN{hKU^-fl@xF1t|lno9%vCGeg zC`Z#Ci$$50tnLJUte1l7%gac%14Vy^S1V_VBpa&xv!R>Gg-TGhSmylQxuaSzznFCp~6W8sJ zwvqxCe%@eMz+~znQt!}C!$cE)(u0fTR{xyG;;vKXJk2k`%SM^sGcGcCba(vOnE+dW z{~P!M3|~w{lUI836VB*Y#5N_KE0`D-by04qZ=Vl}9mTP*SCi^f3$|K!N;WY|{?^SMtKRa0oktGx-v#2T$Dd>KR* z8jY6G!E6Vj7~`12iPub^WPT0g8u1qwEz3hZyQw|QC-~UWxQb3#;4l8|0U%Uq=w%hF z%<_#Pm#gz-lxiGgF#{N8G8w8~r!MsxNo^P5FL<-3gX+3*aCiH2%gMH_;7SE8iA1tq zd_>rorQ8KvUqN+=n;OHPtrb^Fr6{d6BOFK;{3kNACXq~=Uw3oXi402=3~x|;VSk`X z!oT(3gfmQOyZMD{W8T!t&Jb;o)KGwkeVj>=><)hovR@|c6G|Qm7%jv2DNhCok7yz4 zhy|cE{X|<(sp5EAYW(pWcArW3zU!u$a%d*WuH&H}GJ5H|qJhtG5nv9EDg~UJ(bU!6V43JXjfSn7tr1 zcawFQ6#9Y!l_BOE1g5fiwgn8{g6%OGbr$V(d3k+Ap@p+^K}?tRLX)bonPxqr7VZZ1(_%=j1k^)JT7s@Y-DY23YJ7OE}tCpxzfP)Is zyUz`l0f7lA3WM;MxWbBMkWGO`!s#8DbJB6r0aun{OdQEl-XUtzkQ3ZtPJkx(q|p)w zauqG6fyKni+oZ^YGpFGbIye5NCh@0>G41p^;;Za(I9W6dGseJ=r>{Rd>4n(bfaXKL z6-`GvGas3o@sB+p!prV0^2g#wn1&ExK8x0e!>hUBL|mr{T_W;^EL~72^nRV`mHyPO zK<3VuP`xV>n5xT*bxDnNnbehFv_yLuitO7!o1TuBA~j-%%)AAwNUN}qmIz`y!vjiEde|* zhg6MC-d4#zcuUY!FeEpA=p8W`-w^W;2N0zX4CenY1{1Wsa|&q9Uz}2U_eb0<|G?dU zW<9?l_TRYs$^9*skG1A4UPzS-c_0vbvI{CkPSU?)9_zqhhI$P6MV4I_o>QoD%@5f5 zEbf%1PfF~j)_OQ~hgJnU*u3NcQnwycpU`~LZtGmgs7mpwIB9}E=qPFyE3-}?kOVNx`bcb*gA0w{b0%3E7dkTH8%e7zO*}&;TBiv%kUPO zZJ!=negzG!+un_aZVxO@4FD+dF!>A4&;?dZ+H=m+sW?Q&lVXjhuHdf=ofw^43%$%! zuiXlJ!p5|OCGn&Dbo#8EU`-l0xY(yGcPp*Bnl1(vjkwOk!&^^$!7mwO%kbx?``dsb zGS3T-Z?7+}_ZUL?qJk|?JWN(&7iNq;)}>b+Qn#QUq;4hGq6&Me7e;0mMVV{2AmTa| zs^cJVz}K{#;GUL)t5W#65NAuJ3fjVt;C};QTbslq!@e@bPMHQmY17PQ05tlHqrD$# zuUJ5j7Xy6OJ&Vp_pV(G6I))nBmtKYix)C=%_DOGSWRy3=9M6jVJ!1F758CwW6a zfGRQ;>hay#dq*91u9~V^{#Vh-OH~K_G>KtB(t6nuLEpeY89b>@2PgmMief&j2y=~z zq;=OYt~Ha-EV%w;tnKsZ6G`+rmmveufkWjpWQn^%2|u2ts93$!Wkjbskw_eIsr1WL z5+=;zo@|J73*Lg&_I1zVNsct_NjQfL@{ z!B4yS3h!FT0v-2Seiwv8-esWEI%{`LLQM*SXhLX3?>xQ0JS8_NDQM$#aF%pDv~#Md z?sNC^5Z?QgNH!rE*D1oLlZ%g*Ak3s~2o30@w7XBUqe$7P6Yo-e@czIy!@G$n3gv;6 zs52H=wXw47^@!&JfxXv&Q7>0w3zmZ#_4Mi^t5)+9)St3yD?SkO>7S7*>04RsUv(nN zg8%^IC~8{U5#1V$@jb^Dw$Er5Kq z3=@v^T5&o;iBp-*tAt(jiX#-E6%t(2$K969w#Rtimd>IjQp?W4^zE7FX%OP`9Eh$@ zxish6A|SnH1Y_37Xq*UayI`U(xS%el%uiwb*Hq>| zGUr<%SF5*9zm-?RHi|z6AdNvfC5|nnFjycvt2y^c$1OApp7ARtxj|IQq9T1mL4mZqh2|esa+0pCPntux@SH_ZI5e=is}&fA@(yYR zVfPq$YCdmBZ0O&FQ8SUZ*9Nw%T+Jr_%ELEN;h(@|^jy3C2K+;?|c>yw5~jKg(|`MMfm`d3q|gI;kU9&~nt zm2jxxBKDvfY9aXF=NQ`TAy9@TF2eDGqp4@Ps3J?7`x@AC9Th4r5girWzb{CAYVp>j zX0t_?6Hr<83=Wo#|QdUFDUIbz3@}!fpmfG=$BvhSo_^;{tL1Y_wzQQ{Z&Y??S}I~&Z`S9(0*u|4pl zhxpjld9bkjs*-&pSe#KEK?3wXa_%V#9cv&$YjkBfmT+s!RtZ0@M0f@)7f5Ud+vJ<@ zaMbydXCKnr0b$$tx zL!O#>JUOf??L&FfTas$|EH|++emqq!m|%!s1_Dx)bYf7n8_oblL^_z^eBo3fB9*W* zS`oWKtl))H|du}Ywo1o90W6`UXkYEw3YSmk!t=MV*VjgRsM)n`TiTJQYFg4KYP4L{}riL1%YSY^CLgOlZa;YbiM#Z^f8T!KvO7aHuzZacWzuO+&P zqvUIYo`sg~l@t*95@ftH?{@Hb*;ec_&F*Me^)DvBEus0pb$gV0i@qBk+>>9i0kp63rLmtH*uMc003|x2^2?y zk+h$dqV*Z}gHDVLQ@8KuWDW`v#AtpOGvERDl+{6b%g7xcLhUuV4e6zyg22igs)gCI z&``@6A$%e##TeY&XgqOc!won~SYLUJd*aP3zpNJ*^W{C$kRY14qodbX+L#Y2FT7_L zkyyDjL4v&@hG8U5_+e~EAR4S_cl%{eLvmnd*qL*vh0oaeyH6+yodoT-SoZdGPTKIC zq2|id6UoQDDudkUWm6G728<2X$&|s&*rm}KUZ|+=@X;}VT$8rL0s@Ns=OG{{_{A+e zKa8FATl7lu0ua)e+J@(SZ;imt)W0~7DwvT)PFvLMf)p_z@T|?=SHykVpx3XY$#nv4 zptex(lA?IVQ^);52_pC7aAO4c_a#!yfYP({j$YRrCrVs~xvGs*Uo?!_dv@x|c|_c- zvd#8O%w^MI4NiCfULKp`!zOQ&BRHd^KvNHKme!SX>AQ6)lyl8zl&xSBNRd`-{eBoT z9v%hMSC>v&x?Oy6R4vcnJhQmd+2D0En?M{YS~drzK<1ED6c)T8_>m8P$ibAUED%p-pJwd<1Wp=jgFbHq=ax?VPP`HmbJH^bbEyA@_Ubz}D~ zrec3%IDXPrEUW3wB>pVVm0vHxu6&=nxsn*_N;~sZI0M;!*YTnrzIKuOy;^?dCM1dM zH&dY2Kz^C&nY^0h22xSQxP$h(vIOhEJ4a%G23sQmh8W?df8aje?GGpp5Zy3!bCl?N zeVh%hu6(aUK@s~5dyP7(6@6|%hglD5FB@KvMxJa zdzf&tI#7{LXs6`N*b`q8)SgW7tI+Rt#{GJqJkS_!2lEMUR4Eu)a@U1Y?ApM~&e=n4 zB}+uwXA^P@Z4oZ}*)_hVjrO}$;q%$VMEA2IgYs9)Ilv?u8w7$yJlnSbX0lM3G?>ci z5HhHqcj$&gIxnE1Z?SpSeSio0d?f<$pvOQ;cfd2y34!m-Q#lqptzyuz#_s@=HhugM~ z47f$wWjf-;f`caIgZ0~fmK~MleU;Tvp1Ho6xp}cA+5mBbK0pazy^`f zttBq=2!Fs1mXkOR3j@ipWi!CB;0VEkHU6`n4zD}lg!YO5UPrWsOx#xF&>`bTnRg0{ zn5P@$YoRK)B8ureJ-<$D1x=i-%GI-Gv(Ejlbo$JE?7ab2nIVwKI1WGhROPi1FbiAa z1=qM+y;l0|c`s)Bz@Y-7#CJ3}J)BwkH{+oB*`XEdJ52i5A3 zrM{jD$Zve>I`RYtGM%g`u0?2=B!|^WvrazFR$JX~zs;&Q*Q3l>hK(RJS-!5u` ztj-UZ4~B=6a0JY9S@ouG*bM^x7_ON+xG(i64^GEMkFCfD z>a5H-jJ-XiXTCny;gZ!&1}dn^TI!JDZs-R;M+ke9h9XVyYR z-LG7c(lM4p7KfbY(9@rk+aC91Vy*rWQP;vM67Yu}AB?PAnt>ggKyHW?)sg&vDq37@@nt@7Pm<0Za;Hc0@dSqIa)?$Zxar^1^rb`4ml!_u4YqD8b_Q>@oG0%RbO~^0w*DwZU?hc@ zXNZo|s=Ayn0$*!T(bFMlmN|zMpA|`W1QqB#X<wF zA>Cq2ra5E_$zS*Il`{D&Jd8_|?e~;lc@dtB8zVa=2karuP~DEc>fG545V(b_10_Z1 zdrkroI+{W}Y9m)b6Xr9U^(}(*CC^4l8O{PDnVbnf(_TMvVL^zlyueOq#aEqn z+50;uoWb_HCrt=h)I{Cl6_l0Y+`+}I07AQx31VGABJKF1BDdf1yYX1}*#io0=FuK4 zRHanuV$vJ%8&yc0#c!|1%6qJ9UFH)7Ozdy-7D0m!Vhm;+ur=(PUp-iGx;o0x3Z0G^ z7i<0+kh@y4D>QC1Sl}fn{0UjtG#2;+nO2R@Za-Pq)w$NxewUXLWV$_>IgGQyvT%Yw zwIey(f92Thkv?|hj);ob*g(XziGR-m?^`{x0IN7vzR%mN1fk}XLhzI(X4 z5iH4z<}A*8cjU-1-99bc^H(e`uQLJKG@Q+DM6;^KSQ%9UzA{6YWo#ruzWr9!MG2{t z^2z<6{dns$(;FQ>T5-;A+vS?%_c}Rv2X}5M!@r9Ic_sYbel!h}gz6}_?ubS9K@Pj! zhP0Ys?iwN)c*Hzhz1(faDn;7;-t%H;B%elT2d>jT#;H-9cQ?{AZws8cp4*-%e#jeM z$OFJk`{OfafwkC=qD4jURzqkzoU6Om&u zF`TnnT#yqa&e&K$SS2xTzNlFkLpdd5V9}Ftiwjgq6-`&;B%eBI@Il06SF8mDtQkX_ z?+Rm+!XUUMx~X(!(?u2mu5<+_^a1JpzDXrv=nUL&49J~ifLDU$ehT@{`E6}Uf*-?B z7TmbUzYB4a+Cbok%@?@)`QdGy4uMtJX`v&t80k)69zeO&IyiI|WTGI6Ba-&q)~7Yp zh*z!1qjbhS+|QjMfdlBwGZqa;+=SVUWl0P6@^ehg`QuW^|)#~whcF zCK)uB1MA`rvv~GgRxkeQ4_aq_d(xv3pEOy8^Mg+mDdQRV$MbJ-`C=shT%K+E8@-f< zs|FAwn=gZdZ1BHSk#iDpxgzZRP+Op!;-EuEPfin3-H3ETlKT2PFX6QzN)NvtNd}wd z^jA1#sG{AdY|)_1?09-a-hN|>x&NJedKEsA0PdCnK9_pyP7K1j^9W@kPPGppyhJ*a zy+?i=VEC7D0fangv)Jnc3|rRSFUBh0V^;V#{?80>@C z;+z)UM#IeG7BKcWYm4?nL5XDJ+eE#i1H|J3HthDvoM1!NVu%AWiD?gf^ZIxdXG6iz zRN5F4@5X?OH8hnT8GqEf@8&c}?KjIwebO=qn?E%K4Y3)TXOq$_NVf_UUu zp8ee~DZDQn0^heN>E-_yn*6($1^KM{M}Wii-vEdGTn_$$@anAv#QP|}Z~u6(Z2ve| z{_}0o3-Xy8w#|D+*MY z3|f#0b=e3CjiQIZ$bmV#2T=l5S=5#j9)I-4<2t|>q#8W0bO=PoRf!-8?bJ^D;;rSe zl*H}HvF9h!-V*_tCsU_0bb`j}9}I*n9+KXH_%K>K!J_)mZL911Oo^u`rR7WCLAKOE zssg!uZpj!KvDUHMTQ20A)i1AqrU#0P&?|c}Q#Qu13YZZAz$*+w!Zpcs;t3g#B&ExS zSa+P+J6skLPRY`PjwSl(Q`hDXzl^>8106V&_1mVo)>kSn=`O_fyF{}B*YSrxN#jE% zh~WN&8%*eHVX~B}a3#Z&8Rmx)bxr}`>|;+Cg{vb_GtX)-zS8X!`%_oLF-*N*vv(lLG4Hv@dkxS1+Ckc z&bcB2uq;jMb-8g#uxx7M9^zLD2~n9fnMcMh|rMYU6X*^gdVls5-* zSnVD?Q|2a!DMM%>Xa343Jn))K&OdXU)>e3&608-1lQBsb>Vlok(d4P;{JObbcpu_M z$4y*)v9H7AV0YyZRy1{5zv}2f39V3Skf>?Xd>$A!x67oW$k#PaSCL9o@oC^>3tZU} zQ5Ut>&7aBix3OSEi^JKn+Y9E+uV8D}A7FKN-V^tQ`}*3OaI2UiJ`!xiRzSs~y|W>8 z#+<+FF}vn60}QDWmIfVy=dVKI)Bz%x2VEwEt#YNAY$9XK{bTOZ7NEhuDc=s)bY>8Trvn6;^=*kUAWf(;grQm3k_fx8x{mR%ksu>g7Bu;!i7Puya zIk>QezT8Oe^fCa}WWxiBwJwy=yNb{Zl~?W^+eSMjkU_Og@TJ&%g5=9qEoHK%WWx9% zxELkA$o=r}FpG}gY}6-1Pke3H(8lc0y=++HjyqAJp^BLnPhWOo?}Q|-=TBIZO(DD( ze{3Yah$RxQjz2h>L^JKt)}@Lfr%j`MqVph0??pW{%)(*b?A*oe>*r1G*`$N}>6)|mJiTQsZ>XdL4AVlN=Wj!#Z5E!&sabTV1=R^u0~ z!zeht9_sDx5zsc)1PXN#xVdNw>l$uYR=t*i^CKh~ga_mMGPIl)4Y1(%)zmIEfTNT| zBlr9TSMwK^&#-hsCol7<37LJGT_`1k5MmyCNyq zcvM?DnlxJ<6sA6h}3ov#hN`pFpiB85S4HEtF(hp8^*uFni<`I!f>SF5Y2AnR2(*&E-^>x2fx1Hr#fhghfeqBrLlE;t|!KbNF|aOZneDf5JUp*Ij0IxnoT)1S^*J1xhZo`FVD7OH224WI_J&qKOCqvKKSOp zJ#H>|W98uQ+Rotr;+ystD1eu@WAMBDd-Xuh9y>pd!Z80_J>J;ASI;`){U|*6geLG} zWwOi|RMe`f2yq|zgSowR%?MyCgQFo;95XHj+DiuK)`9aBJjL>P9!N8cVE6I$ zqHRYTG1wQO12Re z?eXp(6JMF@Dfb6s=ZH4u?=WY<=uhs{;D6qjhhw+7Z0h9D?yd&9l3fjES{-sVV?be; zA~*V#Q|zl$5szZ{sZ*6@KD@H<;^o5U zJ7lw#o)01*_3C(Q6lKyOB$|T`Co=rB9^i})9JR*LWGWjHIUtp?3N|nbyyw-W4yIyP zY|mHXXNvCgducO$?533XJQyr|qj{}a7e>Y|JMc!#{;v|h{eR#L)Kd#%M@Z9%rRPps zHEEEUwy*nnkTB9Xs=!iLZ#(bO2>`KfinYbx_4b?OtlMW7F@BcxU%at|kbo=0&kR1a zHM{55Y16HL={kdG&FSV3@ZVCurTIk2zB#R#P5&xY0}G8dgqwL(y1R;(L=0^l)vYYa zr)0@7p(;RRF~(aVoyyiOwdZEJoEm~B)hxvE`LmxQ6boFOEmx@Ct6V;Zqtd*JSad7q zxLUU%wZ#miUOQ?do=Do~v(kILaVg}c5T4xvLn2eBVx)$rzKPEcmbQ1UvB|$G;R3v8 zk2ddrVSp5&m;1{M-SYF(#Y~j`XfYM{vb$v8vh|i-imXA_fhMHyRJ+$5u_qJo3fE!F zt0cT=a9Si4{J~xy7~FZ0Jai$r9y{mtvp+J_IKFV$VT}_>iuPcY%4sYf>{7{*kjZ2I zp)|zrPi@w`Kpl4sc zMBW*k3=<2}D=VR1Pnz+h4z zC$0U>IiJLv68lY?jpD&KPDajV zeujaJgA|%f^y6YeM&9=e+ssroT1Gn+T)cA$Z5Z^QFjeydQ#t+{!wadt=Yehi-;(Lv zWoUqBK!6YVH>LufK6brhYVE%;RY>)3OjUWyE$;RoK(m4WxoSGIjHP7}mN1Q5NXBH+ zyJoU9b){WGKlSr+r=bXzfE*;H@Z$GnawTko5wBH@&;(Ye2uE*Vvsm+trNAeKnCev; z+)!C%vSbD-btlnA1<59tS z0OkmWJm$_!yn=e=hM#wZi^$7**N4RznU*BBO6CB;vw-wSDf8DOn~DrCODk<05!23b zK!tnUCpkg_Xqtk`g3D|=d7d?-ltz794ns0aOETRPONLc8qB>DXO*!}NS#Z@ee69_5 zdV7a!8Tk}`**zZ>naI}+(mk7y;h{ynzj9c)3hrv|E%)uvAJb`P)QxklEkx zLAC$sSugS4v)+(xXIK0LHGfrr)!^v|O|PddNnX!Fde+8}8e#lTIFaL>tsiU5wrkjP zuV1=wr{(N@Q7uLTFYx6X^P7k(S##{|xzP;l-?ejj)9w#Jgz<;N)BV@sMO@w--fZ)& zkK+3%CF{`tuZ`osZ{<}Udp>L|{AUm$;_|nRA(8*n#?cG_5cs1ne+)p2;;k>P&$o@! zl21LbCaSYJoQW{|ExgqEdFH+EbNc;)1_*y!(s%h!i$Bjr4jQNEO6w=K<1c6a@-B{Rs8Qa-1STJCJh$&ugIH z6KdTLiYEwu3tKH3U161fFQzn#Z2D!Kh7I?w7~2*!fYX~!@A4nTOlD0#6g&N=V$PVD z7a|{urFecQ#``~t(Z4GOzbeKEI2#nvAHpHKv6KP>_lOAfiy>m87XG0N?{wTc2inVJfNfTkD6Hh|P?@K5N4y%%48%^T#M= z|LZ8|FA+#-|J!Hv-8W5^a;YzrZ)V27$8W~l-yath^mBzG5QBDq*PLh?=1+AQFCTNt z|7*^v56$1^G*tbVQ}}PBG1t1%b14s2LzhjIy-{Ym> z-g9Ln?8$K)_xx(2$Nq8wHuG_=aC+0^4_o7{DejwtJ^kxDs$pJyMt$2F{J$LkTEiGY zSb!2BfDifi_6JIPqI$RI>+L`7`HcFvJvx@}_5j)cUwe-10u0^_dPdRLWYz2f&th($ z3)>-2qbm-!p%vQFbt9uKe^3;V=AkaK)znF66;Ij74Bw*b+LfJVP;mh@OC4Qy#}Z`A zhJNXQ-HyGK(dyURNzvj>zoqyUFisgU6gm?kwOYI%)PK;~5(NhBZtxtHp2fY@RLDoi zpMXaS#g`k#l&?+4SD|Lu_jQ-dv)k(+28!vv3VEe1ngf|8Djz-aw4lPv*zM7ovvNR? zw%1{6z0rnI$Z`-chLS+lJ`$HW4d*jm7FaTIC1WGc2d?4a3LALU2AL&Ggu{Bz zQf}|lje5mxKHnr*7V4&L$X6V7i}-9%4TvP^nQdo_w!!c~)j>2UK4h=1nRZX^Ucp)Pm%Rs(uH; z^~q4KwzNDeKDVIh>nY_O0u_Cjj=jf5b@K_!0gnK?55^pulGz!JQS-DmjHVg_{kr4O zJ<`K2>mVEYM9|%A{5?AA4T1_!osXqpCWQ8g`P_8P?A!(b>dS?ZV)c4J8xnx>RsA=K$E3VL_8JxzQO zL85i>ZiyAuwji77&N!g^#+fkvTgE0r@nIcDsfZ~>Vq}mCiiN3`D8-0b`bA}Z>9G6W z<*yDn(XS!4rK(z^vQ7KxL$(Nf^u9=;Dc!j&2C^B}wvaAgKHpF(iMh1Rz+=$?*kcv% z*QbBw8IOskm2nCmdkvzPJ<^v+M;rU_A{*8%`|q2(Ou2xyMzqL$Oef>0 zY_HhJI8cf`?zXd2U@<^^egiZE^h<>6I?Mcwlk3f*{}~mM2U903pnd|S5Wk$=czS_l za0Vhs)Io(F`{1?gfm`wUA_Z|2YXnRPBac5}bSHITC*~-GkDh)N$J1!e4da0kSNAtK zbd4K&lv2&FfFs?}2iK$XD=Di|LZ+@A3U| z&tI6n@ivOq+rD_0e{T)|nJ1bLj^h94=8#1HdvoaSd~g)$|8Nxg``-ACr*`kpw7HRt z_ifslJ$Wh!+mY{GW4TsX0Kd0s-sL}YIXuyQ%!T>Sx#TGSo=fPhKHOXRQG+EgjE_ss zwHK&w`4|-}u>OvEtLeFXWuw zN4)5Q{X-7;6YaZ&Rqp?^P?GnEM#K|Gq@V;@$V`F`y7i@86D zm*GpX7CO2bBc7}K{R3BS;r-+(e1RXMXy_O}qXa*D7FOt#qkWbs+`!KXS?kE`w-+Xe zXghp2<|S}puBBa52Y2Z!h9^?=Z%`lIZ3;{0Gp<)9X^Mkwb;K_<_V0UV(q8sdvwvy2 zEO(%i44=Er)fPQ%NG2i_s+r%JY9^<(5 ziQ=UCS+dZx^5ZJw<$BhP&aa&mIrxKqkI)KxYcd|ABT6o|)7@897o?PYnqPt^fzDT~ zajSJi?d$rIh)<~nZLrWY#3%a?UqYj`G&iZT>Zub5U0y0ug(YR*QFyL{pv1NPSlWt@ z+OA6|jpkOEwQt`$pDmwlsqfa*1Qn<13t=`#n(8~HW0 zck9(OYNZ$&JVcZpAt0jpk7c=Eyk@R7lDsjLht}+Ia8$uRF zc5k?!zO*aA-~5hT@>nv3@)FrM+_d@YNYA?B$YfL_0{vvDfQ65-9a%u>Q_k!gx?ZI; z+blWM>ZdTCg|}2gvz0q7arWWrH2gK25T&?Cmu<9QKyIpx;px z|7wwAuI6qO5xkEj_dsW2UgXU%fmK$n!l3!!Rv4n99ts`VLaI)fI0PDtcQfVLY>0~n zausdwj_j^sU%FaQS~fa!Mw&by+huyNH`{PP0*|XV0-~0o@Pl@&Osrpxw&k7MKkFr% z57!fR9Dgnn9J`455XaoF^C=LCDJRe4kmXL_c|5(4vZK9Z>ZL z+x3+N*#OD|#@!O`|HfT4x2u(f3Mfppgzz7>cyZjX;AhFf`4VL96R6=6Tb##NYe@G% z){ZroMS`sNvQJp^1@*SO_Ah#rQHSZH!`J{+W7p(H!6yEPwp8f#cKhb9i@8|BINH7V zPR?pfK79G81kDlo+>A$2;YUds(=1J2T&WrKkflYZ8h_#Z)J9SiM{eOV=+y2wL)~&) zd@e-z{-?Io+_JjJ0+T0--2=k54$sv$ZYdxQ_f@7TU%FV~80A%za~SjDyo#!s9o1BKLYaN7GcW?A1%p zB^iW@vWH%Ft2B?-P{|4L|DD%C^3WGaK@W7HgFHzo!4qT6@<*7-d*4$4_t>N{aTS!8hO|hAP2; z%AD08H`!hLVV}4k;+fmw2h33vgwE-4GX=ytY$wJ~XwHP5F!=|T=UFqz<-WJ&?B%_z zWZ$A*;Tp~cUToV4T*dkuc@6jX-<){!oOtuo zDe*m-7iGAJ?GwU;>JPgxOb+}hrvjC%+M)3WlP9!R{6rm`x|Tf&v6&1+cnjG9BT4BH z*}DQ^O$fj@@RiP)t?`9RE2i&q=lpC=0~?SY#Hpk!c?s*@KPnM8_!&c4lvUuzK2^lm zA`kJM(HDJmp5*9YNjc`JfB*P{;tRr|V%?lJ;fb%1v2LHbTba)0p?1{1UuCUZ@VE5| zJLKf6@1Ko5#Bw)Q%+jxoNI@~`M|`!w^1knT2NR+`w%;O?Lmr}{s>dB^tM##!%e)-& z$H?uk3fH0fx3L9@#nGBNf1MgZdMjc*=*Sc#k9vp}vNt?}5Sd)x)yYA5q}#i+snJY3 zX~Sl2Xm?7MQXxdohnLRKv?LTVFob9$`v)H%lVJVM?zFF9yZXBdv{lV786B458 zs`QcO66ZCfG}qx`mW`@&y%-7l>uaDjH~Rj1zVYFv!o=(*@+K~=Vr{{X-6nNg=D=?` zZ-J|*oc$cpf`v#ziXukq(g=Fq))CbFh{!a@?9kZt@|+iw%_;LH8a1bMhrTapbl1sH z-db@^m~1?f(EWAeQ{x;3m7j6`tR!TF%I89b0q#*0SBj6>C#p zzqAlpQW=gTzWW7#$Ac?Z^VLu<+F&w6k9FCnhK3ZijHIvI{jUZjrY6j!ytHr`8HS*p ztOK;u`GcLpu*jR$?dgMWT1my)IPZ{5TBaddmRpgNz z10qil_frD*rC+&;TMPb<#$vT^4B2j*bl{t9yN7bv&p3&=`C$%*D?YD3Uro%r<;Z+D zGzKjci*+$Q49nn`cTKfDoACWd>ovW$zMnOHNKZ?=n#QXtMi)9OWc_zXN2qW7;5k7b z*?&qwjhu;lJnAQIStB-HR>mmGXy76X;n#g*rKeY}CS~_R6{&PfeYhU8J>%D`i}18) zbENa5l}=}RQYKfEht#^B`!}I!Nf)@tYlDMDL(KLF_`JTl$-8?-W}1gp%ZkFO#>q}= zHBX<>H-E;qy-58+g<4tbAS~|5Si*qyeeTP-rE8_YO!peaAOXStq?O4q>(CQ*qlP27 zDY^5fI1JPIwwyY6vZ6Jn3>i4BeB)`yUAMT!jJ#ar6VEl3(wgpYFd$52Q@oGYpI=)k zuFB6Qri>eQJw!y(TWk3d{NAJI>38-Tvz+~A-7(%ZN7=qaw-9LkMD~=uO&%d6i<$Ru z{Y{{4$(e+M^1Wz>s(QYcygzF{rpM$`cg1(Dy=fAy{>5#u^r_yBGx?+#Pw_#pPn7Q| zVT=Te1mj1>l3SeL{R>V6%o@DHEWL(Qa2-Pkr1KE*%w6+ZzDL*ZxN>C?^b?vwCd%m6 zVxjlq*FDfEbw9}680S;?O|P55L!)q>-bAcaE;?a%U~H(nM|IASORZ+V_>}c&?lCj< z&5Y>gY&_a|8HL?s6pI%%17zZ)x|yt#knX19ZzS_Uif<~iX>0Dj4=zvTpp+p3ovwog z7v9z{6Sim`{k>>ve*+iIA;49^UYyx+;cZrK!!|4K|8-sMZ&#ZY!Fzz~h7koOO{G!l zV1z#oofvr4eo&adW$zN%XXit8W}BGwa9+0Q!2+i6z**nEABmmF@7~9q7=~*WKTYX| z`-a9P@!vcl1;Wu~n@^Uo;{Hv`FhzWO*!iNv`;toF<;)EU7=2Fp>b#T*I3EM zIrNK_8oTdP!btyPeLm@tG0P5tpPz5{=M*thkHs9Bz~^iItriagmZ%I(Ilg=fE`GG~ z>wGXH2O2ot+}?dkK*aD7xYZk5@f&mlC;DEZwB^0 z)N%PnN=z+FjPlSuUiyU{|fI;juSy6K_qi){tk%YFD|9 zIBDZfU6x+aN!C;QH3q|)jG(UYl}<@^<^tW_gH2o$WCL4o=7=;Fo6x?7oD7dPn)ysu7ZS?vD!Xfr~n+OS%o0 z4P)bt_lCo7iFIjCI)Wo| zNdk>hGmPv|L~V{NyAMO6ukdfR$d|~uD3l&MzpWbMP%GZ~=vkV;%WjPtIsf4>v)aqF@ZfS3FEoM?rSmP!UN?v6@Aq_2M4?^*BF%mhg+Iz>@ zScpA?q_Z*z9fe> zizo5Fq_m`oamnLKpg$MggImu%Tj z)Dn7G6e$$Fd=|oUwJc2)SEFK44(F0+w}QSp24OsV?r3iooP|sHwfS48fzZpC#1>L| z7Y+_+tbu!wkO@}!jomh%53lG9F3h-x*nU~5(1qf2n&#_DbiY$C=79)4KyNN4bKMO8 z>NN}lX_pA2Bi-q;Lw@SodkP{ciAZ9K6h=|y zTl9iiKm7Di!p!;SIUNcV9J;L1=kceNIPul@_NZRnE%#Iw>&y*QEzbnkrvpH3IEPkQ zuvPBx?^VuV6I|tbc7TdM&`YKruq^~uJg{B28KMD{AC{o8|JP;)n^!i&^#l_%{uWi< zE|2|p+wHMDm`yI4rChe%*>+^O+QHU(Zw?1B^mfs{JSXm?!_)SZZE6HQ`bm^&lR zDCr0-5xt(y!hSh~_1XQ)Qsfq~9?2pSz5(Zp@jS2ibIN{18ZA4^8o_D|zVq}AmUb7f zbsaXRIHZD;vXTqcJ+af1*TZG#T-%oEq1c(NNq`DCjz{iV@JY1DIBhSOURC^ zUXc9I5EA4)T&=*=WCWs@-6Z->ax`juP{(=bO*shmivvC{)VY*mh#O0{9e-x>JH3e& zrKPfH+_ZI-V%`1bx2zYxP3@v3&=dL&CmcV_oItyNTLbL(jgdh(c26d7$?jEQ zs_QKaSYwd~ythJKsV71B?SU<CTm?vV>Mr6x=@rX~xIDf(a0eZiyF?wcVp ze4pESSK3J=>bo$XX1$T7HI-vE)U(jM9e=K#zujVq`tF^b6JAji|AS>0){v0yU4sTI za&F;da6nvM2oNX``oMO5Dk1DZ1z}U^+DW`I?bTGu2dC1ru7d7S#A)F;6%#4s^z^Lf zl6_=&N*qW&6oUB2zQ*pda+Gfm7Sa0F$VB&&IZru7E%HoECK-p_!>G8a{5^z)V$4fV z>Qi`|rAh-)Kj_J_E>MJb{OWK%eDr00)9;cn(`+cXTT-yeJ^A=Y&j&J;cFCKX1=^x{ zcVaXiwq5v)Ip8=B2y4rfJ$*1UZbI{_$v{s$({hsj6U4RFL9ZMX@-^lo+A$JQ;DympGBMIdpF| z-@7k<%+0?Lj9C#$`xs0yvn-~YDMBb-GgA^($TIOsZWt|Q!d)ImoX#@t9j!ASa~@O=Z@8u>}0;~qb$J{G6=^K4=YmeN3H zQif7d8Kq&4aKpE0UVLezq#;>aRgp_&2-u)6M0q1XfNKG;cHI{smQW$k7ba#lS97LX*dS^-l*k@GZfC?7KJC%1o` zqcSdkA7!~~Sz!Bv1PetjNMR130B3!egw3z|Yx8TFV&9Y=xEQk3CGux|P>Mu=b1?*Z z2R0DS{|>~I9vH~78rk`!nGkH2a{bQ%80@#LvZRL?p)6u<8+mse@6J|DmMkc1l6Xv1 zD2Tt=1(}OQ!^ISaVRBri|qRYE8k^s{4mp0f1UxI*?#n0I0TX2%mlow(&1 zY$feYB952l1aeEfj|4dcoC$1yIn#Hj3D|4-wVkMG^i{9e-9WE_O_p+LqSIjtlF!_9 z=pGkz=_}A3OJls^^(Pv~l^SD3RGlun&tmw*b)|$!c^vM~EGnN2X(e@hxL1LHU+8c5X zc+a9x+`c^aJ7PR>?BypctjoQT8MqE=@J$*Cj(x^uVD?e{+dgJWV7Ai%WH(?hOtMH2 zRv_UM zq_UL72C3qpXZrQ-2NTPok4b!P(H&2JFHptj7n-0Tu8fjM{H8|Pgj(DF_IoeOEJ~TI z;|-KlZLC;MqT6r7TYDdIA^lvUp%q!2dlG(YsDQu}O0K}I{~o_>+lzeDUBfQn=94vZ zBf9Bxe3JN38)BZpxO=)^t)tq%7$4k`M-)SCJEwq135*}4yl&=Fxv6{ul0!bZI%2k}&M`R0cJPG?{$16tF>H9P2b6QB0WM;0!L$3bG`TH@O zx@_LqUu|r9ltJC%H<2OF0m;C2T{nm~)DouK?0@~*96Y#%MFHj^KsWVLf#;8EY)P9% z66SekS2K*BOy^wIEt>Q%0#=9?=SKn6NWwaQ+JY4F?Ml*4&uF(m&5|9(nMu(Kp7#~3BXlRzgj33(8XK>P+g1#Mso9$j+} z;3w4XhrlASa~l{%i{QFltp)A7z}2!=x$ms`Jdqj!ls0nG0^4Kv&wzqEj~szTWE*8$ zmJROtD@&$s!!L3ISgs(p-aUAKC;xU2rl8g}1rI6qEf@hG@M(+r;{!CGZU8T_0ox!@ zudxhgQmn8nXJJp#<6g74gNM6(>h9DfGgR>feERY64+9HmL99xC zcqgM1FJME!xHbe~U1M-jPPI2weSWQ3j^vG zatZ*9S=xQH*=Zg+t3K}D#^x5_p*p%#QM;Chvf06kT$~o{=tX6#iTxS`TN*-uCy&EF z!LqKvjsY)eVP+EkP}#)Td&dTER;7biduSY||MFD#{(}kos5T-A>x9wCh7u49V+3A4 zGpP#7LvZbvydI!DU4T65t;2uhDGWk_$Ji0Z_}VWkEV`~37kmR5H)_iBA~5s3OuFB? zBrqOh_2lb%c+=D;lug_wXgBpxly8LVZIE%%ED}Tuumafrnu4;E10ZAkcmFWx7T}X| zO&SnLAFXloo8h(r16%59Rq=s_w|f6E!Rat6#0XFXY=3#E8q^ua_}aUfmIPOfaZLcm ztP-|*^@zb4C}k%O9kCnvXsLVx9V< z!_#LC)CaHlANrU8`mnc(|Iz0I7Y4i;{20dgTKu#$xng`73ovFOGV$%QIJzHC8IK~F zT>sN+$6_s|xDIB1qY76ce62PyPu8+?D;~J{f+XJd#=7HjmzY zuX=DM!k>yyy4FNg2f_3%@=*%P>7VyNQmtGM)Bv$weTDbY=kym)9^9UP$Wsi+L)wb+ zN1oSV*zg#;!WjR$X3*j*#u`f?V`JU;<%C5=lFN1lJ=TWsmA%JW5i4UWbUIr$y4cE2 z4rWKZfgodEpdtxpa=F2<&aPpNUSW-vfLQPE-IC^iVAo5Fv7PEhE=!{NJ3_LX?7?WK zC+hjelB*?>-%J{a<;n@K`Z@CwrVjc))HwsxL2l`TKze{)a^n%;ExztB#=F-TpItHj z=?gICwuyF?KO3}XqE?aSkYb4<`w-oE*Rci5809CANsOp3U%IT;rdJd-VT80V*>@0> zUjhl9$9lj(kN*p51w3r^$B90IPQ>EO9*WTymS&dDOMx0k+k;6XGU{*ALt{sea{4ss zu5+>I?LfX*5KLDR-o9xTh~N^aI4pnbWTgu1Yj;~B|LCN;iwuvlCyes71kXzKit<+) zkTMqUuzFKhc=Gl;oRs~i#x|V6R&Se>MV|4_h4>gSMvc6Xu(i|C7~7M-n}#;Kf7br@uDA|u?pkaQ)5-BITy!dst65Y6iq zyeK`V1PX*L_YZ+G0D-1k)cy#>2_)Qb@(AyLa?ZHo`~q|&mVnRHjIU{Kc6hkE9ohDK zZH@+Tj1}G`7MLB_PSL@zayp)s)#?W+?;PHM2j&9<+rK6dklp_gi1P*rmL(#ZifB+q zJ9R77Foj2~_)RKJszAn~-C1yqbM4$z}$6nY@6y+be7y0;6uX>Nn1n{R_D6eOu%bac>R> zKs0Alml_@GipZ(LSQ&*g&k^s(3+N4j~4}n`;-+!#mY793* zGzNjUss@vTl~XZ`)T7?In=sx239F-`!>bAh!Jw9}8RPN_D%=Zz0&Z7e&oJ`ZBZ~+j z?kh{x1M4V^;Ps;YE?#vjH*l(BP$uOQA54aQ_y`h7%B} zvT^;7NDWmt;2Aa;#{9>BncHw)F;_tc4SUBUNHg<6uS#)yS7gya>t$(|`rC@His7Wm zemRU@B8Ev12$gX2LCz6IaKm26KhdVyMsW=(_;lFG|XQT zo#mXU-9;)Caxc#6*s3xRZmwQ($=~^0L!ptR=?{VpbRoh63x|QNTmu812>Y|rqbq=5 zu>|)*2?U}J?h`>I8B18?;-NNfYC(=EvMlO@4!tS_dJoL< zG1Ta8Zu{Xp;b_F4aU2&7DkiwdWXwb}zxM!9xs;{j~3ZSR3~tPB;fj&)n| z0r`-R^RNtkcFu`F2iWZiHQWpos4W3=VDZ1Q+upkx!@J+W7+8JA9X01H?iJT;{`SMY zVH(-el)T?hM>Tqr`VGSQE2Pk~%50M)KM)Og3kzOIiiDvpTtl-4&}@O4g!d62h~~e6 z*`RALpIOZv|?Kr}=gG&olNjs=q}{F;?* z0m;Ccxn9HIA1iMi!7VVqgmIp`#u=!Y|KTir0dQs$Yx;gmga3UZfd}Py5oU~EwcO2$ z_bLTQgAT7)Xpep7a-&?gM6#Me(n~oQ@Fa@*CtU3n+>#S0k$cbgo;2FZc(<>F?%$m^ z^s-}9*xJ5TA~n!1LAQ~iL`;2{QAH9U8de^>Uqr1Tff6Cd{X?P!K%xf?@qZ+GsDcG= zIgb9PSr@K269c`pF#XESbyISgBzE3@G0N-=J#yvUEx@uyicE2s#>VL|kyf`f1PQAy z{I5;^_3E|C+6+h-DgJN5b|}C!xGR4SfebOx}l&fJK^8mx*at|I4xH~>3i_$*N?J82< zN}g|1O5ocR6|vdPnqL^c6ev%1;{D=lLX99R0*EQU2{${Ag<($r*W2v)0L&O*hG<~+ zgXUkh9R3wk%o9SHe)>`?)rs1SI(RAu0$c5^R8AMA2a`FE=4z69o z)J(djW(>u?ojzcGmIgea5DD}moCG(=j)QTYy2e@migQ6B$XUGeMKdp9BB~b;)o*30 zd6tL+9qC{rBg)hK?XV5%dF28~Y@JR&hz7X}H#?4pp-o;x3%)|L_zt4A7^fL(OZIpi93BQ6UHpn60l?S0$LO95Ob^~s9p8!*9;+k4TfLiT~bHZID zUcoqz{a0suhAYmb)F5X=+ro`oUXP@!@GhdazP5%qZrK}~km&w0WL9cVlyOd;QY5VG z^8qoqjRE3}Wm^_mve$BhlccKO?!4fQU%YdHO)er(T5QF11=YJ3_6 ze*Z2oZwOI9TjB=M-U5Z^|2rma;=&XP{f9!XfI^G)7=IL^55$JY`8AC5=rzu+SDZU{ zK+fbf;|2E4MQtTL=HfJ4;sQ9Se534I*t~0IBP3Cudi_nc>tjj8LC#KWz;$3?D+;#1 z_M>XhH!!r3YiOxgX!NkHRz5-`qqWBS236a~^`_gO+n=KHx~9r}6;~X=&Zq-!I9BoL z|IWz+(PD4GD+q7?1Qoi>`G-R7fI|Is0}x0*&I?ejG>;PUMsG%4`Bl(!G{K9RW!jxJ_K39i^>rDI|co5A;%x~=fJR@zPn!fc75 zyi5Y(?{zp&9qjMtJAtsc_uz%^tx-^_i z2}|KEh_?}k3U4oz4#OL~hWFqK&m6pDz_NevI$=sW6?ewZ2MMn%?|_@BN*5hzNx_>F zg>^kMN7HgV4yO(TBS?T3MYpR!iO%Q$A(11n!u|XNTrUE9u>`8ZaArWpKP7U!qWl}S zDktfqQ~7E#A`w?6#zb}aW0vWN<;!^aMz5W2qq6I8VzBHf2Q*B=&^B+tyY!I>L;G?~ zprk9bNf$sMwsZyc7h^%Gu2kQGoLMD!Z?mcehL2f$7!WJ!hh1)ZBiJ!6rU>4%1>q95 z;1z~rc`-enLfJD=^oqr_yoB%hBX8n_N(-r9$F@Q8H&M~L73sP)Re!2RGYKFwi zaC+Ab!Mus0Ox-xaal_Gj$r!pv#K$1#H@xtQwY#tq3H17@IIuW6drhGh+x{JqaeG_)-&1x+oqC5;}oS6Wo?pB zKM{~~)&|_<_bm*q=f7xz0mBogI4`L^tV+V1p$Q`YwaPB0ic&y4Y2-i%FcM`j8P>EM>akD)l%QecUFW(DKyUT27PchkeWTcqAljK0yx_TK0aJ+k zA3ih=D3tW^;EzHt5#R>TcQDQ!*Eo+~apr9WInOEZAgb-r+k*;yorf%%@4S%X>C;6C|vKhz-#L z7J0D!wbCm=-~SUz?n)bi+W-_}%)@W*l>54pex{|f4I*%&%8A_-gvLcP{SIKK@uK!{ zZa4ywf`Q`m{~dh}SV3t{?f)T-10apdN1(V0_JUi61CMXfzdXmu;fgPm9prnEU~<6D zQT=UfS~+xJ6VY*ir~oaLVVnHBw>aUFpP#n%BM`}c2L}=ihyu31lyQgF!jPi>>!VJw zS4c5Hp%4iIQU0IX@%O+N|9*7e8u={Vn?h1d@@ziLUN8D%E+P4|JxJI}`sPUe+?{+T zn=L7!4hY)Y1c@8Q_%}zkr3g|j)p%_S?tzqMci{!_gXb^_vHl_9EFhugN6tSITI}Qe z|8Fy1uP8YjgoC}DeEw%IWS5#jMX-T^Z!`Y+I0tx}5dvuh9#~K?t>q?tI+fP-lpqJ= zH%4lxSS68!{lODR>yajRuLiYxKgQ=z)bWSru`lh#YzBexl#nApP5^bm_Ls!#&`&Ul z$*)Nay!q~lrbY&xcC81D8Q2=3U`nYNIqS}gc;~hr^f>sAYSEa8UW@x>wAos?U9taq z^qEqZ5T2(@I#j#gGtI|HTjYZ4h2!>DX|-ZS`s0VU7(&{@930T-vLCoIKE$kQS&F4> z;H=RW++F@XuFBEF6tNq)7b0iC#m+`@ti?6qmX2SkvGYuo+cMz|&Nt*U`B={L=e75t z4-JifyqlidSwPFEL zE0|t)tR3*iKKl5#E>0R*LL$yBGoz~ua$wDdxAGmz!<^z; z!NwDfV&8cNa4n*mTfi@zfnJ7yUVthCto>zBZD<2*B!$;TGIKQ&YM}T6%$ch%N_Kz3 zz9&6G`^nX+Z?+^NH!rBMsjFs=+Noka%_0lEcHA>Q z{$h;&Mt~LKN&s?r4R8Pg6s-MqztQbb5#(@u?U7MWnJW%{0x%9r|8Gj|x`=~Qs{E+$ zz>Cgb5jq?(T&&yiV=B^Q3`_*xIWydi})M@mD3sKL3p&+QDf zptDerkt%Sy^Z;N4w!bWK2igd;#I+p61>?#R1#f_s+>~$gX zf9)>+dXN^{1nc!$8ODVI=rs=b`=5F((;qLP?L&g+CC#v2^8f24|F0J^sJd;=zr5se z9kNBd4e+i*!I|s9D|^AG$^9(!5$;e+Xx1ReoU{LbF~9C5tcS2N)bZIhFNp&zBnRw^ z&#G1bFqd&ghG+wVg6%I=<)ED~<|Wsd1FI!4et?h5deXu5J~=F6Gc8{!k| zmCwO$d&uFXZimA#CvE$O1i-E8i|y+FH^p;C(BM6tF$I$QaIG}p0^F+p;{q!00df&v zRZULgk4{wLSat{x5ucLR97FRE)Vm+d*XtU9$S?u01pe^_nujGNt50T8HP?}%UDw*i~dgMxc`mN;#ZBD%Te~U+Wjs89F@zb z;^b|zN3LzWS~21&x7+hrHQJ4%G4Q?o-%9o@c671t-|l?k%X5lYc1XdrXnxbKmF^HV zQJMUk>o>zg{ED0)F7-ENbJPo=>N5y7LB$1l2C0<47-N2@5l*jCB*osjPB{kjm=j zOTXxVonevjd9mK-Pt!HpH{D+8pT7MBIUxV=mf#Nmo<_LT#F(NrL9VBdea5A>2$Ahm z46j5fW_pLc#0$A*@`Z7#a2o-lATF0kig(0xq(=@h#z}Vix98r-xAY{JY}L4WwQ?^) z*@)_DS9d}VRH6%UQd*}3XHNL5iBiXK9TAv8i9xE{9xaymW_oG(a4SHvJw~SpC!IGeyaY$B{ za3%Ig)LuhhUk}zI)3K*k`ETYNTa=h@MD)9_s-&j+Dqhh$mDnv+X{o2D`U)SP8~i?VOsb90q_c=hRv-^N(zDmcG|+7z?nnMyV5lb#rr|TM1;2PS)?F^%jQnMo>+bIBQ>UvJD{uhP1PGk z8purxFQM^LKSl27%ysl0p)~dSM-F74Kzm@> zlSrExUlzkAuy*vKcH)RR~H2Z4b&oAso_9hX+=bGM5v7` zJ(-G~JT@e7W>8NF?I=lC4?e_=3b7(T4Sy~mh9YIzn1rhHrXfZ7{?Ce-vx$^CixjRS zb*qeCWAcyY;#dl8>EY3d>S^>u2@i$~sD+04Z5PK04OoBu3RmIs%U$>WCN>e72jSn2 ziN5>w*&wo0d57DwqJjxZ@$83+fHD>-&)Y|~OQBrZdKr9$najl75j)@9i8b|tYF_TvQC3&!0QgBz;L|MTHj+JTbXH^jt44H+x^1k*# z6S>P#^a|%DH)STaC!tycGQhhY~tq#qV<&1$|or+!WhQ{RG zurLNfm#D9?cJ$;M7d5vd9PKX#yD9J8(1~6{yh-~78#iQu{hR*Jm%4FzZ@(pkaEex; zE2KJNDsQ4lgb$pEx5w$7%8}cK@LOr^b((G0DErxde;H}OWpg1iwWItQlPy2L;#=Fe zB=-w)!!60PPkmDu#w*X0IS((MvWFoe?=<@H3s*q-lwUo}ruR=rl<3f5Nq?C6Zr?k{ zeWyCjji5XuEV;EJa~RQp;V~mOx)uA*R(zD@i&I3~ts~bpV&UKQnyifX+BIS|*gCcJ zpq$cm-Qt9UXX8vbB>`31taF<|$w~2JPfquDMpu|b-CnFPCKlq-**vnUiA$aK+xXxx z9`bDbyMATymN2%yXdKV`!E%(WXNx`8M8nS z!;cTMRxdBNMDAy8KP_5$()_l~+yNi$b=s@Z(RhVmqNM5lBH>+r#iX`d8;H#HjY%N} zIF{;=2<}G%he|fec0UQ~eFGo!S|fBucd!+&=JANpVh-g;IylgvayWp!C8n2-0nB&3apFP-y?G!Fx0A_aG@ zzP-97TX=+EjPrX_I6fkoj@uTY$QR6P)QX?IStWzF-+ry4R=-&pA&#Gwow=4mrsJ4@;wyJ@7)*kF$7_4#-;u=xle`(k(HvpDJxtfD!6mzZND=3-fm85#2*aJRT(x9;k=h> z?3N%`peu4{H&jmz;{J5MQ(q>#+*#$QPaiu$`+Fowe%XQwQowSizI}?FfnNKoK_mh6 zL}dK8l&9<=L;|`HRGshYr}$+z{8TXHAH?s?$*%)d;I?$pPf{<}71`>->UE%gOK6T{ zT@w|^@zW>6uRkovMU^G31SY@yvU=v%9|y5+@gtY~M7jB~Jbkqc#rPtK*Sy)O)Qjy# z^8y|@h5+i*ZY4_0X@U-eUrDPxzb}8ScvsGORLi!nGDJrixFXiJsC$rBQJ@N} zV5M}Cx~FqyYtT^4r|fzT&U2$J7vlFhOm7JdX@k)+6o{7pcbVuANPdB>RO{bas*f_T z5&ijI<4>ZV=yC({2*}aFc0J}oQt%4FcqQ^>7zyd?$3S}XWx=G?O6QnEND1>=mxPl z9U=x2xoaWcSwcViyqY|^EKAFgm>p4|CqxxwT|=;a?>qw4mGlr-`tfsNp_){j_XiH5f`8h7)51!nHl<>5@~ zzB!-}A=}~+Nr+*qX3J~E`<`Rw?lOXPWbYU+_@GEs#JN5c2ic^Ru`PzOM8-2Y^~9`D zD9OzB0%0FTTUJraE8fVW)zvyYO~`}9WG1HYNi}HTn>6r_yN@_w2DbX!z`h26fj<<6 z|1t3U9xQm(xn-Dv&Hrm)UxO>*{JEU5-Do=s`X~g8gusN7V-?M9O44$T6=iYU_)f>v?ToY*FK}Qy zt~d|^L

1cLqdc=ns%m>9s>l-@+?O_F!r9*~|lUWt(l1Q2#l?*hw#z7KhacLnr|W zB3798Xb{ww&tffX%S^5%FC)>4i1uzp>T`7Kq<8)dUUhyQ8XDnRozY?6C zjbD@HJupgO;zIqP6P@)6Q!zgAdB>q;|JzO%79Ahs*L{!6J(&voPP}g5O!A?r^YiWX z8E3u1CM(1h{gRgaG8oN))2WfwTfHxWu{0&zv~G`0F)L`0KJ#|>p;eo%=VxQN)%S#< z?N~+Bfh~H3#6!@Zkqp0H8$32cnqDEyM!_ON@Qz`r>(13TugLp&oD@}2Q6VuV7l|5o z`Tncp=)CK1XGEWgPHaA6I*b?Cx_3o8 z=f6Kt5$SecG$q4`k!-#ghkOvemEw7q;Ia#udpp|ri|M2XPmBqH5a=NWZt&{2$2g$t zA6>iY;RzHW{6hiPr+>E&+~os$5dyxJKmq~|*sl8-y?nsm57Pr+~W#>CpY8r*(f`ep#s@6h!}SKw_gdo%8yPG{1i%i_v=)f zP4$$?X8+J$pN!wV;H`QYyzsXQ7g2X>zh?3mbqsBI+mp%+;sqxP^Kf*PJ*o6jc(X@u z`RgV9s|AO`eMIRl?Pa9q__Sw%cGe4XBSASvA->BLhuB{4Tp5m;8tiVx<-S=IIk-5D z|2DhNAR9MJuq0TInJFJ!jHW;3KVkm@OEB9yIq(UZYlyqIyrgyTzNb`dRy>hb4k$^F z0ur3N!Y8Dlu!q;q7C>PG9;%UD>@;qIcZKs>*2yX_A*Xwj6EaR`8H9>{QN9p^-# z(jOB3t8~CaKPaojwRL>?N7B4 z6TNs%$+bs9d&BaLRaR*g z;hszLp0exQkJ%jR2ikKsL#a_}O5SH=bg%DG8_7x%`8}P(pc!j}2EO9TSzK^-jI8;h zE3x75&c^dcX4+FLq5GfwE2#HgJj2K}C1?21`}U281iiUxrU>z4wuu_ky>@N(g?hVe z^j8#q(1IW5$_<p>%c%#YVV}&z0RGT(vz;UC13r?;FY^-F{^oX&l_}Xzneh z>;iEUCi`*-YAbzn6Z|T1N$9H3Yp}JT_X-nVj=38)71sV ztll!1L2L2tox34RQ9Whsj5+(r@vF5`A=vL94d_c0r&d2zU*X~s#F~*zk)6^+4Iju_ zvEU;2XO4WJp)2bX%=viUp_eu;WedUrsc`5S78%`F*Dn<6#oMu~KuUp?7(0z6W5ZhXj# zg?u(TpI+axd#=qv?5vS3bxx#kswL|fm@AmCrD)q1s>=1G<8pO9f(WXO4Jph|w)Y`+ zmo0~+=68F=f?R}?Jw8DhxM%o{#DgjJ=8tn7?wy#h8WZb$37t~KQ z{Aj9Q`pb9Uoe3LnG-0*15>Mq)G4wDyeMw)&Y)5R{+1n(`A(&l{+&uCIfu-p+AGV*t zndb<8hx!vUtC->S!)(KQT;oFfYn}aQvEnE6GC|za9TFZZAs#|VONuQHNz)>+cSWPr zoIGq3v=o8~*FWMMIO`BzNc?|%y=7dMTd+5L(=8<}-AZ>i(jC&BqBPRo-3?OGNT+m5 zcT0D7*L&aW*WYut`y4;a*SV(Fe`c*UYc7jqvbtu1AMjmC4y((t5mmCmU9h5(EOp%( z@>&@J5+9lqP!>C@UQb7?#}bQ{zGujJcF)5O78QXsy)U>DobyjCktHiI!AG{givvS3 z)cvYdv=Gu0cKwslzXJ?m+` z{`0zKT4K_KKSsuf`eP>t7iV8_q_S8@~bYVOArmIhCk-+jpffFX8Vkkm!rTd43zK~Ufsl>T; zp~>6XPdqESk?JGu=-9>`|{wSFe zGN`MIAbu+`P)au^bxA=8rE5tpkPC@Q%o{Cls2E zjwP|6?RE$~HaYUDbq z#pe)nm(bCDdvmNY9j0_aE+)b-!(xX4V!mu=ry`zj$`8TjZ|`hY8ce;&)u5+_b8J^M zP}0|08B%o~y+JV+2aK`*dxv;!@{;Un|JXoePtTJH*g`8A)>eav^j+ z|G#pv^cP(!=j05DF#2!G-bmzlsCB&+Y4XM(|ew6(Y zXXrqczVvQvoXIvoZ%MZQB!pnSL2HoA0^3_OTeX76^Ts3Kvqu}A7&Kf9xb2MHU2i=+ zG&YDmLisCJqZrGvN>9;{eaXAj>Rb6&Vl6+lR+l@2Eluh?yD z_{i-JrszAh|48z|x-M%Zx*=YH@8|s;wg%#u>!8oVO<;zp*SY++I)c@k+2m-}3*&U! z>TrA6h1Z!Y+O3bR(Xf%Zqi#+2S;tOkb+6y+QU!b%hrigYMexl360F4?8~TQAynRnx zfaB0`TpJ-9+yUnrp1kCIjWLm0-{nU5Yk_sCdSt{*VA#>?)R=G;fmQcC4zN4PvJ#Xb zJU_n{Mbsj>JrRt;J0~`WuUmtLz2Phv=lHSd$YD5sX)6`1Bb%(=FUN~kXJr}d1K z$1CvE$w+2xr8hFMLs>sO6zQsOD!)0=Bwx-C!m5PzsN$f(uITUc*tS13k46smJg%rOP67Z}GRGFPLnLS4`l~;I>Wz!=iT7g2ax@y0U(A~x8^vLn9O z0CzOKQOP07IZNG~3VVw0={=~?dS|s5)X5lu%aBEh+|I|X*Gw_No(y{%!7!A$Ck_u# z)T5sJm6byV?CA1F(5-~T`0z1Gx1uN=qy_8sXlM1rsV6fBTvLGJnC%Kq@07AV9uM-e z5q}T_IPO6MW*`AC^d|&B_C4af>>>Vmy%UV{8v?k1x2|n|S(tYd9*@LG1#9Dl2vG@X zDzZ*Il0oU%UWFw3KXVmCT=rq+z4RtyYfx*{B|m22u-Y`TY*URiTq-3n_aBA(JT=pL zZ~|z|EgB6BMp(>*u%*JO$$J5n)yK?Sdv&5ZwEE-cpA+PbwyoFu#EPaLG#vOMXL%~G zMNHE~u$O7P7Gj4czwiKhXWm*&n36Uh)n5*W>e~Tb7mvFH&L~PtqitO2xdQ0 zI3LqhRld91)SaL+>m^>a`syd5F-ECxViV@CcZAZ@iu8(CCf^nd>y-;jlV`@|g&a^Y z^rb{g5#tYDFIM0`m!A!U8cfmn`wryVP-TvvS{TtMD&mJAdWCD_yrYcTRB$g3h+XT* zI&9ln)q-=^G#6N~NfE>LB72|cK`@3<{BcfZsz$A?*nY;+QLqttCI!49c`)BVX3v(? z-Y~t=$u1{&S*_kwqZo#}H4Qm;g_{fce!pmQLPs^VJmkm*+^j0Om9nr5cMj{TLs+3g z1-uJWhR~z7E9Zx!u~ogAlJ#nDjP+|P@45@XiqsW7_4dbVt3JdTKjT%R^cMX|-tQNo ztgR?x#d-WEl$c0jDpwZCl}shN5!VpdBaCl)-yT!y|hfs)&M-oZ23 zclpLqOi5X&=R&m9%=4KRW2UO`l}RB~h=#96i)c;ykR;8QP97`l*XBw*k=~zgqD(Gs zJ|^fCwP<+$aFa7+AMAHt%_%fPzvR5Q-L+aCwYsWK1ihVN`OtB zrmRYm-S=|9Tn4;a=5<^oDKwM)L!JlOEA+;mqLJ*?PM+piL$oYQ!hntL>Ypt%AI%+_ z6}hH&nwf3IEVTWeEE1%@9j%6aT8qg(7Pi>qd8m>^hD7e!MhQ$Bx0#hFzKO+&Czxm+ z-ojE7q3yES5x6#0y0sd(^-B_^hQi?w=k_1{QZnGo%}Ta-St=S+Ft@&ke+hAyE`8yG zqphic($zfEVNbVUP>QwCULi`_Bm*`1DsgWH8rL-LEqW$nOh%c=S+6*XLafjcSncjU zgfx7-YZ@yr*o@FMg#SQ=)Vkkz$mm<{K*5QAnM{1%qlo}{srE!7K?{yxtPzWXh#gz) z$-4!bz55USH$IOjoP_$|>8M26=Js%0`neJ}?Jg*0>;#mX7CCcH1f0x*mN8XdsLkbG zd40rYnDWk;>2f{t(gnnZ9hk51IXizQR>I}AjP{_{bJ~y&YV+BG>ty4&O1?gAITBa) zjJmr)>nKEGPe4Qr_w=d=D>Gz4#Y7#a*uM1xd`#>h zX+9+P6*Ui5xwYu5`5`$hv~bfKD2S8v8DRv*0|D<>G0IXg`2(Zjd2v`jhqf&`D{Z=% zyoGNlPlR2I6vTI>Gcw<7BS2f?vE@wNycV%5+60%=CaaL_8r|;Bo~_Db#)ehnu2J=J zq-4w&pBrd|$iG~&$&Q4*Fvuwheu`_F7A4^ycqz)N_W#yga@_|i%Fg@$D5u(S&%%Fz zin4^-e~L2d6X?GkxZu8kW%$4ArSKoW4_vf>{Y7p5f+gq znf?S`ayWLa(SPFQ>#Bo$o_qrV9GbckiqK8wsbsVgg1K#QG?3r8g|(N07+|E;fZ3zy zY*Ay?ygsZ}d8(E7<~Y%xF{^g){p~%>8xE+=@9?_23wVNhAq%=IGuue1aB)r%t@e5y z`fcG6m=E_n9IV5_#Y*pc2M@@}AzDRp-iyZWBp6Zl30?`+zsrDN(Z=+tC>4CG#i&oE z2$2cTi_2K;&FlppjzbqjeiRi>$$UVA5q&q{-MR_?UN0#BP{O%HGS6pM;0H{F_Xy8y z7^EHP#p-KINAhYD;LUnPY2UCayMQ+BLxo!Hx*mqxmwN9pI`Osdj=X`Rdtgep{f_=^ zx?oFkVFNnhxQRp=U}QXdLqg0OkR(jaa+<`-a62+ z80N}GM}TQRF-)<11RONe9Z|Jj8C*(PwazHmfRPF%nC7QE@%@LKGE#I3POzxx?uK9l z-qWwy=DWpw=dpeWMguF4v@H`Taef0z&*tfKltQ;TGZ~6PKYJ?U3}dGk2))qQ5*HUu z8`^NKun?&e|pMwBl1ReP@Kes4wQ2lb*O4` z^i83{4J_tl8=QyveExw@Z?)&KruFAcO$Bws00Hn^70-5Xd)BEjUQ5%QXT{dPF`hjo zd~_%+m1mIf2bl+95jp)~gssQNV)m@8{-hqt4fz@vOF=8mmZJS} z{>W5UqT=GBD2~&!zNitw-7p``4OquWYCBv{8ZNu+2_N3kHxamso$H+l{R_l(N=J#N zS|?d&b?Q3?Z(A*=Z%e!$FK)nOJjtgqC!L63ph<*RKUiEr(peo2H z@|jxN3T~=-5iv1|JT8!Jc72{aq~AC#h?Vt|8~JEWoW)ycFE$UseNVrl&^rs5uyhwdps-n;B@$?4r7gT&*!~V)`g+6k%ZxwhnFgqx0J-uk(+kc%})U`k%}2A`$jR!rMA3)}y*s`b9hcFf&i%75ZY^8GM8IzJe%VQ2yN53b`2oJ4 zdUE95&r9|gyAMiQ50z6New_`I)G9(*k*Eb*_9{bZ1W?aM1lJ6u7wr(Vyid!2J;qgqRhi|3=K1yx--e77PFY->In;I*{%aP+(z;s#o=`gUXez zu_A;U!QYPDMUBb4o;a)bHJSoEI~o+0?94oM%U7-WLrq;Wi{RXZ3-Kda_7R4F9d^c# zm8&7wKjjfZOwz`NZ$P5$07d)DKE3}XCHyhu&=HstVt}uepHHHJcd#HX-e=GNVE5$< z{YOE;NBkEBwg0VP;`VO^)qrn5OBaiz(!Y_$r$z@=7Q`QzX~eTqC;9n$)`QrW0@(`z z*@Ngmox3d811~~0{WovL+yj4vd~zB6`$x!$+qh>*F9J_K{56NYdC6g+{}wm~_`Ld` zO9L9KdH5-*9F5rPGNc1{;}DGucm|fssFIi1F1i38f%01&?W>f-&Zy zTToxQUYc7jf78xdBde0fke30|^IJ62*YDg{;{v|`(^pJNXo0?z z)$+pPx^9%wQRZ0bbl>Quu_Ln-mUEw%bz@13o7y{S)3vkUYdE=SfB4?FHK@x#T5y6W zwxobbqxvW|UwAjKTg?{cCGec0UX^FDmroS#j)T1Bg*H}juc+?)JW=nrF@@0=sh5L2 zHZ~{qQ-xchH{)5ojp&P+nQNy^l{`6)s-RywO@APPym&;)lwvLnuFvtiA8S60>=y6h zWpkd1z2tE==}ZOSHE@|*KGQ@-#e@)iTw|LxYn44Q>>Ep>RlC;`G41wg&_v$I+scQJNoS`Ne7@lVAMbWHq5Ir4!F9^NB$*<`s+SYRjqp0)B1g^c#W|#SH zqxG1eCtToL#)cbo$$LXGXO=TNdBNAXTIxuqnlPEX0GJe{MZtAu+TaY`(X2TAN+nCy z@@FY3$clT^Qt3INnh>SWSnqIZTR&@^f@@&(;T1`%rp(}aY`ZjckM0QIMZd~fYTctm zIV4Hlto^nDCyIWNqq3vOLvVrMe`>vRQ9Ou(G><5hKsmM%qk9?Khlu{f+cC!xwepI# zwWjHecn^D@!!5WDi|~`}3I$W0H>*Q{{}pS zzj$)kGw$st*Gw}bk9F=5%G6a#6m6O)-nIF5#{%OM<*t2cHA2E(0wN5 zpkB*Pgl%rQF}wFPg%j&ojURZMAbUf4^>Dl-p}Lf4%(QojN->&l*}3R(ZZ*w4lncul z>1c(F$m9&K7Jh#yS8ljvVu>+?{b`JFbeUhu%ykeTz*vf?l>)MS$N6l!S#f0`;Gy5H zScH)eTVlOdm$6yy`^Ag_-vkL|2zO{42!nH;{+cKTUoiNO2T7nrkpuuGiZI~gW)K(6 zXK2725X3?BpF}b6NC?8+@;{#Urvb-M{&UtEkO%-AH8+LEKMs@HnS@Eq^-H)*$*Y>| z8D_;QAFmT6_6yZbrZ2z7%+2P-sDK|u*m9zBKV%$HpRux~P+LVaX5-hPoKX;^Vnpg0 zTwc^Wcx1E1(3M*w<6hB@-_@qwbA}5bbbb}Z){eHs*pRqnWIB>COzP^GEb{tDevYYP zayCJE`fe3m6wKwxRKIkMYG;BR?Ja-1;#Vbl59k!QPcFtKdLhOjMT3Bf{v~A%y_oBd z!C3#83zV`pZ+@q&v;*9;^hgj#;IjSOwu|5;Wd;8`WhDWAr!3ewP|Au#yszp)mCTWk zfSnfjY)*9JhcXyiE=N&arT(U-5so$csEB1{2Fptvyu9I{SWoROS+_iL#%yT=AF8o8 zJDLB?B@9|l_soyXctQfmz4@`QMFLt0tEZ|mYWYIRP}K26NnG@JJC9&!Dx&7jpewbL z%SvjryD6jqUowbf2%9@SbHtpaPsS-Gr`=A}8Xiy>E+ra$5owHOTN>Y8(u>VeLzB|C zZxs*OEhFGYCYMpAb>|2mf5foZu2mD&RQD%hZ3Qx;)H9@ZR|^=tQpabLv6XX#?moX? z3X4+>VyGrlZ(VIHQ;oXO|Jr#N-1v%wC!X8GVY)MXTS4VAhAaMN zmcMR;LpMzCPdMCJzN^bFApME6lJtZAQgi3PLrWT~)rxG#^yZ4p8)~IE8kU^SUk$I^ zfr-`Q{#@T-x0hs3@~aTG@Mz2v`jBz@F}CDEr7wn&@M4)ol6wVc-u3JM;M z$zY6R`0V^d??jQ12qfNyh#?GbULsuUza*et%^wjo86ch5OH|NLpW zLoHdO2)pf&Fc5wHo3J07MgtFYKQEI07JS{smlRhyKt#! zBc){Ax(R&homwCnBOyt}NJECJ6k$yI;#_d~7mOixtAa)M$#;%mL)J;8=%Wa&Ub5S3 zW3N4PdzG1{*Wr-g<5e^v-t^#DYNQg-v* zg#@jhH|!Mnn6u3z50 z2I8Z>U2INBa3nv}^4OD^-~`PXJy+R7w61=qFD%0Ce7Jb(`GH_CP6LMS#&xr1Q-w`O zac0js@eg?;wb$-?3kF*op^W|C?;_APQeEQe%cE9X&&#~E?7sI?h7H<-+ojGj1y9p+ zaW3hlH-a~+zb5=vSi(Pen)L<^Q%N-Fhi19Vu`Dw7T9N4^r1adjGP|xPADki`x|%q4 zH`C7zOt!1H!nj4Jg!;+dvra=Y=jYpTc-ZCq3dL|frONA*j`%nB(f!9%mkPEJ63RlV z)Zg<55cr)yh#3n+%)jhyhF>ta`@h?UbkL-|lYrHKQdYsp-~JGD1M$Me^MB<6yn~#L z1+^_*Y;kYJA6ahI%UQ8Y+zNw)>sM6owuhZ8rJGV`{}lhpNdF&%dJN%Ep--xBKYDCtFA^#AcH1|R{SRNJt`U4g$&77 z_wJyMzZmDOQe~lY_tUU*e>{^J-I++<2)ol?PsN_>e-kuR6cOyX!}Bgre^X8COlA9n zR0i!<&DvX&eM(*SYlB5YT`Ehr)>%e2(W}5I{&6~d0Ut-Z3*#`sy>6Q}th5$ircB5) z3AP+l%%%tPO@km0`V^NMs^LS_r)$#aM!kV{illz0OY!%9(tDSFbe(mJVwrV#!$q>4 zFsXjEbF@_pU>a9Fu*6neiA>0jFr#u#uH&O7SAni8ZHpL^wijK;Ee{>SOS%Qe%mD5=98UYHo z|6RBv3g-C72zE^+<}r==vrV2TJL1L6KFbDzvPZJY}u_BhoeXTwlw?hD3@zxW8Upx8~inNqP zYVGX9KyEVQ1z$VT;fT*hrk#KYL+SZo;+-M4?HfzD6=Hr3gVs*t8;B5-CyKVBmXm!1 z1j?hXsLDRSL+Re!Vrxu=tq67f1+(SijGfkuIDv|fm&{(8-v@qfHHX=Rlp*q{mLU4? zRiZ11e$XdZQ$$`#66t_Y2p{oqOe)vhMQtgXD@;1Qr*EycJiHg+j!H>$iW>50=k_d2 z*L-wNLiKm7OfOIXt3AUfjY>n`ExRS%#n)xTSfuS?kNKF`GC_SoupmO?*h^(-DWS0x zU9M{IDU`$R^t-6l6uno#R8tR3?1*K^+|eMuqEJL}8!;75C#`!VAT?Pdj7y4*lgqWK7)n=EX#EVGg+z7n7zTi0*kCNw?;*eMRh8k^KN?+346Iz%+aqT z3?{<`*0XqHZ4Brq~ z%@v#0!*z+}p(PPhKijoG62v$GbRk&-iK_&SNT8$Lhs6;5=afsX??!AO2;S=O&ZFPk z`AI0fJK;o>>F^DPK>8yC-&4 zez?`Pd7n5`%=h0phbYi1&P`zk0sn&~6YCX|+O)cO0=Aue9|qW@C>jzqxXxl(Zcm z^#(_*un|4UZWS0U1tDh6HVi-?c=7_GKlct`N{_@Zdk3+9BWAYi3u0nF5G#cN0PE#K zG_`D;hb9mZ+;huX^*h;h9$=^R zsbnOEFS&h@)au6HBty}~aG0CcdYj8nfBG(td~g1T*pHJ@Z+l-!H{K#i@bRY$#U2~M zt|ToQw@(Ec!FI=8brPFDwX=TPj(?GaV{-tFLBnFsB- z2hXD?wemH>jEOeMEper5ieQoubk*83%r%r9$0*8GZRXoB`sHKC+CqjwKbVAQC})uWuZY##jmZn-qUVNEqV$pd8Y1)#zI@BDcK|C0HF z|HypfxMw+ep#168@K65i*oOf~0Pog8^rzb(xgSYDZu_qDZ@1-u4nNz0?KQ;kz_YAHRE?=M!!r+6kNTCK6xTU@Q%ff8qvE?hZsQf9zV+*pO?7LA~G*L0fkXMnXhdriH;YGT7{NEgZtnbYh zCRNZ%J~WEo4y>A~53n01ZpyLz+DA>5RciOn+k@UC2=Ud5dDWiWol~Z55*s#VqzeW; zWw1=;WDj<@+Yg0A)LUMU_gs2UbM1S(C6wIN%a(j~TiiD?xKj6S z7IXC@{aVEK<+0k&O-EEQERL96Lmsbr9nIaDL0G0=Mu*R zXFY|Rt3%X3>c4yTJ1M>5hdYsod}}X-Gh?d)-o0*rYbg7=feH3$(Zcvd%6y+w_047A z!%XIpO7vSY{XuW!oXR`ORkKy5dL0$}nq&P|ivY5ehw=~5*CbSD5nrd1m7+|zz>aE} zvZ>t^7A4Fp9X5n`#UBfUoJx!1sbtd|&Q=+Gv{ZC{MCJ!KxZFlH4fazWdyRTdU$#Jt z?I+r~i;!i>5qrTy7+puqCpzmnY_YIaq6@Cs@^Wt%s_2u;V^n{3TJ!jDnF%+ZhPx|E zsi?BO^2Rq%>(jZ$N?>Zep32e(J5q%1A)WQNYSm4J1>I@(J>}|M?z2?6Po|Nkld_y!fKNW~x7Ijse@|W<+$PgP%t75BF2FLW~^PXq5p688( zCqne>e_W6k+GH#A)O@udG?m^n7P^b9*x@P0ZMoF80)>TRaUI<|%ElVkAvN|~t93-S z@Ug6>vW_%IHuBZ$bYEiuua=_M>R;<;b;u9^GPKA-0}i-e?0)%Y?Z(GZ-5e&^+Vkzt z8-0}uJ>|_CQ*0lp<5g`NQ@@e5vP?(Zla(#6B2t^_OR)7I(`&C0$3^SdD?l&${Ru1pwns7$uvF;(8(2zme*??w69Aw`NUfadG|jq5 zwMc_B0>sk=$n*a`wz+v3^Lg&{U&zaE@IraouUGwjY*Uhpdsb2f;>d6f0{|X=z0iN8 zG_=mn{=p$(_)yZOTRzgBf)JOv-l%P(=D>% zeQ@gXh|H3aW@vXJfr&5kB`Fz4jzcJJvxy1#$cGZHmo~xkbpWeF`DB(-f8r|kS|fRw zGJEFgC=N|BwgBJjI1=&(iNEM%H+&oVoS6oGSq6zTxT=QVde$>|yKb}Il%I`)3})B% zEZi*El&hjorGYnB3q7Hzt5c0TDx(Kt&xb!B_^k5AJ~yUJ-x<_!_mRt3(+6d3=dZpo zgDNlv6m4@wVA`CL$YD#;g{A591hJTQG0w@GQInT&#+Jvif1Ta%(PPWosI`47Y9ujP zEHg#-<15Rt9PmzuqxC1|`$7lt4N7`()^e=2XH;3=RGfa8nx|;e6yqDrv!Rh`Jvb{E zog0KGT=IQqj&6k^nN+li9dle4rXClpJk>BviEsS!!8OuJzTZ1V?rhOD*EkEnl%eg{ z!f{XZ_7no?k8=#_CftU=$$q%Q)mMp~V^(XG!=?DgOUIlJ3g?Gkt+>rR(GB~oJy(=v zlw*REw2prIj^-cZ zpCau8Rcp-I)wTrCZ{3TsZZLuiW_0r9p~ATGh<9^^lJmUvVe7#=*9XH`T6vr#h(F)T zxiOM=mc|GgIhVjF4%;U=fs$zGbVKIr?UPes3tN<_NIx&d9NMjuZ27?5K5 zYJRcw1N%NYqeo4833=7Io~e@|{^|&gkMj7@X8TxG*-C5@MbZWDqNuVkRNyRR!+`rQ zm_Dtj2zaKPT!OCk_Nf_n_h}TE)sOF{Q;8l%o$_^!BbT34Ah5b@G-^#7F&dl`Rh@m;IIW%^TbdeF>Go_~IY)fQXzglcZa_J(I~vx2~!JuxBBGRoP| z5D;}uow?0C_xhQ&FqEpwlv=l4tvGA@{7o=)Ju-vLMDy7M^3xLb&aSXLcy;sm*A3RB zpvk9u)k2Pmo8r@a<`W08zOIu1mW)MNH~L~G@G(&oo6Zf|{*j`IBtCLt`NzBWi?HHW z)U!0C!lZ+6iPzj1k%LvE^0iXxy0WqDC~(Ota$=uqvSM!@IuWbinuZVhWmg-%lrSmX|ni!AFF-JDh~VPAywYz5TR-RiT4 z%!oxY=LG|=vX{!{_(r|d*bIua!xDh)_6U+2{+Q?N(*qw#jt2*~@(w*Q1zDWTToDL= zKIFW96Sg!nd=lCaPK5Vflv>nKy*M<7bh=oB4G*Oou|z#rZcg2bu+$8q1p22ZANtnS zDr$GP_Z`OiCiyL*^GY$Z8m7#26vn%dU@VWrRAriSfuS`&-DJhhwVSi{Y~^V8U0Ah4 z@{e23@2BFaiAbb4${;lv^&i8o@+(ht51wIIoP1bc&NV6DN&d|rn7W0z5`=d<*(jhMDX*ZS^?oZ~94`Ck}sb|WD( zuPY7%TPTBb^a93uClB8R;|7S4N+xGfvF=XuRy%!dLY&&CmS*gmRz%fCEtcb59WQI*!!ov~`RuDe6LMOOTR8YC z(|HfPJK?Q!>Dvp+1mdBY@;PX<@XEwW>psR)Bd&QJc%~Ubu*mlF_6D@*W3iey)5w|( zMO6^}>{~fewft;=!ybz6c!GBN6jbAbnS&1-4sG@yza*$H>&y!EYY<6QxY@EF0sG!h z;MG3n`KmD%3EyIysADb9{-R}W!Jp;jq~@GJA~J5wq+Fd)srQLdS9FraiEiO}JC`j* zQGMqfEx+gKT=ag9T!D|Q6B?|)MJ-Yj4U_1C$6JnC%-%FqF@mZrp>EdNhUy)PMtC=+9^Z&wr$PLFzw#l~)0rzU+i2kA2@O3aq)?d^`mg znyX4WY~r{biW|JdbS^ndS10Q61rc>S;BB`cG$f5JzgSc)W;#*4!M;^#9R+h2W1(H@ z#_3e3TvGWN9W?w7?_rGT_L}g@z0j*sMj|}lL*kIVZA0uk<~PBvS@w7M^{uqReaN@V z+1CcHdzxK|T{2|wp-YuGIqtE8KWZ|nLZdE*`-+vM*)GN2bJK7se6U;uOf*D$QX4!k z^RpoDmlJV;XQ2*zo=0RrJ7eZ_%!%hai7X}BZ(`CA@uT%d4X;V;M2GT-q24!-jSdBT z!Q7@}e!X_lg<*E*_O5YrYVBd(t5O0=uzt3UFlXm%(YRXuVsQWN6YVirR`!WltoLH& zd#I^-ud>Al)lX>4vMH?&75Ar==TOqPvu~ zet3Vfq7c>!;>DYuqWQ*`>Z)WkV>~6L6_9?N^_F3EvKp!O`ilDQ3Pa*)uVX`(XW{PW zm#E-NAK9!%DgFAihLA@mq|c;qt#362-qMwz_EK`8B)r||Lv9m+_tU(PfmODy6s+2z zSY6G7gB*yzax>tyR3YUdv9@J?ea|yNRB8f7pme;o+vs=b&S7X(+>f%kn~M`@ZYOtf z85#?Se$wtz_Y0nGA|1Wa`*H0>;o#H^5ZMzll@V$fKi17+tv9&f+YvqL1-FW{lFhIf z@i!#Zis9K#>zS2)U4o!*TcZ4HYoAmWk88eA)JB_P@XZPT4dN#&)9>&4c7Aw$CC9^L zm@U+W{^kGbxS*c#ZI&-6h%39`0a?K11foBK7!dnN{Q`-9{HeRD=64X!ECYks;+pQQ zz6Alqnzz9LzlPO~Ezxq+UEGHtQKRWVlQsAQlJl>#p6D9B-eeHq#0b=e&m`IJEvLR@ z@-T5n)T$<=W2Dp}G8Gb_V)3U+_ny-_^18myGOm-Cj_LDlLxkn4C)R6tHQA>1W3mq< z@KyKUeqwSX{Q?4F{{{gkJlwNtB2blOb@dOFR5~L741pSh=s!@RawGG?1?PX|0=(|K z1NLf8(#{hJ{2GLWqoX@2{#x~HIOhKb`oz3>rbaM9~wgtm7Jsv#(iCbFGk%rK30TEnP| z(qFTn@JH@$!#`fqOB-huPD5@iSyHvv(F*SKgVWpfi%sgM*?I6l?2g$j2m~O z3Nr55*dN9f2fC;WI0m+t<|hDf^QkmYWx>JcCjl#?4<;)S=~M-e=XjfO-&9oMq^#Q# zbB?%Jie9cLmsV8U^+->M%qE9fXo2D2%8}N+sn;B92vqigjCV^&v=>2#8WmP?WN=}# zCqYiAZ}jOz=d*!EaL4sygJ?@pb0YQvNa9I^|1k~Z&oQ4=kMBUfsWAI@VNl%#^i8!q z$~~Q(>pwyD;P?t)1S~B;^rwfxR3B+xJp4y_@&9wdzNdSG1u8G-_Mq0wyEv_cp*ROL zI~?1n5LH&_Hs33s_2>kd{jxIndW&^ElSPNpUSqQ!_N`_oZTMa^vFf8n?c9E2mt%`1 zg2*O3v6}=`%WWpHaGyVrYG8srdqpR_G)W#3?zEWOxOpg_Woc~ z|7_uu&TmGvB)@PtM75zXg@U!Kulw4|e8nya^+Mea#I`$vQEt;9Io%#e* z49m|1Ehx>wx}enZ-C4=$jAu1(Mu>0x?BX}1!u&j6!+~)xk1(3^%Geico0Cr-*((2p z{o@Ih;$6d#2!BC>o-Io1PmP@dF^b+?z3H;Mc#!9~yI%o-O;0cMpI8gHX?}^dKaTR8 zs&UV1&VaGzI*$hcoaj`p#k`U-Q~1=q{`rwl0E?||bxb-?6cL%}gWDqOT~i-Lj`7@Q z1M$oUs!*M;*k6U?;thugGHBXF$Jr>Zrg>$SaH_*qjAq;lEqnT`@wnoPpf@cWiU~Ch zI_6@>fHG<&g8ij#xqX4G)2Dy02WPb3GTyR+>K6Ky?In$sdKq`ECDkmyX$zTU8ACb` zd==)C)`+ingu%QEEH{q${7WRG?Bn`6Iiy}Y8OHrwX+D-AW-gM{4{Y&>;+AdVv>_;;|^oF!5?gMPgB{AmgR0CB0y00#sB4G*F}gB{@X$n?Sm^?&7p z{rv0$2Ml)k!sVEZwf#CNsgX)SYc3WcPh_PjMPUVqWetg$Mnpwv?Ag9@G3YUuYmJ!p zOU-qY&#pwLdV`O(X`-*xjzSZ2|?>!wU!q-4j<|JGM`rt?Pk=(X?B~-V0IeH;7dKtw1h7%Hi1g!W# z^ry~X&yOr1oy&s$t#hpq&~kP_?%Vi?pani7naSF}Uf^BKmxioI6;-+E;df4 z{{3L^IyZR)>9Kn*a5P30((ryJ5JJlBL~FGSi8IfnSQ#~RpY+aUsCSM=5rH0`a&?fL zqq_!NLNI?a6rZ7Oh_)z@v0=ov$6LwaWPe<*TQA6Kb}R0eH1FY? zQo$dw0`DKKY%|U$@OAfW|7O{pp<+`~=H>e5tlzX7-`vp}Vj^u}klrqG?f!GoqJg!}rLexCl4c z`gR=5hHR+;2y9e6?4Dw&q2mwU5rqeyrCNe2?Qfy(F_ZOAvWM`ye*kQsjzl#^1dU=a zjTi&mz8{rV$AUBAV6~a3_71Y;1FGm+$E&ap0CyE|Q8#>axW%Vd>1CLTitAxyrz9T; z1KiW9{6wvnzeq@O@FO%=_NTKSknkIP7mB9Zil{Qk*$4(cSurYX?4c+Pt8Dt}Smdpb z8*nQ!hpLs?tf7V-gXJ0_d?;}>JTZ=Imvc)JYsmwVJZy_e8q{v-74aL?*- zfP0)%i*Nrds~|M!|A%LPF3x~Q)|X`k_;-la1K%kB6JoQRz!1|>Ba>Nhrw)BMWa{9a z*wQ65dH`Sd)Lb}%e=P{9eZZ@B2OW&}AYPE-=1e9GO;t!(U)wL%;~#p?J}F-OeO_(Q zOGShCmn1{OeAoktQw)8UOzuxnstLY9OJ%Dtkf!@7Fn<{u{>b(sBmEyTI{ub1su(CE zonpE*%OkeCR|6|?p6okJFr@C(daXJ3u9gH)`N4db^RKtZcpe`>WUK6=# zWMhBpTVwBv)GCm0-x!eo9~S;O(cI|)ct-_fOZbOye!tna0Rd}A{s#%0%k`3*s@5B2 zCp*=Oj_k6~qjJwVn_q}j+7DR+22hM*Q_KVN@*H{E?rt9zDVHhi;Yd(EQxsEZRy1Wq zh1RodyS{G_`2y`}Jg}z@lIkn|UyB;{7dL7B;U?hCne!wN=L0^H{9`iM-dBKBAl!lI zKZqLs5Dn7pDE$xJCV%Tj3EaA07_ZMKTqgN0iJ}EQ#s@OphfCub#!kqw)g$}+MWgz( z*yFsxxR`SJv~as`bc=ioWtMTP+IAm8vtLLHT-k-8YzlW&;cuqNIPYrd&1~d)0>ZVx zu8C};8hA_G1hZvP*h5#S#(@fZaDn}$?tBD)5taPkqPlSY7IhTphMP}{tF$zx$scz= zBQxsc-aurRh#Q-4`D|@adLF%Qox7j#wEfjic6PuwP*b&8HWD%uP%&-Hw`FY8cy(jf zjZC>*`*gwr$9z3X-3N|%X5)g#5;U>l`aG1F?NvaZTxA(K?28EObZS~`4gpEbh4t4| z%=h9VmH)cP1r*gaAQyqSNSuKGO>b9_-iIZB=ncHO{3ohel|Xu5`KEK3!}|~HPMflP z#fYW4mM}-Vp-{Pj){#mG{T6bVGsnAo(`aUo`$_#Nl%uW0+$AtHq-tMzla)vn9s7Gj zyOeJ0+bG-8CPMnVJq^_G3Sv9*38L7L-fK(T?pmCb^HQ(d`i4o>JYY5=7Mlo!{7X2Q+Gqja9;-i_3S9aarF@W58}`(XtFJiM z9`lR?qrdo7Vp`S+61CO%f57^mfK2ts|KcL$|GLQai#*EX#%~t|^FaT_MNhzLNdWrb z@(+c-{8o4fxb$v50bcWunXg>x`1Uk=U~u;@SMg!rmoO@QJgk5>v%!`#g{4TaW`j5*69DpXapBGMO!Y7rt( zAbuZ=2_G#u#4|h+9NGucTk#C$FFWL?ycdbv{*ZX>x5N`0pdB)|{p7=j<~82|&4fM4 zhdiCvUwx-gf6`MnR#Dku8?)idqIAf^5Gz&stSEv$=`->_P6_{OYJnG1EB)8hZpc7W zOMy&10pxNq2=Ny%2D1hUzB~DE!QGI53l6yn0^`s|{B%wBRFd$)44J6$xtpQkd=WyT zPP}KvAvqLO0fSAU^>h3BkAef#?5rQE33=+|`LAw*FS;rIFS_Xh8-eeC>lRiG{g<23oKW7?r-6y!!_S38z;8e&ECf(I1I}1)?3qWq0U*<%0d|o9sC-*CI?nATmw6 ze{@ot28un+Bs^%ml+fQUN3Ik*>3QmYw&6XWACv^v9+W1l!VH0 zIkpQq*@TFq;eA1B1*a?c`Ce^f$>Ab>I6SW?w0Z1LyN*vBx|XB;SBqFg1|U%v)&Ix; zD}O2sY{mnd9Wwum!oYvmAKm^{I1}k_AshWJ>KYv2d@U0LJcva z<4<}Noji7(ewJw)-#zsP&6=tySFN!9sGqas4FDJKM1#yu)b&9MJM}>QCHO*lfkgdL z{9jQ$fnNdv=QD8P+ym$Htp)QN*m{fEdF|YmwYf}=z7~!gW&4u=|F>nfHC<7zIQC%O z0e${!qI?ESBSlCt-X&NJ*B6pq)-0IOiqm*MuA96>5fqSZPWyRMRfY-2taIKYrhC-Y zM`w$oHYD2Z@@cV0NBQwb1~sH1fFw4^{%f=let}5(Pl!CLfc>bVe<4D0h54J_moIv= z{ib)-zj`CLg7h{D-$EFde=_u;PJQ}0N@3G;os5HMJ>fF+agQ|KP~Ae*XE#GwVNCwp zYo&)Q+Ybw(VP2!)f@YvND>}R==-pYypx6*@l8n)J-x8+_uu@e%@p_YQTz_0Bkr?Dppt(2u|=)ftXBd$ zLu(#wKi8@kNogAM&~9<;wQ0qvk6aUN*T5vRLNJAxI|^}{(K_=3YVweo<3ea zNF#K5H$Q7A6hap_O&jjhA!17o=g6yvh^*a{b*w8W0eO^Y)YIm{?#iHytX;V5co_Z~ z9wd)fVOz&h^9N3HtSv4XC3$sm)y+5019mVu*ha?S12PEGrWwlLq>r(ZIxTIlxoy?^ z!TStN28y48_>kjJp$2JZ4q)6dy7E88i;UT59DH)lkdd_Cg0v2R)T%-R{yN=}G@)1Z z?HxK}L(UUA9)A>XVUcH%Ftu0^N|fz`MV-4Dja&hy>!Ck?ciIDMaJ0vO$%j<_44fm+ zGfS{(zZq(p6BMvXno{58k9ZN8(LM_)t3e;bFn!*9-G;xh^PF6L<_8R^3s9y7hHO$3wJ!3Bbf2~X7Kn%UfS81gOd3X z{-U?*TYF>^%GFZ*Ow68Rh%k(vp07KjNlu){pEAK1`5AqFobeugvV&yn#_K1S(hH|N z(n@L`*Fd?RZISJyeZ8};Ecf#$VLj?XTsj>7D7>?@a(s;DGb{(U>9!QV#bv#1dyS2f zk3_Hh0*wzx-f_o#r4s@_dh zVR8s5iDK2){pzVNHq9?9xkE4`$4}>wNTo-#D?q849%ZCij(V!Sm}G%zTnQh76D8}O zAFg(~;FnFAlE;V0gRlISL&d2Z8Opyj?e6`cLS!>10GgIH0DeR>bt>GRgc}{M6~K_K8ryVHHMQq^udN zAoEU>It5{T{0&?4x)q9LBxd-Qud&9O=UYD}GxUq(w0+$oQ&w7*3z86H?3&YZ>9i7K zkZ|h6h<{7lA74U+#DBf0g#+kCZJ;iu9{oRQ+h6t-zy+usi2hK~3?><*;#SjdDz^Qr z;te4Hur4sDsmSC6tx{6`!7g6z^2^myWP#73bB0KLhUtT+_|;j_RGa5eWl(GY^{;hu z?8=zo$*Xr0bqIuf^?ZT#euM}!Ky74t003K{2q5}H4t>~HFLFryCdc!?a?}n20Lvd# zE>;(|4Ji}w-0r?NDP(azbhF3ET zPSA=$`0)dFY~v6Ud2?H_6RCUKv{%b9NeKQ@LE{M#BG&JCpZM)_}g5C5xoDbRy&E%InRG{Wbqesw@0q3Aq|D={OO zsHSBL`G>X9^b|Hi$k;O-6hvy&-)F+4b@V?9dz)Z$n$zK`$JQ)v+)C{i!97Z<@UAV| z+>+Qpge^&7*UQ};a_ZI+4R^^^Jv|bky11@(@Aax=`HdO_Ak*3?#GM7zqL_( zIR2G*a~u@CQUw_y9X6$vIT}j#Zp-_gRAk8`Y0a8bUkPe;$M)!^T28!WBE*wD_PwW_ zQ*Zhqgv5A&b*PmVK|%1UkUzK~0wl*f?EkS~{BuPC+)W1t50T$I2WWpEH=z9m{ZqK${!(A|_6hQ5jHUzaPR@KZ zH)ql7sfHah+C+%BgaJ8cX|oUeU!KlE!Yf(A0f3+1zR>T(f+0Ks9TXU|e!F1Ma`qxT za9GJ`;IKYh-jn$d=GjN&u7db(x{7e6`c}FOEf{{cO4iP;`xv_XhRkTz5lYvAi`idd z52H4z7hfyh|9X(|H=jXIb_@n)K|(5_GV}52qA7VUwc`-VlKMy3hF#6w;Jc1o)$hGy~hAemy96020HONh<-ra`P zS4|@78w7S^&TLng8z(m~)IJ~K$jukOr%&sHHUI3QrOrR(a62cyo+(|0Da5@aS*P`b z+YkB7i&z#8BnS5KUmNnWFB4qwzZ1N53OLjDf&Hy1ofrUM7RY5f@Sl?vIUqOr9fmlB z7pGqn{7swvf3-QJ1BIz%d4t7S7~ZJ5^qI@qn4SP8Q|Fr7)GuS0fl|~_xtyPPCb+jw zjS!XZKkeCR^fO&FFrk%@l$c%!JHY)qx~d6qy)&Posxlt=Rx~d!6oNRbD`p}%kdtr7VSG#b5W>zU^YNr0Q3_Rxu>$3}4W$nbjZaqgZ3ju&vEb(*ki_#ue{GS- zy&xsj~kXgN`-Rea)X@WGjUNf`Z9}-=AKde!cKJQx%=$FevZFXU4NEfJi%RWte4A!}r zw}e@DeT(N_QW3I>Vx(sT@f=7eQ+wSajzq^-h`c!Z9qDB@Sqc4*{l-6JL;@~G`Jh)$ z|0|;((Z4cIvw~zyJ=hWVyip5au1k_qVx=4PyzzEDcuINpjH5NoC6jc8d&G9oR_;&g zX|Nndt(RpbK3m=u)Ulj)_KEGFD_0ev;--^s)psDgQWcKtu@?#NTkmXL6MI7b&?(OV zLL)Z*uiX&&7c}_)M8l5=h(`LqXef!o0HlB}1ESyKJb?E};e`wJ|H8!+c(9)LQ3e?2 zu>>WW&am%CJCx;F92W3DR+Ez-se^+=%vpp107KIY{o$0FNYyW9{H=EI^8}jl00_1J zyHEgNo)v~UmBJmr@JaLzv50vTR+^+d61mtD0Et{i82|cd-y$cLTCy&2om)hjrLfb$ z16&yqG&0o&EC6_H;f4NCi}OkGMJ@W@)H+C{@T&rH{%;T;2g*oM1SzzdQt-Mt@Qtm@8iFGt6M;6v4wSc&)K!2(R7&FJjsj@rQ$7p z!n(>P5|kX2^bp~a1$_r5Y?gDr(d()Mu5r7QGEMibOa#m(_y>#G-UZ;{BSWc~$9U@v%Q}AcTR7j*x`#FKakVY=_ne{Xx=oB2)DFn+6<#cH`hl z2{`t8PLN+oRC#K943M7B0=ajr=PkaPJEx=5+S8yF)%8yIl|Du)TYp_#l8#FIKNi(vc0sHCVsrMLAZqS`%@pBLgl3N?hX#Hp8!*FHBFrNbs}wKo8mnoSE@g4$@IX}<1q3j3D^Td zovp+~#t&Ub{nIwY1?u5gebRbap^?0$TfN#?g(let>4@uGWD6kHn|s}v6iii%uy8H~ ziRN-OvHXlUQXIBnv@~4ioP)FPP(Fhb1_JJR#QTK^PEl0Qf-+-znlI&`Olwk9hSYev zq++P>UA<5nzWz+H>GpyuPnvtLK=yNw@3ERdLoGWU%PeCq-p-QpLb6VReLD-AX9lw} zT?EZp{sXK@T`er>BSttw%B1vq2C;)hFaw91SDh$*6alAdmhktt9JEk#gd@|c4G%LJ zPs|XlnHAWY$N(&5H~3~ezJ5sd<`o*9eEjQySnj)EQNz%y6!{ANvoKp8;+E*upCK+h z1tnVsyalGU?clDFBXp}GeANViD@p&b0g5`DsqyvPAhEI%x{TyF8q{<4B}{qS667J_ zrJK5X6;r0VIEQ)iH>|z-*bY6oILXB^<}0UWjPWkHr=im(sp_o)yq#6jdu=&l?YCcC zm2D)_d5#^w_!>GTVR07_s6k+a7krWcCtT-!#i}CFWy-^kVWT`)v6T;7(-Jhab0j_ z_69Y>EeXMbh(kZ+n=Hy{=;OvNh z2|Um?CWa9z1-$>e@YG3~5`|Q!h4q1tw?ZCv4qj=;ExMKcK0-~A%l2n&Yh_rx-5E|j zP4xs9Y1P#}e|VW5<)47)O!W3BBycL4e!RK8QDnkU|4`{pTP3iH~;Y-32L6 ztAqcNg01a=H>equR8D@Ol%EJNqnGS`+!)xV(st(%y z=ow45;?(||wU~*Pmg;;3E?0NR#qvSoT2iWLh#Yp$sZyLFq8jSCr!Bv|!sEBp$8w)3 zLURM|m|7QtzZ2$GKw=Zzz&m9znA0nYoWBbcm0OD~ee(cEA-sQq9a|q+syWF2DW1(a zN{~91^%nxQhd99->wQVq({xu|$Vm0hW&gBubaCUDV*3MkpE%497hGSKOwr$4V(L(k z4IM)QjN7(LV-W#YWR~=p=N$+wxu+UK!h^#+zt8|{KXX;YxC@F`_p@U`5fkwz0>BrT z5JB`uRtLC(MuL*e;|xj(!w@miigt2m{s1 zUxe5#qUHH(gIqQQ1@9YwjxQ@tFUE!9dz`i}6-x_pbQSDB50dpNdO@V0arn|i5NLn| z5(WzNf47%j4ZY---%d37!{T0ap8&JenevB!veeJpza|3JmqhT}mSFeEzloq7510r- z)JaK7qOQeAu?@3o^;M;Ul&UR5Nxi&Io6V)hW~CU|B~0m9-zn+_JMRW*(w#9E2KwL&ea4^4l#W1FvbqU$O?I&M+X)b@QazWG<&7kqo)bMLjIzy|38qTD3z!jABG!5QDS$SR5oU+^Q`SuQj&1kKs8J<2(5f@v-+`K?41fYE=Ga7ooHI^@o4okf_v0ceHAhS zcgOxSJ+{gsGpR7unhz@Fa@=4U`TO*`+K83_;v0dc(v=A9QWnmqFaG4JF)PH3CjR4N zKe}B|iY!uC@=&yXWsc&l5e!e^1h8%D3{z*#swvw%nDs0_1io6{%6#QvkjVt*cqtG3 z+}TbE5l1B$CrRL&UY@r+J**@Z&x!ysz#lyjYPOvFqa#Yy8?Sp)qkYP}4#tqYU*GzX z>s@Vc{W+R3S$EWRTim8<^$n|+Z>SV##=X*2`GkvZsmeH^38FAV4&dWYFoUS>5mn=C z7Ay}7wvykRUMKf7TO!CX{lGTu*3S}L%tg+bnRm#D%$!oN9_Z|^&>C+Hv=gF$JfjCQ z)+Hcv)h9t*GqzGw{H`?XS~y>SRi~YlSw{O4awd2q>pAAwzGlCMsc5*hKbm{_*@}fG zQ)CIThF49IFOb?ovH!gfKovuqa;5wj4AMdT2fdThgm@#)4D+{~Sd}%*^cg0eWJ2-g z(no>#l2&PcwiUzXU(j!&erd42-fnSYVQ03neE@rB|Dd^ve>$Ak0arM;l^y>1jy|q- zu!#TO@~En*-iCprggU1%0~B{JejxzzAOSD*dm?~Lcv5?bn8W`~1pSNuCITN-0N~lr z^nT?F1XOl#d%P3WK5yeqauz#FItux?-tDT^PXD;ocTQ~*pT{pBHK3Vc3O>e){X{X& z-hPOSw0y;nEQ&5F(aa>NlDRr?xyt-WmOadZ0QWNm?aHPa&5#jMXHUSx(k5?(eowg+ zawo1FhimO?tD1^Y!L4Rk0nMq6+mR$XIP;tLPREJ94qWx;e0JfHZPqBQz(;UrbadKA zD6tyG{F1yF=2I9mr~J+A_VJpgyR++w> zGK-U!SL-};oOP%282FK^NY}f9)b%uPpk0_ruFba7mzG%+sf{#&s}eLV1pb*^VV$?(h62sOhjry|~> zIn+#SE95n6NTasmEuupbb>vgz}qMc7#GR z7Ud=KGBdAB1RSk{#EO$Wo`Sa5yql-DHks;fE`vW&sG@~O5Q2r*GDh)lQtd8d;H?Sz zHS-yo%3TFDolsvtrQw{Xq946ADcrf;znt$MYd<#mJk(gNCZHA4dzA~T^fUNQd426U zy!qMmS$T)%7_B#FLFPh4z|aC=g@z7JywUSR;WJqtEbp#FOx(K&WXJ_jHdgP#Q3W#_MdZkH7u(zNt78=2Syb zTnBG|tS@&RBO0AZ8B3cAcawnWN{1|A;riKJH1Lb=V+j%jT}w3!KY zCH5bm=qeGE`4rsHg{4_xNsMusJ!%kK>%QsYfpfn5@X=@U&Q?JK&pP`<(wDhjsjZMK zi|=}+L>)GCRTabxdVv}UR%ZA<%hXX4tRDR=0T$(HP=QQnMhfq0$eFG=5ez4ly_;c? zW(rZ^Y`#*S5%vkdduT?$(xr)L)ew6nV=Zjq*x^R(4f{YvKpD*(Y-)N!0rHXxnGSBNQKP_i);RUh@M_)U&1#7A1PFYH_i z8gL)HB{y6{B{R-^1KQ`l+RJ>A$!2)KwEcWm=*r)y|B8|V>{4w6_B)fQMl6kCcPH_q zZT3Qgo|4fb5#)KAln{NM9!w`(8~0lhrO2LFwF9~s=)t8;8=vQxpeB=xaiwoXtW z9KK`^UarRx(T3z1P*0l50l|gXi6!*tgJ*YQ%(YK#CH_& zgHFXaY7Ha4?N1=FX#rx{69zhPj<&4z)MI_yTtZVcoT{kwr@mt*w?2TKY%8>{sn&a{ zBWsc4u)*Q>Q#*^dL$-@aZTor6;QN`I?Fr6)g`grP0RKfj%oh8q&!;e}~pL zks&eLexk<8WOlO}iAG0L5^lVUf`{2eTWw7REX?vS(SwK`^g_&#{ew)o5{_r!)&Uk%S|h#W_Aa zm3SL<>B@}SF)^LTQ`=Oh6fcoCHWKoQLnx}Cva<_rp5toLKk~mvB8#w&(6Z3NimY>q_bO>I1`N8xzN@I1gy%$M%K5u`;Vu43y z&*k$>ID*$wI7XZM5anP+#x)`sjbbXY{Pf115kuw3Bh}vEC{yW`M8`8ktmh zX5E0fb}VizyexXu#4`=9hXltxKl!WNR~}gJNGyCceqhIj zHdMs3;xoT4dfzboaDpi(6t`FH{L6?6MKi15MvsMZs$cGnrUKG`z^=AV|ghcjGs94Fr626G{#nFG_e^f6IQ*qQ4DxvN)`v( zOog7wwWd;y^I>P`YmbTaP|m09FKpj^ihxA@5JXNK*w&X7rKbb>&Zs2Y}%k+ zJSOLoDbQ{BRDcuvnQ2gPJA4G?6a+Qbs`F~MMP(1FfJ zU%G35B48zoQ15GUKVs|BzR9Emli`Re6*CS97gZoG0zgPW^v9+R>#LEM-bu@!`EY_2 z^m_vb=D&~TO#tt%Po{u4E&(};1DS#7cccMaPr#F=z=IHEzah=~@2bEX9eABqd<(UW z-Wd6s+gRdEZvze;?8yei84mt`9C!PDpN{I)=!>l1{*-kx1(>@NME3v5-GK;*0Bztb z1kvyEfyq5-f#j=1`mcPGDgVlcb_be?)QvV7_&N7m?y63uC&ywPwlW)3J~2`Nt^PYc0hai#kJ&bpam`5EUUUXqESk zBQnlqwvQ{XJGU4YVc}gyyH4L$Y@1oXDkxy4_@+?$QA!Hy7W4H3`Z@Vr6|R|0v#BK# zDVA@;*|<;^*^b(4sZR|w=e=(hO;@4xE>>v zIGe3B=LI2h=jNW{Tm(lUY8=PaJLaYmV5wBYQLUUV8SQkX#FSpJfuv#zhUf3hg*ffN zIayswXn)AjsF%9v_HRk^Y#gybD)B@Qa(`ATnvjJkGl#a1+iOLuuAAtyh=noV*pR`|4B>69j(}(|}*j5Tc5$%UGxB~R;>wP7eLb! zkX9MFwK6=YVq3E_XPhpawJu426{?;xCOpgO{FpaoW(3RK`x4{F0W(3E^%zZElbVpk zTqmtn7^nIW*lgLl@U;-Eb>BN_w1kxF^vDZZtq6H?M6+&)pNOcaoMyNZ`?jyq9VNlH zPuU83&Q?8J$o&aWytM67c}(W!MihWvSb=nBzLMX8X@<+j!aU|LB%%i_P|fY^Lz+If zJ=wdd&tbSHgd1*lOKYlR1Yv7NHSvl8xN)raW7_`KpeNu5CNZnD1qn?q-38y{crv@)$=b>jCCNS zs5IPJUNtLNGzM5oxo7qE&6rK}QPYkzpO+A2z*sZgbDbt(8J+JCwilvOamNd{`>Av8 z`P{!tiN|MH*N%(q@t%PVJD!?2+Y&}@$|BalN=psZm!}Q3FZxvrd>wGWE@207pSeV z)pDl;i$%$aL2+&IP6N)#Pt=c)F^b&`F!92$zf_OdhOBpNw&@=@K5=qYy$(Pva|U}_ z)t`YF-e>0wOS;Ov7BAws)!si51U!loBhSquwezRmPY`>6to`QVuQ77_1;5Ha@tb)9 z9z$yrlKv+~g25vJEfKVdQwM1;%?0+ZoL)M0k`4eH9oASS#nBtqzS?s z(y4M|$anbE`!3dN3@%7a4MvxJ^R#oW<6(ci^R0X8hEG&vSHaUrjT4_s%ll@*zzh0L z?Z;+RTrdBu6iF-Kb2>(Ba@0{?UW=B-tHU8t;mZ`ot`XHoZ8P(ndP2ftOs*oOM9p$Pb$8zDe)B()wP;E=OFNr%m~KlY?mB!ns;QaZ?hfC*WH=X zs2tyu)aYvM{LCq++hXM`@S`xe+2O?~exAY#CG7*#yJ_8B$W69!{N*Eoz)e2pKF zb;T6Iit}J0cr90+{st8E(u!a)iCo{k5f;ZLIK`x2pRQ6=_&ZNwDtQSUB}PZ2K!y2+ zw)G0Ar4;xqb%(enLb;Y7HF|pdwChj9;hH-|^R1sjZReqNfsm3AQ0=Pk&_Ac6Q=h~V zBfhJyXO6!9dLVbo_7UOx+D?KF4X;f`b}iwA?!FD3`M$OcPF5-0PEKum@|C6n{LOqU zjmeJl!I`7Frlu43W8-F;=2&8Q!TX)h%EyljtNVR6LOjBIn!N`aV?yg>+QVws0Ga^E z!`ERLaU~2hq#BS5zU(;ndXQxDy5Dph;f`Q*UjH;Gp`Lq z6!`YRL+-{R5YgbTo(%~rv|wflU~Z@~qYjRlJO-#yy-OkA`YdP{G*QY-%OR~loCPc$ zC#bZK4cMat|LVf=Z!sa*x+jEgOML1t5%)UjIdWWWXpS)ZIyy(9O$k}s$=@k;R!HOx z;eO+BFsVDhoImwJHM=|-JiEXY+B2-zkOhvbv4`Dx+|8uV*0m5OBl9RYXvV<(WE#+u zh6uow7=_I9O{k9!xRvLnJWoN#zCv81j<%1}-fRoyiB?Zc4PQoR z!W}Qkhq{nuM0S5ZJ#Qwe<3A;9_^VQi@{3$be?S0>I)za$iJclD8eP;16HL9xeZ`#6 za))HhO#=A^>SJ?H2Yyoeq}e{e$GQAf1#DlhEU6hx)}RTJF7x1Ad#u!C5??e7lCsb? z?7+d-OY`_*9L~)Vm!(w(88(r|pd)0b;p%iq1HleWE89#e3HvcjSwfFcNCk{Nt0M1A z_eh!#JruLrlKXREUm)?R+x%>mtXC#(S`prP8BrHfo(B_t(}Hc}-s)e-Eg&Ihg8w+P zwtNt3Pa9RoMld>`QTukm4Zp7Vdx6OV;sUD*pdQ+-yFtIo7ZLcxEy&Lqs2!A-t(6k3(`-)jO|FE zHRykT!shQDWrOS6zI!GG$8TIwG`F;~jo;Tf3F&_x!K35}&6{7tjMCj#50*Qu7b;_XjCqbHNVCA1z%whIlxUtU zu3=2rIAdV4!<=?{jJ=2%m zJ!*2)B;=^yPr?V|e%+JN#)QX&C+=((mj9Epvi#L_O^b8*LW(-oj zv`UYkH+x>@gKVDr*O`;tvQc$^y+%P3zt!k|_vP!?J`tUo_0?iQdiiRl8PwdJGIYZN6*G`ffQ#Lxh#lBH{f3R*>?1IpOk|# z;cYtwBDLqND;!f`r0{fm{97wVMS%2DZ9!r3|78KFVQ)joDV z-}DjpHb0@YOmLU`6=$}y)4Ps1<(s(IW@{;Z`|$B>+_=$@`pT^dUMFWvTFV;`={v++ zv)2RU5+2H*-vPh9U%UCrmUwf*+aFosVnrCtuzR-g#FuA(e&>37;3~<097l{=8}juE zwq(Db^gFO?hQBi3Y|>3^7gt`5<(yXi+!l|kW*$o}SsU=0#m+z2IZLKh=2mrbVd<@{ z4I_lav`7FB@>@CS@CVh4&q6g1IMV67bIfrWKcZVgJf22eZV;`n4XJdsy)B9_{x zB&lUW9}u#?2SyLMy-Yg--&i8Yy3QB zDL`=@xFN{QzDDVA-JPpF=~mg}^WgWcUaMR&zYnSrxi6<%x{oc1Q)N~L0G30&SKn!o z1J^D7RvTVmN(;CZn9bYKhDh!M^NstHH{a)o^7TRHZ4=asiWv_)3c7TIXo!%G1zPnu z)f7sI&(j8mB70o5NXGO_4_8$uyQM|E@H7D7Ib7DsyYPtX`+}2#5^o&K^JugTOL&f1 z5!uBw65*rG@;V;DdS&fnuWLVi>@q_43hMr0Wh|uX0n5zVrYFlaopUkDjbzoRpKcaJ z&ZCsB9}^pmJm`Kjh$HN#Y|H&9&H0XGZ%SB6sFH55#3ToDe_^2e|KDX7GWtu|<@;yZ zwE+n#yEuSLO%NBvmA{r<1}|mTZx;$SApb49(tAN=7Z=?&*!*F?%>Lavz|&1`tS!V% z5&jyi?n2I(cm7@pb9pVni1KUG_SYeft=IzN#e+$+rtz7R8tCn-9PTbHHkKHD{zXF; zt3mLx8|qRR^j5?k@_sg^%YLkl`?I4kz&o7lGXk;R(4w06VP{`n2kW-yc)J2}Ur8MN z(1_uB+l8}%vp}r5|Ef4#^;)##%xGxJAOA8(Yi9lGW6pEbn2c^`cg7ve!|nV@XB$ic zlH14j;X*HVmcW!?NBWU@S`9O_Y2b6Y)n=ov;hA|zME=`iMWmg9d35Od3CgR%%)&Ub z+w&a~NY3G6yfgZSUv{v%LKJ1Yj|%cUC9sYN@DKDOzJ@RAD25gFDhRq`NiOQK-&0z6 zft9sJ^@I;^u5qIO`tk%uSj0yvMjK3Uyr29XyzVwmT!5iugk#)2?WksNxeH#LM@sU< z3l2>6uCpF`Y&Y=9sU;g8W0i_AA9K=^SK?PG*|`WFnz#>*c)5D0Znm07DjMC_Gm-l< z)_v^}7*`$0;yHp3W4j~k98ppvG;QsnQ12WmhGA{r8qQryNqTal5IybvfJBhIEZmXQ z+&HOZtklFw&OsrwDc+>CPm?AYF;sHLEF`rXe1yz^`x?M7< zH%r(`WE$$DHrwpUT`7{sO}uZUj?tL@Pm0P6UnOFN zM0+s|_8R)m3TzHuIYn}GrwCXN>x|L3fgP$9r!pQiC%?B$9l8COB{kz!8Z1U5hxs1n zm$I>W7j*GrYQv9jqIZM{7oy$b1_omTx&mMpNZmTq0dKaA5s0lH)G2-;Q__UG;P4*(XX{XmDD2bh$Uknw_7pJBBsjqP5|lLlaKdg`8kWYi{AqKUwQ?xQJoM z8+@H2ZQtza**9=eRg=CHU|UCsCV;t?>Dn17birHzypICD$KTM=;8gvit*(Rg=e~jS zl#?4zZ3}uZ{rhwa`ZShrQY%|Ng9QLm-1#Jky1hs6H1T>Oi_v!p3lnk@(VtV{c`Uas z+e!_1=5opoezA(*tX&`C?U+E%e`J*tFH{@!E$kzqMm&PAl}d~gWL>AadP|B8?%WKc z*R%D6hNax7eTvkZYGaWchs&(=a5^qc)raa3_EkB+u-;r;yh#uIE8q4jVmLsdF6n7~ z&^b+nlW761$3?YR*1CI=Ea#sdiQTcz~E zyJG)>sSoTeL2*+Se%47GoRT(dZX9O*_u^yllo_nT=(fVwNG?_bOD0A1M+Nus;O7#U zE2O}^em8Lq2Ic&P6@kgXX>GXABHz3Z7uJY%p?nq<3l~;~1fGRDpN$?ZajvLHpTcDf ziEoNbh0{gVt~VzeYy(3LcGd%iJ4CK;Bca1&K6Aq-g!g)Xu zvwj2kQX8=B0?{93m&=pkOWC#h-?Hlm@UkCpp$aU!Jn@0AmWVC~&}X0SqLG*_W`-Fn z2DG1Nq)1a&%Y8WIYOed*1^*%0>gfT=-9TEoTtXUt@5^vOhf#Z2$pmh%b!#Kmh;!mH zjt}5nXb*WDR-{MRH>@vT$x#}6HLn~up-I-rwk*Y-(ka1(@Ey4B2a?WdkF>B*#-BdV zjU3Nbs^t4|sC4RL4tD#Tdc2G91*OV?rRq5r7ri~ED_^L^T~9)nWwE^2e2-Pz?t#P!}< z>pO}yH~mA_rEFTP9eF5JQUOH_Xg#bS^sl$i72J2sMv0CEL&}>sH%l&WGt35K+`(*< zg{B2_?YtstKAE1zH_VJ+*pv<53qP#w#&7@Vht;nQ%$OFmkef^kgsLrR6rSvWP5IKI9zw{im($cdiztVYGGVMsOPO%;L1yRRWRp z6xyoa#h|?(1-c*r&-ZEwbl)eqIwS{YV}xTy(=tU43rn zf5}G9^;14PWSu{#jTfE8@;C5dzKR$6VSmh}jwd_flM(+`FbkHk}^Pb z$b_61V@mJp63c)j-1@~-?D~GoKOPow%G>}k{BEwNBYx*ZmNug=XCu^j8|Q~JFf6$x@^7OygaOx{O_P`5Sl?C()WE)?5}8eml-wI67fQf+kg zZ_QH#j~~!@#tj1Di48__BBYFSV8ifI(o<^uM@AT-DC(K>&pj&k^TG4>>5^UN6YD5u zNzL3hS75M=(U)(SJI(3vei{rEU6?o(i(?A?f@HTt)3}GyxZ>JdjJLY$GC5TSBc7k; zD5E|2To(~QS8hq)t1NJw<3-5?sgDpZ3d5@XIh(SO+qCs~lj&A^UPm73-5^C4?mdwK zf37^N@F8T`67Op-L#EJA7E&fU-xn0wdU{!Xf} zn|5@r;3^L+yF_972>bwcvQ(p{SM5?C#hi5G?Fu|&*uUjoOMGUOhE)b^y&lU3A` zfkQyM?%|XZTh$__v~XBkX_oAcMI_iH*$n&ct`|8JPA@dgvaWkSK~@>lNv`lQ zUc7+)gb+D5Yie9{GX~1jNnl`-nkf#&*oJ%!U#q}jUOyDl^@bfvw;*;NSsSZUJ2e9cU2W(%Pk?dw?GUuU%Y`8=83(kf}f znn~=QyxY}MiCjeb{LoZc2WSl-S@_@KMcq7)RFL(0+QiCrzJc_WlRK6z#mlOT!@BP~ zhr>Dz`W_ZvBOF3Fm}2iKoe>0qaz&mtned)@pYoDRv@J-;TxAt2Znau?kP<^cE*M7` zAGgJ-@3XBImvZQY$R?I*Ns+q37;yKIEMMgR>+7xKs(haJ;X`+KN=SDrDM&~+0@B^x zNOy-)(w&lmbT`s1ty0pR2cC2A=j-{1@2`K%zq51AUNbxQ-n+9=tUuMmi1c#&vPbje z`S+RZixrX3d8v20N;wE$5Me9mUn^F{mlFMQC9g#Cv96qz>Ec*9;Tls6oFatt1=#-0QhF z{V>6k8p_j|o;%r~HF)RqSo3DDZ~LD}NPW>wmiK5cQB|QtwkzmvM@(L)shefH4JcyG zdA*C<-ZOaGr$B|#y7<9UlvfmfIQ0#C6Hj>dQ>0d;m* zgtUGhV>N)fhGzb&FWh8C!80+<7HWbY4X;(P;4MfDaf8ZS=HpHB8DD>O6K%JJw|FOX z(!00&g86;hxl}8IRopKAXL59uW%95dj@$!LCQdo@ZGC8mY7)$sWQ|xw;ffNo_2WW% zP83~m+$}>T!oFI>B!z}fb$dE)%?UGuEe@;ZECjbX!>Uq0Y*YEZ`<&V6vA=DYWIyRz z4;GbU7!BiVcesSzIt{T35M-Te+Rz zB}mY#0wV9{oE?S7r0?6(kG0W$tdfV~ZO3mMFjx%#T+->H0Jc?r+fa{8u&)WJVqGdIV zAwayj1fJF`(6s(zImLNcP9MEx9{~D~eE@EabV&E+*K(S6i~>jimC0avOb)0JpxHyI z{OE-HLCbG)jBSCI(*Rv)+^nD;z6v8xqk^kV1~tZbcJ9U`BjjW^Y|cilqx8fd+pCO= z?9XXMNk8k~;L(|hrJHN|$ZTJe`!(nc0O4gAwx}RYjnhKTHlK1Wh0E%bJp}vU$dgv}m(*>d*#2)rEF3xy-Y#YZWZ;ck9Ko+ZCz~HF z^$s2GP3$asKKFT+YQ9X#G-r>0s3fqx#dm1euo~%mr0%dC^dbF|PvHrIb*rObdjq61 zQuscLyrS_5y;{^x7Ay`kil#%o8=2?W9-y9GXpXC$#)2mWbC96vmDYW-O>Z#O`=t=~ z5}UrQ#ng`x%$hEp$)pas=lw9va9lV#`81X$;F%? zJw(Xd-=IW{7D=7g1@SxF9QvZ-&oL(V6@&{ZM(E8sSnEqEbP3yP>iKl^qv@U6 zn)p|tb>3U}7Fcz)8f))cj2l_?uOe)^*5uI%>?_{RfBNqEk!wh~=%rwim*`fm8=`JQ z^;XS|unUzOiEknLCA89e!(>ciC^YEVDadKcxco>{(>YtvLzL zCi3&7BlX1)Rpssx22Q1@*jrLKHiUU}P1f_QQ3K7whQ_UM2^3Wc;|>RipYN%M4S=ajoR-|1-g#u_ri+$%dug61`|#_WS5NMcz1nfIQDUMZA_ zY!FnumCvfDcgR`VIrdWIh0lr|ozbTOW;JLpUe-6EGtEYbdQ}Jb$V=$qQqxq1D$jyK zU0e+CuTX#c5bF4USI#HIpisxB2HoHWYf10>S7%kUOt6-PAOEQZ{~lj|5PVL_vtT8&O(m>1OED`S9(CqZ@^IxjZUU`>9kl^=}z^ES*s-pfG0d$8F1 z(G=bMw)h=6_`Qs!h27W$ZfLhwG=g`7H#l-QeC8f3U%}c(%Kq87!{WiKk6La#c=ZOv z&U-4PUtV?9h5JVv6%2i_jq}rg+8BuS+s61?aElTfouLeUcQ4Xnv8^4BBtBya*o=2(C57FZO)(%if;B8|Vi zV0k$ZK8=rOecPdQ$Kb`CkUA^}M*2eVpRKDcACS`i&7VMf5Yn*UNH-1P0ZpJ<3@neA zT!@cAE3lS|od47UY8ayjnvHh9p!JHbrcTZoTGZNU4MAOYG>_nvuA=Qd(cBBq%MCRB zL*|6a7hVI>P3z0tHHOq(mg#I*rOnVP*_WRbs=}S$;s^wZDfXjh$cKihDloZ5t6^yu zT3-k+#s?YD8?fYXEVd=1Viw!jQ?kj5JEQp8T>;Fy8qF}LWv}k2;(#10)BPd-@OtTI z>H$m6Udn@`6}BF1f@y3de%Tt}-EdoWXDCDc7E+jS5zCT-B{o{3%Hl48(Du$KrD zFPKdIuqgB>I-h^W`Q+uo7et}K7z=A1@k2&w%*KyJ?Xi<+;%IT-*6mTW6TfbJPMA9P zRF(K*B#)*7CtBhg7Q!HIu=To9V1LI`eS{814z=LURvm{wchQ_W<3NK`6CGYtHbA&( zVm0h?ti@nAyqVIlmZ z%@s!318E1j73 zn|ta`VSj##_&QO=tA-X#@Q@3Hi2whPkGrs`0K0NJqsXj_cF2FPT(6;f*ji_%)&hmjMcvkkkVNNP~mwg0=) z#C-pN67VQAGe9Uuz?CLN&#wT#AVK-ZFaMOg+fKNTzf!iTf+ zOe~0FVSNzzVBoUei8FU6p1{J7%H*kX|Xn@d1D_DJ+h(ti_lGnS4{}}4n`cwUKn0?OSKku6!2^n z4Vh>W*D;_b$mtmRSoY16$;UYKM*@pYLdOde-%>xcj=J?DN0BrqA0V!LmA>TZ~C za6UFMj^rOMN;b_)hXH{bqNao z;Hz9=q$GA}CVQJiS0zIMtHbOB&l#*hiD=}{>UAEd(^IO$SEX*VSkd%2VG&-fU;kGmY=w=qG80f zCX{&+H@VjHOM#Z}+t88Pv0KPOEye8Fu%HM8h@mB_)odcQlrot$Bzh$5O#hn361iFI znFz&K4li#jV|l8^2fqVb<2I$t-O7-TRq;|HY^m+Ssm*dJ{1uQxu+Z&bjEI3-~+Ls#0(oNPrmfEUK3kuuMwDiRUFFGXATkSO zTRGe=4}7tFe8|<$Tbr5lQLb;uJEs!T%|F0@f;&&mmEq$SSybbl*-u>&f2~~A^x9Ug z&NI$LW`ERY)B+3%oAIu$*-AX)bSWlR742EnL<)BGj@6&oF;#|*Q+*Pxs$QM)Qp6(p zPb8rh@z;6HSoaHg5cj?L@#-j>y=3iOnE~tfk3=rd?}hNwRzR5q4wdYUB%OzIUg ztz^;bUbTdya0f`+9H$XT(8WO>yHEL?OfwiI>Ud46>nCqcZQv^IjI`^?cQ$Z_u*Llu;NA)WEv~>6+=4b=A!_Deb(eoDe+U%hLI^hCgHwjw-#u{^GG!EqH~`j#f~8P!?HY7_yixXq*u^23yd{)r?*v6&iV_)-_R4~OYO4~_l=WZoFyiy7p}bA zSi32{3Tqd(Wims#k(BWyHX|k&by+>6fT|N>pN^w(U-+>&bZmdx=Wv=g-t8M=p0A`; znFJ99e;V$4b+nNpGWQc3K9zpU4Re41pAIYHWv;M9%Is+3(s3F3oSR`$&nsLT6gLW| z7L0h>b>XG4Y%YJCBKAN?y+L$zdS!m(48+kuk!mNHP5ipD@^v#v1tkhDG757|Hw9Gg zmG29{@>B9~(eS(+S9@dcNk3aT8?iTiKjkBxd?y&}P5PnUe30I|4EVO6B>bu> zc+pk7?T~IxtZEz3H;5cSF081o%P(3~ErCspztzoPfFuS}$I~oS-HHEmq`_HM23n|8 zhc4;!{mke`Q^bhcz7}dYnyU4T?Ts_n5dz!%Gsc6u0%GU}0fyCfatH&h^CbvM1?k(9 zJQlWQE5?>2lE@s*6CxVR)tOkn^>eiiX>i6oYX4`(ba=>^Tz_WFo3q~;GlUNSu+=?; z6LK;DvJ_qv6v{;)e;u1-t)=v#FS&sysH1ma8Ncl@w!_RLiHS#Ged4AITP1b?&9dQy zD6!UT6TSc;ny^t*NC74BU8%=uVC__rnM0C;3~K}T@CIVrhIYi50S9yNJ#jl;5?|=q zhbsmxSwqE=cQ4ZR+%&lPR7MdPr9uF8RjgO{gVN_lsS7VSnlxZ8^T= zQIQpXdPzdOb6MTgc`TYSjb9_XA*)`0q_wom&SA2kEJ>k@$cWd9s>Cnn9SnpH4z3KnDwa>llI#I)c_B#T~x^4WSkL=J6sfxi^CBNwGF{{Zn>{N-(F9HvwL?;a(~t2z zY+zaBOqV`8VD6YJ>80J2c4g>YBPVrH67@QH{zZU$9Bi`>#sH9#W+FrsP4XGkwCj9p zidVVh_4`gr)kEFS*{YL^wjxy&Ep6zkQ8({a940RdEgID>AYwQ;Fuo_bcX9=}>2uSw z2h9uXY!ioRba=>fop_P+3KHK52YCFXIP5?r`QdNzrD26W)NBoF#eHmI-iUd?!5%8x z=v8TqIvs;5ifzueQ5x0|{4yazID-LOl+ZW9J$;yZlP482+e-7ha~erPy^;VT0-sp% z;Shw4&EVQd?c|i&r5{uImgP390XkZ{@LbPMbEZxTTYwDRQ6*(j`95cSp}Fb|r=;H! zNEeZREc9g?ek*Q?c$*?rpE@))u0tT%lH~!Jp=WH5u>^Cb$XjyE5@8+4s4rVvrWQlN zC(ufVdFxdB>^6nNB{G`{<{O2EObyBknb-I3e%0X3#GCOGZ4}y6z*I~gjVh8xP7ST@ z3omP5&zRs+UL<@vc0L}o36(pDQp$?%MNikBj4X1?iEup!fa4b|atn%hbsZvxPiFeAdWFBsc4QdeLohiXekL>m)+j!a9GG+9$MwGXzE zHOqXyoU&0EXW3!P7`%?9ivO6RWTjJZbiuq&yNN)w!MGGMxI7E7E*&~ZvNDy~9b=_J z1S5x7gbz7+6-kT2JcJ2|aT%~0O?mh613i+7D8Bjl3vY<0+Zj(hO_Ilu9TgQVSS_5z zG;w%xA$zoEP^oxI@RrumifvQ_^Tp2+zE#$i?V)h11S%Q&{D6v_tHJGhqoOH6f%^i#hwtlKkPDkm-N~panGoZ?t)5CMApq=K&~3o8`=-oy)mKsJANeX zg!IRgE20;rxC7`Miqa)|Ch0Wr4Fa5=XfflCUFU@P8pj(Bue7jGUJRzHf1a?SfaU8P z&_c=H?q|UWJL5s8bi|4WXH43Te^#oM;IE0h*i!O@yKG+}EB&r7Q%k!(N?@z=c)nS<7uMaqDdnZ!^W z$f4L4)J^IX1-2k$+k3T zZ?4(h-dIa~7r&4e>eeXnMuu-xk|X1nWSk!P&KVNcN?7)4B3PrYYPckcvf%aQ3xnlq zi{v+lAKH~|GfSVjQ+poBTf^c&;w-cp3+jJxGg0z9Ro{+o*%ZgVv?-o`TV}l2n-z;L z=2gP-9>~`EeAhJ=63+kjLk>Q{*lW>{CD!3|k|&}L)Jo<|LnH1zPoxL7!m+rY@<4~S zM1vaboGUJ=>RdtEbhnvwo}q^pBY%t6Kl*^$vFUw2a6tK8JNKZt!inw!SA=AKLc{+1 z=7r!1EGgvPixRYECf*RL=SjnPMJcyR*@G`nkAoblxVRUGR2uKfN^m#{MvxLP_aNc= z*LGSzS?HU&bz@%&e$;##?ptF_JxF+J(Ar$jSVUxRI33()OKuWd;qz$|a`a%*A~rNr zeg}2VXktvNgx@(t`lZ%t9Diy2MRgkqGigVdAI1bJ-5~9Y7{BWBk#a7nv@IigAMH^w z*9^f_w@*T)t)Qbw>^xI>g)%!q(?Y0eF(+;2BSZ~B-{lN#lC`EgBFHfCl9mIxriNdJE^XWCJwS%I%__LLYJYk+JuE%5b`>fbCF-AEM+xC-l|m$jn_N9Kb);XyH8^43UnLG$G%lU$8<) z%H6KmhGwbwkaf{#0d)u&-)S>WUdA|>@ZJ_R+M(r(`lK!ug+#Aru2`X???x!n}fcNR@ez zbIxf)B4Mb-4Ixjq@gbgmvb>3>d)VmyZG0B{))6P$J2c%vVO|ZNBCoU*QcJUX%Xn-& zT7VQ}8X$orLdGrJ%FsgR&oXhHILhX67P=mgHY<&A&lU6|pAybId2Q3ut#-R8Jk zGRh8RljN1p3ZvJqi4+5qsKardXY0!a1=yXEYe0Qzd}!t#DkbDe!oq-nGM+)r>~KXfSCNQY5@^Tk=Zqah zWgt~cMToZ>R_Jg;?BIFi_oo-02T)x0C33}!XYt{Hj1=prj`N4%ijC#jPeZD?Xwe)`7LvMt=H{9>>ECf?~S zo~Z+Q&1VwYpXVHfuVSy_vr>i7%_!bgZZ`C{J@2mX3Q1f>rBlBaJu@(J`LwrMAmV7U z9@=;#pXTWvGi2Grc;T+AAM}MT54Y+K%7j}85v3Hp_#4t%6{Y~5)6KQAd|qGus3iUI zswT>>{EGJ1oY=GnkWg*g2EP0q6qtgrbV$Tz*eZ)s*sIE?v%dWSJ*|>?P&dUzo!MePXa{XqCfhZ(_z20S~6@M>uDzX)%R3;mDHPi&e8Esq}C_SDva8U57tnwQc^pU3>_BI59DV%rjTMk#zvIXYbmFHy5K%gqa%27j znR?lKh}=%voY*A^axaBOMJ~r`m@D{q+@Z95>ggM5m|WV&3f5QB)^B=<6AU2S@(k5F z=B!RQ3tr~eY)nIu7(0Xy9yHBN3p2dmo80>ZfNVldKcpw&0)!e(L6Ny|&u3*!)&>7q zV~`ru!{~o;(203`%3UCmy0^%mcB!(9r?rr`bN`dp_VnpkhbY5|P0>>khMDw=K;?jd zYV4&a5)s{4=QS*;7;#=+6CV{{I|zyFYG!a7h1g`gxDH?SR1##VzT1&lAld1`mvmQB zLAw8jVMoJd+WegVNFt!j!Eci==*r-!gOMHcoh^5^eN^v}nbMxH8KsMiJ72!8TbC!scc_`B(GnDzu80t}tC0soT7H4H_ZH zO*yaBQYJ{`HE;AK@|04-3EFL$v$!4zeT`-xj<4-JB8-)(Rx_rk8=IHo+i30We0Sj@ z`hHK(Z6PV{JvN2P=nI=*p~PM(d-KF#V<)Fo04J8PKfsM&$+{i_E~A_^%A(NKW4RK{ z+z4&dx6p?VtI{lPOcN6m7pgNxrWkV0J~G`>Y_1;S?~Iv_Qrd5p&g` zx*U*gkeg95Hj5c5j$uLWG}@6II8 zZZru6PaI-xco;WVK)5viutQC$zsg?oixva(=;VW$0x|IzG>P)K>X~SMwZ1|unt7Wm zI{1#pDc)6~E^ca^sd{}h9=%S8Vi}RLcU!2h8HE7;+(g)~iLICf?^k-K!{-QPqN3Cy ztl=;hqOqfL+?|oX#x-K_LHivGRzHyLacczf7+|F9v@`P`y5JZE`55PiFi%#PK7J)qimA`$%K8 z$LUMvyF}de)-;t9vE;epdA#Ris*Y4R>345vdZEdX6kymbVESyd@P#{8&K4aCaOg-= zb?fI%^tioe*#x%7+^Sq-W;54RGL&KcJ(U-tA_P7O@V5VK@>p-Lj|Mff+qZFXbeo*f zi|z8ttpN;W*PC8$lGp?xs*3Z3D>nEZ7y*1ysYQtw2j<~ABE5>kf*1`E!O4#CJ2apG zv?hb)aXx`e2D&_~%OC$-my!8@=M!SkQ#S4Xb~B($#fCKp?~el8;hB zt(l3b3fHT*d81%+Z`x{I52)gjzVR`tckI3^s2=Y}X?cMXrQe#>w`#m*l7c8cuN1i$ zIh~!#mv>FVG2A^MMdxvSn4&Oos9TYiW)s(g3oIK0fvl~C;2tdD}cXmpt zn-Sp?j}!T*sd7)f_HKVzdht3W6)s_FE;l}1!MMu6qF>Eci{JcQ&FWfs`b;DD(0!P~!p9=QFzU2|narXenPl`QJkbauVt1 zu}SkE?|L;pap$hwXG1zD>8#G*j#BCgB55~&f7(k**MmizqbV4h5BKS66e$Xp6w=`+ z@5K$=_{T|k#``TA<;p_`RgMs`5n@*Iw&O27(FBV4Z)R2f0x#kVt*b^;edZO}%TN{zT2y$y96|~ukDQE# z%Iu25<|Glm8i{JI&Bb+0ibAkE9dlJQ!V-r7BN?(ksBMtpl<4|E@`~)gKmD{zo_eR8p%{y%di>;vu@yg$aDt1Vhh-gffe^atLlvex?9pcir2 zCbjm(*!ptp@P-U6(aUJIdriLD7@~(>LfXB@3Ti ze^0y`jrUUz>#||nBdPYJ%%a+6M^4f|#Jt9(ouxTmx5(wmIuGl%V^v&;<`%X@A%<{F zG=I#|;L^vaV_s8y$~ zo(m(rK+*%oc@T{`;kFcy2GZqxLbbiyl0tT9n}a6k5Blz0`3jp(!?$T=hDGLM!x_fHtZDsh%{e~G=vz;osg2mVhv!aA1Esae*4$My8(%b!4}57P zU6W6KmA^HS|K_@a&|7nJtGS~pBPKyt;Zn@2R*xYy6q#n~Jpwj_m~-UXEq-t%@4mQ4 zhWJ~)X17DhozpA^{FZPcU5^Tfj3cZ}n#OM@FLFYA1-}bNy)7hdki-H7@Te&BDbCpE`_`PlBP$YtscY-v3zjrRC0~Z@BIG(jjR)ai%%6>t<@bg|g|uf3n%G9Iu>P>V zgxEnMoGsPo2Qu>>QCRnvY_&0`&WqHX_6(VL!oF@Bvm1jJggvXHWZ5c;Q1}|Md~}1j zsaD6hsz(rg!a<)ra3}h_@3lzDr``8BXv_)F_B227pp*|jHGW09y-umL+SKzttayH9dxmAtP>@Nddra=B!cMfb@7#2ZT=ne4r`}hBIob>N>I{Xm4 zeSZdTkO1KcRv&oThGP1aPUH090I47VVEL=-XB76vgBHpE)B-wfMg;lgu@^ zN5~Y|Anu8_lFefR9J}Tj@MrAr7He2^R>{ql?+Q+8#_JSJwqb3k|3De$9ucUPcH}Oi z=9fbCI6s9o$#hX-Q|@+rLDehDY6w%Fr5ICo*ZUOqx*WoW?K#WQPZu!YerE&#s6>8{ zzf5(*0iBC^0XseU$kdz%z#vm^U;%(Fg$g^H>>!(EbcQt(SfL;>D|&SS^Hl#E9u&d? zdx6F^wXM2l)3KU+RT#g})(U}wofap%pBKXs;XkU5*Yt^YQ52T1i#|*=`VOTpm;0Mr3Q0tOA_yB;{vy*$pw|PL zZvM<`|4$44oq7)lTRRauMKg~K9Ym`@w7-hS3E8(fyx}xNm-Mp~u$f*+NdI!);)Cs8=HC zsdzHag)$nHoV|kAczO_&kq)BJ(7tAn{{MXo#`ihXzwc%;m-O zN2Z@_XHf3@M$Co`cNxKBPs525^Tl)3HRfL#WHi#WzrQOA2)OW{%$4!Id6xEFLID{! zFwc-lK6G8B9BkFs_GV*Ozl<|$ zLHyVAmi`ZpzyD7y_&|Ci&^~B8=A?+SJrbb4$1wyQaJ=B14Yuy2?_VdE2}!}A$6X$Q z9s{|~1mwDY2uc9pD@aT5^}k$4^spk0*8Qgz{QG`g(6y0n43c1T$XESYcl9Jo(ec${ zV6_uKXn+-nXkht^Z92e!2hd+1fi?lTZVkjX0{;&n(Ad)*4JscWTFmN&(%dt!^eWho^FH%EJFbv0W57W0 z*r0Pv-|#uXuuueG$Usg>`#m<*SJ2o2MPE9LHpyR!Pxgs*cLV^@lAhB=#{z;62qz&9 z+@uV)b#f(K3&V20Tx>S=U8ME*5@lTUpI~P=>CJy29pcwKzIhS46S86$hWU|zf-9)E z0Ef}qEiF}3W9cq9rzCcq&J{o6eUpOqv=B1&I_+A9#>aDOxDwUm)loYS$fDubh$jFd zVI&dESF>s6o}y<(sLBW9FQtupFrzQx;subt#^>G^>q(Qb-Jl%V#PSkP8t)Y=;}r}~ z^$w0V$YBOo1PHFgFfEPP36_=&nz1{&6&;q~Cc89f3|pqw%jzC9Q+ey6=`g)fqtm85 zhd#i~*Sn!Pk{3{={ni~4tlg+}=U#dlx=r7{SyvxXcDv}}5s7J=;NVwY0PQ^QgHWYp zMHxvg_3AWSu+T29eCz8wJvg4>!*HLc2-6L(x0yPNSd95+9j_L)r_lYCzpmE_7NB-7 zu{M!NF~qA{TNz+`=dOpBv-kUnCl+zE)=5t2&ON(_QD`ZeMhcgVHZ>`Pn5O#X zWxzt=O%mmN*ugaJHh@yLJ=D2)x0<`m*A1hhn@WMmk#bCOABl+(cYOr&j2uT3Xrg}R zV4Ytkm`j#xPUR7zZxP|vm=0VP8U0V^-ilstxT%8@?omQX1HcDX$b7sGpF2?q*t47H~|-em%vA11w|&uXcg zbK|X5mGTyW^jU@JIsS8b>)Z6tbe-FM!_fVTowTA0PqLk5zjbpK6PhjfF~5Qz(CbvZ zDG}RxyQyM37WHw#p%0kE5x_sh*%%LHPxmG;G z+C?o^W*CZbmb(&}V`YOcc3+eT3c{GjebrHA!O@P|{69(huacS=lwM!Jj$%GaU~7aY z_@ba%ZtRZXR~md7j`Xh&gP@0e_2?TFU-Wm*C>96h3|=U9__|OXHt5m?s@+NrmRoU- z&*Byzya3m;*pjMbBrSLMr2?V0Bo0!Y`{B%5L$i19FJPV*&jgE~ z`Fj|pbON=h7wo$`^xCO z&-PiN#aQwkSa!f?#a4N!eOxeXDD8TZg@`{JpizI&O|~C3a5e31${@rcuvnW+RIaQ* zA4{=+GIP)`QVlxj9v8=}l2?-r?w=>1SI1jm7UPJaS-{Y{r!x{iZr^?K)L8`2C-o|D zMc{bk5XO1)J;s#$PR{jaZ`m?c&wr=C3b{Rudm8kHTxg90>y?Fq4GYkA>mtI3sbm zQoB;&mn?iJj3Rq5ygMt>GN7odU6?l*(v6)Ui{*gz$k*rM08Wo#BVnA@3c0z)%+)NzV`?ctNsJh;&MKU@gDdNz5T@ymsY z`7r-_up|7z_OnMW1ls1q%=YSqqlGOlAW{ zKA3#>r^!U1YdF75K0kUe83AN6xi8qLAkF`|6Z>~oe)nJ$#D5rt2{Nkl+VYoCPKE!o z+wixR4`3}{uK!aD21tv=FD?DP|MQsp-yb7UU}#makDy_KpnU^ literal 0 HcmV?d00001 From a63d7307c856dc6af15381e5cb7bf378e2450e97 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 23:13:40 -0800 Subject: [PATCH 028/121] FreeRDP test trace showing SSL encryption -- RDP analyzer does not currently handle this and SSL analyzer does not identify it either --- .../btest/Traces/rdp/nla_win7_win2k8r2.pcap | Bin 0 -> 134982 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap diff --git a/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap b/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3a6a2999eba4fa36f1655a95464494db44c8bede GIT binary patch literal 134982 zcmeEubyQVr_wL@5bVy2<(%qc`(jXnuAl)e`A)V47(v7rqN_Tg+bce*`GXSO@~VVE}-ZJYYA-;#$~|_>_&t?!ZXi5X1n#2><{B3c3;q z2?+}XLP3BLxm12ae8l<-7mSER2S$9m{fGuaMdE8=PY%j42ch13KP3i4`TaMdAqbHj zU&tFPu)Sv)HAOx`e7m6x@)gMrBKqyxL03-mwK)nq5 zbpSxb+S=UIh@05b-ogH@p8Z=sAypx%mm+eauaMw@Ab8M^K86=v7Ye`&`WkHi3G6?? zphTj7494j%!LU#^8m9wOKc)oz+T#TdEEWjs73dS#{tJr-iQy4z>9<%Q0e#;e1)w7j z0{~B10T4h~00amK4E##+$)DnD4F>+T2FB??@%8#oe7}KEU_#&kUqFap`>*(>6WII# z1w_vuRDf8JK!5|NFl``#GOEZO!O0%XZ)RW@L(3}{<@W+{B#ErL$XX{dMRWRD0RS8T z1Aq+x4S;V!Z^3ARYk>za12_Tb04NXu1Bk*?04e~0#Kgr+&&1A2&qU9}#t8apXmH&F z0Pp}902BZl1cCsH1OQC`CJYV`1xg#(evK}qFA^h|zERvS(e(mlDn}kfpF;AHKBNjL zrec55pWk`GqAQU{ML1hDNaRZdOc@7b0Y(5LsKgg zdOe4?^ad`BgxE+-OpMG-%*;$I94u@a*htKe9~mDnjsI($_dwErQvgB(Am0N~03gQj z5buFNzz^k4zu^OJn1%YLfC_;dzmLP>_p+|Cs#ZF|R6fa<8kLIldy4sc z23GkfITykN^&y|fFUw($u{{I6ifA+`AtW1qW-r+xO_iq;n6iS$a z)qk3Bd*tAJT(rwiSl-+o)kd0SPVvKS&(YM;ZB5hCCuLz$@91qOV{H~9HeM@P?t1O% z$pZCJzISslb*K+AR;t=ba~00k=gTWgvTbsU#yWvb>&W)FT%U>AC!dT^G?t+G6llIn zwAH+;Ki3g@HT#l4bu9y$3E#2WegSIh-F_!Gpz*7(z39mu5A{Y^)iZ-->RikM;kC?( z#p8GgP!fTepqwxwfU-h>0tE#L0maCO4*u{Q3Xu^W29^c}l({F6z<fdF?A zM2&hxJDj$9PU4*4^F&RxU{M9#eZlu+zVG)H+)ZnH=h?z~hFwVp8c(GJyj8o|$R1*; zM}c|OjPgd`%#>eDPG#Y+I)$Zb*(aVg2rR7;G~#*Tdz3QBS4wb7!Edwq7Hlvo^tI_3 zeJJsF7C#^9-wX2fM-JJ2&hY$(jZHqSk=-uy;$X94JCVIVP}JXrVg9am!8}}WOU;mM zQTS8cIUp>XLwQr32cIT>Ch3z z;G8pD7*;>BmFS>s_7zh{RS|*x7DuONr0OFBl#a9K5S*hL?PLzLf?dbQ#Y+~*p!Et~ zptX^30C&*x1>3Lv1!zTJ``iAKlN^*kD~|)X3qW~XpgE&2&r^HP@S~W9c%jsZ&hhu#bb0?ZwNm+joh1fc(0Qd zOLr_Nc>>9U<>uyni;RFDGa~B#s&idoo`Nr8yz$`~Ljn$t9Q0x?4LJDgAD9_Ufw}JK zl-$gWo)9=bF*g&#d5e0(TBLBbQ@8{BxkS~ZqdB-wh&{qPJ5)$Jz4J>lH@^ak91N7> zLR|$7_8aOfBgFdz=n(JyZp+3#xy8QG4|9jHJgv&pK#72epu+&yBoN$i8Sh8w2$%KJ zb-z@-ZxPEl@U^6K+d=hhsz38m(!T-_!OxNA9^>*Lus^{(pYQb)D*)%hE)@=73(5=F zer=Wj10*JJF5XuC+${5Fm5nC$K)JY=0p;Rf1R}odE6K0ZXIYk>YGw$z^b#;~5tv$~ zMot-R+^kD0^$|i(y0S8fg+@oAFeVVw*MJGUJb(j)fSiNv*J1#85ZL{$7$)|Tg9=Td^fL{+}71Seg+pnX`^~^9z(I3V`LQv7 zQ25xEXa#Q@X^;r`B!keZw^yL$%u>2#a(X&UMP_M{?3+kL*M4_l=9XbhJ>#gVIpksC zo0caXXZFG(K>IeUIWti7xrvYhef|TpxGx?eDwkaI(Aj&JA@0MH{Fz1fr|z+Ma8t$v z5~i{@bw3nX>yPq}sJO%+hYXtF3zXLjKWw}j9ZW0rkCUU=rMi8R+I&F)5f#gn;Sg;q z&OktfIIMdO$IB`b(Iq6(8vL?2J(Nf~Yc^BSF!^aEkYq5Ro8#yc+1SO8NThI$)ft)7 zt+OMF&h>y;dM8(^fKy{hN!B}^Jl8`%V#GcvZyIu6w(sPFguvPhWd}=1ZXfY*tO{^y zd@11pbD;elY`<0w3cz0sG*7Uu;PK-vYt?$D4NiERjderY@F)oBsm3&*6Q2nAd90= zoXJx8`Oq6g(>0dPxejgEd5ID^nf2H@2(JBTQ(~QpI)_l{4fUzUWI0QXK=W{vmY4od zt@x6}-i|lZy?SxJw#FRX2w(_CV=SbuKzf@zLlI~(TQu=15CUp>g?sB>SmRDFKB$xg ztE8<;#jMiI6*tXDYO_#~06~kf%_4U3HGh_XH~x#~1}A+sBL$yeI|7JWMVfHA(5c%7 zF3bEU>x@Q~tFqg$m)8TZf%`aX8CZ*`F&KFD?j+I$rE4vRf@7-e>>VB??K_ z?{w}imJjSh++9e?CiLi@VjpU2^uX2PrX;_vXv~wDxgUGoLUPSUBu;_fIIy|>&KYh# z0{i}lCDdiz@ zp%4X{|LM$n+QHC9Ba@_Ch^&`+w87Bs`U={UezYhD!6eC7-slgl+p;ekB44z_{N_n}5P))a?QQ{ zwL;gI8z(}u&fKMLO)EKzP$f7Tg=v?H@OA>;5WU+rE#)$97a17wWzrcI;R)^*3EE4# zbSx0;^4=reXo3*PLLKPiPa2D2(+C*uib*K^k*B42i1&z{hP~jzTasTc?obCmci}=a zWuuu*@R?>4ys25RB|m(F0p_a`numqobk%V|!%Bsjohx^sw?+uK*MAL_@$po7ete z8?Jn4d`H*WF~5!MGl-z0MUKv3;t(27)Q3(cnw2R%2>v`s!Vy@>JD;R7L2=YNDlD%J z@!ezGVmVjkXZ%6&H%)y}+MFc#6xmB-tSOou)-8kEGTYIRUui=Z1W7H$F7HLQXgGH- zKGp#~BT_3qrrCrM{!d3&hu?Mdna$*&qGoxtzeWS#1dA~Lu~^t1i)HWU1Q#`fie(F2 zEE{{twnBh?mzVWB@W zIRBR076>sx9`)u3Jd^=*GD=7O(@@6c4=6Ywl>hgk4A`kmA@ZMk1LtEPc76#&0u8nt z7MMD63^>5x3yh@z!urEdhU*b);zk8`u| z-{X|60h-PIZS6xsfdTJ@TR>8M(0MIUZ4Z}ig=He#|KD*6nEpjA@}I^j++g}fp})kX z5ESDG5PfI!jbFzpTZ$E-K2N0IkKVTW^CrDwc*x3COAd=DlSjHip(EZ0-O#mte*fy* zil4SMAtP)gVM4BSL3kJ37kwup@>r?=9jE;7IOTuGDgTU9zzdYO0r^kk6t~~@mxvM* z1{isq%lE&GQ@CsLk4y@oJtK>0ZLJ};mu03?zQLnII6tUQqUbG9(;w-iO9Nb#3ZQtVaHY6vFG40cJ<*0iNydfHyZ zT4dy6hV#c<^dSFfoWk?Ci4^|aEE!;Eu;nM@ajuz^K-=)Y2zbm>OGKSEmcH^vt>~Hx z_Qf$|G0@OW#^s`+zk0?Q8)at}Ict|MHYte3GwarUrUWKn(}(=0amu^j6@&Z)s2D&q zi%ao;#wmJqr)$B~^;#E8lCmq!Bb z^AOQA#%XGGYb~#7J8r(dRI`=-K}|plDl3_m<{9RP(aq1*a&Fs{?l5V11SFJ3kq?y~+F`3SBl#6tqScpzU$0J;-Wk0t&f>BW{!07lVSgmId(I-%pxDOL@!DUUN7T z-q*-{OtLih@vuc%Ume(ml!(|OhB)Db9gbs##KnBEMcBX!hwsUe-2X(nEMY<|DL9=; zg^u9cbz=laK(dXF?-KXR@j9GlUUoMpacx*PwzDI@QQ|q~njjOy4V3Rr-M`v4dL8NmM{f$9)#&hjz4)8` z2%~fQ`({NgmGTX0fJIAtLi`54;MYC}-kWPDv}7o*8i$kX8Zy%|Dmb^(Eo(WrZ(H}G z;z`P)wZM@2Fsmop);AmwT_t0-$7FUwjxB46Im3cn&S_Kyiiwx}h_*QbrMUSB&AD}MNEkEmy*%-F3)OnmKWJ;lRFH2f#jr9(=}vimXW|}NAbN) zNSMzTlt2FxL-Pjr?YouW1PNn=4DvHx>KPj*7T_k__;sGLTdwpr!~=zD%F8rLD-F1= z4C?BgocX6}jh&;+G$V3xz0|Osa1VFTwF0t117SA%rrVY=k|LubB7=Q=>E_XMw&Nc# z^%i%htJ6o9Y3s(>AV1}(R^5OeYIvf9;lX3*XzTS6Ptw_eE}?n0efUBdIR` z=Rw&XiKG!jn4Nj5*4-h!L&X5xjA($b%4n!toqLf@@g?JB+ksjW+9*FAxh?U;95hWN z#LcvFl>>sTsXC>8%3R2UJ&<| zVKanidR=fR@z@{c<4&?YH#th|F%cmIF!Y7m6V$Cqda=1 z!WI=f+G2&RN7me^+)<|l|FzWz&eu(;AL={Bc%jEak%@Hbj~$)= zv7?9o77KJ_TB!TGqdVr>n%jp8K^m711K4avQZjA{i3fZYOnXs$CQbEeX|RvX!^&~E zuiS(;_=#n@47X61Ls#JevB^8T3E#Q<^xlxq zTQLQqWp7y|eb{v0!P2D>6V7>EkYIImw&X%-$~h|0FUz(QdJdBSWt3@v0$SXQW6_mC zxYO*4|UloYCXKC%0jNCgPDSI(mZNk}D zvgOS}`Gi!q{q1wJGo9=hQ!|{aRWhj&+`ZXSN-Xvwi3Y^2>cC4Ys*x1_m@Asr&{F1i zP%G`M^C-HTP1`n`BbIbxM7%9P%%)@XF>_;$f+OYo$OGl+n zFSGWd7b&+gjqYkO`*i`2mV-?aAFh-%VL;Bn#(p+;e@>o(*tV?Y76VBxbKX7;?1*~< z0krCiu{UVqj`~C`vgdN%pZUeyOTV3;94U9#1JuG-okDsg@k7qM$mew35=(z{zT3it zFd@*TD;4IGp4|3uj<7(9US=R7DUypjLU&P?#TCm$5vKJN-W=30u_(SRdKLTfMKO(M zH%it7>KO#OjYk{cq}Cx2Q3W1YO_om3ETNBD=U}l`TD&xw&;BK(aPAANm<(MY>-!yM zw-m*wHHqPCRcewmdWyMS{P(^c-fLO}@hIpWQbe5y0*0yd|@Nixo63O5jhGI|`F4Db8lXV#}B(n(WE?ks)M&bL=a`4nfr633D{%bwYHHn?n60m#A zMlsTEJk2{p{s>{ZpbDc|IUWI??4Yjbq(9j~qq<5~;_JtFd4XWk*!Lmw-zV=s6yq?6 z1(mhV?Gb~+M7f9zFbBy3+pjAKpiSWQyA`DRs>FoZ8`LZ`{qFyg#+U_hO;6-(AHN`M zB;2K4oY=xw!;7B_h_t7c*d6p>V~{&}A@-3}HMhP7vNmvnMGovb4&+)B)ncvAO+*+)jb<2#~H^PD%b>#YxN16G0{LIBt`$Lde6 ze^#lDB=V>-{}+|npomR_4wGAf-~O%(&;wC#5qNcQjDvWHFx1^O=@%_7EG!06d)FycUTh-Gb)u4AoZh-%&{+h!+AXXTg zyO}3Sx%*Z7Y8f77tD2F$H<0tZmMPZY3_($sparrL?r>LQD+%?)7VO$^{g0|eA64i5 zqI#AFTMY@Mx*V(KZ`IDw+)N5yBJka?lRZ9YFf2NYI$7Op6)kb%>M+J_&;#iL7`2!d zPo8-!1Ey-KqJzM$+kSTat7_lhsa8WOF=0UgjSu?&QO)H4HW~h_vX_q2X?0A^M{SSX zZuyJw5{uQFZL5wXaAzw6{NZdq#8Ya|8LcvaiJXrSjH;=JH60&g&qNYIyCWRsuOFJ zi$K4cPE2gw+i2i`!C)R0F1IP1r$`If_1Mp@e^njuTh&D%)g>U+bpNP6ev$*Ia{clp zrvj5(javk6X)a@aM9IOyoHRO*!}mh&E<|m)roC#?t=o6*)1_)U*!AVXA5}{{s?PdF zbqPrIiagH6;y~};s#7Xk6t$=^`M(n@PBuDRY9px_)L<{rm8?n_Zau#i+7ZDRaeyI+ zt*B;#fD2Mde+G6Pj*J4>1&zMI_UkSOTp;-HTh%Kd)oY;9*HwV$qibL(@*%0S?%3C% z(P0$UP@pQqhdhl+ftsD(2pbvBph`C}I#Clo(>ScPN+KKoa6wuLGcq`9xxD44JSKts zFw@zm_AXn%9m^#B*NRUd;BBCemI`Z&W$zOR`Sj%(kZ$TkJ$alWD)XWX3Ig!7?s*6M z0+ryKHi63RYZV{X<-`;?xx;s|>&nUQ>wTU5OVyCuS8?uTKNc3uIbE}I+i%pyzI>1t z3!ra+D!e^JUVVvXpcgUe?I1^N=G*<{6_-_&6yKPb_l$(UW)>P(z!Ac?uX~a{Hi<$& z{gIKfO8e=D@F*yPqNkn|vI{y_X^OX4E|IHov}2ASq!S^9YoD zC3dI*gG5qtO8gui*?i{d6-oj;lo?qqx@%Hj;(d+I!ZVcz#Qjjf#B*I!#Z$6^cs#3A z2#2+MpLyXe`JTBvY4w$d?O}F`>+mVmm2?ig&QoYVPzRVD|>+GYj zMd!LzI{Tr$VOt*Xf}29g)Gr~ZPI)vzzM2IdCU&v7_bHlwzTUbrIfVRcQ>IXf7njo~ zn~;t zGq&O{)+XaK6T3)Wre6{iWm9vOmESQ>8|0PVONP(V(p$YjuwA1aSIWQzDBil=6)Q2% z4~N9+02!M|q@DU%R?&(d1b-wgUF!DO$o6e+e2jX%9@lAi{V{p|AZP*|!&w~Xgjwdv zIA%syJ`+d5PRR?wdp}m7ljkuynw(RL0ALYVa8oxcWtJSb`jLY|o4d-!o7c4FqV%)T zT-*MgnaLYktS{dKKC>J*0OuphvTUw1NBJTXF0MM*S_of$S*ouA=#=WMq?zzUis4A~ ztYUpgXjub_5BYHoL5~*K8P#P*dZ+o@^#EyXo8du5_&~PwhNvE`EY)}#HgM^Q5ugC- zK^+Hd|J8Mh2?BrDbu{8iOxSTi4X-`muM-QRcNjM>pEm_#4! z1f~n8Gwtd(bXD&QRvfq9GwsS^K;FFI5=mXB!HX%oHLJz*>DB#Uyw!5PV5$@Q27AeP zBPeca)U`Ii2emfi3VxHX-^%WNEW{p3mVuk9)N-FlE^ zq%x)M!FbhaXwQBhQiru)P12^)@00W5vR4L2rlfNjIrodsgV~sLpU-oR*Av94c4(R* zXG_%=^(i!>4IOy|$x}V}z9joGPcwRq+paUK-D)35kv^!%^8&>>@ai4d_@LpuSbms8 z1RGPLywjyRd|r-KZI&Y()Azy)Pd}`HA)EH-twdo`ag6PDiF=@5-W#cM8kvzyMJM!{ z-8WODL3S;0t)jJzOG`iWi5jF(&?;+YThh)}FJNi(U?=H!@e;bO^I-DwzAaicH>SIS zQyD{q0(b{HeSq!PE&{Mbl6>5|qJQop>^L;oT6mys(_E9|uf0of6;dwig-^)mmXq%Q zAFi>uat>V<8Lrof!4uxcp6oIDTrx}jKbVPK>9fKqhcmmrLuLo0x}-X;2SIpARBDM!8PTbQ20L|FCa>x& z* zG?7%sY-1_dF)^q7WAXkPV&SI!8G=dEz%DA=Z;elL-og81!OE*7(A=IxlsNIo1;i-+)WQ395Nar~W!bv3yoOnUon&@4ToO8Q|k ztGKY1^|{^T#Rm;W>=q|Zm!)XWBvNyO0^F~-=xb#5)9e>YqzHwuG%k)O8ANtEDIRRK zb47!y9UHZaN+H(mEv08CZAp<}%~oIg$~HN8Tsc#KOG5)x8h?0`DCl<$M+>jSgp>I{ zZxVq~4neQ%C4+WLu>IP$Ai@ZO|9}G8F+b4%wPWf=mpcgf2gISpZ;ZVb8bS8eyA)a= z$D?+=qAN`d_jX9YFK>1fhZ*pyd#3~c{Jy1-(3EG-P7pO7Q$Hk%A2x1^LSxaO$>yU^ zggEX{?{YItKPQ=bo?vu~@xWao-GwC1d7|Zv*|lp?8-ii%i%JGif;^a=t4q!=X9l>C?pVY}$vgl}=!-O~puw#~CWofmvQYSypA_K30| zFa*CvPMF;C=(aTco?6K?;cqkIn?)yml5v@z$mbGS1A%68UR=THv1D80_X-~=P)%Q= zm(%J8QXMC%YNUGolW1V0S7tDm-yvUmV0;_p{ppL=(q|kAZ>*CsDyB)}t+#SwFUO0T zS8;_i__fR0a-r(D7_jCx){dy2VU4!6mc5NzPqy{Vr>Y$yLGj>#F*!9)3mTE=?2^u+ zo!%VV{kFl+le4WA*u0rU&zZD_xEO`cU}GvWe-iuI#);2zk$~*r^JrYfldVWpv5lJn z?!Xnk2l=2l91)~DN!J1MphBqOw6gKu{LgM8rDqBJkb{OzvrQ~<3&;XPJ})R3!>D#& zh(~LZt+^~N5#CYBk==Q-&o?Tu5{-xMl~j*TP!MGZQau~$!DbW|1b;l;W zb9^i0YEpd!acuc?`Qe{%c{+T8&u-kKM1)ukvs5AZ0mV|(d)0BlEY7G?-yD1AyEihP z5Jmcb?tRIRZ~{R6Hrjq|^1*E%T&fOsf3@Vl+w#w+8B2nY-<9ec@5h1%PuY?GZp#!B zeziI9evp3Dw{b72@M`LU`(^0q9b@Qc3~Xj1zCyO^>^g$A#*t+V5Z=VT;6i1)R< z+zRY~hAD|QO_Tsrng27D(BD$&_%AA{Ur1}LL;{{IboWi};76JzzYvbn zxl3S=*L-m!m0J3$GW|%Q@FI1fC@NZ-qPr<6UO4&l`A67hFcmBNKSm|&cT{xX|BH&w zUf7%X9sF-$?QHxmfxVSc#5oNn*QQWj){}NC`wEh;;!My+a_=n}EWf46T^B1wa(y#3{+K2ByD>^B|qs28mlpmz@by1-cE zAgn*^!7`6n5kGHye`DcXv~v7)hyw_wl}v5JT-E?&)DKr)HH`Q zM8zcX@46cp-DJ`u*JQ>|N~Rtj*0X%A?#cP0B(I287(ZNy_F&*plgof3>YGDq1d~PJ z;_{}q<+nn%Z#HK+R%{ga{`Ey*DkUH)f9Uz)zfHCrDA^65o^K3(dlZa<@A$_&$vp}h z{Ux>yG}tz5Z6Isd}Kx!|B?{5v@1a55}VL!I0n^vwA7 zCH$08iX3(krQ{sh&vL$OZ?0p1w{Z~1ww}n=vt@7+%L`?py{F@wo7~;# z!!qwmhg5eM9v+R&m4f~(Un0w!D@}MGiD4vsT%e&yYi20wex>-pk{^|9Z-AY*v>he> zbja#pnPU`8tsX?}Us3wCbw&P`T2_h4-_-uoy6UI=Bbei^8W-*-8eg>w(3R-611^PcM zQiaEa4gZ{cE+8oRJMyUKspt9sPCf?+>tC{dx;q8kC@Vf<1^*Tc=RCEg?eFBbBcC6> z(23@9L6K47xb}GdpVmKE#s*JBOM-z8s$AnLaf-T_5e40O*v?+2>s$448*0<0?_6mUME}l}F7iLF{__Cme%3>cy5k-x zoS#paR5grLokuIefZA81wR~(qODh8(JN`Mv`K#^hMI(9=$h+t3VAt|r{+PVij{zV2 zCE#K-*t#O1VMzV1jcu9u4mv+iYq>seStx`ti8 zJEG+?N8bLJRc5`2jX-4so!gBGciE}4I`LTY(e zm;bS)gHQS{L=)B`@R?-5<_AjQB_dsWdyT>U2F$z3kCR@diz5^dcO^^YZmoP87_WDX zi>5_7YmMP>+=JA)oBq31_QfCaBR*pq zR{Bvi&b^Ytw=QCmhlWo(NiNB;G{)VMk3#Y)f%_Fmyj@}I@OoN3C!1rRUI~s%4OU1L zN#@wQA3ZzG{JyjDY4o_mcz-4~l{Zj_;aM!JhGFWpWI-60h-Mldeg?@X;%r5#OMiEi zs_iBEz;Xchv0M@6T^E`*tl!#!L4{Jqx5~S%sVE#)@*xV{i8BEoDDE_2ai(D0A`A@G zCkp$vdxKl$%IlPGhywX$FAoOlYCqG(5(>Kqz4G_ub2w;ijqY*3q!&&Xe{DoTvQ-ov z(A{1#u)KFmMp6Pb%mskt=ZFbJoL?fG|BxhUm%2TosG~d&>vCvYG2jyNAa`(xJ@8bx z`O2P6=vefNV{vf6YsRQ@Ri4{aeyB1EQiaAKp@h}BRh6m*X!5W+H*Qvl#j05=H zHyxP5n_pB>4ED@X-x5y?*pXa3RS!{KTkp{}$Jc|wYS5vcC!#@3#Tvpay$!$aKJYoR z2p;iv%wl@s;y!%6?lc$A!w9e0q9XW;ZG1sR5@V}&E>DWpz_ZW6AZ<(iz|L?X<@>D7 z7Z3SPw48CX`V3V!jr5*eKgq~vKnyeeBK_bpslGL3mrCU^qmg~=PiHSFZlA`cOZs&> zZbselRcVD;Qy)hqLOU0&aibfR0a9wm%UaUb9tx$nx}qi17d|{-OolsWDPJ{!A`)i-VlO2 zM~26q_fWYz7(QPB`%`p;Y zD9)`eTkt9q7k`#(+an8aR>y-Ic2NuJ!dWw2Z-bIAPG}GRd3R}w#BRC3zQ9Jy&F4Bf zbuA*xc~5;dh{R)kC=>JZnf$AMkwSY(f{eZr2^8dIla&FCJ<)Cj#xT5$BwHGS@&v1$ zCP|nhQp`DL)Z!uNufFWopJoGd8+40UMa5Y|i`z5a+j&1-PVd~1M4`lgituJV-nq$| z3cQQt{kiiiKX!hcpF2PQ&3|^0Nhtu}34xpa7b{9^&#nIT7wd)lcF+vp%xj8?s7T?y zM45aXr_E!Xsd4U@a~Hi~v~n@;9UOw*)YJ&nI_1M>d5;oGB^9K&79ph4ZvSk*_%KM` zMMl)|nSw<#{%+B{ORYYGp{MzNx)armL;Ylu*9+d24*|0mV-ZE@N39M%Njq8(LCbvY z37r-~#|#uq=egQRGQ?-+5?>OYNBctPe-mskEA@2IelhE5^>hwfE7|3XVsx7?-`R}S zh?*|J*_(N{noJZyyZ36L%iulpFBu zHdAgvXuQ&kcD!U904IjJew2L#>2v;dj%Bf#2ZKI+{yB@FW)m}sva3qrPV!AW>A0>y z7&=TvY$p{u!68|agcxFZ$yH(wgv{cdP@-(C z&{|=6=cRk^Cz=?~+_tzZ;B*4%`lV_HM>KbM6ab&m|R)Og>v*#i#Pr4W7sM-C8NGr)zIgVSXZtCo-58_H}CC^^Pcpq=fhiYjV84n^H^RQIl zS5ZjwG#z}OPj{^PhNM*E^$kXkwuR(-4RLK1N5Af&_k*%pa5r(Z2qb5t#L3G|hScDp z{O2uK2DpIk-M>eUe|t7hM^^;nkjR5v3NUPja{V%$&8djgj?Z? zeYHkTXR&PSxBK!U-Dv5lLG$j|I%`VZSH&K2Tuf8lPZWGh&!Jh&V)-{4{6fg_Z&EO< zHOqsN6rXXOUA?90?Gd;oR=*d@VYyg$+y4OboI<*1&{iR)q}FSba_5dL*PM98VFYNd zhJbz1Q)h)@h_R>x>kZ_ejR|@P?H3M-CR{@4)EX|7C^PlC&B3|NXyP;Q90ml6i^#uR zM-I)m!SB_R`#4;9h9*rV!;|u{LJm^kXHsa+vNqHVY4x;KvZzUIF_@XyAA@0OBUj&a}^x@!`cA8mXiKOb@qwweJ z=MW{Q7x)jTMQE=m?TdLk}p>%M)U{#Dy~Mq?U3 zl9zw7j&gSu{XvVj){fU-_PEIeI zX)XRxg1&9Ox=6V5On*k#adKmBy6&t`%=Us|#s9k!@i+h(7#@ZM?)*id&JPK?=Lg%b z_xw=jNGgw=|NiIBFA91p4>~{KoQtS10RTG2quE^oc=)$fCn^{(7e=5&o&{(bX0%1$ z7tqRFWFp!Yys6X6Z6y}MBz~I*(fZZZIaGX>;M@?AGe`q|X*5lH#^Z?ydz#m6kY0ai zdL4w@QKekh$&tJV89f3?z+p<_QPj;76X^Bwk?QY4Wedx9_*J~2A>0cZBn;WeSy^+M z8Bt3Tf#G*lU-WK@GYjJ~ zkHDV2?Fw~^0K1{7P+7z57>0I*c@Ht^ihY|*d#)5gzoN@%DG2y}8 zTwCS6ASR@gS#^$ZXF4Q!0coHy*wGl^|H(Nef##4YZdX4jUjHRo%duQS8XJUVKL1jZ z_QosZ;BZX`{H><0WsXJ#`fmDS_Gx)W$(D^_1Khqy;2R}Pe^OLE;lj=E580X*;)~BG=6#M zBZpW8XG~o=q`sSN)KR}&M}Fuer!-Pm+%?rU_)9jc2))2#q&08ML28MeI|Z1iyg$qlknqwlZuRp03H}W2}~=BPFQ|4 zgST9nr!Yo8y)zW6NjexOY^gBj8x_vEf&VOAys!ZwHT+|P4DjF4;u={{l_xP(2;8BX@0cYSh) zc2-j(C3FFbJCP_zad6Mqd_ux-Tf_@nB&R58l%x34&`o;Eq*YYFR6{V(;%(C#tFZp% zMN?x{YoHNa$kSZrr4QWQCWhN$f~UT+#H-;;0hwISkC(PXZu#EDw!!lSi*@*hrs_j) zp3ASYdN-)wn77b|kzpRieET}&l_pO-Q9UxEmcY;Xga4+diUJRFLJ4_Bn0$idm=`BF z>1CuS@wKx+H*joYo+lZf5PE;3{|y=IQL&*Wp+|-4gscCSK#B|;6_N;465PQ_{~b+8 zEf9lTe@Da;1>=NL)!1HZmI*~KKNZi~+*U)7K%Yede&H?j;Q~g~`FF(=9Wj^hq;TuvRinzH(jH#+=B=K>3QZne za~Tk=3b+TcX3l=m-Y7tDODy~I&9LfYOT_xQCBAz1pPS)6gvT)mnhj=D^X(U%ojPh4 zcZJ@sZ+_H>xCVF_;}xO|ZfAP0AX6z5^u{I$ii&5|!$^KOGn47CA>@A%n;m`ij3de) z`qMKajf~@pu<*EH*m)18cDulIGObRiFA=%X&1-1lE>GB@>ONVf46jS(4U(=hdNrve zGFxu+EwK;5cCmy0D~uRK#4Vr^&Rx4m6cdKIHdzhVTNs#ru?i{`H-B+T3XxE*Cl;5L z@*xDgZq{MM$lpS}rUaH__mdCf&(AZM&aGv&x`W1YAplA&)d1jDgN2|JF{8n2)8liv?}j| z-qGe79Y-t#+IRXD#5(YdAPm?TmcVjzu9RlmV!*x(sSD?Ir>}RS_{1h4N00pD4a&J= z5VI#QTf(H}OtuP4VPnJ!q|qLEUVKH`$lKW#wiQLDd9&!lh>kBAgR;e>+j9<611yU} z+KC!jrUNG^UvR1(Cezk)Q^cwc8Z5qdo9fYA9y!iroeI{ta9fn{eiMKnQfZC-p25KK zno)MRi7y=JPV>b-CHuzxMg)uGFr9rNF5qjtCBPUpPbqeJ%Yl=wDrUEFE#qwG^dfQf zay(*^{voSXj7sR0RwYSew!3hFPG8ImQR?aN_jNW?sS{nQdY$ePl$rA>Vta71TumMH z{QNkokyYf}7{2Yer*`GG5?nmVcK-Y?Ebu9U66Fm;Q9U4<7giB*iFbV9ViZv3apTy{ zbkDk<3g>Tpjd6gqTE#<}zu&|N&W2DtTnXqcGHQ9#JIgpnxq>e7tnu}n{7V`C;?cGM$VmdM~!!k0}^i%oUlv6GF`R>K}cVDNv*B2-_Lmk|Du23KPy5L=( zZUAjGpGL@5E}VN{2-n1OpgEe&SW%2_5Z2C>GT=}?7yqURRW#M7@a3t^L2wtE*SgN*N{e2@MQU*{c9 z<@^6}GLq~qvdK*L3Q-BkNMvS(gR*z_UTF}r$(Cdj$;ilx%*>4JnJwdY&iy&}_owry z`w#z~r|0W^pXq ze&E%{Orn+G7V2-jl$nEaTp=F?d#D))OL}dyGh_ve)rF2Za6TDb2(J4fS-eU>X{a1Y zF+#YoIL;D?`y(;_h5F8D9MNYC1J#S`g!=1vlg!w!aTdQkX8Y1{`!3#oV3w4ua;8OT z!EilY3z?_9$_(1Y<{00Z3rMM9?)iL+H1cW8)uE9Jx_F_1T2H&l=QK0Q zL*Lc3ecr`*A!@W5WON==QBmcJV|AKTyZDdKgtOcI(dN&Fzi1!Ta0Jb~ap&{qx51Xv zFZP;^$K1qDeX`F*ckFAR@bT5l6DO}RoS_Gcf9{Vb>p93;nSNs6vJ{;XR%1O>yL2K-}m=PJW#<+Kk(&W z({t)~8|Cb@T~;!-o?p~5+$;!X<2Q)wIdzRH zhq+s;dy4si@B7JAd3uNYe8y*ss`0x*Ij8kG1`7!bH!cOHNRj5f(|@Lj)8FO6)1_@^ z;z@I;e9Sy+GHUfk?GkHUU(Jd}B>T%eR}%SdOtbtCADFbbuE9(O%f!@<@)d=J-#J8G zEPeHO{h>`t-C!Hz1yTjhhhTzsw9^ER2HortGQwrNwZo#N*&Zr^d>9OPM@)+ zlb)Mr@}cP{=sh1FFJi3gxKaA;XR%cfnq*R>$C>t90-iWsy)c1BajnR?=xk@@6PpOn zqL;L+v+ruh<)74r=h$tyrcCB81)K4Oa!3|w(OHU}J9n{G|ElVU)za$%Q&D?Rh zN+E}}Xq%a@TfqmFvlT{dm@nUD;dkGO9>JKw%CW^)+OycWG&oUauZCj0glEl4z?=>E7QUL8M zbsanX+R*j$mrQ-w=x4_hRJ)~<=tH2&t&-G zJ5t!4exjEHzK&5Y$cuYqzAh1NswW}wRy-r;l(LdL_&c~c@GUtmeFjssD&wTl{f1F7 zA1ymJ?vVf54Qazat~M&FluV=F^EtNd;dn*hIzy9CA^21?kk}e6A}|Xt_IZ*n9;P>Z z2z7AM<9bcGM~}B4IK6jXQ7ndZr{udK&2#Y#>c%Y-Isz5-yfL(xpy7?NhcOk95Di->b`vtj2%6w<&y~+ldf^H<71pOW)(9yw+bRwN=JzF0j zb#>hCOrJG-JlkSb7WMrjw%=(jRa6^37w*nrs~hMr#7sXY{bZ2IBpVOA|Mbmpsd!*X z;N^tK?@m?c)at&ZbmA_Hb=>_th)Z(YAeU2xPPT6}d^hQgrf{&9YggoEvW0O#QyePBtgL%u2oJ{B^q8eSh*!W5}~O zY_ufA{X+?QQBa4zOCbXo|?=NBJ~=>6&LA3y$w6AJL=_m zxO-Zi^KszAilO_y>`mTi{c+c_l~zVVuJ?)D*`_QdWvy$pfqY7sDqQ3}dt?;X+9sZ{ z<VU*lbo<#$%X=D7|o{jFAF;~0Tq<0bXGj213)0O*U z?-yG}ScTd{gY%vly&83v+2!PgjZqK3n=x6gL5-Rv{ zWgh)}H)+Tk$@}s+U|#gjrFC+phQ7P+Lpk^hBZ<@=F4HoiFva^>wE~iKMhY4sEE?r2OSP)EzDzbX zCuhcZmaatxXX@X)#>R);DQZK%85!Kjo)kKJy>KnAac)21*V0_(UEEJ8bKPd#r5!8N zgk40AWAV55ZMlvt&llZSshM-fln879%Hp1Da|Rs^akN6C{?tOx37i{a%KE5 zrz*_GP*A;)sX-?pf#Y8r-{>D6sj~B_d2}2lJbNL6 z`G&F75Idz*YteMmM{&(}&2JG;XPBN_4s(LF5tb!NU}jKR>4~+8|LLyoU7}m?Av~Ge>NeGN zOUK4g5o`?i{pYOfyjDFDt|_;@DO|-y`do^&i#%K$Z=*jX;de1H_rPEa|M@!Q%wy)q zi^g%)yY8PwhPf7dPMBUs`D;eFbE>%i$d{=hc}4ZjF8%&1?)7+eQKRI#Io~dE8m#7) zb%#K;?GQ$_x>&A>?|Y4d*!J9x8A0I~5rail6uhhhH+o=&52bckal$rYzEZ_98mr#HStGnmzT87uMRf`z;)!-xlIr#595Pzs`bhO|2I*5_qeCyAVUk839oIZb2};eru(j3^Ld2jWpbg% ztoP{^?7)l3b4Hp=5?=YYdS{*)oAYx_JA~%Cyu-UYkrI9HzPpe@3Nsyy%l8Od;VV9^ zzsKI=PDf)y@faG5r7JIhtx*A2UvufLjs~>x3t-6<6oZ@!k4KES+=e)F~hP_C`)WT zdfFZ|kh6b6BPTR+vz*|H<&s-%%@f|ST>S!?Nln^cE-w%X)zK$9e6!Vj|4?LG^;}^t z|fO2Q4w3ti}Pkz=JX!3 zveD`Rwww$T(E}wQ?Pc0Awsc1=W(Rc^pyJ@->dtq zHl%8P!L{psW^y*g9@j6-J_)1Ut4tnca zlitnt*1u7@Qu5>@W!{f+l?Kl>hnI$-JUPG0%MBR3Lwmo@n9g+@CUYhBd9Vq8zr|!n zbhF1X=DLr9{6wxEeL_(xNtU#L-%ZYW7aNXl-KkbgR|d`MsupS?}a`V z9Ag||{)O}E!ue#Abt|31$!;x29!W-D?|oCtwh76^lbL?65uNT%&RUr$&#>@e%9l4` zbVCfk>!%brF1uLY)0Yv5_^~QkRAb^ICOsR_lzb;xd8h5XVB_7DJ1KFLOC6y?_jc1Y zzP?vHs2uIK5iy*W65Hq6vSUTy4D z$={zY{KEgCL}vOxj(qF0dtfDTySifk7vs$~zlKQ;bP0xZ<-WRWM3>1GR&K?QsM$Fr zGM0Atx#gjGP98QVb9`nRi|kG3Tc-LUT6(7tdVegNO{PTW)G)akbuV=5M}d`*ps+N>!1c48qRc-cuZ zBO0NKNpl8jtb6sZvCbd>zKePQ+>1@{{0!9D7WzP7DSrlL5C8@?fZQ3(z&qIay`|S+ zw){vrI;7Ds{LZIt79ZoX(q7u!hDjPmFT_9W2uCf!cYq@PP={5tG5iMriU0+b3!*y9 z|EtaW)E6cZ)HEfnn7U$Eo7Y#4f|%x-sSRnL>N!f1?9gRNl-{msA8iO-%eJXDoSOPd zNmF`RU|A@{07r1NUvU&2N5HSGLB>+*Jr<2ebMHoSPa40nfO2H7r@<5Ugp2q!v_3mL ze2GykDdRpqjs7g;4)tf^6N{^U#eX{^>sELpoqPg=g@}&RFF3pPu`qcr3-S57@${vk zN{kl$vrn|8Jnh9Kk5?jyemin*)~dZ9vQ`E_ zfJuJ_X!rmO@YU1*0%Rb@k^1oZ!9MoN9)@IHmruk+DT8N*(w8-?N1Sn@j(5%=YUMO= z=Jd&ue}0cV@eKjgBNUWBh_Yh-52eaI*)FqnD6;PF>hv4Nn7M39!pz{ z_}8Ap|22p#WB-}u5IjpiFiWh#Gp7$)`BP9I-v|&4M-dzX1@mtHCwOK5`~9;4c)0hy z&)i{YT=Zy9CkV3TwN8Zj5EIMxmOYQH3C(5WN(?7|BS3ul)7mTnLLdejZ497McC8!X zgJ@?pBsyltrK8ii<*j_-|qUoB0Yv zBGI@*12hLW`z+TZ4p`|^>{irr4ZP7>ACHyZ`u;W_Ev%%8z5GJtYT&LK`?t98N(yyE z*<_&6rT{t^1^pI8+yA#vi*`j4<3Oq^F?~w$yYXk*EN${3GI|$YJ!fWmkwrRkv#6;~ zjt)F;Im;SfJp zUQ{r4I1!*h;=KB9{~2d{0;AaL+x4kB-xF`m`%`AFw%pn|yx(MgB3Bu*W5$IL=z>O@ z1L(j%(Z&=YnqnDQw)dLRW)?lo;v5gZ>|S#C@E{y7#hXWt_LhV2$?6r=^ZP*;Et_l= zz3t_ABNJp?G0!8=SR;_x#s4ci+R_`dt5|m3q8^FTd4^JX(R$sX1v`be8NnrGLcMqo1?!T5rB= zA<)`zG(>iZ|H{sU9-bX3m|YIEz#~Aw=T89>dQhN^4k zf5FjpqOmW|AtTC9-fG@D`XZ}I@#7%Qr1-H^|3#{$z_PaCM4<;9DZ!Z6C|Bta=v`>E zHGuX)L5G59M@A%iYm;2n)x6&xqgtbBlu|z>kbbsh!B|yWpLs~2t-1oZ2`0g3VIVn zw|OAZ=Ukda-rT61&Z4ZzQ*_V%_{N%JI`BcK@Mz*v-6#8fa`un1tyTI0T$K@~1TT(z zfGZ{&j)u78lmC_7Lw0y}xL|eybCB8D0Rm6{6nMxE3N(Sk#X>>s3V+2ap^ZZKmPg!y zCy`J?(Hk8fOgRc{oAmgJj&PladBRxtuWa}#>)r^pqjA0*n*N)CQ~)Pw7rU2E)GUqdY{+%bx!0>Ji}m}R4M#` zh-<8EbSk%bWxcnGJw$e+&}b(B z?Sg_n1kpC|AFv}Dj919>HMFiWg;T%&=0}vkrq*50w?5p+8+h|v|EkPo=E!(4mK?*! zCDPul){V;P73xk1^e;FXBD>UoWoOC<&kh~TPHYh}J7++^`A-2;K2YG^C8WUoxm72N z+7|hjQQq<+|N(__iYw0x->A#fEM?E;{k zP|#)|nt>0AR&OZ$EIGvOJh7lR6>`kTZgR&YO?T8eyDvWIYKP#RapF!^om?+|EpI2t0mw0~xo0B>N#g4xwV3%CLTjwk{Npuoi#q`+-0CFRJpo!!Gbl!o{A z*B7-o<1Yt)7oL3im4OtOx>N;E)e^J+!=wQI!~33?lIMWz#S0b|0 zhod2~OaE7PW?1m-c);vhp#|Il0sB7%%&SQ`r~{MdS%Eph2R<@p|<|STrov9T(O#`@0G*W%4St5 zi%J(N5{M@dXfHS#qHJ&eS+)##?;;W`+rt&e?11CGVKyiN8K6KM{KN!cyvwwm6euEg zx*TPT$x2ZXVeMw5qoZYt#(zvRCv{tuBY?x1lc!L1J>eD;_rN=?j%kE|IW*b}$j%xC z{T)RASVN*cnSR{b_I$UaMYH&0cVn~UoH#$%lch#)4a~kl5w7_}K`+YoCC*pjVM(2jci2;?+mE1d*;{#H==P|$Ii}9RA2zWrFeSqvxdTQp^LG%qS zB)aw5kzE*3qPhR=9|}$aYv1i(>tF}Qz01`@ht8 z{Q{1L$S(7r*}1~A3j(h@tTo8&d;tL~lk!9{`Xu(NeS8UAcZJYse*kTP zf}R4=z2Fto`(9~+8f{a%rSidx`3oPkJVYenI5761sq{uF>wf&%v2$g<%jk)pdqh<}fC*Q{0; zSI|7eT<PvQ{xdWhIQAB1j)GSDA6f~C zwqp@nr~d4~*IZoJ_UyiwZF!SFtnq%uYSfn7={&EA2mFg(Q`-E2GUYw5fukyh z;b@5Lvj3T#@9Eyf@CIadK|pq9C<4Bqz=JZRzz@X{DV6BrO}3XK2^;t-dSTmg9=!?@ zMoq+o_@Cml0(=A>~!w}a|<%Na3DJ)6oD{M;94&-JDDJKPRn4R9WW_83yqEd(1s}JPary{28r$}O5Eo* zU8l&sHQ}--?jE@AbL{T)%HqO%8GWV8;Z#1>n|G(Fq_4!X)#?SF`|*haksTcz4RPJ& z{WH6*)4hvmXo07IfB}lY7AQc~ffR7QAmAX=Zb&TotuWFkG->$S6?zyeSDv6ZA8o*N zt8BrnXZ+_6*Q+CxSO}|BAB~kD1oXBc%N7ZsAN+~7IDf(0F^5;5n2qHXM}%X!YtLlEX*wzE1=i4rF$~@mMfD6oDu(JLVvyKu^f+JD!|*s&Y0ICUotb@0Qw` zI7oNGgV(Q?Ckb*f{>Gr?ei9 z|C!y<>E1=pE@XDVX;d&B6oDg905=3FK+-yhzp)d4V}Zcdf-|M4ULMX{pOR8G;Yn3zkBQfD=gjpwUslC9nM_+6sQ&-+#9$RdA@?>R|R+`gC!( zc#< z%KUWiLURu?yJ$c_3q`;j6i^4VD^VvElG_^BOS0jrmLzT-JNiUnX=S9}8NpXQ$(+S3 zSkzodl6!$|vBJXW?q@D}AiD!-G_ZRFb{_?u_&@YMvTVI*f`*enE?B09Tn@~le^D>m zW4B|iTS}-%hDJc2z2GA1{V=9&JY(1L^^H=h)P7(te+-QVHbcNPQP4dg`sM%0G4 zBjcvpPvmq)S9gc=KVOeE)+RCf_0^Jrsc?cm@;!4fLVyGs9S5NAp`ax|wCf5IUA*k4 z6@ZELhEZ#&(~EfhT*?B;#-mr-oA@c#jFhoNyyM>!*SfGDkbl26I9V__gM&bGz|jzw zeBnQ{vpwCrVE7H09k7%QQ%4c71qHe^kpg+wFAoYNKIBvHuUJ>kNDIVv^%;mP6p85d ztvs80%vUZ|$l>5*&-v>oPZN!Eyip25fEgMMtOUdEqM+d~xcRSaU-6OXb(>FlMaOB@ zdzDvsIXH84UU0aOZ^CXxTxB>a)irV$PkqZVWX(IFs&5@g@mtUZIKop5j)utY{XerC zKHa;>f))UlV__)!QXj$JRr8-fv;_s8HDT>Ub26{T~EZfr$)#te&+Hz%GYh%Tf729R0y;dG#XfugQ=jP z;cspE4?Q1=w9famV>@ug9cP}xR>3(|TkCo6eo`MV#gnVbXsk3J*%TmEAH$s<`$d*& z+?5;t`V0ix29Aa(ThYJD_So(8z6<>$$n1b+F_ls zk-lr0zl(7l6jY_CAHO>DQFtUHV2Uk_o|e?=OVpn6xtW9Et=u(SiagM$9w zc`M#k$n1^=qjPdNp7^;vy5-l=j9Jqt8!O#uN*Pbr(L9**B!ZE2LQC%>UH`>v^BNnt zBJ~7_?403fi0q30ncej1-i7TkWOl&%3QP$_;J@EE!4Hhd3`Pp{-)@R^lJ6uNw!U6p zaZN(_z*9?<(dUE6qJiQkG4aj%`j(d;qc*A>zp=e&A2m*4KnOTMqtg%qu-kv4t*OAW z)kGlCO~IWy(LTiY@s^1<%04#x&L(T{%SZRD@ur_m&1WJvKfX7ts!OQn)i8FXz4iV< zHUgawM?+*+@~`Zy@0{*k96<{JYXmSw6oEUSz)CVwU@DYXaG$s(pY1lkamjWbVR-|y zj-bE*NzgJY=j4j@);p)D(b&xzvTutSCEqdxj1dA2Cy-?W`rI%D6to|R_J$$Rk-R-; zT7IM{$!uASQK4@|2T*KgN%W$=$YI-H})VO-ppq5DxRS-j-l^Y(TK-&=NA#^^U!FZ-w2cY z6K%r?qPvShG{g3Vdl|RFD_z{`Zm;HgdZM|8ALV>lNfwSC)*SwIWO-&hCn|f9mJ|Ew zts6LWO$am-91T&nvVWD$M)P#<;t*N@X!^l!q6lb$0wNqpf%|994|see-K8Aac%r2y39*tJ3*3>PoQ}}e9w5+U zXCSjH|7Uh}r+XK_;h$oK_P_T+qV9+Vx<|0oVElKRs!l;>Cw#+dyZIVT)!kH= z7b?S4tqczau_Yxpl+X(unrI~-sc@<{+-8jNX>VLEe@S!UJa8c7F*F)zzQANr(Ayx| zxg3d3k>t+XB$dd@OMVpG6dbR%IfG3^!Lm2HzTm${X@ASfyXC^@<|>m5?YF6(H@39E z69E|pWOfz*%FdP({t%oBJ`s3hLS_fFAz(6p3fOXj0#CtP{PcYPBwBKMPB+hdw21a? zO>>DjjGuDWmjnV`Znejg{_g2>x!Z#mOF$l)uyH|!NdZxOKWH@Y6c4+Gf;Irrht$aI zn(qhNXBx>6aacZ)ej<)lKH!tJlOTsDb$hU}>aiDIr;bvG;w)0&f|8p(gG6nNk5$`^BvF@JIm4=A zSal9ICGN*^sdF)BRx4ggjf#rDKYlK6v#Z|m1R*d8jRqbEVNxjQFCf|}35h1pacGRl zK4Ne-QgrG+xLw`tI`t+!UYvl?S@GkL?K?xGM-pUlEmbxv{knvzXUTy+_Xso^c$$Jq zqM(mK^x0{!Y`MR?8pdBow?xsE^}WHt;!;|2?OfeovuoMEBEV`}JM^vb*5OtCt}o|j z&Pd%I3PD(}!_g3BtNK^j>;z8tE;_Iw%LY8sz^?u&U?%_y+$BZ|SkX8;XEjQ!9P2!P zyBYVX>Z^4Iv0?DOE2~F0#@40Qtpl#+_(G}(dYz3N|Ne|N6@)-HG#Z$e!z579Fc3Z2 zi$o6=h0U56XwPQD1iWx1o4hq{fBs}HLFOM4LloD;@Y?UYLrmjylb~Y_x8F{gJxVkP z^eh|=k==)XW|wq&-vtQ{WOl&Z7$%M)kOT@e$RY*Q%$j?#PsaC^k6#5=6~vB64qc#O z6CJ5e+Qt59p;KblR4?m%4p)b$#(nge4#lW7LVz3^4NNUzVkqcuAX*z7<` znJgZOwQh8zINW<&GOqCR%0nZ3)(6y4%i@yil@+}n>2X!xYbH37{KXMyZa5kuyXt>s zXMYynKxhPqi=cCm*_9$b1t$8Zfc;reVE;8TyX4y4eG;l8i<5FgTm`+FpLV8cm)mW| ziz1c2l@WAv(=KLSkkl?=N%oXrkgl8Z$3_T*LZg8>3QPnAeHBDYfwS73sJjG4c6A+9 zBl7*Ybt8VAYwB~&zt358CFDQ6k7-)no?Lw_PL?M1?1vjK`OQ{f0Y4RvhRCkwpV`^L zv(pB%Q^bYL4wxvwgi!?SK!GA{WOgmM(-F9ghfH)!;U=LQs{G7v_pfVF@ttG1Z9E;l zmi+SO`GUdaU7R)Mi!2X`jEC1|E5}%ya`S?(nwxR#c#z?h^+8Kdn zg`*+L_VHh3b09k1_p!r+%nlf^VFG^&I1qsXgs+g<`4CJrzO!L2wd3!<<7j2uWM7=K zM%a}Yjnm*MNBxMjY3}##&m$Lt7Dw#Ei;RQTMhF2%Xf!b1!T3?oH$k*O8xmdccw-j} z-?pQ<`0!q-zk!LEz-D@l>*yG>==nt^XCkUaJ9ep;uL|*w7T*Lv$?pdip~K*4i0o?r znVtLTJuA2IA+rMp9T*>qfIBGAb{8q&)GiRBqt%F&;*WNpt+3PdD;wu^46&EnYHPh0 zsFY>!-+g}OHIh$2YEVN2Q}}h8O<>SngkjRWC!CxK`Vo3NlPSp`aaW6 zRdR>jkHHrm^Jcn-;b{ZWK2XcCj>qe`_@(zXadMO(p5NLKd8lr4< z|06Pp1kV5!DGbV04P|3}wPZJ85Cy6eIFCn-@)rbF36 zDiSZIFwZ7bckJ+mWykSl5Z1k_21a=_BFM7UBLrYvDCkNsyIHd z>Aue)v_JzOz=3!kfCRGm zp8)}O6oLDoz)m_+;69a3P?&tCa8>%1jSFQP8=hnv`?fbful9v**Ef_^?0qlsy=)w8jo4ENjyWzRv0$=vchXQ@Q zrA%iV4Wr@b<|wynR9R(I6BJrrO_^4YxzFS_h(No;(Gb@iP`1BjR}arl8q97UTA&#a zU_%k82L;+xkpgIpI#)u-Jv^|&t8|;{H>>qI-iS{zWJPr(I}>n@;f!8Jd$KpWtzD@h z8Hc8!@c?*p)mKu;vb6wcRuuFOi2gc+MC&~ZA#$ne6IUh~#u{<^ah|K@pBvx%$-2P~(%bJC zO6jtsVzeZQr*(@x<=`AyztLZ5jnNuAL1**hM8R_efj)qvA+iI$ZGX+K?R4MgBROPt z?SKFyia;AEz+!e9`}wor@s6fzSaC7wHs`*>wT} z^nYgOA_xj>Md@$~0Qw>dIvGTN_=-g1ugQ>*M0iPC&i?-B zy7S^p+Bu={yU+Jr?~=*z(_6Dm&Pg<-Ilq4voyDSq*LFbwn9DoD(GX<=2Fbsct@m`_ zN0|yTyKX>$7Db>J6mXvt*`3r?}8>n1C7-WQxbwde9E=;c35-!NmwRDDP7K^3)u7Qm0Gj4cv?~sXZc;*`oi(m@;yrAwQ{jnmFP5dyQLr6{1^9>@>ljrpJ}O0{bpta5O}Az$pK>>|7;J_kA!fKxX$1 z5V(LMAPEZOE+Yl(8*eDYVRe+kNFHUF;Ath}cBrygP1l*vi-r$=`W|lz6DPsLrEk12 z>eFtNC7A1qxb6s`(Y*i~xl28;+U!b(zESIg;T10{)7D=jLaSPR|12KDni`IVC>wBZ`)k=o zPxmh9Xduhh4+v1Alx-9gxM748Fus|5o=oEz!P7AZl`J>rr*#d#bR}3RibC@ENTW+G zlGW!uIyR|#yR=+_M=+5sOn?wzghmelXo^44Zp0v3m8YvV)H}j8xMQBkt8X`O3=KQzp+~iL8E<9-= zvl|2iP>%L?`|oX=@XZfT%aH=z7G3>8A#IK)Z_LYz(z-D|mOJ3!mf>B!P)wdVsi${KAWe(`^iIBbUab za5+fSOvah19O)(gbp0Y2B?%;v`HLCCt&|;5)qam^b<^_Mv?)~ZB#R;^) zcR+v?Mc_SH{N~$80V8%P;z2XU?YbATS@+%vctrWwISX4ZyNX4JhY`Bo`>t3VB z6KVW!bloTIOQFY`BT8uWsxL&On5bj*yMew>Bs6*iKokFocE13koA!}tjk0`C0{?I> zBX|7=G-$V4B*KN8KZr9=dKU_)nP$IW7+bYypd(;BzVRc`ux`|u6k%NeM?;him{a|& zZ0_)vI{*J!AvJW6*^L4ML?{9(pun31q`;eJX&(Gb}I)49K92Y&^@ z|L{dbauL2|*quk`mS`EgGK1=LP{g=K} z?BN?*zct-!!l^d1Lp@s@uLs7FbgU0d>ePP7`H-~1hRCiCj)uq%n2-J~yC=-2dlwpv zklFnJ1n~Y8c)|<{4A>zB!k(ngD<16!g*o}AzwO*rO0&54AaH_{{Yh14>urJJwY!90 zGlG;^L_AAzvaYn;$VCWfL8B)D^m!Dt7Kk2SLZXGXP1iMNU_C4=(cw+%;(9x9EM2KIC&NxJ(J9+1RkeODo zx-C58n*J{FfGR%$v)A$l_J`e6512O0gmS}vedJJ#ohYVy>VcQTQv})`j)o{3Fqi*p z*&0soS&3(YEZa07a1KSF0Ti$bKnf^gRZgwO1_eGB#*2$$m&=~ufA;GAohK`{rVpEi zCO%zIcC4YN@sq!oQu}r!(DYdgLLdnmJp-U|P|&*|+FcWgUQ+w)vMIuTmzq!Y>GMR< zenb1`4butSpIGOp3~yLrHe7jQde?m^{)h=(4BL8uJ|BTDg`**|10Ey(mYoOp>D~n^ z3uJab0fDoB3V3jX0tXIAfi1p9t)7XEwJG5I%X~N>)+~m@eO85 zyN246*q(l8X&7ZJPGrAYm??7BJVW-wdFC!ec2aOOM0UV)&|kBQIo-P$gcg_s1h7y9 zVnBftE@XDs`Nh95JRNqQer;EAXH4dz^xS!h#~ggcjgav5iq5Fx7u*eQEHz8JP`?R0YuJ1ptllC)yJYMBma!q9=y2mxFLdrsS?!t`HSJ zedy1{GQ{>~>8?oou`8>U3^kU;cY1+>(Wubh1g-_ti^PbsHNw#lWdol6{#G_mq0@U- zWG+Eww+INFK@kuF1$xdQ1$d4GiVv1^r|YzCq91l%#^-r)m*miIgPZaL#(^|S9!DYx*%y? zHc375XzA@*c@iF@V-raWY`urpL8}ID3O%I}Xk9oOB0J#m^{?5bobFw`VTa6a84y52 z5l8_AssfP$o+OTPST&Dnxx0R!@B042=*Qu!{o+xB)M-zir5S-A!(2R1V_#Lcn6XK8 zdHw2D0-i*(pwTM`wD}1Nx(`Gzjw8{&{6)@+)7yBKoEKwo^LS*bKN=L?KtC(+JA!^b zK-kQhn1!b!nx5o9J=d9~GWIU8fxZTghRCiDf&N=|Ugu8tE>t)mvs(oOj{g+!ItL2S z(;x-*IL^}FVRsAZvz5+j@=I%4M>k|OY;!U*zWD)%Rx?|GA!QBUNBGEnj|g|ID5s_p zQG5kXNc0+jK0-lDfoOjVBzp7s8cp@TP)xy0>cS%}*!BdoNhyeRR4= ze<-vvX3;%~=hq=z2ynOXc zUaEVv^S~jup*)c2UjX_51w96$%V&_;8AWLLm`BFuCM>ELkfMbfQd8hId`Yv8EaC6! zSzSDVYekXyoJno|VNB*iD=aM?+)>v`zk&oj1wp-o=~CkOG^4!2X{C-Xx&F z!V9Fpj;VH7k|Np~ufRe$7v74TAcLwbdDTd)zPLp5ICVxJ+Xj&7%`dnGOW6J$dns@(U9SrR|FY^gMZ-g4p8PMe z=6tRXI$v5|bQTuQJugx_5Dj7c#qTKwuX|zylNrd4v=|JIp?& zleIHQAXHZ(=SJt6NgtxcRPe3syooW%f1zYuuaGVO84l*^kklF7)Z|KFsC{w;61@YU zcTmtpAo|cAiN0~JjZa@rLHga)&*$|sJGyt;dlh)tkIb05-$fqn-`wUfc(y@!51aB@ zuRvQH<3KPXJ1=PTE`Z)fLC=C{7YZag|8v75{{_tAs|$~qj`o26h=+f~|yN6nv`ZY?rAARiKYvWgIF|$eFvG3%lVt8oZnVlBmY!bPWJ`(?Sa@Oa= zGD5%#8odvoH&M{4Ao{xr5{OmHpNnk$e3r9m_2Q=FLnqA=O-UWvMWOfIDz%LYmKv1A92Px2+G4pfc zjrs``4(JsAHM_Oby^AtvfkQxG9YtUb6p-OT3T#A3VR2qjc>3BR^;U(# z{+ub+Ejq&h^{G!va;BJG-pAVaQ^U^BW1rhEdvlz87*UE42or=X+Yx|X`xEWU0;10i zBGKv?YbFjiEkwPR4-_P~NmlT}B`zf#IehBE;$US+dXW(t|DkCBP621#zBri zzko&`1L##0v^I#A1Uohp`@drsYG`7Og_v0tX^0$NwcL2;SX@?~A8$TO(QgqKYS=k{ z?LGg!Gbh<9Hzgu~qc*bPXo#`_UDm&q%{TIN?;>0XGP@H%UczU<-|`%%{cAbYP{K>HzT|~K8_bRwn57ysKBgczg6>Z!jWFs@V!dLj3Ynts`V9vxuJVL+(8hr*pFaC-4;{nlm z`AGCa@wzWfs^{DM!YFO>a5}D-m#xS1Hg845d~a4Vn?3cT#>`~px}oVjMf<42Jmxvj zyKsY}A+iHH)PKv)&-irjVhUOS0}xn15ikY?n2M1Cg-rdf%_>HZ9*;f{PdyA|xNJzj zFZn<*aNec!<`#3#uDD`n*#+BRTL6Y32LD%VZS%KTAtpFI^2znd_fuP+>Ee0*HD%|jwoSL3$kh~g^hC0DR%*@Ig}XBot5ad5 zCwt8bjKIMO({MCI*?_+M-^%8Xe!6#2CkB}vHXtzjr+_~?C~yMq5c4&2m5-TUoiP=p zJ{~2CzvkwjO@DbWDK@7QPd47yIk7K~bs=-<>hAA*nNPNaJp&NgHA17$0_dM8XkifT z-Hgo64gJ7FvUF-9w8&w_#Na}|=q&f2<$RAw&Fa?6 z5$Nx5G(>j5!opv(vpU_oxFZ3X9S$HcgCbxB3jDf)6bN9s-12p@lORE+@=Zt`P` zh&<9beY21JVQJmIpLwNktsf>Og~;=Syf7qX4+S=ks6wO90qAKIbSj8G=Z!> z{DcKt$%EjSSYN;DM|r&MRgaQueU5k|?h~!VWEMS{P0qdJ1_Apf&K;Y;j#x7|8X`Mj zP2;cG^`Gutv_K2s0s>Pg0{x)C=sZ$jhjl}aY+0p6#U5*}F|QaszvGge+t-=3zM9vc zOdMl6=saWCnnwv3W65?X z3!`h0*%1Q*BPas$pul7)GCPL4otU}`HcTTa-QC@-bf-CEeW}(g=ujceiwZuwL26-h6xWWBuh^=XK99JZqkNW`35mcpv73G&i@!x?GE~ z2=P~SWAa?^FkGc(H16|!7FHc&*7^|sm>nMfi)bVOdiojK?FkM0R5k;8*OFL8lc3IU z;uz>AxbqGs5!@=MX{5$?m*zgIdbiitl|ULt1|V%^TM($VXMm1a!k5v=0QA%|bomq7 zzy4{+m-R@W_y|-`zV}AA7_E*`8Vy4zT!0K5Z|?tLlQ)c4uefW_M~t~T5G?n*ga-@o z4~G2#{X*GRAJP9>wvE59UC;@mj0VDg#3#*+Xz(H{W`()8xtYn=+4^N!;5&+!2% z3w26ruKR2pO?Bqq&*1&4S>hSqe?Q9@v7@tV-&zM`$M`ZD6@Z@jC)yw92|WS*2Q8+e z%=)dM(ZQNH$=1j;SJo|1CRzxxcSn*b2Uw9U4Gj{F#89|2Etcx}!iF4pndy16uu_ah%{qVeMv zsTLiPB-RZPd0`h?2X*>sODLM$&Mt{IuFxNcyyMGgbO3tn8QT8|{cZdYdVH2oiG8%7 ztKwr=TF=35^i*n!y^R96{@W=a?-RB|f{#3iZNxb8)HapmYP<`4rH|;a2lNZs0p8*M zYjzEPU%L<&dNDf;fWYW8frcl6k(ECJZ>f;=**mXJe=#$9zy8H2|a7&ng0ZsI+bN`g$B;UInr%5ySQoee-~RAv?h9b((b_^j4O97{5w7!hS2B3$Zq1B(zdh&m=+cmmGx|bg9O^T#Ts4#D8 zvxW9==c;>Cq|!-?ITv9^_nQyad%y|%pUu)+)3}eC<)g`6XhNRtd zaaP@OKyAsXf1rF02NG6%EIy^^i)dT`dgvLt;|V?F^ap)p#)El@Mv6};%||8*9aLge zhu_`7-C2@}e9qqY!+(^8ew$b>-ok7i?~44LM-Jc`Hky~wcmVX^GxX&X`mZw^zCn~o zHkma!z0SEjLff`1*=&-zfa!o~*hZBi>W2TZ{mUhBF?jf(>qLZfb;b-1Z~~sd1Nw!s z0eT1it!#mGe_y*W6nil{e1O2fKLrBmo&+3F|77P|&lN2KWlG;3)!^YCb$DTd*Sw_t zy^nIq0f`ffeV!%LPC&^6O!kf}?aYp~%@fc~Z1OUi0D%7S46Xl!&M*6erX(-cJCi#I z*m2>E`!$q+9PDR?FZWAiYKeHi(eP^0mq6MEv;B+tFRj*bumY|2n#U32`G9^QyX{Bx zzh)Qr@FV!IJtK4CFJ?yw5a@p<5cecN{q%ZbYCj-m{i72YL#LW1>yO;i6XVgVuri+{ z<*!DsuCD3$WBpFp!kiJt@NCyVI}}R-dPA39MiT+heb3MXPw2^~he8C(((cj4lI@%E z3Sc2VP5v5L(eMI7)*8}b&w%-wWQpDrs<{NgU+QCxpbRaQN@9=Moj;&o$ZqGqvI_!v z$WHHRx-gS?F*{;_K<_^Vf|*^lldBS>wR$Fu>;#%S3^l6Qbk#a0PD8Eud=ek_z|%_uH+G& z@_>G!Y=CZ)e;e{aX@6h4D3f|IJ2HSk*E4~%Cjsl}KiQ?^fH&VbMpFjiLEhCSGaN#9 zgVa~**nAZR(uu>js&{^^Vqcpg#?&65iyZ(>?gtq1l`o^o0qD+W=16>bfI#~*0lO!G3#mT>wV;~Gz`8wpg_Jd`=WWIM1tj}|#p!)-9M**z zbtde@N`{h47+mQH#B*U|vrnu5eP*NYUMw3m0NwTso&SVhto?%~2rU2ciR1iBTW*`j zD#)=I(icr>jZ5zly*va=PN!~mBk@cBnl(D36K|$INA1q*$LuCwM$-V$tjKk|!@!K7rF9UWzjVN3)lB%Wn09n(dydbqCPvC7W{%*n6xS$(A_11z z4<67jly4f^D`>nRT~`^cgQ)1L zV75X`AK0Bl2|UPvPPb&h>!dS`3h)wbE;Z^mOVKIx7XeePz1)jvIsm%)8Cv`aP389| zyX7?DeaAAY9Vfp$s7x#b*81-b=b4?g)kF4W(P*8k?#CQC)%oAzYc~u1`-0k0upY}6 z@_>FJyTkv?&i&y>@Lw0?Cd{7L7QJA!cu7<#YS~ADZ!e=60O-bN=!z$_+S9s^)kV#Q zmkdc1-P^Y$U`DLk*I)!1;>_Bqt}Jc$${1zyz;p5r`$Ws{GqVj-=C7pWrr^GOSX4S z4`IGPqPZW?FO==~Bl_RU78>yI`}?m;W(bsC%#H;hQ2R_E;7K4G^G|j$PU8h%L<)!& zd&UL~k-_O~)ybLMEEz~dm_L9u#ovWW>vE$tgqpr;aVy(tV6Y^A6d-vS%?d!*JVQ4= zp*0Bpp!@7nf!V*~6yPuR{gD2mJ-QuU>~jv?FCUDgDA+W_@%l)z+FP%yPkX2N5{QzJ zH1HA4_keyOyW{`N?&u-Azb?ofQhqTzHh@6&Gl8Qg0Vb0_0u*P~hHf%h#2v#AfHqrO1NAj4PoqX3qPn)$Me~0+ZEjQU_k3sz>z1 z%V-V&y7C$N{S*2_%pbJj$YQ&lqmy%J+e)-&O`-_jTEL1~If`$WDE$=;8tWLfKCKt8AYm{=RHNrut&pH~|6`&jcc#1kj$|X67NtZPA)$ zZ29NLI(oF32rVdojB=0D-b+0#{E0=}%8)43!{1I5*ZPz;h({ z!@vd-t-BMz&ZW?nWzTwr6Y^am(q`}At#6LWouMiP2FT0+?+8j>M!yB1OaF-uqklp# z3H`~g0GR^9@O4<1IlfM;1%ei??kM@U*0FYYlwA%W#3Qd8U&ky`mx?XHJc$#PcA#3e z$Lz{pMsowuCC|_wp3oT0f6$JM8*&ujH7BPMK#b|0wPkbDIfPnj4?dyEr~YKudVhX=YkM#cr>?Ij_;C0uQrq+a9`!fBE_;rHobm4zPPA29Uem_* zKV^BOxEa>pJfg`T&@W^MXvY1w|B&IJe_u8U(ReXCK7c^sKLx@;p9Jb#{s@??B7KCl zx|%DiQcU?`sx%%_qD6iY>kC^EQ(K>f&s<79Z>%TeIJxA6S$b;|&H>ok81^!nAAl}+ zhUR!e+j;##OZNXflXy*%fW?HNXii~eMUtH3gw^Ap zlYrh?c}5={|23d}JMRJgLfI}J(f?Yu^uI5g+-tsAHbH6fS%bs>FF_y#1Lx7io zAX+b?g#hT>XXuG1be!HF^iZHW$Q(#G5SYE5AGx$ZrDW=0KWO7?()B~i-7(6vdQ$z0>S`+oPP>Lz&;6hTK*BRTx7&| zx)B9;c@I2`&A8od$O!4sxP^WIaf37z6%gdIdh7MdM+4K9o0Ty!`L_pP&&d4CXb}K9 z`x%=530>m)2mL#c94ZO#t_V-QUi|xk9XhW;yf>V|xL+RF`@Xj@$FJNyX=wY~A2xO7 z%?A!+?V~&n`IDEkyZX=U?Ek)OGNAop@kIdwSA(*{_&zHjzmw`c%SOhm+oTExbTb_g@XDqKcgF8g;OEO|F#tOA8M@#J{rUV4 z+P)D6x*Uttr8)Yle!O!DczxKJSj4-JC%=^!y+Dd|L!8E~N(n)X5rJa0`|TQ6+#`D9 z0sX?byZ+DY79Xuz2}ofoqc2MA<56Igr_ps@NQaFA_-aJ)lR8;ZJ(Q)D2@xC6I$ z10G<9%bR_B%8lm71TDdLM z#0)K<$kuY+W5X>heFoi_oo4hi?VTQX_#)bd=bb5y$z?HxXN_BWTgdX5z$2ReWway! zo%ReZ@q`9{h#he5-gt#PUS)5$BWy6Q@fPa+pbu3ckfl;4ZWC0{+7jH>_m?n z=6~Cy9?&mjcl)2&ZT)@O#6kbX>|_7}DbED9o&?%1{|GE8eS)3c>xbqnNxNVFt$Lz+ zdPd%SXU&0KmEvHT-nn_s)Rboumy_gtbloPuX}Iw??wlXcAwWQY&nqDEf8Leh2LBF# zcKav#3*HktkMnO>#+5&e=(TxFBTWxfZ(r^o@jMh>1}-dDeM25k8J`ta3W$oB5P zvi)N7@caDu>4n$r%h}2T1e2Z#{E-i2bTLsv)ddStpd^_Z@(lgguFI9P z|DpM8J&;^2<{DgpI${HK;CHNh;><%lB=FEF>YE4SwhA&U*&}?@BcH)hcjg_oSw3@I|T#U1_uIso(qA`!plGY z6}@LiuYK7A3>Jh_LG@UG5apqkA9brCA-wWeejLjjjBQXb`^s9r7UMOwHM^dDly5&s z{aZ4USkz#azQGS(>qxRjskpc2DHnDuX-Qfnzv>>T3LHld;?o@BFi``sYaUxOkooc! zS8i>735k!3@e4?jt5Cl(-2syTCURk3C5I@muSupB0_X2VB2LG5&dM%lYw5omdn3o# z%+ArZc}cHXbgV>o)2S{gl#mJR1Bn_se#i!#LOVehPT1x*Su|JT8gddLXzuW<9!sVh z?o9fX^&%!|iy8L(pz^5@>~k*pNfhVy(S!c1!);br$bO-I2|{LmBH#uZolS5d2^x76 zh5ed#E2%Es-bV@Z&<5sXoU|$$*{YYWUVuj8E2f{+s+TOe(3aAwts*1ukAX4Hy(4OQ z`VtG6?KVaWK4*d@b*R88-~M2TH**RR&hCt{yq)|`Mg@9)tWU*wH3;d__7(JFKLvGw zy>|GGMbeEH*)WoK4eiE=c6?@wSoAUyk5-<8s*=`E!HH@+tcZ@w1*>=7+(zGS?1$Dx zv$|Td$(zm@n3Il`1aDzSz1*{p(njusb1GdW#5H~K79ld&Ky}S4LT%^S2jC#MyU)H?^-Q*Nm$SNVCEP}tij0Ohky)I>y}l_Z{OSpm z3Ub+P;ZZvHdf0@}3t!uJs4Y&}$0GYR5F*w1Vw)$SenD*P=w7fLhkH-)4Uv1zdvR+# z<~^k(FeUU8d9jMm3OVpMU`L92Ebr<)({nN$vV*2lk(E?Kq5E9rEGqPOKICKzvVA=M zjfxj%Y)eVKp!fkrt;4Xr&0+QY6ZI+e`c@IJrwXM7dwygS9wVl;C%xF)JG+Uw2G=RJvU#OK9a30G+%sFc2hDW z(ll_64(z!UBv_?gD293k3q^kAT=siMi^2ya-~WSGY?2m^ojNW!y)EneW)nFh{&ku2 zXjKgPf`KrUv3}u|AzK33aMU{qbLEe1*Pp5tB)xu$`U4HjAr zM7CD6=^a`dC>7X;;Qd8x%vH(P4c|k1@wIm_@njotf$mS(R8-EYZB}W0Lc_@Fd@ymu zn6rb$w?ax9@H($O6Zpw+gJ!kr_PV`+4wQwpN!SY(LsF$~FebZGM>S z3LsMlrD8#$J3WLUgMi^(i%k><)$ZdJl3JVyV|~8yVk*WoYelzUkx9rE%BnAZ zI$2Ds>@~-9Jx*o+B{)f_H)?&^?{(do=hJM0uyzwbbnYL^)bV9{15t?60uCfe-?w&q z1tU0{&~X`hav#O^AfyHSSI1Kdec*+S%$d_D%U$`)EJRAZo zZq{7{i5bF;9;rL7&W*r#-^k@zx<0(6kdyy<_4xn8>E)SU0WkAFJF_zGfBgp!Gk@h8 z5YX+pDN!&)8Qd5*7zl}BPA6I^?Pwsmp~nwIXC;kdE^QR#MR~+V?ys`+O!a4!g0h+U zJ-)a?(|aK7gb611&k{8GD`5N8XmLv5u7<$)G`&g`Ut$4JY;?B;8}#}n7map9{nJAVQzB)7**ezTPHP4y>{ zpoN_YJ}_nIJS5ze8i<4C`1r5jorc|1#!?AhumbNI9IhAp;Q8eB5m7pHf@8D@#@&Btrh z#^<7+R{Ol=6sHuTsCV}UU9*y!GhYh}TRW(hXwv$da_oI$NQ-=3q8`YH_{~Q)oD?|O z{UaWoOUU>t8obI5`Kq2a5FWMGEPW)Zw+NA9q0dn~DOanv{3QYbCKhGKv3 zPy-J~ExeTyI+KPkAv=tV&yAJwGwA}YJl1CF=-5&|N!ALKf`sRMjbMz>5e+0&zC~dR zH<9WBh0w(|K##tzs?kcf;?UcPg+`i;yF&kJOv88;q55PUXslC*N(PpumrB?3w-ifc zxSRtM2-v2>_h3acKTw>r=8#+WH-q*5xALIDumRH-aUI5x#aHndJZ6H`0eeofFQ5{zs*AKpP#Orq#vd+`Ba0{sm`^kw(&9lxB zX)R?6p}!b!3{D5)1}7s$+R8z19KOjg|0E$;6HR?nMx8CKB}+`mp#b(<+dZer`|xWy zS$om%1PHRbgzk z!rh<-(C_MH!O7B)mT<3R?9(JMIha?)TZK;ndmuJ2w^O~>xeO;fSH&jMDXWOPpj@Ak z*_`I?QyE>4(8{LU24X*iEbM5TGCoTxKFZ6Qe}?Q`6r@Sk%ZQ8ULX48}B-Sg~iVRwII-yw{>r169(Ed06Wo|PXhaE zX$mo!vIe}NO2*GscGk`rytkTq_WE$Ox81vZRazueBK&*tG9;J?M79IS2|4X=2=H<3 zlK5%WH{WwpSwTqo2)e3{FvcdgjMi2LkFNrZ{~#FaKA}?tFP5 zX|u2)ffDwC-F0B+*S40WF&L+9P2`+?SKV<0*@%xml$kD8vSuVvss8ArF~DO~zUW(3oikw6_%k;Rptj-)xgBEcF3q@uoZlzp ziv^~N-R#{7z`k!;oRe-E*lbmv_z*QQ&(L)EU4?zX(vsuJ+RAJ<-Z{?+l9S5~9I`OX0oaqH23V%QHDd5=OaQ{muh z6}kF;8Ue;2nM7^30*PDm)RF6-Jvu3HTI8T}0&B@i=W0`gmUY~KD3l^vrks<(%a(pwlGD$8fGlc=@E+dbj0* z)1W6(+O{CsQvzvLWLQ01!dGdDJ-Ko1WWAad>fw^ec-j?1%_Jld%4fhS0#f%|St3DO zlF9ev{C;<$GDV~Wuh_j~74E%5sz^YO^ot`k?Y^N`B>?Lod`GwXRRbrH9oXsms6Z+L z6BI=%xUBIWY10SQMvZ@^q6BMIT}4LMr$zhSnfY6GxpEM$Ps4jV9!f=8A8Z;p^oHm#p+qIg z?muX3WWeiQqiRDs8ZXiSiQ)3JDK4-{8g~zq+H6m;RLiQ57mr~Z4oR@H;B9u@WgiU|9|}Xz_$JFgL^8QMYR`hKQW-%6Zt&{V zW1&(zw^o|_Ug=`=O^mxNMv%ES+mAdA_MDE?k$uB*>#|r&w_#9yAM#W^WkJQDogKW% zAW4IInMH=cDtzec7So1rJrQMIp6&;U;^<&Ixt%QbSTz1z-Uv>2bY|Pq+5H>)*3_Pr zU^dk-g!vDzZ1iiDi zF8O?D(%i2h_#Q0s^@5dY!ZRF!HHk<;Y`s0^y?ok&_d>DYGJc9(E#5#s;Qcdsf;r_M zpZPsrp81skGyk&_+cW=n*4x7~KT|IdQ1uUAMUXC_9I+pJZMVAY7gfNCop#mmg`lQM zSf8goTT~`Ka5@*L{SJlVDEjVZ(w~fZ8{ps;cokkqP@DQ{cmylMoV{Tq`CL2eJc*c; zR3z5!lg|c|>n-lbieHINg)`v=zz(5BI+9@?L+37MtlYXW9K0pnw7my;B|%e2UpGH* z;-*HVms_2VyIS7ylZIGRSzW+8_*Luv+F4Q%4#K@mofxF_Ue9%Th3|S8hZ#1lexL0o z2|gI_D^u(|rzrSAdKL=dNP*|JEEz#)hUJDqBK5rvGpJoAdD)QQg$Jn3S+dTKZs4_A zRjRc^7f!9@u_!7tClXS!)85H(hmDV+3~F`lY0>b|T~hKXlYDyr$||8@8lIc0vN;Z= zW*fx(Jm`SGuTc0-5^~a2`H18;zoW4ev(UO`+4nYM?gm%B8Pw=9MoMHG_&Ku;wqZXL?4pUMsEP9T72aPlxrwjvdu$^^GX`rG&$DZbs?SRfG zTnF&3ZRWMrgTR3iZP8C}>+@GsL)3|M9j)LOXm<9wS1yY(z&^JBk|6V8`}W)NlTbxaI_!5Yq=vGw4(J z>&&_)Zd{$V|F)P1l4@Dn>?Wl9c1*!~$7vw+H>G>=aj4bG}tHV`7_PH7Zg zG{B31p(~9=4IDe8%!e5G>oNslm!J1fhI0I&+w$vVDcb35?})oiAskm01*din9vHtlv@hvvVFdyLqtsxp^ozmMU2>oNQt{yD9pHLZ83(oa|f? zA<)IumsS*}e&nL_VF*YusTWZj)S$rnfDHZX*yWd%2A!>LQ2d zZAaMB3R3s>$DgHq=m%$V9pF3pM7+o=MZ~&It;&V@ih?1m@9`?jW{gOMT7+DLpdY~QF($6ttsgQRpDN33=%Hbb+8b*UF*UT*N$a+($nJmRdD zU8%?;R9VQ5O2C}AR4l=IOIWWG(2_I|Ej$nTOFz8?_;q=ms7&>0!a>bGT#2_{?dc}V zYw~!FC44<4KSNO-0=+07wt{9*AMQJqh&QVv9TU0t0^zSk-&MqQY2x!eMibOuNW(yjLjIa*?gW1l0;Fqdk@V@%l|CTQcp#{L%O>&b z07BLm2XS_*eb!&^q|&I&Mk$SU$JRe2q0QNG-QZUE{PeKi7F6NyfgA3iyoKSLCOwfJ zmelK0#As}M*w@qrG2pEvIyz?AQ3t1I7N?0gp+9+8Ol$52$+gyWREVy=s*ClIijbBbQ#Dk(Grv=Z1wJ)?g zsmWNn=#`K@kD|gc#4?A;i|W26@~mtANqn;9f!g84A(qMYje}w=v6CTk+O2p(t9d4ZjUM- zZUo|*TsyVv#T!h znx3BdBN4@L(FFsYTj{$L){yt)1 z4r(pCFB!artQv*rmRKNbE7d;4XE4rO)R5N5DzwgKWjy0E+{z~UaE(ne)+4N zsgzn}{6o#%j>2GX)!KPWRrfWVOH`fqO&`wFT?$>{{vce*r6)(QP(S$Iy4@wKphj=H$eQG& zTgmk!<2#SnImj_-i4Z92CXEgk>{Y2jKpXy~YcVp#D%e3l=*Xdd7T&qkB1VRKAFatX zC3X6EGY1Cx2+X;_bLa6Ksa?YJ9J99Tl&}%ppr>2Mk4!ULU5+^Ih<{6n()7!eO!1J` zE}!|5Le67FXuW$^QePN*5}j4NRzMOWS>EDDn18(_00zCtb<>LEy7)0u;PH~fLls8GMNcOj`C ze9dw(qPw&Z+~>)OE(3BuHfoSqYW{ErehUf8k@MEltqQUN17*-$sxoM^puyZCN>1%= zsjSG49@M^(;I?k9D-l=*0pDR>1&lBi9_a2t7l4*xhb7NjPI9wwo4#Jm1pZk&>?FFt z%MFx{XEJb*k9g+a-I zd1LR_dM8PomRza`I-Twc!-GKbsVYf=@sLF!GDP~5*|v!=Kl=*hchz@k?5Rbs*39RA zXI%|kB>!Atg=15R=O3-(s z&Svdts;Suy1J6;FRORXZ$rYySt{`gms~2(xm;xt*Qs2B!M&xhs^ZmWy9vbXCF-edw zTeA{hOn*<%NzHbKzuTHA25H1X>`ZPu+KN%jBi)LkJi|T+i3UR0jZ!E-KKE?iZ2Mws zl;nqu3+6?;=td05?FvWynj7ucxUG*nNqrG}QiRw^?UXaVtEb)lG*`3JZK{R<^1CA< zuMIS1tUYMRUv{r#5676jL(^5>0{6voBAiFiR=UwPPtAiuz50b)&$?W-gsV|n`HGlB zu%MnE)=L~tcPN}-On7ee7JBJ5**u@Hyxf8742?*~3Z~K*RNsILSzi8%Vb*mJw>5It zpNPjk+s6uTgJC6Q#av3Wa^?&!X{OnE?WWIu2Kc=%qOufBnB#1rX7lJo@g&P0u>U5y zIc-Fn*H=uWGlvk#YDYJ`=5|_bGR=c0l?%1f+5pN(zAOdZt({Gb$Lsa;Zfj;1HbU2L zJL@fEV}bBy?|!ee(syo@aIt!krHN*;xweRyy{|R!=iRQvG}16_)%hO$!9wXRK5BIe zi4i@`&S@RZvIckX*#ppNNJY98nPiix8PKs``U2743A(9=h#C}wxZm|1AC^#wvoq-7 zSZxNI)wLL(-;^OVJJAS>kR*L3@|oGwOv;oC;4s7^TN(T$vm>luR@2H#w~JS8ScEw1 zS_Eq3=ioGe;V^4}G?C#uF-gT)F-vYMAIa$<_B{Z4oEr~kf>SUb`ZxwEJ4YwpTDAqNbTZVE+UMb)2-EV6VvQ}Q-U zN-ch;#=~_5CsDHJwjTG_VFT=j>Q3=7jzd4AzII*Z0nLOV!+r$IFPHDlB$aFnw#DnZ ze?_Mpy*W&>ZT$u{((OKuz9JzUJO6R!_kDThR{_lY&u$tj`SdjN>+k~sp~ainL8$u| zoF@ulo??mgd&uoqeQq*oWn7t+M!82uS>Va7h8;B`z1?fEbPVNb`jR>YrO!q&bsK#( zi)QP`rx<3)dDSo7E`QQP-F^+x4qG~F20R&Xeb40A-pf;wL%deMv0RWNfJ;Ah0-+YQ z%&9BQRO21x!?YE4{Jy`(p6PAdcGE_=UcHJYfiCZ|OWLRjZvp3d_ATM= z#QUiTO@0IC2JfukEO}9{hegOj6SqJ#c{}si`yU#+ORA_yA1$J76=f;XTBRzlk&0W= z+lVg6>^v_tYI2W%5Fr-a1Vf^tFwbN#=KL^C_{3PROrS}1)q-s+C>@X=5KunNSTkTe z!ED2@6;o$Wf`b-27tSI1I>Y@V0vk$9tdnYm)ta33tS(9zdDwcvh@B&nA(D({UoqmK zEv(punx6zMaVl@zFqW8c)+fn4FQ8Ury7v_jXoMIlar5hmL1frEHyH1&!+(nsFIAbn^h?i5hn5(N>6uJ z-_3+rSBM3)&!v0>OL|?ZiF<B=l_S>dapY7H$vJ4ye_?Bs9mU+^pLD zJJW2w*CHhID@PvW>Gn1@-e-l5CCl#o!t>q6CF8Ho-bBq2-O4Cw4^? znQr3(>4HJWTb`2C0iFE>1SV@u+4x zN;W6xA7CapX`(Q|Q7V2Y-1azGId%@}A2GQLj=1|{qg9g2I*#=i1qxu!JDg8sw$b-6 z<4V%~SX4How(z6d@s%;sUKRA08cc01@uJqSUe!uvmzX5s`kVkWrQd7uZR8E{4*sG} zJr)*G`WK<2*_>g4C7zqzU)T?i`ER5Q&aN4>ShmodLDQFpxxtnE_4RP7-wb9EmK1M! zldG~N@XF0qQboqKvG)sOFGktvkvbR93y#hWXE&N;GStO`%}8@td}bj6qS5X^K?eFx z`>xmy0w|Cd;p_>%*I${4Y{TGU#)Eg1;L7iRMD5+G#)hakB&5Zw z1v}6-Hd53=g&s_SP%ACK@am&%83sfRfbeygc)(0%rbaSF~0A?+liQ)gI`F=Ax>Sx?g0kGe~{ohLx(dB7=3rwjp>= zb@{8(->@eH=$34U5BHIj7Ow5KQsSzwn16f|bZvq_M9NayqfW*4F|{=1VObdEdUoA%Od<}Jiv5X*5 zGu}#8yz`W5%CD*V72!Eh+3}?SeW`y)WK)E4AUvFvI9n%*HznuLh80(;`lQgaFG@qx zc)7Hl8d`uv)Aao-i8|(SHt&1IWD|(=d*jQ(OGXx;7FYI=NcDOpZt)@D0fP`*i4-F= z3O>&*<4*`{9LI#oxdVcWqr!`CV92uHaGBsZUizQYAgo;}Mq>Lj#tk*uvKoFif4GuY zWHe77^bl-$2AQ|}PJh@2;We07^!vfr>B{ST*0Wg^fy(;!Ygtg^tT%&-jq);#@tOgtG#uI0fO@v=_a1BF3Ln?*?jWRlE{mP_hR&T*e|^zFU^!Rcr`;=giJj+gnp&8=HQ# z6smayZwg3GNxvrf*}R6vwFDRUac-XFwat$=c>EthhcZ&2eoPxLF(A47;lu|Xg{V>A z8YV#B7FrPZYndDqc@~=ZQx+8S`^LSybZ3%_uA%w?_m*F6{3w5z0T$Ejv-~n)^N{)| zhVDkMD9(D_FJ%MlV&<7b>maEV&2B5@c^!yk)guuO`XsVN%8H)~vFem_T?IF>W~v;K z%xIA|v;rRWDIJM+c$uRLx%obDBn5#D2in7i0(A8D_*Zym7hPmvOyiYCoQC?s7#8q6v;QgzH8Y-rBhwE9zldkcJVd4Fx*+*tZfRX%c(dLnu8J0$9w?Ov#TeVdrYO(Hmg0bV-Sl@C?m2B5U8(ev9-8fD3h z3e8Iu?D^T&dAJ zx&n_sjae{u=l9_&A77L|2Kn1#x+cCG$mp5H@};<~bh%3M4r<~?LGzh4239!-}c1NXCe|{P!~=VAmFrY2W*4&NM;zYtY91e36V)Ao)=&i6&%cu<)t+{RdEhbEtwJW`14} zAi(E&S0@M~yxQZ;Z}9A}fch!GGylU4nZox#Kr2@BL7(=s2WlzdqDuroIF46h-_z%PV|2Jq<_tiQ0B^pZIo2FM$#t?k0UioTVikt#42^R1?@C$hn@ z1(_y$Mb>iW)C-fM!0CJ$MGF(Lgsn;9?EO|ifwbdF2i_^>pfSD0M81^$qMrLp%7Rzv z=oRfCT|x@h$m$r*u*W-Y?6;p8-yx%MHk-M{g$P zhtrYM-j(8<_udf(0W%cy(|g6xC#=AT9o8Oepv(97n_P?GHef|_B_K7S(#=~d&KFH2&&whvADe` z!m-{e9SPT%35ze_%L4#_q6QI?YzO`P9Bbuaz!X*_HA#PUd3zXvf zVe~-n8?SE~3Y&>U0iK#WZ*lz3Q^8nRRn$RnC(W>mPE?jNiU?QZynA{o#bR(Zq3T~F zNbVgB9buBP#+;J^dEW9$JL0|#k_?o3i%0LEQ;c1}8?KocXbekJxn*g35l$ym+e7pQ zD7|@a)6e)d8uKl8uQD-9w?}4b5L@(w4~fBwO49W{zaW_rC(C;zR}NL=+u3;N;Mmpy z|KD)0SD7NZAQ-Qwu-R)EUt3^Yz+Y2pP7KmXWMCIlS_IqlbcrHl8HvtxyBd3GqVcDx zCqfC?|N0J^lB*yzr4hm2r!!zbRAY1wyMu6)sqBRK4Puk~%bJ;B{<)2rEerNq^}TY? zCKm9z>upHhwRrK}ijOP19^Ld{I>-jmJq;GaJ! z@h^x*qtvE%P7=ZdC~+otl8vPs-Faf@^Wgh;NlgsPfAeDzX&O(O+tK&^z*CX!Pj+S= z9u(mqW87OEUE-NaJv=+csO#!-9PLxiAO!wCYx?|6w>z{728KL%j4CgtbN6ksyH_0l zE3D{3l{5TZLj15dY%EqQvC`<|Msulg&tvaMFWIIzd1=H+1C`C!G6~O9q!P zHGYA(Hb*UAaQjWz$d|IMvWfDw8D*A;j_mYs3^VC=ot7G-f=SwLq7?4e9T22TAut1Z zXq|Ein7C*AD#GLdujY{AoN@3_Q)q$z(4HlCscw1C+7uK-_-cacAbEfOn4!tdUGMmo zhH1zo-xP}d7^s^p7WOS;oqP)xOS0Z;cWsHdJ4^gNf3+&tt^nmB3-xH*>(txrW+?QH=i|XFlOGNK#RkfqkQn+ieZ(j2*51F7tb-&I}DZxr9#%UQ|S?SW0KfA?r#3XuIW!24?=XvgmgU5A9jI zbndK)NyJ8IgP7NHLPdz>7TeU%(E&?yF(dId8B^jJKsL<=7)##3=?L$)VvT2c=yh4 zBI@%s6`>-re=vL0+bV}Ow=@bD^3?Xra*FwnbgNq7CP&HKy)?c#4L<4VZ@9ZGoJrZu zbqj8DBd5h?v?9}?&?2Fv2ybNF}|R~HVp z$b5|+7m`=vJ$J+;b?luoPzd+2J9dezBG^8Y!S#UUa@&3U-nYH~ITv&{ zHQ`&!yUvOatqxM1XEg&1KktssTk>A*Nr?Lt2UN<@=WKqWt23n-!Jp{d-@4w_W=LuP zi|g;omBWHks=U_oVb&1oH*bzcJ8L-KroVYzvifkgF``uF*6ZK|C`1J?wPGSPhxWZU zbGllN8huRTEH zmtJ=6yuqiPq5f-v>&bO%J5d|Nj= zt9odgy0y#u%`e}${3Jyvr@70S<`N{V3y>K;uQJ|mc z+Ua+Y;!^?(^{4n&7Tl`c3RCGGq6#@PZ09cS5~ubkMl*wNq6B<$-r9Q9_o;6 z(J~+q1BE1e`ZXb)L3en&VAq^Ky6_GS9}@4?LuRCZ`?7ZALMQC?b0fpQi5hYNTz+VR zhA2!VrSjOy+aPl$MyY6H+HZBXAE&nHOJzbf(@ort09Be^Jq|;Rv$jWgwg`5kIrss^ z$XWYb|4Q3V~+J>)JRh*Rzd`%jqD)#z}HFLxtQIpX4<12PQ1MJJMfp+;x8 zZO~nHT6t>S6SY>o0<>}Q-Q7G1p+OlYFB^3 z5kQ%+5KU=WRFTHRMh$5~iTcfgQ9>_^7S^vv#;><4E)*p#EE(?1Ye^*oi_f|;gDAw} zq=ReqISDkcH4`S2FEPSra1;)b?75h#xi2+{C*iXwFe*aN7ds3_*4*dZQE7SkjxHVt z$Gj(yVGU>b;v+I_7Oo%rk_$B-&+^>-shYoO&uJ;DYar~<{OG5YnETYCJ~Y}s`D$9f z^kH6wf^uxIx0yTgqF+GCMBz*wpRRs{;aCA2p!f6uhWaN!?}o<$0Kv;$i2DS1{uM{x zw3A#4>2RLDqeAy7KdP%^6uOtQ1F{If)N-0cc)w}}4|pE4G)Zqmll#QrVXWo0!Vr?RMi(_8FlWM^>Srm0OsCoVdQbm@6{fUn?D=Ap>&mnVxC|k% zbK2zugRSVkG%0bE7pL#*k#%;7YRty--PoqKBVrM-7K>Q+ zyY}eJgEAF06mw`r&50IOru) zOj4qkmxl}zNKm~phF7}3FfUPfTU?8CNa-^tR;MyUTTQr6@n@9tGt@ThF8Eqt0NTs- zP#nr;7_quBP#`Badw9T)JUzfjtP-4Bsg9L23Wv7iT)dsn8444u?TsT#iGz^eW`M{1 zxFsN6_mhecgJUwQ=1DBJ7Fbyv?0>8X4-{A2g0%J#>x2*%mBQ2926s__&J3lHIgzI9!vT)|_yle8hMfO2Q_Oq9koGSigM%`55$*zWn=C z1&VKVF(TI$UUD?`B;Ah7!=p5aJ{qdwz%`!Aq0AxRCP1kZw=GDM zM*slJbQMpC6dz-mJ#@7h)Kz&GhnI3DmkHpFT7dG{xu~I^s->~_^KHm!-!^x2AaRbp z4z8SP99Y|-tNqci%dyXb@m9G;adJgDv=lSE_DBmsla!H`HudrV^XC$1$G>jJnnX-UCbDQG;G}ed@k&C-$VQom5oL2*buRS>#vcrSJ0S&$St1$AS*i0}tx=g) z7`TO!57fK*ab1*eRB18Dh6gI*g<3zruYXYB6K(9O2dry+l!g7}ZIJjuJ*daJi4>?> z>bBwW_I9Vzv2lh9>X|j2QF9&D4oMw)7o|N7XnfkpRdxd&P#SfQk*-;Saxoj56~6(O z_-3K9iLl~mm5E!%tCpNMIwCJG5zbs+C;->k!TS+cv1@EGI(^1hi)+w8#Ynm|DR%f%z}$2gAfw#7HOKQGGYDu&l9Efx2XAw( zEJXlwpr*~S?-d_#<{8+2p6?o=hJo~KB_PzP_mm<%uJKXK1x$g{y7?c4(%~4L@&^NF z&q%Ls!LhMjgERQ+teEiuSE#pJHsAmx0 zYL>Oyxc!6!G+R7e=*7BVo{+@-dy*)1lYA8oF*L z>el!>fJ+RQ#c9|Gh^?)wE9leU(2lhk3TtF3rD=(*B zmu3zulCS4Cqs>iJR7J)e&J}GPz*Yr_A`LVeUta)z7!B8>{_ah#WvT+* zlUf`ewx0q-;^BBxsaB6=VSdJXAug26$?g!R%lX35ws$X+&q*xzz1r5!fH7LJdJwdo zbl9F|r!b0YpaUlChdjK8Ij^c#I!xvu1kgQ|`~)XQb8&};c!!ZnY?r+U50sGK4`t%x z-t`Nn0S+=dBRwh38ZRGuGa^khHZiKe)uZw8YI8DT9$GkI`W39hWuuB{%_ja)yL^Do zTl+`u297Hx=x74D5t>ew6e6E|ErU{79f}_F1ST?Hs*ViPn7sB`?aDNQ8mqzUvf0ln z^>WxoAB6pwi=+yU!35_4 zFHLqMdtO7tJTx@J)_;fGrz_!=7;-}`G;SAulZ$T0RUX>+vS?tC;0t9=>Q44HBPg> z&8%wlMUf(ADR#_c;Xe1QYGpQYeMZZi%CqUzyzi4tNE-S}l}idmWqG7zd2kCXF?gt-jS2l;ulFXTSgpm<9?i zkff(L2_%)~s0O#NK$iDQpq+^Ly>*z8R9kHtAR#wLg_J#kLZoLs*|J-zxoR%gsxSl? z5{HhYw5Qubnctu*XM~MY+F;n)2}$M=8_SrD@&%jeg%k*XZ;ofZ$F-<3s1P3vR2nb; zlt6zy!6$WLufY=)bTy9Qysg=X=ed!Q9d7-HqY9V>K;)y`wuv9X<%{Q)a2RA2Ak#-= z>xoo8E)rF%y1E$)FPp9Eu31~W`I-`BDjy!421D~6yA4lV#WAx#<*$`0KRmnVrq$nC zpzoCGpuI31FvGwzi}dI4Z?dr3de2j(o=3Kl9Ji{6)@;Kb59p2DeMg^a9_e^(Ol`~T zRd6(rrEqIp_8Xid3uqQReXu;XNNLsUussx<8t_0{7I3003D1b1Hl`Gg0n(FAU8otE0B;0&aNjMOV}gB_!I5o(*I!(1_0_06$z^(3PAdN`CErcpqHFXkgma zJ9Do0y2tCYNgZ|Sua9u94?VSa2YPV>uj(ZNx7cjy$1*pq^C>bCsa+ji%Yoyw(h!39 z0lDvxawH=2WNvHJ?FaJ>4edBL?gSdzxD@dFdlfecJos$~@6fryoKIYXH|WUCH$h}; z0NO%G-X8tlTE^eh#UHQ30pNvPW7s}5x1jD~9Y?eQBYw((+%Rw2UlPhIT3QSm;F0nq z0P#qou3+fK#$zLl%21LuB{iCrj8FV#iyL!wiXh#^am>1b^$pigcN7|wo0~W6tLbB$DhTR+2dRtmMR&$+GVhsVHg00m%d zZrwWkM0YkY1(0? zSz`K8E?b6Ooft#1JI1%g?w&EmSZx43$z7iCgIJ!OGB=fnGw8dLYXu*%CGkS0ai4|_ z$9|NL#Na7m2ZNu-l(1O8ilY|>2o>kv?N9mOgv1hggi`?DOZCwUI+sH(_A1Al)1wLa za>4G9w8f_LSkXeW=P1w6QkEsTc53YLB8v1*%>6n`GD86xR z*WsEmhCE~CcGq(1lNb5qZm75F42+~SNvV-B`_&O9`F;Fg%LCH|Hn1fo$Dw2`Yd+5o zF7OqyK5l0ek%80+RQb>;cy+@y*&ofaSbec4U34Ut^y33@W|zZFVblCcf>@>`;KIRZ zn#s2Ii%bKPnjhe6xd#~Aw1pLG>T-7`>8%hJj7JuzqH}5TYH~+&2S-s2+Orgs)dBA| zmrzh7w5I=)vYGi{il1-?b*v(Y!6+==z4#ND{Oo{`aR9Q}sFb{)dKmCHZF;H;ADGEas1a<^q!q5gs6l;UBVJNn^mg zu*rY!$O2LvLMReZqFd{+Z8FUdLtWk3%N&g;PLp*xS2B zwvo)f(JQQV?2B8O%1SF=mR^kQG!fi)c{Nq|99e!yVgGj7!z!qD4Ln2*>;THEtSf3c z1cQY``YT!3qPEI-^6+{qMO^CK9-i|zD;=*o0hG^Uw|s)d&oF&p-prJ%WURW!Kkw;t z6Cw{j`5@lAVhk|_o^F{g$FJ?(%xVp@^>Y$?^I{}1YmT6T7PF0~Pr0q8@PVKP5D9H);t5eV z%v7Wb66ZisiBG?(d-%9vdtK0!bD2P@1c&_R82tK*ZMg>gGQ3A2 z{tF&ksHvM8hU-UD~9TIqGP7KexA^M;P zCUFEuczn$m18QFmUYs_oF9IoG=~4@I167i=SSS3@Z3_pCH=rA$O#U;+i*V8oPlQtB z^oatupQE+~&btB|ggx6%R`KkOZ$^FkZgNyG4PU(SCyl(r@H2E#km@tPV}*#Ebkj_x zeZQQ`8Itk&2G4piOXq_0coGU7x5i!*zNPu=Dc|G2Gr!g^=7;%{`R5IOulWJrTIqxg zd-<|lxbG9GpZ@{;ocy3u~ zsNk^Qr$OF?vy03;OfWH)I}?qOd{bkt7QTpbAUW|SNA;|9E|ZG?Rx|iVB2ly!i*}ub zSrEqXCezimbtU!y3EJ~_wSggJ8-z$|T%$?-hf#rq+xod&=bVeab3k!~uh5#i%Pe=p z`}VMr;^>RnxtwIH-!r_GTl2d{?(DrCr(fzXn;s#JiATox&Cv4w>0Zd{UZ~;iJv^yO zrS<}I^Jv(KQ0C4l!WU$~Z`~}X*wmycR1>FSX*J8dgs2h5b%_BM;;tog;M~E+l(6O& zJt)N$YY(_79E4>9GUn>#9R_+3_M$t@T7*e1hOC8Y)#bqEAO zY0}1*Dsa}-@cM48)GzCz%G@#TI(?W!xM`M5ktP#Ty!#MWc~pX`q?{__vTrrzJHu+~ zSa;Ylm@nOC<2jo+F0z8Rf*uG1+sm5|kB?3=4vMvfpo(a&rvakjj=mP8I>5^dJaomon@80pw(Z?=LD=3dLC}0|! z**=3gg~B62kf3HVB?E_YN@awFx_Jeu&Ob-`%& z1~Tx8Ux=YSkT;8B%w$O>dXOEiHieW4!SdP4J^QoSM^ppF1on;gO%8nuWz~ga@@H{2 znnvu6wmE4u)t9b-{xMQV(W$A0*yLBn`OP7cC^YP>KMh;`e7ydsrt5~vS}uF^*1J^& z67M$gLO}bh$eBw-t#%S!52RBW9d3ClpFG@casE~b8}NKe!@tnUHDhea8~>= zt5*;zY8VtOSg-btdE?KSfHdYcxJHG;LA&#!NZ~fG>4v8PLI5f{9=MDoy#{j%JJngt z;y+8Rm$LU+FNQW-?vR!l9{PS@8S-*CgzX3(P$8Sy+Z|d$=_tCjbQEomS)BvbknAyoJ6ZxaL4HuWSZ67Wh8i&n<0u zx3!iC;NyE@S^+h4TMyMwS=dSGc*S0#4+m9Jkpu=3`3-&qRTTp8=V%97#18!2`O^8Q|IDzk5_rr?i6YocH%<{__L;6OC zt|kjSqak*&@Y4xX>X2o7)ja%#DW4CbIVK#52>~e)L%CE>15FLjv~b;BOXcfP+1v;7 z*UWSrn4@uxrLhx%vFrJ5?8SgMq)SyV=vz3gbY+(Mifz@orj{~~p2eK;K3USuR29Fg z9cH$3jb$`jgF<$ft>AD0^1;%qX;UrB>47PGeLH{;>C~p`!o26U$0B-^DE5WjfYtu? z6RP}%k+2-cQlcy@dNscB33YhglCsd!?q+d-lB$DKzjAjmrv`gQI_z97H+q30FFau~ zAwo<5UUhGxMQ~xKO6}Gn#K?|BPSuMG17pusiNrmMkHcLrFf**LXp#KG2g*~{md%Ih^EF@jPI#9M=!exePtu%<}BwbgcI*JcApy$GKV~ zw+xQVg)>_HSx3F`hm||CXw$14h4?;=2wDN3XV=-+g_^{rdO?A~}@)3^aQ*t&DGU%5&$;t=yyZ#i~B-gm=07Y9E7HmQca>yi` z7)85neRl)h40WS!1f{^oI};aC78TN`T~U%0dXs~;IgTK_F$3bw^H{N3;C;K%S?=kR zZ>=q0%S^7KvjEf;k8PuowX+Y^TA;Jfn}5bk$0}0W-4c;QlPuliXJ;mO=dWnu=`E>m zN`H?{X<1*CyjQ3TGKax+4l!hjiXd`7?kx$$5|NQ@YglohUareAxZ+H#?=C$W)I^{A zDfPjlxSnGVE7m!R)-)1oU(IsyHW$UF1P^jT?=DS>lm3cFQKRJP&^@un+9}&YAv!pn zM89^g)t);vysKg!?I(EPD4ZJTH4cTp`ZpHx|5#iWKqz(;8aV8 zkrI4UTd%uFwpMvy$>8|CmkcNVh#QloMx)1;wluj(2&aTE?3EGBj0v@vH6};|G<9zI zo#Nn6##h*+>0%xCTzLF7CUhKENdboH>Fzy`F5vpxwl)!jzBTahJ8p6fmi} z%u1!r^KCd9+|e5-yf7coM|feLZi2Rlnn9&quPBXW4$Y492gRz%)`wBq+LDy1Cs4t+ zfOLA}+&WQa#U*I?ESx0}iqYKc&9TD_VQcq0GEf*lJ8yMunMGd3#+;?zS0qvU=E(4+ zm6XE}5%d)T*n>$GN8eOqIvj@g80X$l79}XgLqk4lOzm#d!{dt@XffTB<8~uJ?5MDH zW6Q-r-lp4^LKQ6be15^gpN_-p=+a0#7JOU?GzIS#8`CIHl86V zOM8q;om8C!nohnd%mQ=_1+iN?p3oa` zwsT=1x*^uQdB7x!poe9#Eo=GW!9g9tNeGLMz*5dCq|b*{(Ox_YV#A|_=K74YUC~f# z5hoYQaH{P1ky85$n}TY%)$)~8DHL^ss2)ZL2dWKFwn;{3;pUQD&@l@ci;%*x4Z7uu z`G-<$_ef|t8V$e|!d=}-s`yj^9UGMo=O^rYUjT-3jXCpn+m++8_*bSL>*A?60ynUl z$Us&!xj)V`DY0#_>la%UB?+v6KqE9HR6y9eu|tx7vlR>p|no^ z1C!?mWnZ}S|2ybUAo&^?*)zch;i&K0*lFeFO##Sk|lbhVn;xMVL@ zKc%+_R6<{KQA+zktuUjrk?Yqw**{#3(>kIsy=W|brgJ)Q6!ew{-dzZ7RcGAjc6D|R z;0herlCis6tcI3_0w#~h545WYDk?C!Ld4J(qiv-thb&aA%g?0>dsJT_-EXN)uXb^N z+a-2AIp#0CCdCG6f&W(fu_OU+&DXoG$I3QC&(+Wp@e-aC$CEQ;L(l~l zu!K#D{uRw}B`l^I{LOlE)twKa5R;xR#tyJ8ZOkn0-C6nHGS(|`>%hmuklUUq@ti?6 z3krXXpyruELA%qrrlZWHA8}(Yl^I9(HgAq&$=W4;ybPtUm`9DP1jz}4;r0n*6s{tt zyilu&GWK!ckd$N(Av6F#BEck$GI?s^`D(wMXo%<2 zOBD+mxvXGBrwv?hR8t&*>R3D|dRK0Cb+{FwM=`X_LlIyNq-VK*!g_ex@!cS4R2X)7 zW)>cDw{duPux>Ri)1?kwZqcGuM`1Wpxm#R`cSYL(uLN^+K$b+Bc}YTH^Tq;>9$4fH zg^w{t+{}EM-KHIpE0quqr|y`pwGIgK)Km_VsdmlGe%@P)z-I4JW48o%6CXYP&BF2a ziE5^9i!gM4BT+mF9fypG(lAB~GztkR<|m;b&n4CpgPf`&@sA=9d?kGO%_?P;{=o^g zNf0Mm-dGQwyHS#e)oKf3d==UHxxwTV)aI3rSE)%g@6#ba(r1PZH4<6QP}>$3rei=5f=*evUb5l*f{~+y(garCt6AF9V-oXz4Ijtl$@Q zCC;`dzq7jyh}=5&v5GYfp4rrdXdE{DuIBU)&-Mb2plhcEBmQAE>uZsUUS3U%YYlqD z<_vc|5qNtuqq87g_ZKnRc8K(VMtZoStX3jmxge{aEJl^MjLWr}MgTdacX~fceXGCj z_XVAerFaryIA!dg98y-9G0mSm4aA>u9*n4yub6m5uYEY@^<@aE+HDNciC5t%htttk z&E?cxwOw9rftW^85pvoBu9uSGeP8omzcIhs+a;6t@xLyaNW$p8Gym7bKbil)>(`q9 z?UG4r2mnCdYs=*i+rxm`uNPQR7OA}h<_0s#>#1y&#KnT!px)`n?X=N^udJDq`4X8; z3<5s;v90bn$T@DeXc!L39OUD;ZIE0M+UT0JglI`EhujcAXJTQL*C(E>t@qaWgP?#9 z=RW~Ko~$}+<))RiPURh(lAc?2&7GIW=Rcv`U3a0!o>Q3Y)x6|BG^A-PtSK6|^1GWz zOBQE`^{$&7UJGs(obANzj?5VG=LLiN?vEM?zQkOrc_+Af#-E6pT+;C(bz6rhI)dO@ z9s& znm^|M2{u?^sYCNH9aILa@Y(se0`1v037WKzj$l2N=EJb@oro%UGni07RL|FT+sLra z@*xh@2ch*wFv#mj&b$Nib*4-T;4Ue|Fdo2K97f*iuS}Lv&fsG>I3-ioQ;!^d1;@xPcHTOxLj`$OTY=GiNR!><` z_~;SxSKxYnv!yh@irL4Y0|SXT(!2uL9AU?=N@}7WyWrz&(NFK8hH&@S3n+l^q4wV{ zpd97Nz;#;uzJQXe0Q$Gb`}N+X7&`qKut#~n0~Ut%Kacl+%}pu1D7AE)lEvb%8ieDL zZPr8nsR1#607ma8MZ)dGn>)FCV6MA`%ol|YDMG|MX?!{_A&RI{iV{%z71{^s-JnEe zPyo}n9s=*<-?;;z0i*v5ivPc$9Q}qOzWxssS}piXg_|Ksefyj|Oy6oMm)LNVCQA>Y z`Rho@b;joMXQsL#)7qh-+oE+vu*NF*k$2T~Z>s-tnFr|q^5rp}3|zzS&cPWd5 zpa4*BiT^(SZ2;gi%-44*Uw8jB;27_>0Vh?z3;-Nk=qtw?!K>3VR<3Ez8A=WtfgR4- z$5Sz9sV>JaRU7Erqg+D+$h;NMgUArOn!SkZgIRk? zwN|!eL7^&Kr4!mQ!OlHDcBlIV_G&w7W{EzIO1E5GF(D=Qcoc1(5h_(SqjwGTyKVM0 zo=12(5o^LSzer0kJJFgy(W}1(dAJ;mTAlg~X=ugK-B?v#L+Nm=`6v8+rTpkIE|PLU zE(WJPn~=1X%?GWH7!Ju7++z8@gCRb>19mgvu&Vo}dUipoc9YNLE~G%xvh}?vb`6B) ziS9^An^^$!>pm48?VElX1~Y0si4t19T+-1>Kro>Fh`BxwUFDb}ESn&p$f+~&@R2kM z(+zM6mLikI)*W^rSj~?B+5+3FwPyMwIBf2do5-+zUJUw}$Xpvo5Bd5QnVEIoJPMCX zeFjM)xaIagFD=!a(LdwK1h5Kr<Q80GkpZ9yne?Y!tgf{}YO$FQ4UN~gR&7cdxRjT0ONtR=Y^Oj2Ke6s4EX;Fu#=m&ocVI~LwV2%y)7b&O@XFp*6ldOiZ+oR5qsE4=4{?A~HKVXynp#tgkR+NHS z$?8p6y6n51_tY@DfKPkHa9%XO7EeR=ZpUhq3E;zbt?>n`spfOcBG#5=YN&?x@6d|kzyXrp zQt*Ae`R5O4Kq1&*{}tNuZ)kqhzn}qW>j3YQ4@o;t7OhrwvD8RrqjFfP69)ebHNF%x zMsI~C%v1uw)p{kcZyaCQuT~juNaf4Isc^?_i`dhHyj33@q7tVfWJjKt&T8s9|EkNg z1+Cl#mjKO6b}V8Ig$Gh-R$PL%-#OH%2Fa|C0C3$f<#v%j=X=_pa@ly=v!b%11J_+C zk0mzjZbhl)pY1x6(8R^0Mp~iDWkP3GFpgIUWOj%%xt$4d_ZbR+nSDFF?FXY83bY%*>#7+SkuXdGy_lQOUwb9Mxf8Rch3l_E+31E>?u}g zt5(xA$N7ao60iA;;`6mqianjKiCF`?yW}%)rFCMtYp1bJ9J8}}YD_($F>&pyZk+YgeS-S(^J zF$}SC3b`Y$b)O=SCTsN)@d=^)QwTG%RXQ9OPPB(Aa<~fT8#6&Q$t0Xrh5Kd|rz_b5 zWtlxuPl2l2FMKLxkF~;S+LboD{*d(A4^6oY!~XV`3=B~^`KdKeAkLQ)&v9D8=d~Nt zq4GguPoLK<)5_mN)i(aG2@U?=LRF9Ncc}jVgboP{7-09LJni=!vy z{9Q%`$3H9JI}5&A<432frIEhUL=(anJV`}rbt)Oty?t8lHN-dD!504VWE-{#y-z_=^{Ca_j)Z5c z#NFxUSz!Y(Qt!SM8Tu;}$o~pu=$Ao%KoM>TusX3c)u!gq%4D9AjE$LbiRBq9h260E za7QvFJ29SCb0o%x3@lWOKhk`AZ@}|JTV@Dm6TVeCtNH^gEHl$Dse`=f)q)1ON@} zkAIPZ`X=S&AA@KiR;r%{qmY=+c#~b67O-m5q8(&j3}7{|!d~JoMFFwyL?Z%k_sOdq zs2iFgXRG?&4cMQC22gvO=lAiyxKXaBJBPb$`cG5@8?<6o-YI!XVdYWU-S ztjw)?iCH@T5eUVsor1inhytOdK{MoD!yNV+Re6Ze$(HfifJa``Cn4Qj0h^IeanI@S3>foTaY0`h2Ca>SqWHR?xUs?PzAoO1by!E60$AG{$7r%Fm#C5I!Ir#Bu z&Buw#FcBkfO*`F0nXja~#nU=qmtCJB!uQ=*O7qYFMIZpb#=oZpBn8IuU6mf^zf=YM zRu%b{sBfx3tmL^UKp(u^A&5MM^q!glso%aZGkFLj8#EvFb9I46(jK=5_T@MxQRnO` zSI$>W5@s^BPDORSZ(ZTs!>JY>`7<{bw_Ai$BE1%v?zlhgThz%==wXk|z*cvZxv3if zvJXmLY0FfIaGPwsZkliJ_kZn1&Qd0CSUcDq3-( zI*FLj9yg{;Eft@Q2*QzjXB71WNEe|~xU#}fC^tx~gjpI&wbl!8rc9jMg^?qvpEN`pi%8@&N4$`K$y(!6?@# zIxiS<4_b3+$A$fe2_Xy}XW+RLq<=hh$5tf<==w^>7&kS5OB)h11adO&zzSLw_Yzax zpUU#03>)*~gxHoORtMa+i#-XcE;_};fkQgrRB=q?N%Z-8^qrar82-o7wR@*!8 z{0(Vz?WKQ2RvR;*cd?CghOVui)z*wc{)-mnQNtEZWy(_90gkjsTV3YlM?Kdkc0q~Z zHH9&=q!I^ObGm32!cIhwoCu9FqtbraukMKg=-i7t6RyJGy))Y%fQXaUhN@ayP@0l^ z7x6_bggBksXga0a{j?qz+fo^%st&0(=yo+h?q&sHjD!iP%7Y6ZBK2MJr z;3CQ=&N`n?(G8VzYps7NAP@$Zt$4eje~E zp`AIereWJ#idRNM(6i`hqu>Se&Q2Tk!b;pVbe3x>TdJ1`|@4ePt1jjLg01AJM02U(@=MlajnIxh> z#Ww;A*PSYJVbI6jtq zOczss?47#4yiwQtzS;ZuH+8-3omu^2N!LHA>+0=h(LXFn{7=hD0NVb5U4*nelf9uF zY+GbpfQ)Me2@U#-0){XOiiJ-xIepVVLqQZ^+t>=$u#nSfbj03OTfeFP3(dp+Uo?Ns z@ISXU&fcW_r6gMaGT>iLM6Vfs8=xlqADX{h`yQJ3Xkg+j+1Ze)l{EY%r~RkbdVzbz zvXC2mljE<3s|D-O08MXu1MlPCz5*(Nv3XbZmHba%U90?7HOT)<6_DrWD|lh$@wOmP zXy+jiMo|^Ksj*U$tWJo+f=uF@4^T|7e8=aSRaRQ~Rc(62QcYzGk-;EJ5xsIU9&!lE zar@}Z-n)5gT)dkQQ~Xlhj`Po%XPfGT&U(UMW^4+a7mW6@lw3?aK2cR7Z*+FPz&$m~ zjg*Ko+7tv`k=CU`GHRq=VqgY7$F-gDPdk-)%rg<;^H?W=pcS)wP6)bzGuRZ0-amAx z01YOAF9S{9F%8Hh;3NZLc$2g84$_ixX(P&@SV11ToR`_z))d>1cZStpW2pPHwKM-n z!HyR(Rtlo!d^#!_peqrC`H7er@RKMYX5_Uq$H_CmG&7oiG3XIlo5bRBE+UL+s__pK~Hg|qG)Yo4q^zqbJkl<+bms?SKRvXK1cNsO+RJtgS1(RNXW%V>Lb3r{#D z3iuQ2qL^4qb_*y8riT^=y~q#z z!z&ZX4BLbgO!|T)I@k}vX!&x1g`+*y zA_qRgmm7{Qz*FNW#}m&*^A>0ACuKFB!OQA}(#Rf`oUj9qMLBek8qqO^b)vTJ;-9y5 z8z3^?@=1J66z{oL@)pXAZ(;mC{#Pgu!`S``Wr#mR`F8ntC_LYxH7?Cblp}|qK&=b-y7aWlk;Gz?oqtbA(z!S2Fj~>ypfa#o>Gz;VMLYVKG=A{* z%&}o@(?If`7-gHPDsT)mXbSNba-dMzz(#LL`<+2z#t9hQetWz5kG`9Yh@(=4JkKeo zrvJ2PD(^cEmTm8D#BxG-Bk^1w<63F^KThPHw; zLtKWj0w5=Ig8MMmHDF(cB*9>d*Cbm{Z9!dr^`Ap6qR&B&iMvgVeA1lv{pdVVYdzL4X=bzPmM2ZfqTN$GRLG)rEYBgfp7j)Dc z$UPUuVP`*tQ=Kgso&;p&(LRLT8dcg)f)ROu#bz`}alA(A%|nEFkpPOs6P(=iz+Gqj{+bAQlk&Ds|26)dFaYK-cE8Gu(Vq$P@b>%cKXr02@t-ooql@BVai4Lr zBjIb9K&=X%GE)^waQSR+#IXnxKL>3RxFyZHpm0N<*1MZGop7)f1Sh4yXo*F9IdTew z;(r2(`)&{}@W;QE>~FuIIQ$Dr?{6qR!~Z~`WwnjKo4MX%TqwcN6TL) zN0iYh(X`J~-}-XqQ){Cq?Ey3TqmUs;zNBXB$56MaArz@$H0lF<6gmDl*#;yn%TexB z7D%A#+a=0p(l+Ggh7E+_a_gt)alMAL3;$ zCwII#-+i*jSbw{#s%KZPJy*|eoi%h_rm|y|y%E7TCh~h8)sFELG9T=V)}LIdqA! z-`HSsZP3V}x6iUT-l2YdgZh`3PUl}x|CL*Pd`t8GXB2)m{u9AB1_r|4Z3YI9>eb7rFPcPh`t`?G*tWRwhB30fYI!-#F^RjjwXcb)at^lqqeI%6a6+~aOU>F}#NAx)ZV!r?N_1>Nb_HRb?^;g$=|LXel@2+LB{?j#|Das~) zx2QCmSybsm;%R*^r1ZIor$;D}o_Ybx9yf-aHe{0FX_XnXr-M|tL^)Ibp+>8D1hthCMfB58YVTLyaiY6{k=4JSkMwYUJhPG2wh`B2FWI zXz#lD0{TvfRPe7;$n}@D{QuH6j|$xoR2Ji=@4MeWQwU^s>QmKy6gXhK*jIlPXho%O z9W(S<1l|=;g390TP)+tz-j!0tj(p`C-}z;V5UL7#btO7#ZyFYA%pFQ}jYg!=rJ3H%RKxQTzl zz;4N!i3Cm}j%f~B`=@EsKml{j(Y61Nw`2&^am`?}^V=?oXMssj4I&wa>?mL;L5$@7|hrz&GE1_@J_5Qrs*PmhF zj)(r2Rxs|;|NC8-?t>&&W=tOWz;kTLSG=whRfP(x{DKe~o6=98l6NccU09_OW=wZ> zT?jmCQ$rNVgoHQ%I(EC}?F;+_;P_%SXda#f8Raa%A1KFa&xonRAP=wQCVAMtr@r3y#72dqXXI@D?OnCFH>m$l zg#HQD5)bo#LT&pmRJeas(>pl&7`E^G7~~WCI6ASh_Vv>2=8-jMcc7d>(BKRTeAJ+F zC6h5ig>SlE8@C*xqy~wK!ROk#x9sCNI|#SHuUEirQP{tIS@HNafI0sfz__;oY?DQ} zfukIK3&~%Kf3<$kUu{|b&$cjb;DA2-hZenN=Ot>Qweu08$;c`$1AT0ZlLNpx za&-bHu*ld2~XL8Y|OUKzc2Xe4jY{^9{x|7);~ zK+23?@ZP>%jr{h21<5}M{uwgvc-Vhw1><()zaD_}1u#E|=8AGGF+~4WgjJ4qx9?l* zN?T{#4!+^7C1p7W{Mm;DnV!#b;(YQf4>=COB>T;4ONz9Yv1 ziD~CzPz6Wt1chY&h~_`Fw}kWlrMnMSBiMq;c2qBOTZeCmtZV4(Dn`CaK#` zSB;+UgfxQxs9?Qhxpk-i}>iy?MHYAKXJOanPqFHcJf3UR=6yU z(mS+-H)wy+8u$Ow`c?kT)KY$HeNg-d!GBLVyuY-9ag*}jDQAN%1t+S$GJ0o?hUiel z40%==0Rd2#D69+1#D7X4eEv06`NR0exztA~rjXqNDQyZ~Zyx+CIB=l10|Za0O0EhL zbdK-8^RcxDRZ=8Lb^ppym6ZJPU+qt5t$6tV6IxlB@f*Q+XxjhLKB}wcfRyo=z0Qlj z$Cyxs@{?&_F=a563hyh6!H|_!0)da-JnaXDJvP-jUlw_)q-#)ljiSfcLQi-QO8Eqc z2v|`tgM^@s71ED`SZCaPJFTV>#buq|eE?J1cRpx~2sW2qT!Tk&k|s387wtg)B-cgc zBbEUp8k$`f^ge*0-$t7r*L){d9rH1!USjjVl ze~;U05HRM|#hA1SW*7MKVV)l>cX27!P1cZ@XjP7c4$IT)4t}!lUHVo0NqNB?Hv3L+4In z$dGj!eT6dWhgz(;XS{r|d68H;> z(!Zc2{-X5;h5Mgi;@j?Eb%LI(qhB42vg16&gD63Gi1Jl@RoI@ESoEm#;uU~%ARS`MY-Kt$rzbQqlTFFfrsj-ZZyc>Z2WIG~k&@K3oy zCZBfv@^LYw3633e>2?ml$_dUl8T3^+9;<$Z%mxD7-`@0y{trSX0EBOA6(LP=3bl-ZE5b>u{Tu{}&$^qCn4d#1p&Ik~i(5IJCH`fv< zJdWOi0J>*<{Iyjo0r?Lof3A&|aKXP+QTRiZHyCfKEX!itcgQULql&q&68k-xa$;ct zmj5Olu~`mX>;PHtpq3ZeKECm4OEwdtNOZhvLkY7;b{{`jk{Eq)X(MOcH}gb89kUj(1ISP*0j69rP{%0S z+vSWr&VUrUR+t+efLT`)$}xy9X^(~F%jpSy<1z?rR-YCG(cYo-yg~WPQt>uv|NlGw zjhD+z0E*vIp!~lhjsW$q+J^ojB=;{u#lH#VR{le1il55HxK{OoyUD4ppaPxb;{g?i zK;DpO890;M%80s<^ITV*V&H5?P3}!g{t*=nIOcwERjWar&!-2F4W+rmcS7d&aQ|(8Yj9FOGxBy{#`6Y=lALHp)|KTdcf3eT2t@Zfh!Y4bZsza%%V+VzN%fGw~KrXbVq z%Bn!9o8`OC<*tIJhl}e-8vl4{iIF|DNlPem+k*Z2f$mOCh-hW*-30+BX0kh+ z-97#zJ509UOPJMr$050v+RcR)uQ-Jhsu>s?$$Y)hj!eUKosC>9Kz`fpJV9&zV;^9w zJ{{pCyusPUEas>9GF@7B53Q_{0tO>%PnxQ1>hE)TdHib6&s4!RwI+~;4=RQDj7Ljf z!i8rp!s&T+H(n~j0_MGouhljs&}p;?J_unEIM>; zzJZy1Efq#;oe73=$^pIIvG+f<-#^yrSdwyk9+E&!CoT`Bj_()zGMJ>EJ{x8khq3lO zcB%vgWU|<=aValEM39zKBN?);!yQrvmUOB~x~E17Vmej6o^!0j(%CE@T1YGh+C4v9 zpCgNaXn-A(0&h)&%~nOGAR(Gs>{TiIZW>~Kvpg^;9GA}l;!Ni=$C|cUo>Ol;PmzcK zhHbd@kHec?>u=gh$bIF9a+L8b23hM)=_^XI#(Z2Wp=9^wZ>J}Ee+UNRMn7K*o#Ui- zE0Ff)zB-y^M)P5;OfKSaU#(1J8>^+npBk7LJU(lg= zz;vpoZ>g+otRVM-Ly@mSPOjyY;OP!skF*UwvUwZYyC=?^$3en~i--tYFJGN4vfPHB zqqi?^mVq@8d?R6$3R9;^ytr~VM1tdUDW3PqWAt7Q=`Of(GhP*5^HRz8Nj{oVMn9FW zFB86f-*U?V2@5inTZ%$2QkYX#oN`Os*%4q`<6?zs_Y_?x*s`&wo<;%As@4}^a-_60 zYhcfPm#qm8@NwMZ6Ny`p}BdcTF>}Il$@0wogaI$cug|T!XZiDxc&E^A>@|t1* zFq6J}Ike6yDMpTdhJwF=USE?TOD(x-geyhbP!$t8fXMf8Q+KvhmVp1>QWzx+E`%aZ z7e62YF-WZ9W#i(ei~l-u(6tceAhJjK_4ANoKoNW;90lLQGGyU^ggCD(vWt>)df0+i zYkvs}tEH6%lOQf37Rf zsqI3g%U%qY!Y~Lcu=zsLLe;cGHq58`_Pt4^)V!AhZ{`CVQ8B2zttsQSxDvOBbH?H5 zEFMM>@O#URI(p;J&1ly;#He790xm(=i*;FgT1$m2=vd_s3wkOdj5W?>{gbtew8l42|}4R@S6b<4|T^`bR@ zd+n*%g85b{UbmokbHqr523L*(Z-H&J{gm`IM9a@rv*etBi;xSXd2nX!89HvBmXyez zcJWHrjgii&ykKipfj)^5x?3C!%qf6{(Ej@|wyNEgohs=o>lBmIx@VoC9^H2FZk*ac zO((!?QbC<58OB+-QyKY`1RZY4DZuMX66bZoGjaS9wcR>a^ekhj4kkXC-mL_RYKH@? zAkx^!C>;+Qa-RlI+R5`52y`jjfnx`xCUaS80_ks(bJ4TJ88Z&<+07jH=)_fr$-&>a zp>(QaakRSFLy8Ge8me@gv{Nu_s&hGyv&L5YRx-|w&Ks^F%kTl^Ttde&rhS5gs2n_UqtB2B za`5G}yNtJ+N)Vw}QcM>J4adv6f-$yM0$p+o$}EA|hzFk*;!P1SjU`xvWqQ&;g)IZuP&jzv z@?Ph<%u0od(FVMG2>8B7jJ9uT@>6AB*X84QN@=ggAG8|CL`przpl%OG4OT-A+KW2c z&>~QElf86yfE&vT$quK65i@+&q3>;K#c!GC3RI$GwZG9#gT^MngFS0^*fUYqvC z7y^JDZM?6Z@P$Ac3<*ZT>7X$=h1i#1Yp>%;Om(gyO2JG8AX7{KLN*;@X{gvmsRJ_- z$^$gZ6z1JUShDpvRb_*Sl5S0}-xAYL{7mTbSJEl%3qg1@ToZBox zpZI(yDJQMJcs!ACuAYn|RL=U)u)r?7-=29PUaSp#Xj|6qq6K|fFmPYuL zlp6gf#3~cealo#P%z^vW-ixnG7rfr7-5gN*ys0V32BU}%MtD|L-l~dMB_QV#tRHpN zbydsC$Zdm$18x|q6486|bfhJ%c{xeS^o8AT{0_vvvC@#z$}7_V$$*{NDJ~q@&}N|6 zxt5WxCfVGry5I`0LXqR&hxUO-$AIEeE#N_wRQtu`7pM=*6y8zMBG@{tD>!}N(HSNC zg0XW@1u+&qsV4Iqqn8S z=7`*b@+0V8Z(7~3FKs5dK{2((7?#E>W*370}AE3 zZ2|jcuuv>ACxR~#B&Q~eO-W%KLnEjHaBNB=4-BqVBXhn_ZT)t&z*qGKV7q%=zJS3} z+%o&!2qw|Cz;OeE2?5p%ZTn2>d^6))Z27$E(6Ou418f0c^TI2=tW`rdGL!-y3-L9Z z<=s~E5E(mhijFLOk)>_2+vkoW58*;>&)HPL_IYVio$I}eA3>iYuA_tzAbIwTmm%(D z1oU-}>N+U9ufJFX?Pi_8%6A7FnTh6)xXQ`1wXOEn%nmzf2i&F?ivr%paPBE&U&TH( z7v>~B@O?VVjmDi=v$>=yp9RefnK|s+n)=R!vfP4;qDonHEZ3KB{?R42#|}oC0<!Zk0ssaf|?Qo_6Qzx>_#BYrvm>YvUJ^R`j& zKkxhyo&W%!yd91zeT*p$r%`UuhnD3Ytygm4n8^UN$pgf`F%8oiO6m=s1U~r{eazHV zMClz04Ta4R)7%Eb*dd?t$z#Ud;7`5F2Pz*;Rq-pB|1gKpfCmOa}OH8W`GvO$w_tMn~4%uHg4!r2WI#xA@8M` zJOGqAnVLO}(r3R|d;%>stITg#99+Fv1abPBkpya9HJhIfI_5i{W+XBsVA|z&w$p{s zPaV0XZw)#Vp{`<#+V!Z7qkhtyLrH>}qZ-~9OpwqfR045>%jKe7!9jS>o(t-H0l$yc z>(dD%vPh)*0CS9Fu?$x7Y57r0S?B{a3@euf!Y6w=BSS#Cz3VH$L~Tw&7{`Y!*IO3K zBZ7|C^4E_k6Chu)fO3I8PiUvIq}SvSx9Eb9!lj9zGS5M+`@v6 z-ojYMpdmE5GkGpS(f_=-qSRkr;@!salcXVc$A|G`QS6H{pr$B_sexC4vT@+~Aq|NO z)P13<7o@f998?c^hPoi|gE;tAr^?On6zbzEZ|4QTh-vVOg^KGrG!_S(BNF<(TTJa4 zp%-^IJ)tYE)SM0)lDKJa7Wbe%9IL>g0Z?H*GhFNzIN01o`PB3XQ$cOY0EYtm3*O2aUn0rOE03NvbUB?w?4w>Y2{CP=h?&U<{o zsvUutavZ$FR%A={W50{X2I2xoJRZdUXm_NPY&+a!u2>lY-L=zL007!OVPnjRW+_WP zh(yK~=cnk^+5TaCwx*}EVm~(eo+jWXQGHj0!2g=x@^v?5u`4%l*?>xgEd59J6yYM3 zTAq3lpM0QYi&k9s1VH`x1Fv}!vS(h=4q^^a>!59o&2>VJk>f;QLMJS=*k|>J5mI}N zX5k5~(Yyl$MTp}S(4k-|`dWx(Gy!q@W}gL@Kn{{Axd5g5*mcBOcJ2C&ao(us$JOn( zS6694h>}fdm$SYUnacJbdLP%%qlwZGoC%QmvJhcXkUu=c(koebRq=BVZrUl7XQQfk z;aGkL>L{XVcPz6&GNTbFP6wJ+F%YaYJ)dJg7;`b!m+F04uT79)#t@#8krnl%^_SH@ zIc$TkMHejBAz4ntQ&eKhIv>z#W^o*=V1DXlNR=BR*BU2V4fFb%rHy$Lo}oDeT%20l6o>GqGkZvHbX%t=;nMetU?GTY#fhVuG$b#cW&kN+L!@`hus*vPm0(T zg=Pm|RaxEC&X4BZYol8U=XY9U>?vzCw9?xrtZ(pC)lVsXd0RX3t7<}>!o0XZY^a9p zV&_E@eeO-rVW#g#5oZjY>7{*~pIoU9C=f6_cpdt3V)&q+ZG0^S`|B|g#OT2R*9eS zm-K+3?r^mAs{Y)Q_cQ} zSml3?aQN(KZ5$gz7B! zOf8CtWks&8jYLzFYdoW#oz~Ckc5uw9?@+O!bu3$u$Rb?C>-RuX9&d%yCx2kP6M>mI z_Z|3K3YKhDHniPiuyjLNQf;k&i+_-}e)&hmG*nEZ+5o1$(mKcCGoxy249J^BE*ZS1Sh~GA&cGTsK=lf%l2kg|0@S=$_#Sp4te8y#=AbzeC zmp^nlSps8EH(*1kpmhgqQF=$?8>y^kO`)_XQLa{YQ%ih->s`#99(8lKG&2Nc7QyeVf<^QAuN1%L~Q@X-47cQ;b~ zw^WC^etGWayu_kA6bTU}OFhD4HU`;SIionNxY6iUbsEHzHkpRwGz^VcTy18}aY?f1 zxA7S@aeTxPC1|$hW*lbd%5RJC1RS1ms>EfYW0h;}Ca693gyX#&)nEkVfx5BD*T(G( z|L8uotheURs=I_-BWmAiXIX$L((t8d&3T$IlB5xChut4IfCLf3-tm_8H7}@docWbJ zh&(r*X@V*M!P%GqGnjch)gWr#fs59#{5qU8xSCDihMCm|r6l>hzB{l`=NZ-}RtT&x zW2}`^Z201(5)2%h!i})*q~!|k8-~5*Q6mI#5WacfK%KTF(_2Vx-&(y?xca>$%o~EN z#n+I~5ZtOVSJ(#Ls)TwD%DY$<6=3e6C-8RgAncaiS7DVi~Z0$WD03%=gOoI9)_ePQhi&DuZd*L(`sA`E|l(O%G&{|GU?PsK7x1v5sqOIGpL4%+#;Xz>YT(e#*DrZ`hU;@h+3GR~+2kMQxCZC;0A?pR6K*(ZNSK_*;E?s?#V zp(vj3V^s)83k+OnG0x;8u$8TX1bk|6;uo@1tmm_sBPg><9hYJROo^m%fPI> zou@nnI2rx0uz+Z_ie#Bn0Hg!kbBrPe-WhI*1AfvyMc^a#S1Ux#SlW#Meu!S3@6HeM zcju4#<^0QkIzM{*Z|Aq12LO;l(;>AuH`?D{!PG(Sbd~DX7|>HCYu;z4liWC*set_s z*AZpqB$SaN;kBTi9l5)kucTaU&sdmwT`lDNs0~C(FQz9kQ|bk@F7&9?s@}Oj*ej7k zGw4+`*ZO)yh#9$3ZGCOkGF*{tS_sFwN=AO7Pk#l~4M{Q&$~$$D<-9*EBB;lL_v8Q* z%=U1K%l#bUn|Y-g=dXBa5#<5+M06`wQ7CdiBII7BLnxWq60?NC!d`44$iE$JSDbrY#I!`F>Ec8l*O1~1Y8)GP z41NU;tmO$A+ZiPKjd==m|0qP4A65g!{TtM4>%pwQP%4l+@emBMTMld9swspYqSlw*($43tx%pJTrx2Mf)5|wszbg#1zkUX zDJ9U>nhorIiLyNy*Hj*5D93=1X3vGgu4W83{ru&~T_pnh7O4N$%xjFz)KeyHF(C9K z3vTO0L%$<-;s=EaCP>NUZ@%PoY3V zklIdYrcak!(wcE*kER$yqyd#Wm6DgJY-b*KUEBY3vkJK2GupU)j?hideN_!qmA zW{+ikhvM@<5L9@{mz%`hXFu9xVj`Sfm0g|ACDQ0l zv5o$WeMfraLtea;z*vuMO1KI>F~Ftf&Er^~Ef>G}BDq*^U&i9~Q!lY#?dS7}>gO=m z+}QFRuE5rg+A;fFl>0@O?p)kkby%1EQNzLkg?1Pnp0ldD^`77exzHdhF}%@1&%W7B zBtWvur%ItF1SVfFvXh7W0pvIUZ*gj!MPoORuzRQ7qZOEvPM%kyII~Yfg*An>l&Uo& zdeR}d9iDS1IJ=r)4i1RkI<^V-&sp_->-Vj-<2Oh9hM$K8S~YzZRvcmKBHhA}tgW$u zGNJ&7>E=|ADmQ;C2ZTtF)O4{B-XnoBNM3{8|Dk;t}wF1Yp}0@DkY#WCykMN=?yzwbzug!Xeq-%n-GtZDNse8 zG*ly-9`&Pp{w2-vrW-$U->fNezeg*O+w*1DLSLNh3g;V9|1E{Ms(9S%&mJ}|HGnyz zG5O@`@;JoPkcWhvWLrK<6RU193jSu+)%>aQfF@;y=#q0tgRs_1qr3BN>uca6StrQG zMo^wwlTlFs#PP6CH(HBU+hR_hdl6b1mcCeLs5HBJbjsA$pRWzstxG{;?3{g5x+J`F z-S>ymf`Nx8?XuDB3iF8D=D}`}n=~%dzgxL3a_mf+&8QphNm(HrkW!I--@!r(L>-`# zCKu0)O;TxeDI^FRYD%?Z&W;AP4tUl4=`^?29zNx%H+ER8X4nK8kI0Ew!MgpGe7f}s z*DT#@fJ05j-)h7LU!1SiugEM>D3pf*)}JTgE_kON@y3$X2Uoi}Po9J&E|)+#I-Vsl z^f78&@hNyP#pzJkZ*OF1w7}%VTB%HBh2skA-TA@)?)=feoPX(0=f`#U?fhfe0036n zt`q>8>6N0V&9QZw1@4}v5LICk^lbxtF398kO~##;2I4bc@tA~`2^ljhlE09n3B&E~ zfO2|pHMe(mT)_>-mB=pX5@f%^QC0@Y-U+kat|jMkk!aO_=k5V=IK;F$b$HA^85l0n zR#fBwR}p7`DM=pfm4s65h&j?}8Tyg02=k3ry}e?+hxqk#=fQWm3~2d-v`4;$KsArE ziDiFPe17b#obcY4j~$=f%`ch7^XiLW+)spBJVq@pH!^gye3=pY6zP+1)Jv1jrTBz# z2UVP25Cz&<@N!%yh08&O2>AkJFGFL4(m3)Vo|9NV1a#llIZz|qI6us*w00K@^HP?y zFMna$zidV55ZZRl=KJPxe|D!fkb~-zSDAqaGa5x8rgaW_bazuTA6qs*WLxgwrs$XT z;kNb*k%3vmTe0I50rpd;KVIp9W5VR1^_{0b%PWhot0#J) zJDojIb4F)axUiLW3|E1NBUZXEIRo5C$q5D)&S5?$p&g~!ORXXpNFy{W>L(C9i;R1@ z4ownvas(`&43kC8SDy&q!+q=S@K1i6I<`fV)aM&Ojp zFih1wo)nrCT?~0mN-->j4cL(0i5_Qx3Ua#GSm1!_$qOcD-h=h|#`kCADx3KuEFz@O zywT~nv$bfuz&NYL=gL5<6dq^U(TnPA-SX@^ycDo32?%NGa&cpDLLlz9JRkUI!A3FN zTgd=U1|C00URm&bQ2~$8SDMjVWBA;EAm=hdz2ZI8?&sPCKnbr$0;i7H{#CL)8c`rg zytKMd3Z+QvTD0r2z8h+TMb6PNkmz+ul5ewvL>#*ZwI0XCc9v(fPx333V~{_It3mAf zMMRf-VNsp%EF6aLigYc~0kU)a+L6A|go_3AR(V^m4HQQKg}P0UU_;vKIUSOOm0kHO z72m*k{>#2n`rMArfvUEv0a4L1^bo6wIgL5*@nD7Jv~_~Bv_%9Jm6C!3WS<_EZE$kvky#R`jaKHo{RJ=GPB z60tRLv)^ZDQi1|i-BBnRe1xK&`~Ld%SI? z<$-W2Gp(eTNOr&41Dm2|W{e|_HzaY1c2h=K$cT0fw|OYztMu;RcgUnNIk}l=E#58P zCsUARv&QLcbUdq zSGudVpqoxs;p}`oru9r1QIbC2f=tpi<#kTl^O2Cf3Gn%9tOk~+*H z(a_qTE?#rLDqo=f?))*ooPY68=O-rr?fjuiZ&x(k;lwPg5&^_-DsiGCQk;^7HhWED zoSJ|MTC1fe0wb75pWCLIovwb`24Spcu#iMWD%Wb>@Hy{{ew7AdE!y0nD?0pI-_>a* zC)@+I{4KYRTErZJHGBo^G%riasR`J*8deeu|0MNcH&~_H$?8P)I1kUk*zK#{(?S1B z;>8Nuql+)}A>-A$ij0+)?y1r^l?~TK@eZ>pgQ4^f=*ZUc`e3&}NjsQq$}zW64(63w zm#lL(#4?M06q*c&iL56@c=#>e-3*<&`#9N@YGlEgoABAe>dx7ds%!a783s!<;8rGk zdm$UE!9#e;(cnmK_kD^Cl)#Nd8K72LKkY0tMXzM+omb?wr?Ymq6A|9Vi%f$mZ#NTa z+_Jjr8b637`k>eXk%&M)pDMQ3lKF4s5lS`yhf;-xe8PksQ2Yde!;#f4a7;F@Jbfot z<$_}PE)o*%@#HXITsmM@=zS7ab{VOhmzEN6=Ld zvQJ6X%fOqn%Vb%vl_`J>%{+$dQ2@4CC~?V-)PquM&7Gm($pUN-PYAF=aX4oN-q~cK z*`sQz+3uz$tHU00ih`@Ih*|ICvduU2MM8s+1}EGqcb(H&yW}JrwSDSB!&A|NdhOHZ z;c2V>F^C_5*Q~QMrLD!62QI4{gRBc)I&CU&1wgfGnEX_e@Hzaf1l?sM{fr$^Y&DY$ zn{3Ror~-qXx)7Tt4-~X0t13|@K1cM!A*#ILV1Fkp6KK4?06~tgB3BNhd^{1QsPQnzghV34EjPVu^y?|XQVvfqR7TUE1{6U`tf#;lEvI%> zO4uDsz+&K(inLVAe^&U9RY5!zYG>+4FpmXbaA`ip_8`CPjeOhh$o=U!xJF^&Xn>uj zGjG_6poa~c>b##=m?P$#9~DW%8%MKkzs05b;72~N7ydX)pDT08+E7t@hgRYA;$>({ zXQ9kPK^g=uW!f>^TOoNOBAx{EWwQtibr>d{dkP;NyV_hFGs#}bNt$N!!S0I1!$}a? zwHOaHt&W^mhqOfJ*~!drZi)QSQ<`g?lwZ)7mIZNbzreB%8v0EjSf5TbN)K-lbp$|c(gi#@Bczrf7TNRlG@IZ_2mV`=W6Zr@MO$ za;!wu<8~xDl@=A@zI<3nd4gF~oJ0apR3^%8u|AvRHxHe4MTri2tZk;J1-dBFpfiHs zV4%K1f)`G-%39H>1KOxUK}UmIwaynDSI$Z(l7rZ@m}NO?F*JXF=ZE>b^T+;j{)IoC zpZsn2^?$zb8Y=(*bRBL%c|E{W@hiPTaTSSk2}BZ(KEcZ^v53K9OwM zTPaycFN+p03MLRvsv({|ER_PuC!dl|myMaqpe5MuR)i@c>BMI;E?fqs-z|2Tn>h$_ zCO=x8_78@9s*IJfMyOF$S{z2_^3=};H)GF(w_3}6)*w4ZURd@)zu#>l?vy^&jg2DQ z>$j=+saS)vVea0~WgX?O7bHwinQfkes%FV}_=!vwqw5=G@+0{V_R?xS+pHP5p1!1{ zpdn*Xgk;9uuiOaAQw8S>u#P=8Ga;f{bIj+ba88@5V<*KMs)l}tCCn1i} zLa!8NCggR_x!*4h@nBS;R~8j_&&-k)AuNdWho$4K4QHhR+bW8et0_qZUJi-8FmzZt zZGRMM03QPk3h^qWh%B+MEb`Vqvt{woq<}1knxzxKo`*-N8j8qxCjt!ZrvR0q6)SqO zm<%ab3ym&lFp$tGEIVN8;UQ~tiuAZ+%9;y$~;S!P|TMc;(G*6dLE;Pl#XSikaQBSqVZ2Grf!8!IHY8 zL*eG|a^(G4B1{DUsF?;SaDdYJX2PHG$8*4a0+5`E5)Gub_I7NnLl|p&}A%)}e2@oeckcOXKpX=puC1gIk3gZ|LUcGQsIH~TXh%DCL_JDxm~R>dEV z!FLNM1QKgCq9-$iVZw5#(R>RXEuXt5ul(kmjAj;NOHaNFK~#;^$2G6nPsHM=EmeL* zQ??#r8o3|VW8Ac@bdsRBx~Gtl`P7Ne(j;%a&x@0{1x=&Pk`#kX@a>4+z1p(}G{lIb zUZl={@Yb#*dUn^ChnpA#Ri)Pxc_ugkv=cO(&~k-vr|+TUJ{a}LfF))10rFXoC?ffC z){9aE%Hamvi9U$l3KA0n#>d({pr(38VKE5) zskO1dEW(dCGMuWS)9@|KMO1_8zHuIUbF#wx2Ljq`$a$vIcT#HT5%CzEWO3^lZYD|O z-wVNv*bO@CF;n7xGFVz^jFzfOuZVfjgL0hXXvc)H0-Ea{-;O|5HlF8Mbj9Ac>q9r$ zj^gkbkvsDM+{_P7oj>i1j2)uvrSEBiILJ`N9Q(5k|3K(c4=ffcUph8ODx|VA>&3D> ziTwIWc0r|3BL{}z`*}0bN>XtcNx&KQQpej7zFSrxY#KChnA%W}9cv6dUGYs%3of0G zO_rVa74^unDk?@U@iRieg{U%HS`$MH+`X+=Hk}ca2M{`<01(}3! zw-YCy4ZSA#OhrIRubi4Kz%q&1JaChYqDlRRIPuLdeH(iX+x=z{(~AX@CgnCD*CAse z*Cu%LF@|8hkDIgZiGM=az~)6(*50E7lr_PAcNE1^WxUgdapz`1)Ww&W6AA$O7;=BB zEUU6-O=?Xp&3eL{dC+A=hjPjw9hnmt`q%}1RQW8k5e=3)sdPG9T?AJ7N%GdS%T$Y4 zzuFLLrw(YFPs!jb?}C$rnM9qDhNYrKa~`tPk7Sn;K+Ek_EarWpUUXac;CR;;LH{V7 z+e4pdFbV+gh~+aj=}0ZjVWXBhV(@q8hktW^jkmKN-=BZ)=LeC3i+gu|{XY+aF`ZofdpqyF3gE-EeRoi9r+ za`Q6qeTF+`^tG`Y;rOhke$e;QI)ks&ckoJ_I zq@*#U^!qKrpOF^pg0>1jZ%`2}f>jp=7i8XcOfdm20G-~(JvK+geRzGAbYEnCxSla# z*O;qgpOy2zfQujFb-g;#Dn}UM$f1un}{exgH{e!xQPtWT`pcHx1c+_ zBs?gal3!-WYc&?`w?W%42C*vFBzxD%<`?jbBRU4OQT&6P5qfhiYMNLH*&kM&@zC~~2Ir}j ztzKS_;_Q)I3EILGCwZ7&9d`yNYk>Bu3)ny#4E8NaIPyX8m%MgJ|DZ!NHu2pFra}3y_P|tlu9h)L9IJ>2Ly_Y+i{(#(;Ii) z0cY3b=yN=rRLam3^5rUv^~=M@`dw$0Xf|xMY{&?c2HY#f3!6d$g=MdOFF&-Zu?H2$e1qrhI^qoONlgh+&!5SXX8OiZpxrXKWEom<+5N z^7S?kC6A7C(Ce;My>P#-K4rP^9FznJ6&?wf_6b=Vfuki{1L#qf!O9cLm2PX2IGNiw z)@ZF1CxnUm3yS_oVbPPR_-1w5glgAKrl0UAf(K-E~l<;~WmJO#z_dD|j5i9;k zh;Zb@{sF=mND|Su#uLL`Fs26*MkW8Rg5XbYL;aTuy$|n0{qH+@Oa#hInAK$w_J91Y z(93*Zo8Ag=-=BX641g3|!h0*mMt}Y*VOIYgFo!Vzsn8?X2lRk3L=hVJ{F9*wPR?Dx znSw=5sXeKD8~~B#J4?>5)21L={tB4%{{-y$|DFVvxD5wz_y+dmj+`S@ihkn(F0D5d#haQ4vC>#O$CSx4O8wQJa;h!c3-Mp8q6U0my zw37#0OAlN?0Xw@R3u8u3^ljE`#jpHJz198r`{eF8_-i#~;;*s#^SCY(X3w{=x_vvz zrC@F3Kh*gqFiFFa`)_P&7~TqGWlxTH*ec}n_yiUi;^xkz-4FClEPpE0j}#6bbH`#s zLK|vffH=#+c)!$!dtxVkj18xFhoW)yS13uppa}gdY`T9#sr-Gu&1Trc*CBcyq#^@Q z3bO|TcbZhc@3X)+@oWT3(?|h_|6gC{8IIS|^>LjbdW+~nlqk`A?=1*|=)IR9y6By# z(QEYHqt|HB1wqshqL(N^@a|i3yytd2T-SW?W$yp_tu?b}ubI8ZTqj^`D9G}`A&l-* z_QiS#nqoP~hWEb%D&r+Ft+5w%A=dR9=Ju*-q)mlZlPIaO==ey{w4LsV0L3gNBU_(d%2Z zDZ+Y1VttEc%%=}6&f_PY+;jq#{i378CT6l`h(7>>R2TkKWJ|g&!o!HD|EEE6z?Z6| z*9Cjfg@c!7G7q;X>I*Km>B>1A5SISrSa=gi0#$%VQp89^Q58siBO8 znJe56i!DG>@#3NGD(I7V<=}uD4wj?EHEjdxjLdEUm3aUBf%>YGfw{|U+FQ+T`;Xb{ z9y;-CW-i}kf=V7^Ro#0pdSMeu9T!*+;n0d=siSMkW#U8*h!uVrF zU!0w)kdE!1mIF<5yO}wL>*<%W&K2bCeI!-7sD3A@i7Eo!qPbsdBFf>!AgMnWVehJu z_2f3GW|Y@b|0x?0pwH1l^&pJS_j_VaZu(U4vGvZ&U774j+zb3%x_LRrhH1VkaXRkj z&(ZJIVxuhK;20NRl8!xCoRP?|H!3j5kJ82t*MIFo7Sfx7Q%WZA03>a98TKxZBwcyL z|GyqFa|Jv?4(^fSTHqcgz(N0G%+TFxrt7tt^nZr0j)L-l!+5nx=aWO!6!Yz8-zq<# z`AzN)n+(J4Zv|2m<@K=d$!fF136WcmBArrWV_~jdsExnJK=M;vubU1LMj-zkk*FW~ z845)#KA#@0VT!HjFs-ZYH%38&0SVI(w-(53>=Af~20$vP{pX2WjFNn1HpDGvF90=4 znqU3;Bh_|}O&pi8$Q%coQ)^8=jZztwPyObKJk7>YbWt;3)i*kpp5z>rpv6ziWSiyVj@J4+K(VC= zSAua5PqfMNrYz@>H1e~ZI)Mor7WQe4E3rI~OUh-`Ol}a_q+G_>_^G>?gml)`P4rW1 z;k$Fep@z<>Wlr6${O`<|FiQrZkPHO^0#7ORPDyQ$w2ZhrZ$?SEqU?Kv@@HCHb5@{Y zhUsSWpTQ0R0qV=40j%IT_>x1Dh~YLf%~}63^Sb!xX+c!*O0J#!7AH4sEhXrqgx!FHvT-V&F`x(7f_WB#Yu=9feCz2g6Qn`8KsWPKD zp)PDO1~G%2DCF}Y0-T465bacm!e-BE&}!LNbBJM|J~_B}Dx{Y61SADE7EH>`r)}Dm zS>U%{06_zIrxYmvv6DRh_h~!LCP0fdO7t@G*|#TAZWE2>lPauhv)z>|9N$c!0_AZN z`GO9ZB~CiAr$70&_|#aQK-v#F4Fyhyq6W1?=cdYmq%3B^-L-spdMlOE5)(E&pxD9- z&@vj-i!d9)zuDe2DE-PH9&kUg;r(NfBk=jwRoNQ1`AgXq)v6Uo>>Y{i-Fa0E`k>F5 z>xBd(()ac5rCZdiu2ZTb5+Ep5aofG8DpX~5%tJYPA>L8{ep>+=B;}L`Ov+6v8CO)eZ&1+$s2l)pF2JbyOC=-W zqtSzmKFsQj>~}N?4Nd}2(a^X?TTI|~xuhN?ExrEsxsE)-zp;^b3r?Oab?Nm8%u^$n z3!)FUDpnHbk0!-IQo7W@q}-&!d@Gd$z|EP!+IirbiikGZ=)+2+!TSO+Mmt?*V-rhKjrBl>GPa$>pZ!ap zdPHih9D^)R_`oy&2k$R3r>K_Do}?r z@Sotvfdeb80&Y+k%KIyW9^5c!^&f-!`2QHBvvygoNo6LO<2S(;J^IXeO-a6pX4DO3 zN~fr{-uu0RzZLdmeSh&`#fbP)T~&JgD>93HUlPrguOabt_hE5<&(E(WclS^68=04W zn2+r=PYuVE)mYK+`p{Ur*t!GxY8_ z{Gh&uFJnFk%T{DZT{4YQIi#iZecQ}f+(_PtvHZj$D$Q2zsr_Sf!OY#x+WU`C^Ol|r zamc$Er5p3R5E{LbR&=X$C?)e=g%Rua-W#GTn~)f3z~Z4!i*a5IAq@#m5tSl75#4%z z(F;T9BFFdq*bse@s|sV85l(-Ker-BwsbV1;bMDkZy^$0RHYJ^r?-9HFzIzYJ>7<;RkDkMxSr%||OvfpOb-Ys#5r5tk)J?B-s|EL<{Cv|v}KK6KgKW(&(Jju5) zTEa9Q8h^A7T|L?loaVuCl}fV2M`$TLXKBO+6l^;ba|Y-SS7W>gqF<@c#?F_myrHg$ zzf^uF9ZbWpw1M6h;HHL*$kpMbBc?}Rj%)Fz`$g`wSy2Y(Q6&olZND8w$QuN?Bretk z`iQpSw-QqF5^AuF`)?qSy6wt>HV|p_`Cb^Dt0OX-gn1KL*%@Tonw#*r<|eqcY!pY248*4+#{_3*?k1N!i1qA$uI02uo=VvAo^Jm=Zy2fRU8qoz(p0Bq@Mg@c;H(ta>8$zZpejCNNr&4^3o<{YtXZ2D*EH$_c_ zMC*tLnov&oIp!;mkKh;j*NIvTI?TCr?K-|he)Ebdl>PcV9h=JvG_*;@fs_Q0_5`(? zLmSePi0!taZ9Q0G@@HuKqg)MbNPz-ODYes=kC4CZ#H7{0z)P7>{}e~r+=#->;uOgC z@qD+G&*!Xuu!d`h*!4XBUA*2aE`-Zrma|Yk4!oR2T-e5;kzEBvai1{%DK?cU4c`&= zr*3QK@m#OCwKR?>1Z`QK|LP>9vM3yUTz_CNm4h7*kx$bLZ*O2!#v?=Un2W2Kz+i$y zrE_A|MxM6W?a}gg)k;f6VuOv4FIhY-k@bqtWrT`E`d?jI#KFRTO;jw8#3gJ}LjGW6{ z47Su{ zqByFyIx+EL$+HgEd0{%V>dC6aeY7jQg8pLt`&lS7eJRKl(SR#n0&W1c|F}Yyi2XKK z*kb^ILWN({7uEGFu@>IcC=8^x@%FDghjtFa9n4xali7rTwtr&)B+KI z9`lEk_OscapWEeB_LFK=@rXJ|LL#x*SWbRqB+2`rLKZP+0(zc7ueUL?~-`)manIGSk+-Qyo~j&=Mj-7vhL%$UeJEb9G%40G2e z4Vk>PI6;!SI%Zienj!*W;iLLb;TA$nuQiZ-zRxO_!Pnztk_B1SHj2*&oRI4vtcNKy zRxhbP<`B02aY9%4ou?+0!)WV0vFPt=WF*lI#_&Fu-lyDwp>pc9IR@oAQ8nTFjX#(i zN!erV4?->1Wy<_ugM1N8CG^fLcRuwTzHH^b6jv~hI#)29{rrXdTMY;`y95e^G=Le@ z{)3vAh~qZYuQ;wz&;3D-CMe>0q}l_oi54$!UdeZF_G7a+L84sI%xp_JX6(BtMpHf@ zifhDQoE0VzEIV%t#T+R)s#RZ0DU5S!$Z@^BK;a zLOynUxz4HFGPsRL7IR-+~08Z3WPR-n;(CyH^$nt+6}!vW8uT z7S|RNSR7F;<^A&t3F?agxQ&Gta1p5e$4!JpoVU5jPWIYO!0RaJ{a|;t;-KE~8CRaM z87C0Xmd%Gsl4eB=#uf5y&oFZ+DC^VI!mMG|+y;{RgY+0RtW{IEMA|Bcf3BJw%QRvq z@Ar{)Nb8xpRs@zU?xgD`dljL@`wuGBv+0R4*&c_te&TQqAgQ+VMHx~Y! zmudAKtw2}8LPzuy^`l6Jm?$qK9;QzgBJ{S+zD_QLl}CR z7%}?xv25XZDw*qdn7N13dc$tg*~C5<$rd8aDcIPw?_ShS%!U)}H3U)CxTYUL*y)UK zv2}>dI7=E^TEipYs+@6Bs8AS0TE?*Tfzb5>=s?MSP`il^VwQ;OHgxvDKF6PV{W{@a zh@mRkQ*pU1b^1|%O{16$!V9}*SZB|&#GJVKVkm5Bx>jNa4P$IZaj1ZEhBHd(yaL1U z>9cl|7!Am7nZn;jV#^GrpV)h{+oC26(7osPs1_r(0vwU(-)>45AP;auaKw z&dX?7Z`&f%O*iwNZeCV`#}2@^&>9i3s_L(=YV|KG@Te#VTjTw_L(|Vp{f2PUvt}!d zXnKlSF-mcJfA_Va2zGFsz9mlB7m(>Ifa!NcVD?o6g5R_Tm`#goCkqr|+y;+8QK>sI za^H#(NR!{d*k^C6@Y53E!Y!8o8(pD@8_jj>)RBwvvC;!JoBoP0;xRii$x<~zjIcC9 z>~|L*KO^?FeJO<5)K#909)aPlkehx7@Bezq&~^X)@HUFSGd3}CY-7%X zvL13A3zrvD$^CWTI2e5|3d0NUtxr+7TI2$Xc|q_XjE#WlcVNu9!sz0TC>0-k<9@Ot^&xYuX$*=_*yO|ZUIg35=8I7v=D?P#y{B}*% z7LP@@-{};ux$Q8_4nOI}6yZ71uGPs?z-(PYA`|WKG&2cl9j3N93<@R*vkP|$ru*d^ zBR(BBbtpT|ryREL55NBM!8k8) zNM)X{*uZGaL3Buw{@Iu z1mRGR2QTayoRDHGs?fOJAMzbkqr6dCzhoZ|5oW1F+lHfXzZ!U~vUg(1yTao9Uo4Jn zK!*P}IF<@|lz-=%!IKQ`DEU`?k>Ao+1L%5c zZZ_qdP4t3j=@5}HOupq;t3T`m3K;F0iB=|x6N%~<8_SgLii+njK778(E`24UPl9$Y z-l;W;v`yWkET;u|UtIxA8o0;YiTH2zSOeg(3_#ld-$7s*@=|PVQ-8uMt}HhWKmRMM zD$NO*uV>MlR#J(y98?M+Q5#XFpn=}hRM;yR%L(#TXW|5D3^SY^3qq)tqW_Sp-b zThxMXh&0FSe*7;Rq$&q*F9hr`+vt=|5 z%nY-b5G6Elp=773vEQ$ryIU?`(r!{KyrM>WgBozzl#?N_MKe$hlw`TOHDg;G$K&3b zS3C#B_{AHXpPqB46dsW^N~rFKU5d=A26kT0iP>C6J9D;sjUFK~EV#KKeF`y+k1(<# zZ-$R#o|O|36O(aq?%R&QJkRjAU(yFrLjdZ8g#gbUQ2WpG$DK&jE3DyK#SBR$x3=ff7Jr1v8&SIebbW3k*qjB%hLe}9B;>zXPM_A)It)@o?LYvjm$ z9m(w|2w9(L2NTVn8}{bQv6e&Xv9OGnPU}4$7?8Am;3&zzq}`-ebVZE>oEnETK&>92 z<}^wFm)h|;^=i;^sOm1M&@SY|hE@2g1nCqjhq#z0`^F(h)%`yZHVn7eR3zUf%jV*w zE<>;GC~U~n(ux)Zq_^{7s?Qnt-1|!9n?LSdMK;RfJ+%gs_QM-Y+Ra!Kx|LczKrJ1R zHgrvG#MZ-H=ZS=zmDen0_lFdv6=d|2nWp)QaI_jewzRt4&P|(lyobYu549D{M+Do% ziJwj!jT*;##OpdG{NA@vX~0COABQ&LH=&(+E2`fb0FvhG3nuL*wc;yk#5bs=)8aa# z0@BD8{@z?6uM_{Xy<&uL)~i=RFcq3DIn(VEF41cN0#oc6GEHc0s0s5m&B`7!L|Aru z8fIG;&n-T8t4^jWg7A+N^dp}tmx*&@shd`X4f*Fq8R}l8e+5bN4o86~1YTG`?Pjb& zrVt6=M$H)&pmqpIbMfc9aww$DkJmOYVh*Gn+ePi{6r;AGJav^q%F9_i8k9s(-xd$@ zTB^K!^C=Fs>nZbBf7Ia3;7a!&S}X!(%5I9Q0j_&cVWojAJ3r@}3(m;NgQO;?ett!* zRQf9Np#|y_hGct~D&eCe!+R}4eppenxNDJhrt0XIsG}1jEz;OYamh_6Po*_|d?}zx zrJ<$~?#~V8-qRwiDO9$R(m=<_?k#Q~%Vn#UF7u8#U`#TBG)nsMQ8aQ(!~vo~^TEXc zJhu4*p$*-Vl%a#w;{&(qV4I`q*B12QGpNJFaHOljf^9g9gtDQ-Btm54pZbWN7d?2- zcMs+Jc$8YDlc|vPH{sH))&YO_`=T@kl)KTN?tLBjIDfp_x$2I(gNHJ`+PKv53f4xS z`2c&;!uy$l5sNFO!BcY4K18cEJJ)-Okp{)l_XWxDer6ySk^F)T3?=$JZD2tyslJlW zci=X*K8A2U6RbgRp*5psjd8xl_S`Hue?Tu!>I2Ai(R6nnXDPXgD*78ybx4cr;tQ&F zju!D}EDDfL1umj&&=G8}nja0Q6P$X`e;~2L<|aL&*xM|9$+XL7WJjK%%Bw%<>gCv7 zFMCvqzZ%iE2%VRZ%H@Mr)0eakNXgp!a|NdBpBW20z%5ZqucXj{OX1}DM~dZ>zfz3$ zpT>xmmPyZgIYMJpj0IQf>u%o{%~f59e%l65e`uYw`qsJ{CuY`Ju6Ie;WG^xL9SQXy znWE=Z?VC_qUvt)wzxc^^8beo#H*HOsO~L=t+aj1R z%EnE@j=*3IB&A&q^50T!QW3kAN-x0nBe1Jgcuj@V>Kw}h}ESPFao^QSY4 z_mr}8o-p(&pWjwVz%AxD^!Hj+^zKlFMLLNb5na+@Pdu(pgtGHgrKOR&a*zg?l$#M( zeno}$1{L6Nnkx!G#VE1tFO?tF_y?vg26HZPnFXqXLM5O0RNB#Yq0dIwvJbkSv93Fd z^4EW#EJ*T%9K+!|iPjEq9~yf4xW6(c%PA-&Q~nc3O7kw{zwiGBqXJb-Bz_weSCkSH zu6qC#qkun)c_>ew^G@%GHO{OyxBl)1!s63=@;~6RiQDJSSi4~b=o^SZ(Nd2LGl2?$W-2^(9 zFuj||@um&eyu9HMJoYzt@;b5kEWCA#-xN=%huGH74xLZZXyK@@Zs55UwDTpJ!c5Kj zPkosCswK_4vCqf!#^e{xM=3Qu%(}*o7nq~wZI~$A)%Wm+zhse05<;qec;%+zk+7=aWYM2kOn)C5_{h@>$)Wv~U_=@QyNpH+_ zpi?5vGJs1|egPAqKI#Gfcj41}X)nK3K3*!%M^AVL`zm?1!UjRM{DlCSkRXQH@}iwS z6-$lhj~&s@0qhveO);}Y3^(%RflBC{-%A7+Lc%J3X;X&~QT&`@Rj%toJVM<|iIz4n zI(uBpY_OC8^!W+{*JkBs~+ClFdJ?;AJE7MSl z5vQj}=IBM_))MQQbVTxcfr7p3RrwgMkl^z7wT()K#L#93x(+I)?y};>37(YcY)BaV zkDZq9*d^rkBP-C1_sH|_4`a+M*7hz7I@%Ii_3TwY)T#~-C3No+Db#lL7YT+;&g8!@ zSQk6&ORJliUQWM9@r3{Rp_!GXOu^dkbG@Mgnn2Dfj6hH*%k4qlm4}nKEtK7({|V*m zJX~@S?5r3T{<{EGhPp7+z>S`$k1))1Us)d21{uNI(zJ?irAM;Gt2UmF**^9{)Tu^z zv;RsU_Upnj@~#2OOp~<>YQ7uhE@z5WgAlh%>(tiaZyMGl4;^%^acfA7+8su_6_Ieb zlPUr`gz(kvg-^8oMNIb&weDAyXZDh+kvkFjt*qFj)B3FPy^ivKuHqI%lY;5jqhHfx zGF#fxHeR6e&8DqZ(^p33vrC2up`L*m->f3mk1=N9wa-G?!* zeq`pOVUYphv4vTJ+PD>KQ$PKNFXt^;n6in!r7O!MArQW`6T;2^EOWo?vW(l)LdVr( zoS46&0_qf2xYK;la%WzoWMK*x51R@1l$pIyoE+Oa;ZT&rkle3v@IG}cD{a&GP(Rvp z#~&5yok=tq`Q;XM%wDpqP_s3HhBP%851`h1wz#$D@F_%c^i&?y1fu8>M#GW%%3|zU zKw{I*R1eSTKPl&Io|)3_?R4*T_t<6Uzc4P;U|g$|2xHM)5;d9_aa8K3aNJEzDD0mC8>%(011-jBHg zBpl=|wgJSKni;TZo_v;TCMC~`rE8G(w)0p>Pii^x8frSabXB*ts%iPGCf?X-cp(bp zdezTQ7LyUzILaVe29xr>DI`;%{cs{cwu-))O{IJPnT%pdrwFxv{Wp!Y4=czSW^nWJ zv^5{^&30f+%K*ANl1ddIbjH@;k1;ObNV10nkUe=aRspOF zuKqxM5&VRNKmwNWpmuX94{=T;eVZFRnXcWC`sa~2Y?*M6wfBO{DtjE$V}Qj;xw|lD z3|~L4xOy~ghS8et-wJJ+q&sEF7D{xyLi()z5Ez!rP#KZaLC#g=Oji4|{qLXZFQ-@34H5Gb==B9gfcvlsj|X01P%Bh=i>*R$L)^iHZrlvk?mGm+Y)suWtF zx(FyI*LajVtCS$ZvE;N0{^WeS!@LQX>4yKE;H{EUyzii|+MWcfu)2J-L1Cq-I^Lx`GBKdD0F-G==V~A4qD<;hi3>y7DOaeXGEN zix$@l9?16#56=7uXF)@ z;hjkC#{P*8dDKw60X^h)8g;_B4jM@U;=R#vOS5;qAyRQ?pP6KRFRO!^a8R>;hhq*T zu-KHCVFmBWeH~!;CWdi-l1ZLBC*kh)bX-7#r$zPP$$KA%VSW&@9dK#jf$L5rcbj*; zAp!4df!-Id6C^%Q9{$FfcrB)MKr(o;Rn3~x@*>A%h$w4r6j+ST^AU^*M6iVTvwq3{ zYIxKcHOeN={)&uz(d}hFLV#7JcCQ5tRF?OCzsLaQ(bzExp92&~TFvh}seQPjhJC{W zTC}*{D!`Gg13RL>)Kq*iygxcsFDZ{kwh9=aBZ_-@bO#zruuFy?75i^|BBdEtdWTfJ zC#Yq~SXqm;esZ=?U#a=9MYC?70Io5{dso^0q<$_tJ4@#!-iVq$CM`%>!8w?;o7A4& zN=*fzRtZo`x~9gL@ES3n9QHhJ{KW86^xi}9HV2cr%_)p3JtT!XG51YsTs@7}9`Zz+ zMq5hf!afI_jnWgMLiKU0i-Pv;t!7=7441;!XXZWm(xcL*-^!vu(n>DDq=CN!xueux zQNy}HtrDPC2vAF_a{EgyWX^7T?jWOphDCC9C<|d7cZ?$s*`hl~T~)Y&aYP%YA7-Al z!NlYJ;V;=IA)KmwHctpm-|vOw&i3FuK`?s7yEwtOHbS=07Fx4s`5aOGJxH1h1k}HW z!A)xNw^A!CG2uo4sEJ)ud&Dx~^7JUt`ef`i3NyRRD{bz_n$R@#*%$}Pwj`Zl5I*x^ zc+TI$ux6Ylsp1lBGk9tkZTLzaebvM!7%yN)WbLjnDtZ5*L-=WYQf;^i2MI`;2NamJ zo7C#As9}Or<3^yx^??AWNhPNLLyd0V+*_NaQ|co$>XtF3gE5iv<5vg7Nv;BBWqu?@ z{I3|^w(Iw(QlgB|ZEN+$O)j8IlKt9y;?{zk$ckf78H@Q&+Bxs3;`?6}4;W0K@?}8M zSfIhA-K3^)8#NyYfEwsn@7^`F-ZY1zOO5$AmYioUWhF{AYj3ChUiS}JFDt)Q7v$=P zH3(jLQ#eQ-N{^=(o!o0`sXD#>s^r&Hac}p2A#_wCq9m@W_7=CN?2_}2H3rV_6_7Lv zSTJcfsnuUm!?-~WIOgl44CJH_Wt0C>7u!#H*8X z3Lt4rNKg=kz{z8Usr7jg>YS!qOa;zx!)^4h2VJzON(^l-n0s@_7AmG_$Xe~Js#`#}%E zg=Q@g&)Ck-Qy!~W){qbpZL=qm%AJEd)$;5!v--y@e4VlF(AJlb>8v2>S`Y7}+Hge` z{RY(vfa)iJswaNcKU70B@f5>oLw@p1>wNhpiZh6>ir&Hhy~+IgG_b?>0sDo@b+B2|#IDk3mxH)FB! ziW(X?H6D0cTwh{<8f{O)UurVg^k-)pW{#ACWS&Yx%HWi+o;s0tb}%*8}~zt4HGj+nmsX? zw42nFZlmT)3{cYmCYSwdY9ACTzB+9(C^T(l5bZK#N<;+29Q!V;cgPPzk4>eKPmZl{ zmk5`^Sm#4V3kbtHa+#Enm+EoGef=4#(tgMU%ubvd3?ph7W|Oe4U1g zQA02=MaW_O4a1Z!fm7u{B7oj9E2923%A7>7$J}Ay{e}-UG_Ycw@kf7L%H4#&cbN1A zK0*9Tv!u{zQG~oF2V;0eYP`^A(N-5UHT00)gU`P@$w1P>9z)%gcT~QWsy#q;1fc4E zop*F|L|A}lv*l{9tqNA7q88S6@pJVtn~2njewlQ6f1;^nG$7V>=pL)MZw|4xKH3-J z3l`Iu`oe(mhfdEol}E19%Skj~4hE;_j?#P;dnh+3jsO(v0E&?(9e-nwuf4+)`lx}h z$wQ|9+;iH4?#yHPk#_DFI4U*Rhw}z773RCtbS$ z1?Gq>#zLh8sO&YoX!We+a0%bar-s#>-MVLHU45{?Kzk{MnK~g)SB{J?etziN&(#>b zJd+Eu(XP>CL%|fJ43*qp?(||HX|{A=(r!{~xuSL-oEk4BEv_Gstv%wI8vRR+?F19z z_{#-SPQnW{V~qUA4&@%Djx7~+(qc+VE^V$trV* z+5Ww&x2zNzT#%F+(yDq<@JcLfp)Vq31|&_G9!%OzYA2hyMaz^PnyJW4h8%SC;1DLd%)LO5oA>W|p3Q*Gr63eT7bAPER ztBA)4LA};{EZ3gFA$|yZs+KThCN0(Ej5jz!LZ>xPk6D0wO1vnR(MXAwv*kF?V7l@> zBmEitRCe2hih7iJuqzxJ2PO)FLM@}@PfK0_kTgoxJ4dAIt<>}ZYQq3EkLwZXcd|-_ zJ{qnipEt+1^+l^zsUs~fx*%(JOHWc^SfM3gc&MR(w|IK|tLFlG_gJ!0iW}#jS}&W6@^>M4 zB6|7+W@r1TfTXc;fJwUjZgbD}JD(14~$(-5T zs;n8$SNC7oAZh$uU=9S2ElZU4D{A=Q)c7a>YUcno*~!K~)CAhHpa}DE$a)kU?34Kn znb%Y_+}2*xqwdR1S)4hMc>ZD-ZdOOCKmWZRNY2G`DfQV(>zBcfIjNLdTm!G%FMEHG zlmQ_yDd3bWiPUeUbPiB5115*%>sUhLMk!|u$!>njRz-5@uM!S*NbDLs0O7{Iin%+3 zli*D8OR*ZM^#o02uTuam)%|tH+5^hNr;wW*Q926tnGbV8Ql!P8Ah?0_8K?nENiZsq zbSNDlDMo5HsF=~>`U`BKjPn zBHb2?aV%Q?#W9NVDgK(^=qDp4f^OXg2Gq*(###U!7MRb z-_^F6Gbl`7(gx);e&>au|3!jlSCAM1lcuE@VE(vH^gYrzAKi8ioqN`y8*dj?foZgi zG&&Wt(uTZaQbi}1Mv3f!K-zs+%!j{0DDhRH?%GOtd7D@Lfg`>A)yzo3)=S@ZLI95Ch13}W{;=$iu*}0 zYgZcxM^_c&lAic*lEAYzy@wU=sL|t5TO$0f&`(FB8Opq)BLkNxMm{^NJe$4QjxSZUFGv-pNYA zyoZ8s1EOC1SzRNiQ)$!O^Dy>k@7SZ77^+K$kR$^zqNyrGM<@+MSj`yssWDSC1 zA7tTBGrR9=I0q9U^gXP0w&y}?@Bp9& zoJ%~3bbIu79@l-%&$|O$A%*U`|L_upt$$(Ew)?$0;h^P#Dov!C*u*kIe>CZ5h-@7C z4zW&YqMXCL>42ENgk}Ete%zyb)72m;3;JMEz$sZ0Y28XG1E2)TFaH1O0F(~*?%33F zh6g&?g{pnOxVzrgPn`+U?nEx22rUwsn{)V9$9TN3FWP8VR*!9w#bKM)pPujL+t4kI zmHS*;@)0DZni~ef97qR%+J904nnc>SN?G|w%JtX$W~izIxykTSn>FpPGXxfT-xY@R z44j`CPv>_z=sT^A|BOM5#dd;TNn2}NEQ?0FqJYQ;bJtcw_mxA`!NXVpNM!~-1d_?P z?P-AGt3Qw#l`j$hUAPIHs4S7rZDs^Myf$O|k8??Wv;9tad5~IMbcO(B<6J67FQ`xa zu3BX5(kzY8{mC=|=%++A5bruRqkHR530(aY`f1@m$7aa15brX+=gRmS&(AC41%c0L e_S;kcZG8CMef3`TrFsiUL3u2o@ Date: Tue, 3 Mar 2015 16:22:22 -0500 Subject: [PATCH 029/121] SSH: Cleanup code style. --- src/analyzer/protocol/ssh/Plugin.cc | 30 +- src/analyzer/protocol/ssh/SSH.cc | 12 +- src/analyzer/protocol/ssh/SSH.h | 52 +-- src/analyzer/protocol/ssh/ssh-analyzer.pac | 24 +- src/analyzer/protocol/ssh/ssh-protocol.pac | 445 ++++++++++----------- 5 files changed, 278 insertions(+), 285 deletions(-) diff --git a/src/analyzer/protocol/ssh/Plugin.cc b/src/analyzer/protocol/ssh/Plugin.cc index d2e0116b09..be5d2f428b 100644 --- a/src/analyzer/protocol/ssh/Plugin.cc +++ b/src/analyzer/protocol/ssh/Plugin.cc @@ -1,26 +1,24 @@ // See the file in the main distribution directory for copyright. - #include "plugin/Plugin.h" - #include "SSH.h" namespace plugin { -namespace Bro_SSH { + namespace Bro_SSH { -class Plugin : public plugin::Plugin { -public: - plugin::Configuration Configure() - { - AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); + class Plugin : public plugin::Plugin { + public: + plugin::Configuration Configure() + { + AddComponent(new ::analyzer::Component("SSH", ::analyzer::SSH::SSH_Analyzer::Instantiate)); + + plugin::Configuration config; + config.name = "Bro::SSH"; + config.description = "Secure Shell analyzer"; + return config; + } + } plugin; - plugin::Configuration config; - config.name = "Bro::SSH"; - config.description = "Secure Shell analyzer"; - return config; } -} plugin; - -} -} + } diff --git a/src/analyzer/protocol/ssh/SSH.cc b/src/analyzer/protocol/ssh/SSH.cc index 4cf05c8c54..3fe28dbd0f 100644 --- a/src/analyzer/protocol/ssh/SSH.cc +++ b/src/analyzer/protocol/ssh/SSH.cc @@ -12,9 +12,7 @@ using namespace analyzer::SSH; SSH_Analyzer::SSH_Analyzer(Connection* c) - -: tcp::TCP_ApplicationAnalyzer("SSH", c) - + : tcp::TCP_ApplicationAnalyzer("SSH", c) { interp = new binpac::SSH::SSH_Conn(this); had_gap = false; @@ -22,7 +20,7 @@ SSH_Analyzer::SSH_Analyzer(Connection* c) skipped_banner = false; service_accept_size = 0; userauth_failure_size = 0; - } + } SSH_Analyzer::~SSH_Analyzer() { @@ -31,12 +29,10 @@ SSH_Analyzer::~SSH_Analyzer() void SSH_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); - interp->FlowEOF(false); - + interp->FlowEOF(false); } void SSH_Analyzer::EndpointEOF(bool is_orig) @@ -62,7 +58,7 @@ void SSH_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { if ( ssh_encrypted_packet ) BifEvent::generate_ssh_encrypted_packet(interp->bro_analyzer(), interp->bro_analyzer()->Conn(), - orig, len); + orig, len); if ( !auth_decision_made ) ProcessEncrypted(len, orig); diff --git a/src/analyzer/protocol/ssh/SSH.h b/src/analyzer/protocol/ssh/SSH.h index af6dcbf090..3dfc02d6e0 100644 --- a/src/analyzer/protocol/ssh/SSH.h +++ b/src/analyzer/protocol/ssh/SSH.h @@ -8,41 +8,41 @@ #include "analyzer/protocol/tcp/TCP.h" #include "ssh_pac.h" -namespace analyzer { namespace SSH { +namespace analyzer { + namespace SSH { + class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer { -class SSH_Analyzer : public tcp::TCP_ApplicationAnalyzer { + public: + SSH_Analyzer(Connection* conn); + virtual ~SSH_Analyzer(); -public: - SSH_Analyzer(Connection* conn); - virtual ~SSH_Analyzer(); + // Overriden from Analyzer. + virtual void Done(); + virtual void DeliverStream(int len, const u_char* data, bool orig); + virtual void Undelivered(uint64 seq, int len, bool orig); - // Overriden from Analyzer. - virtual void Done(); - virtual void DeliverStream(int len, const u_char* data, bool orig); - virtual void Undelivered(uint64 seq, int len, bool orig); + // Overriden from tcp::TCP_ApplicationAnalyzer. + virtual void EndpointEOF(bool is_orig); - // Overriden from tcp::TCP_ApplicationAnalyzer. - virtual void EndpointEOF(bool is_orig); + static analyzer::Analyzer* Instantiate(Connection* conn) + { return new SSH_Analyzer(conn); } - static analyzer::Analyzer* Instantiate(Connection* conn) - { return new SSH_Analyzer(conn); } - -protected: - binpac::SSH::SSH_Conn* interp; + protected: + binpac::SSH::SSH_Conn* interp; - void ProcessEncrypted(int len, bool orig); + void ProcessEncrypted(int len, bool orig); - bool had_gap; + bool had_gap; - // Packet analysis stuff - bool auth_decision_made; - bool skipped_banner; + // Packet analysis stuff + bool auth_decision_made; + bool skipped_banner; - int service_accept_size; - int userauth_failure_size; + int service_accept_size; + int userauth_failure_size; -}; - -} } // namespace analyzer::* + }; + } + } #endif diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 0a76b7c8f4..e1f9fc5f86 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -54,14 +54,14 @@ refine flow SSH_Flow += { if ( ssh_client_version && ${msg.is_orig } ) { BifEvent::generate_ssh_client_version(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${msg.version})); + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.version})); } else if ( ssh_server_version ) { BifEvent::generate_ssh_server_version(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${msg.version})); + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.version})); } return true; %} @@ -86,8 +86,8 @@ refine flow SSH_Flow += { result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL)); BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), - result); + connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), + result); } return true; %} @@ -97,8 +97,8 @@ refine flow SSH_Flow += { if ( ssh_server_host_key ) { BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${key})); + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${key})); } return true; %} @@ -108,9 +108,9 @@ refine flow SSH_Flow += { if ( ssh1_server_host_key ) { BifEvent::generate_ssh1_server_host_key(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${p}), - bytestring_to_val(${e})); + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${p}), + bytestring_to_val(${e})); } return true; %} @@ -148,5 +148,5 @@ refine typeattr SSH_ECC_REPLY += &let { }; refine typeattr SSH1_PUBLIC_KEY += &let { - proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); + proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); }; \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index e642e87cea..a0607968ad 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -5,14 +5,14 @@ enum version { }; enum state { - VERSION_EXCHANGE = 0, - KEX_INIT = 1, - KEX_DH_GEX = 2, - KEX_DH = 3, - KEX_ECC = 4, - KEX_GSS = 5, - KEX_RSA = 6, - ENCRYPTED = 7, + VERSION_EXCHANGE = 0, + KEX_INIT = 1, + KEX_DH_GEX = 2, + KEX_DH = 3, + KEX_ECC = 4, + KEX_GSS = 5, + KEX_RSA = 6, + ENCRYPTED = 7, }; # diffie-hellman-group1-sha1 [RFC4253] Section 8.1 @@ -25,19 +25,19 @@ enum KEX_DH_message_id { # diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 # diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 enum KEX_DH_GEX_message_id { - SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH_MSG_KEX_DH_GEX_GROUP = 31, - SSH_MSG_KEX_DH_GEX_INIT = 32, - SSH_MSG_KEX_DH_GEX_REPLY = 33, - SSH_MSG_KEX_DH_GEX_REQUEST = 34, + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, }; # rsa1024-sha1 [RFC4432] # rsa2048-sha256 [RFC4432] enum KEX_RSA_message_id { - SSH_MSG_KEXRSA_PUBKEY = 30, - SSH_MSG_KEXRSA_SECRET = 31, - SSH_MSG_KEXRSA_DONE = 32, + SSH_MSG_KEXRSA_PUBKEY = 30, + SSH_MSG_KEXRSA_SECRET = 31, + SSH_MSG_KEXRSA_DONE = 32, }; # gss-group1-sha1-* [RFC4462] Section 2.3 @@ -45,174 +45,175 @@ enum KEX_RSA_message_id { # gss-gex-sha1-* [RFC4462] Section 2.5 # gss-* [RFC4462] Section 2.6 enum KEX_GSS_message_id { - SSH_MSG_KEXGSS_INIT = 30, - SSH_MSG_KEXGSS_CONTINUE = 31, - SSH_MSG_KEXGSS_COMPLETE = 32, - SSH_MSG_KEXGSS_HOSTKEY = 33, - SSH_MSG_KEXGSS_ERROR = 34, - SSH_MSG_KEXGSS_GROUPREQ = 40, - SSH_MSG_KEXGSS_GROUP = 41, + SSH_MSG_KEXGSS_INIT = 30, + SSH_MSG_KEXGSS_CONTINUE = 31, + SSH_MSG_KEXGSS_COMPLETE = 32, + SSH_MSG_KEXGSS_HOSTKEY = 33, + SSH_MSG_KEXGSS_ERROR = 34, + SSH_MSG_KEXGSS_GROUPREQ = 40, + SSH_MSG_KEXGSS_GROUP = 41, }; -# ecdh-sha2-* [RFC5656] +# ecdh-sha2-* [RFC5656] enum KEX_ECDH_message_id { - SSH_MSG_KEX_ECDH_INIT = 30, - SSH_MSG_KEX_ECDH_REPLY = 31, + SSH_MSG_KEX_ECDH_INIT = 30, + SSH_MSG_KEX_ECDH_REPLY = 31, }; -# ecmqv-sha2 [RFC5656] +# ecmqv-sha2 [RFC5656] enum KEX_ECMQV_message_id { SSH_MSG_ECMQV_INIT = 30, SSH_MSG_ECMQV_REPLY = 31, }; enum ssh1_message_id { - SSH_MSG_NONE = 0, - SSH_MSG_DISCONNECT = 1, - SSH_SMSG_PUBLIC_KEY = 2, - SSH_CMSG_SESSION_KEY = 3, - SSH_CMSG_USER = 4, - SSH_CMSG_AUTH_RHOSTS = 5, - SSH_CMSG_AUTH_RSA = 6, - SSH_SMSG_AUTH_RSA_CHALLENGE = 7, - SSH_CMSG_AUTH_RSA_RESPONSE = 8, - SSH_CMSG_AUTH_PASSWORD = 9, - SSH_CMSG_REQUEST_PTY = 10, - SSH_CMSG_WINDOW_SIZE = 11, - SSH_CMSG_EXEC_SHELL = 12, - SSH_CMSG_EXEC_CMD = 13, - SSH_SMSG_SUCCESS = 14, - SSH_SMSG_FAILURE = 15, - SSH_CMSG_STDIN_DATA = 16, - SSH_SMSG_STDOUT_DATA = 17, - SSH_SMSG_STDERR_DATA = 18, - SSH_CMSG_EOF = 19, - SSH_SMSG_EXITSTATUS = 20, - SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, - SSH_MSG_CHANNEL_OPEN_FAILURE = 22, - SSH_MSG_CHANNEL_DATA = 23, - SSH_MSG_CHANNEL_CLOSE = 24, - SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, - SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, - SSH_SMSG_X11_OPEN = 27, - SSH_CMSG_PORT_FORWARD_REQUEST = 28, - SSH_MSG_PORT_OPEN = 29, - SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, - SSH_SMSG_AGENT_OPEN = 31, - SSH_MSG_IGNORE = 32, - SSH_CMSG_EXIT_CONFIRMATION = 33, - SSH_CMSG_X11_REQUEST_FORWARDING = 34, - SSH_CMSG_AUTH_RHOSTS_RSA = 35, - SSH_MSG_DEBUG = 36, - SSH_CMSG_REQUEST_COMPRESSION = 37, - SSH_CMSG_MAX_PACKET_SIZE = 38, - SSH_CMSG_AUTH_TIS = 39, - SSH_SMSG_AUTH_TIS_CHALLENGE = 40, - SSH_CMSG_AUTH_TIS_RESPONSE = 41, - SSH_CMSG_AUTH_KERBEROS = 42, - SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, - SSH_CMSG_HAVE_KERBEROS_TGT = 44, + SSH_MSG_NONE = 0, + SSH_MSG_DISCONNECT = 1, + SSH_SMSG_PUBLIC_KEY = 2, + SSH_CMSG_SESSION_KEY = 3, + SSH_CMSG_USER = 4, + SSH_CMSG_AUTH_RHOSTS = 5, + SSH_CMSG_AUTH_RSA = 6, + SSH_SMSG_AUTH_RSA_CHALLENGE = 7, + SSH_CMSG_AUTH_RSA_RESPONSE = 8, + SSH_CMSG_AUTH_PASSWORD = 9, + SSH_CMSG_REQUEST_PTY = 10, + SSH_CMSG_WINDOW_SIZE = 11, + SSH_CMSG_EXEC_SHELL = 12, + SSH_CMSG_EXEC_CMD = 13, + SSH_SMSG_SUCCESS = 14, + SSH_SMSG_FAILURE = 15, + SSH_CMSG_STDIN_DATA = 16, + SSH_SMSG_STDOUT_DATA = 17, + SSH_SMSG_STDERR_DATA = 18, + SSH_CMSG_EOF = 19, + SSH_SMSG_EXITSTATUS = 20, + SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, + SSH_MSG_CHANNEL_OPEN_FAILURE = 22, + SSH_MSG_CHANNEL_DATA = 23, + SSH_MSG_CHANNEL_CLOSE = 24, + SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, + SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, + SSH_SMSG_X11_OPEN = 27, + SSH_CMSG_PORT_FORWARD_REQUEST = 28, + SSH_MSG_PORT_OPEN = 29, + SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, + SSH_SMSG_AGENT_OPEN = 31, + SSH_MSG_IGNORE = 32, + SSH_CMSG_EXIT_CONFIRMATION = 33, + SSH_CMSG_X11_REQUEST_FORWARDING = 34, + SSH_CMSG_AUTH_RHOSTS_RSA = 35, + SSH_MSG_DEBUG = 36, + SSH_CMSG_REQUEST_COMPRESSION = 37, + SSH_CMSG_MAX_PACKET_SIZE = 38, + SSH_CMSG_AUTH_TIS = 39, + SSH_SMSG_AUTH_TIS_CHALLENGE = 40, + SSH_CMSG_AUTH_TIS_RESPONSE = 41, + SSH_CMSG_AUTH_KERBEROS = 42, + SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, + SSH_CMSG_HAVE_KERBEROS_TGT = 44, }; enum ssh2_message_id { - MSG_DISCONNECT = 1, - MSG_IGNORE = 2, - MSG_UNIMPLEMENTED = 3, - MSG_DEBUG = 4, - MSG_SERVICE_REQUEST = 5, - MSG_SERVICE_ACCEPT = 6, - MSG_KEXINIT = 20, - MSG_NEWKEYS = 21, + MSG_DISCONNECT = 1, + MSG_IGNORE = 2, + MSG_UNIMPLEMENTED = 3, + MSG_DEBUG = 4, + MSG_SERVICE_REQUEST = 5, + MSG_SERVICE_ACCEPT = 6, + MSG_KEXINIT = 20, + MSG_NEWKEYS = 21, }; ## SSH Generic type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { - VERSION_EXCHANGE -> version: SSH_Version(is_orig); - KEX_INIT -> kex: SSH_Key_Exchange(is_orig); - KEX_DH_GEX -> kex_dh_gex: SSH_Key_Exchange_DH_GEX(is_orig); - KEX_DH -> kex_dh: SSH_Key_Exchange_DH(is_orig); - KEX_ECC -> kex_ecc: SSH_Key_Exchange_ECC(is_orig); - KEX_GSS -> kex_gss: SSH_Key_Exchange_GSS(is_orig); - KEX_RSA -> kex_rsa: SSH_Key_Exchange_RSA(is_orig); + VERSION_EXCHANGE -> version : SSH_Version(is_orig); + KEX_INIT -> kex : SSH_Key_Exchange(is_orig); + KEX_DH_GEX -> kex_dh_gex : SSH_Key_Exchange_DH_GEX(is_orig); + KEX_DH -> kex_dh : SSH_Key_Exchange_DH(is_orig); + KEX_ECC -> kex_ecc : SSH_Key_Exchange_ECC(is_orig); + KEX_GSS -> kex_gss : SSH_Key_Exchange_GSS(is_orig); + KEX_RSA -> kex_rsa : SSH_Key_Exchange_RSA(is_orig); } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { - version: bytestring &oneline; - pad: bytestring &length=0 &transient; + version : bytestring &oneline; + pad : bytestring &length=0 &transient; } &let { - update_state : bool = $context.connection.update_state(KEX_INIT, is_orig); - update_version: bool = $context.connection.update_version(version, is_orig); + update_state : bool = $context.connection.update_state(KEX_INIT, is_orig); + update_version : bool = $context.connection.update_version(version, is_orig); }; type SSH_Key_Exchange(is_orig: bool) = case $context.connection.get_version() of { - SSH1 -> ssh1_msg: SSH1_Key_Exchange(is_orig); - SSH2 -> ssh2_msg: SSH2_Key_Exchange(is_orig); + SSH1 -> ssh1_msg : SSH1_Key_Exchange(is_orig); + SSH2 -> ssh2_msg : SSH2_Key_Exchange(is_orig); }; ## SSH1 type SSH1_Key_Exchange(is_orig: bool) = record { - packet_length: uint32; - pad_fill : bytestring &length = 8 - (packet_length % 8); - msg_type : uint8; - message : SSH1_Message(is_orig, msg_type, packet_length-5); - crc : uint32; + packet_length : uint32; + pad_fill : bytestring &length = 8 - (packet_length % 8); + msg_type : uint8; + message : SSH1_Message(is_orig, msg_type, packet_length - 5); + crc : uint32; } &length = packet_length + 4 + 8 - (packet_length % 8); type SSH1_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_SMSG_PUBLIC_KEY -> public_key: SSH1_PUBLIC_KEY(length); - SSH_CMSG_SESSION_KEY -> session_key: SSH1_SESSION_KEY(length); + SSH_SMSG_PUBLIC_KEY -> public_key : SSH1_PUBLIC_KEY(length); + SSH_CMSG_SESSION_KEY -> session_key : SSH1_SESSION_KEY(length); } &let { - detach: bool = $context.connection.update_state(ENCRYPTED, is_orig); + detach : bool=$context.connection.update_state(ENCRYPTED, is_orig); }; type SSH1_PUBLIC_KEY(length: uint32) = record { - cookie : bytestring &length=8; - server_key : uint32; - server_key_p : ssh1_mp_int; - server_key_e : ssh1_mp_int; - host_key : uint32; - host_key_p : ssh1_mp_int; - host_key_e : ssh1_mp_int; - flags : uint32; - supported_ciphers : uint32; - supported_auths : uint32; + cookie : bytestring &length=8; + server_key : uint32; + server_key_p : ssh1_mp_int; + server_key_e : ssh1_mp_int; + host_key : uint32; + host_key_p : ssh1_mp_int; + host_key_e : ssh1_mp_int; + flags : uint32; + supported_ciphers : uint32; + supported_auths : uint32; } &length=length; type SSH1_SESSION_KEY(length: uint32) = record { - cipher : uint8; - cookie : bytestring &length=8; - session_key : ssh1_mp_int; - flags : uint32; + cipher : uint8; + cookie : bytestring &length=8; + session_key : ssh1_mp_int; + flags : uint32; } &length=length; type ssh1_mp_int = record { - len: uint16; - val: bytestring &length=(len+7)/8; + len : uint16; + val : bytestring &length=(len+7)/8; }; + ## SSH2 type SSH2_Key_Exchange_Header = record { - packet_length : uint32; - padding_length: uint8; - msg_type : uint8; + packet_length : uint32; + padding_length : uint8; + msg_type : uint8; } &let { - payload_length: uint32 = packet_length - padding_length - 2; + payload_length : uint32 = packet_length - padding_length - 2; } &length=6; type SSH2_Key_Exchange(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + header : SSH2_Key_Exchange_Header; + payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - MSG_KEXINIT -> kexinit: SSH_KEXINIT(length, is_orig); - default -> unknown: bytestring &length=length; + MSG_KEXINIT -> kexinit : SSH_KEXINIT(length, is_orig); + default -> unknown : bytestring &length=length; } &let { - detach: bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); + detach : bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); }; type SSH_KEXINIT(length: uint32, is_orig: bool) = record { @@ -225,12 +226,12 @@ type SSH_KEXINIT(length: uint32, is_orig: bool) = record { mac_algorithms_server_to_client : ssh_string; compression_algorithms_client_to_server : ssh_string; compression_algorithms_server_to_client : ssh_string; - languages_client_to_server : ssh_string; - languages_server_to_client : ssh_string; - first_kex_packet_follows : uint8; - reserved : uint32; + languages_client_to_server : ssh_string; + languages_server_to_client : ssh_string; + first_kex_packet_follows : uint8; + reserved : uint32; } &let { - proc_kex : bool = $context.connection.update_kex(kex_algorithms.val, is_orig); + proc_kex : bool= $context.connection.update_kex(kex_algorithms.val, is_orig); } &length=length; # KEX_DH exchanges @@ -238,12 +239,12 @@ type SSH_KEXINIT(length: uint32, is_orig: bool) = record { type SSH_Key_Exchange_DH(is_orig: bool) = record { header : SSH2_Key_Exchange_Header; payload : SSH_Key_Exchange_DH_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXDH_INIT -> init : SSH_DH_GEX_INIT(length); - SSH_MSG_KEXDH_REPLY -> reply : SSH_DH_GEX_REPLY(length); + SSH_MSG_KEXDH_INIT -> init : SSH_DH_GEX_INIT(length); + SSH_MSG_KEXDH_REPLY -> reply : SSH_DH_GEX_REPLY(length); }; # KEX_DH_GEX exchanges @@ -251,40 +252,40 @@ type SSH_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) type SSH_Key_Exchange_DH_GEX(is_orig: bool) = record { header : SSH2_Key_Exchange_Header; payload : SSH_Key_Exchange_DH_GEX_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH_Key_Exchange_DH_GEX_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH_DH_GEX_REQUEST_OLD; - SSH_MSG_KEX_DH_GEX_REQUEST -> request : SSH_DH_GEX_REQUEST; - SSH_MSG_KEX_DH_GEX_GROUP -> group : SSH_DH_GEX_GROUP(length); - SSH_MSG_KEX_DH_GEX_INIT -> init : SSH_DH_GEX_INIT(length); - SSH_MSG_KEX_DH_GEX_REPLY -> reply : SSH_DH_GEX_REPLY(length); + SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH_DH_GEX_REQUEST_OLD; + SSH_MSG_KEX_DH_GEX_REQUEST -> request : SSH_DH_GEX_REQUEST; + SSH_MSG_KEX_DH_GEX_GROUP -> group : SSH_DH_GEX_GROUP(length); + SSH_MSG_KEX_DH_GEX_INIT -> init : SSH_DH_GEX_INIT(length); + SSH_MSG_KEX_DH_GEX_REPLY -> reply : SSH_DH_GEX_REPLY(length); }; type SSH_DH_GEX_REQUEST = record { - min: uint32; - n : uint32; - max: uint32; + min : uint32; + n : uint32; + max : uint32; } &length=12; type SSH_DH_GEX_REQUEST_OLD = record { - n: uint32; + n : uint32; } &length=4; type SSH_DH_GEX_GROUP(length: uint32) = record { - p: ssh_string; - g: ssh_string; + p : ssh_string; + g : ssh_string; } &length=length; type SSH_DH_GEX_INIT(length: uint32) = record { - e: ssh_string; + e : ssh_string; } &length=length; type SSH_DH_GEX_REPLY(length: uint32) = record { - k_s : ssh_string; - f : ssh_string; - signature: ssh_string; + k_s : ssh_string; + f : ssh_string; + signature : ssh_string; } &length=length; # KEX_RSA exchanges @@ -292,26 +293,26 @@ type SSH_DH_GEX_REPLY(length: uint32) = record { type SSH_Key_Exchange_RSA(is_orig: bool) = record { header : SSH2_Key_Exchange_Header; payload : SSH_Key_Exchange_RSA_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH_Key_Exchange_RSA_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH_RSA_PUBKEY(length); - SSH_MSG_KEXRSA_SECRET -> secret : SSH_RSA_SECRET(length); - SSH_MSG_KEXRSA_DONE -> done : SSH_RSA_DONE(length); + SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH_RSA_PUBKEY(length); + SSH_MSG_KEXRSA_SECRET -> secret : SSH_RSA_SECRET(length); + SSH_MSG_KEXRSA_DONE -> done : SSH_RSA_DONE(length); }; type SSH_RSA_PUBKEY(length: uint32) = record { - k_s: ssh_string; - k_t: ssh_string; + k_s : ssh_string; + k_t : ssh_string; } &length=length; type SSH_RSA_SECRET(length: uint32) = record { - encrypted_payload: ssh_string; + encrypted_payload : ssh_string; } &length=length; type SSH_RSA_DONE(length: uint32) = record { - signature: ssh_string; + signature : ssh_string; } &length=length; # KEX_GSS exchanges @@ -319,47 +320,47 @@ type SSH_RSA_DONE(length: uint32) = record { type SSH_Key_Exchange_GSS(is_orig: bool) = record { header : SSH2_Key_Exchange_Header; payload : SSH_Key_Exchange_GSS_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH_Key_Exchange_GSS_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXGSS_INIT -> init : SSH_GSS_INIT(length); - SSH_MSG_KEXGSS_CONTINUE -> cont : SSH_GSS_CONTINUE(length); - SSH_MSG_KEXGSS_COMPLETE -> complete : SSH_GSS_COMPLETE(length); - SSH_MSG_KEXGSS_HOSTKEY -> hostkey : SSH_GSS_HOSTKEY(length); - SSH_MSG_KEXGSS_ERROR -> error : SSH_GSS_ERROR(length); - SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH_DH_GEX_REQUEST; - SSH_MSG_KEXGSS_GROUP -> group : SSH_DH_GEX_GROUP(length); + SSH_MSG_KEXGSS_INIT -> init : SSH_GSS_INIT(length); + SSH_MSG_KEXGSS_CONTINUE -> cont : SSH_GSS_CONTINUE(length); + SSH_MSG_KEXGSS_COMPLETE -> complete : SSH_GSS_COMPLETE(length); + SSH_MSG_KEXGSS_HOSTKEY -> hostkey : SSH_GSS_HOSTKEY(length); + SSH_MSG_KEXGSS_ERROR -> error : SSH_GSS_ERROR(length); + SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH_DH_GEX_REQUEST; + SSH_MSG_KEXGSS_GROUP -> group : SSH_DH_GEX_GROUP(length); }; type SSH_GSS_INIT(length: uint32) = record { - output_token: ssh_string; - e : ssh_string; + output_token : ssh_string; + e : ssh_string; } &length=length; type SSH_GSS_CONTINUE(length: uint32) = record { - output_token: ssh_string; + output_token : ssh_string; } &length=length; type SSH_GSS_COMPLETE(length: uint32) = record { - f : ssh_string; - per_msg_token : ssh_string; - have_token : uint8; - parse_token : case have_token of { - 0 -> no_token: empty; - default -> token: ssh_string; + f : ssh_string; + per_msg_token : ssh_string; + have_token : uint8; + parse_token : case have_token of { + 0 -> no_token : empty; + default -> token : ssh_string; }; } &length=length; type SSH_GSS_HOSTKEY(length: uint32) = record { - k_s: ssh_string; + k_s : ssh_string; } &length=length; type SSH_GSS_ERROR(length: uint32) = record { - major_status: uint32; - minor_status: uint32; - message : ssh_string; - language : ssh_string; + major_status : uint32; + minor_status : uint32; + message : ssh_string; + language : ssh_string; } &length=length; # KEX_ECDH and KEX_ECMQV exchanges @@ -367,37 +368,37 @@ type SSH_GSS_ERROR(length: uint32) = record { type SSH_Key_Exchange_ECC(is_orig: bool) = record { header : SSH2_Key_Exchange_Header; payload : SSH_Key_Exchange_ECC_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; + pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; type SSH_Key_Exchange_ECC_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEX_ECDH_INIT -> init : SSH_ECC_INIT(length); - SSH_MSG_KEX_ECDH_REPLY -> reply : SSH_ECC_REPLY(length); + SSH_MSG_KEX_ECDH_INIT -> init : SSH_ECC_INIT(length); + SSH_MSG_KEX_ECDH_REPLY -> reply : SSH_ECC_REPLY(length); }; # This deviates from the RFC. SSH_MSG_KEX_ECDH_INIT and # SSH_MSG_KEX_ECMQV_INIT can be parsed the same way. type SSH_ECC_INIT(length: uint32) = record { - q_c: ssh_string; + q_c : ssh_string; }; # This deviates from the RFC. SSH_MSG_KEX_ECDH_REPLY and # SSH_MSG_KEX_ECMQV_REPLY can be parsed the same way. type SSH_ECC_REPLY(length: uint32) = record { - k_s : ssh_string; - q_s : ssh_string; - signature : ssh_string; + k_s : ssh_string; + q_s : ssh_string; + signature : ssh_string; }; type ssh_string = record { - len: uint32; - val: bytestring &length=len; + len : uint32; + val : bytestring &length=len; }; type ssh_host_key = record { - len: uint32; - key_type: ssh_string; - key: ssh_string; + len : uint32; + key_type : ssh_string; + key : ssh_string; } &length=(len + 4); ## Done with types @@ -418,7 +419,7 @@ refine connection SSH_Conn += { state_up_ = VERSION_EXCHANGE; state_down_ = VERSION_EXCHANGE; version_ = UNK; - + kex_seen_ = false; kex_orig_ = false; kex_algs_cache_ = bytestring(); @@ -430,7 +431,7 @@ refine connection SSH_Conn += { kex_algs_cache_.free(); %} - function get_state(is_orig: bool): int + function get_state(is_orig: bool) : int %{ if ( is_orig ) { @@ -442,7 +443,7 @@ refine connection SSH_Conn += { } %} - function update_state(s: state, is_orig: bool): bool + function update_state(s: state, is_orig: bool) : bool %{ if ( is_orig ) state_up_ = s; @@ -451,12 +452,12 @@ refine connection SSH_Conn += { return true; %} - function get_version(): int + function get_version() : int %{ return version_; %} - function update_version(v: bytestring, is_orig: bool): bool + function update_version(v: bytestring, is_orig: bool) : bool %{ if ( is_orig && ( v.length() >= 4 ) ) { @@ -468,7 +469,7 @@ refine connection SSH_Conn += { return true; %} - function update_kex_state_if_equal(s: string, to_state: state): bool + function update_kex_state_if_equal(s: string, to_state: state) : bool %{ if ( strcmp(c_str(kex_algorithm_), s.c_str()) == 0 ) { @@ -478,12 +479,12 @@ refine connection SSH_Conn += { } return false; %} - - function update_kex_state_if_startswith(s: string, to_state: state): bool + + function update_kex_state_if_startswith(s: string, to_state: state) : bool %{ if ( (uint) kex_algorithm_.length() < s.length() ) return false; - + if ( strcmp(std_str(kex_algorithm_).substr(0, s.length()).c_str(), s.c_str()) == 0 ) { update_state(to_state, true); @@ -492,55 +493,55 @@ refine connection SSH_Conn += { } return false; %} - - function update_kex(algs: bytestring, orig: bool): bool + + function update_kex(algs: bytestring, orig: bool) : bool %{ if ( !kex_seen_ ) { kex_seen_ = true; kex_orig_ = orig; kex_algs_cache_.init(${algs}.data(), ${algs}.length()); - + return false; } else if ( kex_orig_ == orig ) return false; - VectorVal* client_list = name_list_to_vector(orig ? algs : kex_algs_cache_); - VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs); - + VectorVal* client_list = name_list_to_vector(orig ? algs : kex_algs_cache_); + VectorVal* server_list = name_list_to_vector(orig ? kex_algs_cache_ : algs); + for ( unsigned int i = 0; i < client_list->Size(); ++i) { for ( unsigned int j = 0; j < server_list->Size(); ++j) { if ( strcmp((const char *) client_list->Lookup(i)->AsStringVal()->Bytes(), - (const char *) server_list->Lookup(j)->AsStringVal()->Bytes()) == 0 ) + (const char *) server_list->Lookup(j)->AsStringVal()->Bytes()) == 0 ) { kex_algorithm_.init((const uint8 *) client_list->Lookup(i)->AsStringVal()->Bytes(), - client_list->Lookup(i)->AsStringVal()->Len()); - + client_list->Lookup(i)->AsStringVal()->Len()); + Unref(client_list); Unref(server_list); - + // UNTESTED if ( update_kex_state_if_equal("rsa1024-sha1", KEX_RSA) ) return true; // UNTESTED if ( update_kex_state_if_equal("rsa2048-sha256", KEX_RSA) ) return true; - + // UNTESTED if ( update_kex_state_if_equal("diffie-hellman-group1-sha1", KEX_DH) ) return true; // UNTESTED if ( update_kex_state_if_equal("diffie-hellman-group14-sha1", KEX_DH) ) return true; - + if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha1", KEX_DH_GEX) ) return true; if ( update_kex_state_if_equal("diffie-hellman-group-exchange-sha256", KEX_DH_GEX) ) return true; - + if ( update_kex_state_if_startswith("gss-group1-sha1-", KEX_GSS) ) return true; if ( update_kex_state_if_startswith("gss-group14-sha1-", KEX_GSS) ) @@ -549,28 +550,26 @@ refine connection SSH_Conn += { return true; if ( update_kex_state_if_startswith("gss-", KEX_GSS) ) return true; - + if ( update_kex_state_if_startswith("ecdh-sha2-", KEX_ECC) ) return true; if ( update_kex_state_if_equal("ecmqv-sha2", KEX_ECC) ) return true; if ( update_kex_state_if_equal("curve25519-sha256@libssh.org", KEX_ECC) ) return true; - - + + bro_analyzer()->Weird(fmt("ssh_unknown_kex_algorithm=%s", c_str(kex_algorithm_))); return true; } } } - + Unref(client_list); Unref(server_list); - - return true; - + + return true; %} - }; \ No newline at end of file From c448425272cbe810adf688558523c8ddbe22034f Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 4 Mar 2015 11:41:21 -0500 Subject: [PATCH 030/121] Move SSH constants to consts.pac --- src/analyzer/protocol/ssh/consts.pac | 126 ++++++++++++++++++++ src/analyzer/protocol/ssh/ssh-protocol.pac | 127 +-------------------- 2 files changed, 127 insertions(+), 126 deletions(-) create mode 100644 src/analyzer/protocol/ssh/consts.pac diff --git a/src/analyzer/protocol/ssh/consts.pac b/src/analyzer/protocol/ssh/consts.pac new file mode 100644 index 0000000000..78027f8a51 --- /dev/null +++ b/src/analyzer/protocol/ssh/consts.pac @@ -0,0 +1,126 @@ +enum version { + SSH1 = 1, + SSH2 = 2, + UNK = 3, +}; + +enum state { + VERSION_EXCHANGE = 0, + KEX_INIT = 1, + KEX_DH_GEX = 2, + KEX_DH = 3, + KEX_ECC = 4, + KEX_GSS = 5, + KEX_RSA = 6, + ENCRYPTED = 7, +}; + +# diffie-hellman-group1-sha1 [RFC4253] Section 8.1 +# diffie-hellman-group14-sha1 [RFC4253] Section 8.2 +enum KEX_DH_message_id { + SSH_MSG_KEXDH_INIT = 30, + SSH_MSG_KEXDH_REPLY = 31, +}; + +# diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 +# diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 +enum KEX_DH_GEX_message_id { + SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, + SSH_MSG_KEX_DH_GEX_GROUP = 31, + SSH_MSG_KEX_DH_GEX_INIT = 32, + SSH_MSG_KEX_DH_GEX_REPLY = 33, + SSH_MSG_KEX_DH_GEX_REQUEST = 34, +}; + +# rsa1024-sha1 [RFC4432] +# rsa2048-sha256 [RFC4432] +enum KEX_RSA_message_id { + SSH_MSG_KEXRSA_PUBKEY = 30, + SSH_MSG_KEXRSA_SECRET = 31, + SSH_MSG_KEXRSA_DONE = 32, +}; + +# gss-group1-sha1-* [RFC4462] Section 2.3 +# gss-group14-sha1-* [RFC4462] Section 2.4 +# gss-gex-sha1-* [RFC4462] Section 2.5 +# gss-* [RFC4462] Section 2.6 +enum KEX_GSS_message_id { + SSH_MSG_KEXGSS_INIT = 30, + SSH_MSG_KEXGSS_CONTINUE = 31, + SSH_MSG_KEXGSS_COMPLETE = 32, + SSH_MSG_KEXGSS_HOSTKEY = 33, + SSH_MSG_KEXGSS_ERROR = 34, + SSH_MSG_KEXGSS_GROUPREQ = 40, + SSH_MSG_KEXGSS_GROUP = 41, +}; + +# ecdh-sha2-* [RFC5656] +enum KEX_ECDH_message_id { + SSH_MSG_KEX_ECDH_INIT = 30, + SSH_MSG_KEX_ECDH_REPLY = 31, +}; + +# ecmqv-sha2 [RFC5656] +enum KEX_ECMQV_message_id { + SSH_MSG_ECMQV_INIT = 30, + SSH_MSG_ECMQV_REPLY = 31, +}; + +enum ssh1_message_id { + SSH_MSG_NONE = 0, + SSH_MSG_DISCONNECT = 1, + SSH_SMSG_PUBLIC_KEY = 2, + SSH_CMSG_SESSION_KEY = 3, + SSH_CMSG_USER = 4, + SSH_CMSG_AUTH_RHOSTS = 5, + SSH_CMSG_AUTH_RSA = 6, + SSH_SMSG_AUTH_RSA_CHALLENGE = 7, + SSH_CMSG_AUTH_RSA_RESPONSE = 8, + SSH_CMSG_AUTH_PASSWORD = 9, + SSH_CMSG_REQUEST_PTY = 10, + SSH_CMSG_WINDOW_SIZE = 11, + SSH_CMSG_EXEC_SHELL = 12, + SSH_CMSG_EXEC_CMD = 13, + SSH_SMSG_SUCCESS = 14, + SSH_SMSG_FAILURE = 15, + SSH_CMSG_STDIN_DATA = 16, + SSH_SMSG_STDOUT_DATA = 17, + SSH_SMSG_STDERR_DATA = 18, + SSH_CMSG_EOF = 19, + SSH_SMSG_EXITSTATUS = 20, + SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, + SSH_MSG_CHANNEL_OPEN_FAILURE = 22, + SSH_MSG_CHANNEL_DATA = 23, + SSH_MSG_CHANNEL_CLOSE = 24, + SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, + SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, + SSH_SMSG_X11_OPEN = 27, + SSH_CMSG_PORT_FORWARD_REQUEST = 28, + SSH_MSG_PORT_OPEN = 29, + SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, + SSH_SMSG_AGENT_OPEN = 31, + SSH_MSG_IGNORE = 32, + SSH_CMSG_EXIT_CONFIRMATION = 33, + SSH_CMSG_X11_REQUEST_FORWARDING = 34, + SSH_CMSG_AUTH_RHOSTS_RSA = 35, + SSH_MSG_DEBUG = 36, + SSH_CMSG_REQUEST_COMPRESSION = 37, + SSH_CMSG_MAX_PACKET_SIZE = 38, + SSH_CMSG_AUTH_TIS = 39, + SSH_SMSG_AUTH_TIS_CHALLENGE = 40, + SSH_CMSG_AUTH_TIS_RESPONSE = 41, + SSH_CMSG_AUTH_KERBEROS = 42, + SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, + SSH_CMSG_HAVE_KERBEROS_TGT = 44, +}; + +enum ssh2_message_id { + MSG_DISCONNECT = 1, + MSG_IGNORE = 2, + MSG_UNIMPLEMENTED = 3, + MSG_DEBUG = 4, + MSG_SERVICE_REQUEST = 5, + MSG_SERVICE_ACCEPT = 6, + MSG_KEXINIT = 20, + MSG_NEWKEYS = 21, +}; diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index a0607968ad..6f9b9bf1d8 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -1,129 +1,4 @@ -enum version { - SSH1 = 1, - SSH2 = 2, - UNK = 3, -}; - -enum state { - VERSION_EXCHANGE = 0, - KEX_INIT = 1, - KEX_DH_GEX = 2, - KEX_DH = 3, - KEX_ECC = 4, - KEX_GSS = 5, - KEX_RSA = 6, - ENCRYPTED = 7, -}; - -# diffie-hellman-group1-sha1 [RFC4253] Section 8.1 -# diffie-hellman-group14-sha1 [RFC4253] Section 8.2 -enum KEX_DH_message_id { - SSH_MSG_KEXDH_INIT = 30, - SSH_MSG_KEXDH_REPLY = 31, -}; - -# diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 -# diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 -enum KEX_DH_GEX_message_id { - SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30, - SSH_MSG_KEX_DH_GEX_GROUP = 31, - SSH_MSG_KEX_DH_GEX_INIT = 32, - SSH_MSG_KEX_DH_GEX_REPLY = 33, - SSH_MSG_KEX_DH_GEX_REQUEST = 34, -}; - -# rsa1024-sha1 [RFC4432] -# rsa2048-sha256 [RFC4432] -enum KEX_RSA_message_id { - SSH_MSG_KEXRSA_PUBKEY = 30, - SSH_MSG_KEXRSA_SECRET = 31, - SSH_MSG_KEXRSA_DONE = 32, -}; - -# gss-group1-sha1-* [RFC4462] Section 2.3 -# gss-group14-sha1-* [RFC4462] Section 2.4 -# gss-gex-sha1-* [RFC4462] Section 2.5 -# gss-* [RFC4462] Section 2.6 -enum KEX_GSS_message_id { - SSH_MSG_KEXGSS_INIT = 30, - SSH_MSG_KEXGSS_CONTINUE = 31, - SSH_MSG_KEXGSS_COMPLETE = 32, - SSH_MSG_KEXGSS_HOSTKEY = 33, - SSH_MSG_KEXGSS_ERROR = 34, - SSH_MSG_KEXGSS_GROUPREQ = 40, - SSH_MSG_KEXGSS_GROUP = 41, -}; - -# ecdh-sha2-* [RFC5656] -enum KEX_ECDH_message_id { - SSH_MSG_KEX_ECDH_INIT = 30, - SSH_MSG_KEX_ECDH_REPLY = 31, -}; - -# ecmqv-sha2 [RFC5656] -enum KEX_ECMQV_message_id { - SSH_MSG_ECMQV_INIT = 30, - SSH_MSG_ECMQV_REPLY = 31, -}; - -enum ssh1_message_id { - SSH_MSG_NONE = 0, - SSH_MSG_DISCONNECT = 1, - SSH_SMSG_PUBLIC_KEY = 2, - SSH_CMSG_SESSION_KEY = 3, - SSH_CMSG_USER = 4, - SSH_CMSG_AUTH_RHOSTS = 5, - SSH_CMSG_AUTH_RSA = 6, - SSH_SMSG_AUTH_RSA_CHALLENGE = 7, - SSH_CMSG_AUTH_RSA_RESPONSE = 8, - SSH_CMSG_AUTH_PASSWORD = 9, - SSH_CMSG_REQUEST_PTY = 10, - SSH_CMSG_WINDOW_SIZE = 11, - SSH_CMSG_EXEC_SHELL = 12, - SSH_CMSG_EXEC_CMD = 13, - SSH_SMSG_SUCCESS = 14, - SSH_SMSG_FAILURE = 15, - SSH_CMSG_STDIN_DATA = 16, - SSH_SMSG_STDOUT_DATA = 17, - SSH_SMSG_STDERR_DATA = 18, - SSH_CMSG_EOF = 19, - SSH_SMSG_EXITSTATUS = 20, - SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 21, - SSH_MSG_CHANNEL_OPEN_FAILURE = 22, - SSH_MSG_CHANNEL_DATA = 23, - SSH_MSG_CHANNEL_CLOSE = 24, - SSH_MSG_CHANNEL_CLOSE_CONFIRMATION = 25, - SSH_CMSG_X11_REQUEST_FORWARDING_OLD = 26, - SSH_SMSG_X11_OPEN = 27, - SSH_CMSG_PORT_FORWARD_REQUEST = 28, - SSH_MSG_PORT_OPEN = 29, - SSH_CMSG_AGENT_REQUEST_FORWARDING = 30, - SSH_SMSG_AGENT_OPEN = 31, - SSH_MSG_IGNORE = 32, - SSH_CMSG_EXIT_CONFIRMATION = 33, - SSH_CMSG_X11_REQUEST_FORWARDING = 34, - SSH_CMSG_AUTH_RHOSTS_RSA = 35, - SSH_MSG_DEBUG = 36, - SSH_CMSG_REQUEST_COMPRESSION = 37, - SSH_CMSG_MAX_PACKET_SIZE = 38, - SSH_CMSG_AUTH_TIS = 39, - SSH_SMSG_AUTH_TIS_CHALLENGE = 40, - SSH_CMSG_AUTH_TIS_RESPONSE = 41, - SSH_CMSG_AUTH_KERBEROS = 42, - SSH_SMSG_AUTH_KERBEROS_RESPONSE = 43, - SSH_CMSG_HAVE_KERBEROS_TGT = 44, -}; - -enum ssh2_message_id { - MSG_DISCONNECT = 1, - MSG_IGNORE = 2, - MSG_UNIMPLEMENTED = 3, - MSG_DEBUG = 4, - MSG_SERVICE_REQUEST = 5, - MSG_SERVICE_ACCEPT = 6, - MSG_KEXINIT = 20, - MSG_NEWKEYS = 21, -}; +%include consts.pac ## SSH Generic From bbedb73a45ab5589dde30370c7b0bcd38e496677 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 4 Mar 2015 13:12:03 -0500 Subject: [PATCH 031/121] Huge updates to the RDP analyzer from Josh Liburdi. - More data pulled into scriptland. - Logs expanded with client screen resolution and desired color depth. - Values in UTF-16 on the wire are converted to UTF-8 before being sent to scriptland. - If the RDP turns into SSL records, we now pass data that appears to be SSL to the PIA analyzer. - If RDP uses native encryption with X.509 certs we pass those certs to the files framework and the base scripts pass them forward to the X.509 analyzer. - Lots of cleanup and adjustment to fit the documented protocol a bit better. - Cleaned up the DPD signatures. - Moved to flowunit instead of datagram. - Added tests. --- scripts/base/init-bare.bro | 39 +- scripts/base/protocols/rdp/consts.bro | 15 + scripts/base/protocols/rdp/dpd.sig | 23 +- scripts/base/protocols/rdp/main.bro | 247 +++--- src/CMakeLists.txt | 1 + src/ConvertUTF.c | 708 ++++++++++++++++++ src/ConvertUTF.h | 183 +++++ src/analyzer/protocol/rdp/CMakeLists.txt | 1 + src/analyzer/protocol/rdp/RDP.cc | 50 +- src/analyzer/protocol/rdp/RDP.h | 6 +- src/analyzer/protocol/rdp/events.bif | 10 +- src/analyzer/protocol/rdp/rdp-analyzer.pac | 160 +++- src/analyzer/protocol/rdp/rdp-protocol.pac | 363 +++++---- src/analyzer/protocol/rdp/rdp.pac | 3 +- src/analyzer/protocol/rdp/types.bif | 5 + .../rdp.log | 11 + .../rdp.log | 11 + .../ssl.log | 11 + .../rdp.log | 10 + .../x509.log | 10 + ...4.pcap => rdp-proprietary-encryption.pcap} | Bin ...nla_win7_win2k8r2.pcap => rdp-to-ssl.pcap} | Bin 134982 -> 134982 bytes testing/btest/Traces/rdp/rdp-x509.pcap | Bin 0 -> 3135 bytes .../rdp/rdp-proprietary-encryption.bro | 4 + .../scripts/base/protocols/rdp/rdp-to-ssl.bro | 5 + .../scripts/base/protocols/rdp/rdp-x509.bro | 5 + 26 files changed, 1535 insertions(+), 346 deletions(-) create mode 100644 src/ConvertUTF.c create mode 100644 src/ConvertUTF.h create mode 100644 src/analyzer/protocol/rdp/types.bif create mode 100644 testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log rename testing/btest/Traces/rdp/{RDP-004.pcap => rdp-proprietary-encryption.pcap} (100%) rename testing/btest/Traces/rdp/{nla_win7_win2k8r2.pcap => rdp-to-ssl.pcap} (83%) create mode 100644 testing/btest/Traces/rdp/rdp-x509.pcap create mode 100644 testing/btest/scripts/base/protocols/rdp/rdp-proprietary-encryption.bro create mode 100644 testing/btest/scripts/base/protocols/rdp/rdp-to-ssl.bro create mode 100644 testing/btest/scripts/base/protocols/rdp/rdp-x509.bro diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 4a1bcfbe72..18bcbcd884 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -2847,7 +2847,44 @@ export { attributes : RADIUS::Attributes &optional; }; } -module GLOBAL; + +module RDP; +export { + type RDP::EarlyCapabilityFlags: record { + support_err_info_pdu: bool; + want_32bpp_session: bool; + support_statusinfo_pdu: bool; + strong_asymmetric_keys: bool; + support_monitor_layout_pdu: bool; + support_netchar_autodetect: bool; + support_dynvc_gfx_protocol: bool; + support_dynamic_time_zone: bool; + support_heartbeat_pdu: bool; + }; + + type RDP::ClientCoreData: record { + version_major: count; + version_minor: count; + desktop_width: count; + desktop_height: count; + color_depth: count; + sas_sequence: count; + keyboard_layout: count; + client_build: count; + client_name: string; + keyboard_type: count; + keyboard_sub: count; + keyboard_function_key: count; + ime_file_name: string; + post_beta2_color_depth: count &optional; + client_product_id: string &optional; + serial_number: count &optional; + high_color_depth: count &optional; + supported_color_depths: count &optional; + ec_flags: RDP::EarlyCapabilityFlags &optional; + dig_product_id: string &optional; + }; +} @load base/bif/plugins/Bro_SNMP.types.bif diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.bro index 5d93e6ea5d..a37e1d3188 100644 --- a/scripts/base/protocols/rdp/consts.bro +++ b/scripts/base/protocols/rdp/consts.bro @@ -35,6 +35,21 @@ export { [4] = "FIPS" } &default = function(n: count): string { return fmt("encryption_level-%d", n); }; + const high_color_depths = { + [0x0004] = "4bit", + [0x0008] = "8bit", + [0x000F] = "15bit", + [0x0010] = "16bit", + [0x0018] = "24bit" + } &default = function(n: count): string { return fmt("high_color_depth-%d", n); }; + + const color_depths = { + [0x0001] = "24bit", + [0x0002] = "16bit", + [0x0004] = "15bit", + [0x0008] = "32bit" + } &default = function(n: count): string { return fmt("color_depth-%d", n); }; + const results = { [0] = "Success", [1] = "User rejected", diff --git a/scripts/base/protocols/rdp/dpd.sig b/scripts/base/protocols/rdp/dpd.sig index 4ecb7999af..f8ebff34b9 100644 --- a/scripts/base/protocols/rdp/dpd.sig +++ b/scripts/base/protocols/rdp/dpd.sig @@ -1,17 +1,12 @@ -signature dpd_rdp_client_request { - ip-proto == tcp - payload /.*Cookie: mstshash\=.*/ - enable "rdp" +signature dpd_rdp_client { + ip-proto == tcp + # Client request + payload /.*(Cookie: mstshash\=|Duca.*(rdpdr|rdpsnd|drdynvc|cliprdr))/ + requires-reverse-signature dpd_rdp_server + enable "rdp" } -signature dpd_rdp_client_header { - ip-proto == tcp - payload /.*Duca.*(rdpdr|rdpsnd|drdynvc|cliprdr).*/ - enable "rdp" -} - -signature dpd_rdp_server_response { - ip-proto == tcp - payload /.*McDn.*/ - enable "rdp" +signature dpd_rdp_server { + ip-proto == tcp + payload /(.{5}\xd0|.*McDn)/ } diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 2e3c3f8892..9297ec83a3 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -3,155 +3,180 @@ module RDP; export { - redef enum Log::ID += { LOG }; + redef enum Log::ID += { LOG }; - type Info: record { - ## Timestamp for when the event happened. - ts: time &log; - ## Unique ID for the connection. - uid: string &log; - ## The connection's 4-tuple of endpoint addresses/ports. - id: conn_id &log; - ## Cookie value used by the client machine. - ## This is typically a username. - cookie: string &log &optional; - ## Keyboard layout (language) of the client machine. - keyboard_layout: string &log &optional; + type Info: record { + ## Timestamp for when the event happened. + ts: time &log; + ## Unique ID for the connection. + uid: string &log; + ## The connection's 4-tuple of endpoint addresses/ports. + id: conn_id &log; + ## Cookie value used by the client machine. + ## This is typically a username. + cookie: string &log &optional; + ## Keyboard layout (language) of the client machine. + keyboard_layout: string &log &optional; ## RDP client version used by the client machine. - client_build: string &log &optional; - ## Hostname of the client machine. - client_hostname: string &log &optional; - ## Product ID of the client machine. - client_product_id: string &log &optional; - ## GCC result for the connection. - result: string &log &optional; - ## Encryption level of the connection. - encryption_level: string &log &optional; - ## Encryption method of the connection. - encryption_method: string &log &optional; - - ## The analyzer ID used for the analyzer instance attached - ## to each connection. It is not used for logging since it's a - ## meaningless arbitrary number. - analyzer_id: count &optional; - ## Track status of logging RDP connections. - done: bool &default=F; - }; + client_build: string &log &optional; + ## Name of the client machine. + client_name: string &log &optional; + ## Product ID of the client machine. + client_dig_product_id: string &log &optional; + ## Desktop width of the client machine. + desktop_width: count &log &optional; + ## Desktop height of the client machine. + desktop_height: count &log &optional; + ## The color depth requested by the client in + ## the high_color_depth field. + requested_color_depth: string &log &optional; + ## GCC result for the connection. + result: string &log &optional; + ## Encryption level of the connection. + encryption_level: string &log &optional; + ## Encryption method of the connection. + encryption_method: string &log &optional; + }; ## If true, detach the RDP analyzer from the connection to prevent - ## continuing to process encrypted traffic. Helps with performance - ## (especially with large file transfers). - const disable_analyzer_after_detection = T &redef; + ## continuing to process encrypted traffic. + const disable_analyzer_after_detection = F &redef; ## The amount of time to monitor an RDP session from when it is first ## identified. When this interval is reached, the session is logged. - const rdp_interval = 10secs &redef; + const rdp_check_interval = 10secs &redef; - ## Event that can be handled to access the rdp record as it is sent on - ## to the logging framework. - global log_rdp: event(rec: Info); + ## Event that can be handled to access the rdp record as it is sent on + ## to the logging framework. + global log_rdp: event(rec: Info); } +# Internal fields that aren't useful externally +redef record Info += { + ## The analyzer ID used for the analyzer instance attached + ## to each connection. It is not used for logging since it's a + ## meaningless arbitrary number. + analyzer_id: count &optional; + ## Track status of logging RDP connections. + done: bool &default=F; +}; + redef record connection += { - rdp: Info &optional; - }; + rdp: Info &optional; +}; const ports = { 3389/tcp }; redef likely_server_ports += { ports }; event bro_init() &priority=5 - { - Log::create_stream(RDP::LOG, [$columns=Info, $ev=log_rdp]); - Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); - } - -# Verify that the RDP session contains -# RDP data before writing it to the log. -function verify_rdp(c: connection) { - local info = c$rdp; - if ( info?$cookie || info?$keyboard_layout || info?$result ) - Log::write(RDP::LOG,info); - else - Reporter::error("RDP analyzer was initialized but no data was found"); + Log::create_stream(RDP::LOG, [$columns=RDP::Info, $ev=log_rdp]); + Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); } -event log_record(c: connection, remove_analyzer: bool) - { +function write_log(c: connection) + { + local info = c$rdp; + if ( info$done ) + return; + + # Mark this record as fully logged and finished. + info$done = T; + + # Verify that the RDP session contains + # RDP data before writing it to the log. + if ( info?$cookie || info?$keyboard_layout || info?$result ) + Log::write(RDP::LOG, info); + } + +event check_record(c: connection) + { # If the record was logged, then stop processing. - if ( c$rdp$done ) - return; + if ( c$rdp$done ) + return; - # If the analyzer is no longer attached, then - # log the record and stop processing. - if ( ! remove_analyzer ) - { - c$rdp$done = T; - verify_rdp(c); - return; - } - - # If the value rdp_interval has passed since the + # If the value rdp_check_interval has passed since the # RDP session was started, then log the record. - local diff = network_time() - c$rdp$ts; - if ( diff > rdp_interval ) - { - c$rdp$done = T; - verify_rdp(c); + local diff = network_time() - c$rdp$ts; + if ( diff > rdp_check_interval ) + { + write_log(c); - # Remove the analyzer if it is still attached. - if ( remove_analyzer && disable_analyzer_after_detection && connection_exists(c$id) && c$rdp?$analyzer_id ) - { - disable_analyzer(c$id, c$rdp$analyzer_id); - delete c$rdp$analyzer_id; - } + # Remove the analyzer if it is still attached. + if ( disable_analyzer_after_detection && + connection_exists(c$id) && + c$rdp?$analyzer_id ) + { + disable_analyzer(c$id, c$rdp$analyzer_id); + } - return; - } - # If the analyzer is attached and the duration - # to monitor the RDP session was not met, then - # reschedule the logging event. - else - schedule +rdp_interval { log_record(c,remove_analyzer) }; - } + return; + } + else + { + # If the analyzer is attached and the duration + # to monitor the RDP session was not met, then + # reschedule the logging event. + schedule rdp_check_interval { check_record(c) }; + } + } function set_session(c: connection) - { - if ( ! c?$rdp ) - { - c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; - # The RDP session is scheduled to be logged from - # the time it is first initiated. - schedule +rdp_interval { log_record(c,T) }; - } - } + { + if ( ! c?$rdp ) + { + c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; + # The RDP session is scheduled to be logged from + # the time it is first initiated. + schedule rdp_check_interval { check_record(c) }; + } + } event rdp_client_request(c: connection, cookie: string) &priority=5 { set_session(c); + c$rdp$cookie = cookie; } -event rdp_client_data(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string) &priority=5 +event rdp_client_core_data(c: connection, data: RDP::ClientCoreData) &priority=5 { set_session(c); - c$rdp$keyboard_layout = languages[keyboard_layout]; - c$rdp$client_build = builds[build]; - c$rdp$client_hostname = gsub(cat(hostname),/\\0/,""); - c$rdp$client_product_id = gsub(cat(product_id),/\\0/,""); + + c$rdp$keyboard_layout = RDP::languages[data$keyboard_layout]; + c$rdp$client_build = RDP::builds[data$client_build]; + c$rdp$client_name = data$client_name; + c$rdp$client_dig_product_id = data$dig_product_id; + c$rdp$desktop_width = data$desktop_width; + c$rdp$desktop_height = data$desktop_height; + if ( data?$ec_flags && data$ec_flags$want_32bpp_session ) + c$rdp$requested_color_depth = "32-bit"; + else + c$rdp$requested_color_depth = RDP::high_color_depths[data$high_color_depth]; } event rdp_result(c: connection, result: count) &priority=5 { - set_session(c); - c$rdp$result = results[result]; + set_session(c); + + c$rdp$result = RDP::results[result]; } event rdp_server_security(c: connection, encryption_method: count, encryption_level: count) &priority=5 { set_session(c); - c$rdp$encryption_method = encryption_methods[encryption_method]; - c$rdp$encryption_level = encryption_levels[encryption_level]; + + c$rdp$encryption_method = RDP::encryption_methods[encryption_method]; + c$rdp$encryption_level = RDP::encryption_levels[encryption_level]; + } + +event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) + { + Files::add_analyzer(f, Files::ANALYZER_X509); + # always calculate hashes. They are not necessary for base scripts + # but very useful for identification, and required for policy scripts + Files::add_analyzer(f, Files::ANALYZER_MD5); + Files::add_analyzer(f, Files::ANALYZER_SHA1); } event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5 @@ -167,12 +192,14 @@ event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason { # If a protocol violation occurs, then log the record immediately. if ( c?$rdp ) - schedule +0secs { log_record(c,F) }; + write_log(c); } event connection_state_remove(c: connection) &priority=-5 - { + { # If the connection is removed, then log the record immediately. - if ( c?$rdp ) - schedule +0secs { log_record(c,F) }; - } + if ( c?$rdp ) + { + write_log(c); + } + } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 13c6e45006..63cefbc685 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -261,6 +261,7 @@ set(bro_SRCS ChunkedIO.cc CompHash.cc Conn.cc + ConvertUTF.c DFA.cc DbgBreakpoint.cc DbgHelp.cc diff --git a/src/ConvertUTF.c b/src/ConvertUTF.c new file mode 100644 index 0000000000..61e724de83 --- /dev/null +++ b/src/ConvertUTF.c @@ -0,0 +1,708 @@ +/*===--- ConvertUTF.c - Universal Character Names conversions ---------------=== + * + * The LLVM Compiler Infrastructure + * + * This file is distributed under the University of Illinois Open Source + * License. See LICENSE.TXT for details. + * + *===------------------------------------------------------------------------=*/ +/* + * Copyright 2001-2004 Unicode, Inc. + * + * Disclaimer + * + * This source code is provided as is by Unicode, Inc. No claims are + * made as to fitness for any particular purpose. No warranties of any + * kind are expressed or implied. The recipient agrees to determine + * applicability of information provided. If this file has been + * purchased on magnetic or optical media from Unicode, Inc., the + * sole remedy for any claim will be exchange of defective media + * within 90 days of receipt. + * + * Limitations on Rights to Redistribute This Code + * + * Unicode, Inc. hereby grants the right to freely use the information + * supplied in this file in the creation of products supporting the + * Unicode Standard, and to make copies of this file in any form + * for internal or external distribution as long as this notice + * remains attached. + */ + +/* --------------------------------------------------------------------- + + Conversions between UTF32, UTF-16, and UTF-8. Source code file. + Author: Mark E. Davis, 1994. + Rev History: Rick McGowan, fixes & updates May 2001. + Sept 2001: fixed const & error conditions per + mods suggested by S. Parent & A. Lillich. + June 2002: Tim Dodd added detection and handling of incomplete + source sequences, enhanced error detection, added casts + to eliminate compiler warnings. + July 2003: slight mods to back out aggressive FFFE detection. + Jan 2004: updated switches in from-UTF8 conversions. + Oct 2004: updated to use UNI_MAX_LEGAL_UTF32 in UTF-32 conversions. + + See the header file "ConvertUTF.h" for complete documentation. + +------------------------------------------------------------------------ */ + + +#include "ConvertUTF.h" +#ifdef CVTUTF_DEBUG +#include +#endif +#include + +static const int halfShift = 10; /* used for shifting by 10 bits */ + +static const UTF32 halfBase = 0x0010000UL; +static const UTF32 halfMask = 0x3FFUL; + +#define UNI_SUR_HIGH_START (UTF32)0xD800 +#define UNI_SUR_HIGH_END (UTF32)0xDBFF +#define UNI_SUR_LOW_START (UTF32)0xDC00 +#define UNI_SUR_LOW_END (UTF32)0xDFFF +#define false 0 +#define true 1 + +/* --------------------------------------------------------------------- */ + +/* + * Index into the table below with the first byte of a UTF-8 sequence to + * get the number of trailing bytes that are supposed to follow it. + * Note that *legal* UTF-8 values can't have 4 or 5-bytes. The table is + * left as-is for anyone who may want to do such conversion, which was + * allowed in earlier algorithms. + */ +static const char trailingBytesForUTF8[256] = { + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, 3,3,3,3,3,3,3,3,4,4,4,4,5,5,5,5 +}; + +/* + * Magic values subtracted from a buffer value during UTF8 conversion. + * This table contains as many values as there might be trailing bytes + * in a UTF-8 sequence. + */ +static const UTF32 offsetsFromUTF8[6] = { 0x00000000UL, 0x00003080UL, 0x000E2080UL, + 0x03C82080UL, 0xFA082080UL, 0x82082080UL }; + +/* + * Once the bits are split out into bytes of UTF-8, this is a mask OR-ed + * into the first byte, depending on how many bytes follow. There are + * as many entries in this table as there are UTF-8 sequence types. + * (I.e., one byte sequence, two byte... etc.). Remember that sequencs + * for *legal* UTF-8 will be 4 or fewer bytes total. + */ +static const UTF8 firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC }; + +/* --------------------------------------------------------------------- */ + +/* The interface converts a whole buffer to avoid function-call overhead. + * Constants have been gathered. Loops & conditionals have been removed as + * much as possible for efficiency, in favor of drop-through switches. + * (See "Note A" at the bottom of the file for equivalent code.) + * If your compiler supports it, the "isLegalUTF8" call can be turned + * into an inline function. + */ + + +/* --------------------------------------------------------------------- */ + +ConversionResult ConvertUTF32toUTF16 ( + const UTF32** sourceStart, const UTF32* sourceEnd, + UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) { + ConversionResult result = conversionOK; + const UTF32* source = *sourceStart; + UTF16* target = *targetStart; + while (source < sourceEnd) { + UTF32 ch; + if (target >= targetEnd) { + result = targetExhausted; break; + } + ch = *source++; + if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */ + /* UTF-16 surrogate values are illegal in UTF-32; 0xffff or 0xfffe are both reserved values */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { + if (flags == strictConversion) { + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } else { + *target++ = UNI_REPLACEMENT_CHAR; + } + } else { + *target++ = (UTF16)ch; /* normal case */ + } + } else if (ch > UNI_MAX_LEGAL_UTF32) { + if (flags == strictConversion) { + result = sourceIllegal; + } else { + *target++ = UNI_REPLACEMENT_CHAR; + } + } else { + /* target is a character in range 0xFFFF - 0x10FFFF. */ + if (target + 1 >= targetEnd) { + --source; /* Back up source pointer! */ + result = targetExhausted; break; + } + ch -= halfBase; + *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START); + *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START); + } + } + *sourceStart = source; + *targetStart = target; + return result; +} + +/* --------------------------------------------------------------------- */ + +ConversionResult ConvertUTF16toUTF32 ( + const UTF16** sourceStart, const UTF16* sourceEnd, + UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags) { + ConversionResult result = conversionOK; + const UTF16* source = *sourceStart; + UTF32* target = *targetStart; + UTF32 ch, ch2; + while (source < sourceEnd) { + const UTF16* oldSource = source; /* In case we have to back up because of target overflow. */ + ch = *source++; + /* If we have a surrogate pair, convert to UTF32 first. */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) { + /* If the 16 bits following the high surrogate are in the source buffer... */ + if (source < sourceEnd) { + ch2 = *source; + /* If it's a low surrogate, convert to UTF32. */ + if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) { + ch = ((ch - UNI_SUR_HIGH_START) << halfShift) + + (ch2 - UNI_SUR_LOW_START) + halfBase; + ++source; + } else if (flags == strictConversion) { /* it's an unpaired high surrogate */ + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } + } else { /* We don't have the 16 bits following the high surrogate. */ + --source; /* return to the high surrogate */ + result = sourceExhausted; + break; + } + } else if (flags == strictConversion) { + /* UTF-16 surrogate values are illegal in UTF-32 */ + if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) { + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } + } + if (target >= targetEnd) { + source = oldSource; /* Back up source pointer! */ + result = targetExhausted; break; + } + *target++ = ch; + } + *sourceStart = source; + *targetStart = target; +#ifdef CVTUTF_DEBUG +if (result == sourceIllegal) { + fprintf(stderr, "ConvertUTF16toUTF32 illegal seq 0x%04x,%04x\n", ch, ch2); + fflush(stderr); +} +#endif + return result; +} +ConversionResult ConvertUTF16toUTF8 ( + const UTF16** sourceStart, const UTF16* sourceEnd, + UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) { + ConversionResult result = conversionOK; + const UTF16* source = *sourceStart; + UTF8* target = *targetStart; + while (source < sourceEnd) { + UTF32 ch; + unsigned short bytesToWrite = 0; + const UTF32 byteMask = 0xBF; + const UTF32 byteMark = 0x80; + const UTF16* oldSource = source; /* In case we have to back up because of target overflow. */ + ch = *source++; + /* If we have a surrogate pair, convert to UTF32 first. */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_HIGH_END) { + /* If the 16 bits following the high surrogate are in the source buffer... */ + if (source < sourceEnd) { + UTF32 ch2 = *source; + /* If it's a low surrogate, convert to UTF32. */ + if (ch2 >= UNI_SUR_LOW_START && ch2 <= UNI_SUR_LOW_END) { + ch = ((ch - UNI_SUR_HIGH_START) << halfShift) + + (ch2 - UNI_SUR_LOW_START) + halfBase; + ++source; + } else if (flags == strictConversion) { /* it's an unpaired high surrogate */ + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } + } else { /* We don't have the 16 bits following the high surrogate. */ + --source; /* return to the high surrogate */ + result = sourceExhausted; + break; + } + } else if (flags == strictConversion) { + /* UTF-16 surrogate values are illegal in UTF-32 */ + if (ch >= UNI_SUR_LOW_START && ch <= UNI_SUR_LOW_END) { + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } + } + /* Figure out how many bytes the result will require */ + if (ch < (UTF32)0x80) { bytesToWrite = 1; + } else if (ch < (UTF32)0x800) { bytesToWrite = 2; + } else if (ch < (UTF32)0x10000) { bytesToWrite = 3; + } else if (ch < (UTF32)0x110000) { bytesToWrite = 4; + } else { bytesToWrite = 3; + ch = UNI_REPLACEMENT_CHAR; + } + + target += bytesToWrite; + if (target > targetEnd) { + source = oldSource; /* Back up source pointer! */ + target -= bytesToWrite; result = targetExhausted; break; + } + switch (bytesToWrite) { /* note: everything falls through. */ + case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 1: *--target = (UTF8)(ch | firstByteMark[bytesToWrite]); + } + target += bytesToWrite; + } + *sourceStart = source; + *targetStart = target; + return result; +} + +/* --------------------------------------------------------------------- */ + +ConversionResult ConvertUTF32toUTF8 ( + const UTF32** sourceStart, const UTF32* sourceEnd, + UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags) { + ConversionResult result = conversionOK; + const UTF32* source = *sourceStart; + UTF8* target = *targetStart; + while (source < sourceEnd) { + UTF32 ch; + unsigned short bytesToWrite = 0; + const UTF32 byteMask = 0xBF; + const UTF32 byteMark = 0x80; + ch = *source++; + if (flags == strictConversion ) { + /* UTF-16 surrogate values are illegal in UTF-32 */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { + --source; /* return to the illegal value itself */ + result = sourceIllegal; + break; + } + } + /* + * Figure out how many bytes the result will require. Turn any + * illegally large UTF32 things (> Plane 17) into replacement chars. + */ + if (ch < (UTF32)0x80) { bytesToWrite = 1; + } else if (ch < (UTF32)0x800) { bytesToWrite = 2; + } else if (ch < (UTF32)0x10000) { bytesToWrite = 3; + } else if (ch <= UNI_MAX_LEGAL_UTF32) { bytesToWrite = 4; + } else { bytesToWrite = 3; + ch = UNI_REPLACEMENT_CHAR; + result = sourceIllegal; + } + + target += bytesToWrite; + if (target > targetEnd) { + --source; /* Back up source pointer! */ + target -= bytesToWrite; result = targetExhausted; break; + } + switch (bytesToWrite) { /* note: everything falls through. */ + case 4: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 3: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 2: *--target = (UTF8)((ch | byteMark) & byteMask); ch >>= 6; + case 1: *--target = (UTF8) (ch | firstByteMark[bytesToWrite]); + } + target += bytesToWrite; + } + *sourceStart = source; + *targetStart = target; + return result; +} + +/* --------------------------------------------------------------------- */ + +/* + * Utility routine to tell whether a sequence of bytes is legal UTF-8. + * This must be called with the length pre-determined by the first byte. + * If not calling this from ConvertUTF8to*, then the length can be set by: + * length = trailingBytesForUTF8[*source]+1; + * and the sequence is illegal right away if there aren't that many bytes + * available. + * If presented with a length > 4, this returns false. The Unicode + * definition of UTF-8 goes up to 4-byte sequences. + */ + +static Boolean isLegalUTF8(const UTF8 *source, int length) { + UTF8 a; + const UTF8 *srcptr = source+length; + switch (length) { + default: return false; + /* Everything else falls through when "true"... */ + case 4: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false; + case 3: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false; + case 2: if ((a = (*--srcptr)) < 0x80 || a > 0xBF) return false; + + switch (*source) { + /* no fall-through in this inner switch */ + case 0xE0: if (a < 0xA0) return false; break; + case 0xED: if (a > 0x9F) return false; break; + case 0xF0: if (a < 0x90) return false; break; + case 0xF4: if (a > 0x8F) return false; break; + default: if (a < 0x80) return false; + } + + case 1: if (*source >= 0x80 && *source < 0xC2) return false; + } + if (*source > 0xF4) return false; + return true; +} + +/* --------------------------------------------------------------------- */ + +/* + * Exported function to return whether a UTF-8 sequence is legal or not. + * This is not used here; it's just exported. + */ +Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd) { + int length = trailingBytesForUTF8[*source]+1; + if (length > sourceEnd - source) { + return false; + } + return isLegalUTF8(source, length); +} + +/* --------------------------------------------------------------------- */ + +static unsigned +findMaximalSubpartOfIllFormedUTF8Sequence(const UTF8 *source, + const UTF8 *sourceEnd) { + UTF8 b1, b2, b3; + + assert(!isLegalUTF8Sequence(source, sourceEnd)); + + /* + * Unicode 6.3.0, D93b: + * + * Maximal subpart of an ill-formed subsequence: The longest code unit + * subsequence starting at an unconvertible offset that is either: + * a. the initial subsequence of a well-formed code unit sequence, or + * b. a subsequence of length one. + */ + + if (source == sourceEnd) + return 0; + + /* + * Perform case analysis. See Unicode 6.3.0, Table 3-7. Well-Formed UTF-8 + * Byte Sequences. + */ + + b1 = *source; + ++source; + if (b1 >= 0xC2 && b1 <= 0xDF) { + /* + * First byte is valid, but we know that this code unit sequence is + * invalid, so the maximal subpart has to end after the first byte. + */ + return 1; + } + + if (source == sourceEnd) + return 1; + + b2 = *source; + ++source; + + if (b1 == 0xE0) { + return (b2 >= 0xA0 && b2 <= 0xBF) ? 2 : 1; + } + if (b1 >= 0xE1 && b1 <= 0xEC) { + return (b2 >= 0x80 && b2 <= 0xBF) ? 2 : 1; + } + if (b1 == 0xED) { + return (b2 >= 0x80 && b2 <= 0x9F) ? 2 : 1; + } + if (b1 >= 0xEE && b1 <= 0xEF) { + return (b2 >= 0x80 && b2 <= 0xBF) ? 2 : 1; + } + if (b1 == 0xF0) { + if (b2 >= 0x90 && b2 <= 0xBF) { + if (source == sourceEnd) + return 2; + + b3 = *source; + return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2; + } + return 1; + } + if (b1 >= 0xF1 && b1 <= 0xF3) { + if (b2 >= 0x80 && b2 <= 0xBF) { + if (source == sourceEnd) + return 2; + + b3 = *source; + return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2; + } + return 1; + } + if (b1 == 0xF4) { + if (b2 >= 0x80 && b2 <= 0x8F) { + if (source == sourceEnd) + return 2; + + b3 = *source; + return (b3 >= 0x80 && b3 <= 0xBF) ? 3 : 2; + } + return 1; + } + + assert((b1 >= 0x80 && b1 <= 0xC1) || b1 >= 0xF5); + /* + * There are no valid sequences that start with these bytes. Maximal subpart + * is defined to have length 1 in these cases. + */ + return 1; +} + +/* --------------------------------------------------------------------- */ + +/* + * Exported function to return the total number of bytes in a codepoint + * represented in UTF-8, given the value of the first byte. + */ +unsigned getNumBytesForUTF8(UTF8 first) { + return trailingBytesForUTF8[first] + 1; +} + +/* --------------------------------------------------------------------- */ + +/* + * Exported function to return whether a UTF-8 string is legal or not. + * This is not used here; it's just exported. + */ +Boolean isLegalUTF8String(const UTF8 **source, const UTF8 *sourceEnd) { + while (*source != sourceEnd) { + int length = trailingBytesForUTF8[**source] + 1; + if (length > sourceEnd - *source || !isLegalUTF8(*source, length)) + return false; + *source += length; + } + return true; +} + +/* --------------------------------------------------------------------- */ + +ConversionResult ConvertUTF8toUTF16 ( + const UTF8** sourceStart, const UTF8* sourceEnd, + UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags) { + ConversionResult result = conversionOK; + const UTF8* source = *sourceStart; + UTF16* target = *targetStart; + while (source < sourceEnd) { + UTF32 ch = 0; + unsigned short extraBytesToRead = trailingBytesForUTF8[*source]; + if (extraBytesToRead >= sourceEnd - source) { + result = sourceExhausted; break; + } + /* Do this check whether lenient or strict */ + if (!isLegalUTF8(source, extraBytesToRead+1)) { + result = sourceIllegal; + break; + } + /* + * The cases all fall through. See "Note A" below. + */ + switch (extraBytesToRead) { + case 5: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */ + case 4: ch += *source++; ch <<= 6; /* remember, illegal UTF-8 */ + case 3: ch += *source++; ch <<= 6; + case 2: ch += *source++; ch <<= 6; + case 1: ch += *source++; ch <<= 6; + case 0: ch += *source++; + } + ch -= offsetsFromUTF8[extraBytesToRead]; + + if (target >= targetEnd) { + source -= (extraBytesToRead+1); /* Back up source pointer! */ + result = targetExhausted; break; + } + if (ch <= UNI_MAX_BMP) { /* Target is a character <= 0xFFFF */ + /* UTF-16 surrogate values are illegal in UTF-32 */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { + if (flags == strictConversion) { + source -= (extraBytesToRead+1); /* return to the illegal value itself */ + result = sourceIllegal; + break; + } else { + *target++ = UNI_REPLACEMENT_CHAR; + } + } else { + *target++ = (UTF16)ch; /* normal case */ + } + } else if (ch > UNI_MAX_UTF16) { + if (flags == strictConversion) { + result = sourceIllegal; + source -= (extraBytesToRead+1); /* return to the start */ + break; /* Bail out; shouldn't continue */ + } else { + *target++ = UNI_REPLACEMENT_CHAR; + } + } else { + /* target is a character in range 0xFFFF - 0x10FFFF. */ + if (target + 1 >= targetEnd) { + source -= (extraBytesToRead+1); /* Back up source pointer! */ + result = targetExhausted; break; + } + ch -= halfBase; + *target++ = (UTF16)((ch >> halfShift) + UNI_SUR_HIGH_START); + *target++ = (UTF16)((ch & halfMask) + UNI_SUR_LOW_START); + } + } + *sourceStart = source; + *targetStart = target; + return result; +} + +/* --------------------------------------------------------------------- */ + +static ConversionResult ConvertUTF8toUTF32Impl( + const UTF8** sourceStart, const UTF8* sourceEnd, + UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags, + Boolean InputIsPartial) { + ConversionResult result = conversionOK; + const UTF8* source = *sourceStart; + UTF32* target = *targetStart; + while (source < sourceEnd) { + UTF32 ch = 0; + unsigned short extraBytesToRead = trailingBytesForUTF8[*source]; + if (extraBytesToRead >= sourceEnd - source) { + if (flags == strictConversion || InputIsPartial) { + result = sourceExhausted; + break; + } else { + result = sourceIllegal; + + /* + * Replace the maximal subpart of ill-formed sequence with + * replacement character. + */ + source += findMaximalSubpartOfIllFormedUTF8Sequence(source, + sourceEnd); + *target++ = UNI_REPLACEMENT_CHAR; + continue; + } + } + if (target >= targetEnd) { + result = targetExhausted; break; + } + + /* Do this check whether lenient or strict */ + if (!isLegalUTF8(source, extraBytesToRead+1)) { + result = sourceIllegal; + if (flags == strictConversion) { + /* Abort conversion. */ + break; + } else { + /* + * Replace the maximal subpart of ill-formed sequence with + * replacement character. + */ + source += findMaximalSubpartOfIllFormedUTF8Sequence(source, + sourceEnd); + *target++ = UNI_REPLACEMENT_CHAR; + continue; + } + } + /* + * The cases all fall through. See "Note A" below. + */ + switch (extraBytesToRead) { + case 5: ch += *source++; ch <<= 6; + case 4: ch += *source++; ch <<= 6; + case 3: ch += *source++; ch <<= 6; + case 2: ch += *source++; ch <<= 6; + case 1: ch += *source++; ch <<= 6; + case 0: ch += *source++; + } + ch -= offsetsFromUTF8[extraBytesToRead]; + + if (ch <= UNI_MAX_LEGAL_UTF32) { + /* + * UTF-16 surrogate values are illegal in UTF-32, and anything + * over Plane 17 (> 0x10FFFF) is illegal. + */ + if (ch >= UNI_SUR_HIGH_START && ch <= UNI_SUR_LOW_END) { + if (flags == strictConversion) { + source -= (extraBytesToRead+1); /* return to the illegal value itself */ + result = sourceIllegal; + break; + } else { + *target++ = UNI_REPLACEMENT_CHAR; + } + } else { + *target++ = ch; + } + } else { /* i.e., ch > UNI_MAX_LEGAL_UTF32 */ + result = sourceIllegal; + *target++ = UNI_REPLACEMENT_CHAR; + } + } + *sourceStart = source; + *targetStart = target; + return result; +} + +ConversionResult ConvertUTF8toUTF32Partial(const UTF8 **sourceStart, + const UTF8 *sourceEnd, + UTF32 **targetStart, + UTF32 *targetEnd, + ConversionFlags flags) { + return ConvertUTF8toUTF32Impl(sourceStart, sourceEnd, targetStart, targetEnd, + flags, /*InputIsPartial=*/true); +} + +ConversionResult ConvertUTF8toUTF32(const UTF8 **sourceStart, + const UTF8 *sourceEnd, UTF32 **targetStart, + UTF32 *targetEnd, ConversionFlags flags) { + return ConvertUTF8toUTF32Impl(sourceStart, sourceEnd, targetStart, targetEnd, + flags, /*InputIsPartial=*/false); +} + +/* --------------------------------------------------------------------- + + Note A. + The fall-through switches in UTF-8 reading code save a + temp variable, some decrements & conditionals. The switches + are equivalent to the following loop: + { + int tmpBytesToRead = extraBytesToRead+1; + do { + ch += *source++; + --tmpBytesToRead; + if (tmpBytesToRead) ch <<= 6; + } while (tmpBytesToRead > 0); + } + In UTF-8 writing code, the switches on "bytesToWrite" are + similarly unrolled loops. + + --------------------------------------------------------------------- */ \ No newline at end of file diff --git a/src/ConvertUTF.h b/src/ConvertUTF.h new file mode 100644 index 0000000000..e895dbdf4a --- /dev/null +++ b/src/ConvertUTF.h @@ -0,0 +1,183 @@ +/*===--- ConvertUTF.h - Universal Character Names conversions ---------------=== + * + * The LLVM Compiler Infrastructure + * + * This file is distributed under the University of Illinois Open Source + * License. See LICENSE.TXT for details. + * + *==------------------------------------------------------------------------==*/ +/* + * Copyright 2001-2004 Unicode, Inc. + * + * Disclaimer + * + * This source code is provided as is by Unicode, Inc. No claims are + * made as to fitness for any particular purpose. No warranties of any + * kind are expressed or implied. The recipient agrees to determine + * applicability of information provided. If this file has been + * purchased on magnetic or optical media from Unicode, Inc., the + * sole remedy for any claim will be exchange of defective media + * within 90 days of receipt. + * + * Limitations on Rights to Redistribute This Code + * + * Unicode, Inc. hereby grants the right to freely use the information + * supplied in this file in the creation of products supporting the + * Unicode Standard, and to make copies of this file in any form + * for internal or external distribution as long as this notice + * remains attached. + */ + +/* --------------------------------------------------------------------- + + Conversions between UTF32, UTF-16, and UTF-8. Header file. + + Several funtions are included here, forming a complete set of + conversions between the three formats. UTF-7 is not included + here, but is handled in a separate source file. + + Each of these routines takes pointers to input buffers and output + buffers. The input buffers are const. + + Each routine converts the text between *sourceStart and sourceEnd, + putting the result into the buffer between *targetStart and + targetEnd. Note: the end pointers are *after* the last item: e.g. + *(sourceEnd - 1) is the last item. + + The return result indicates whether the conversion was successful, + and if not, whether the problem was in the source or target buffers. + (Only the first encountered problem is indicated.) + + After the conversion, *sourceStart and *targetStart are both + updated to point to the end of last text successfully converted in + the respective buffers. + + Input parameters: + sourceStart - pointer to a pointer to the source buffer. + The contents of this are modified on return so that + it points at the next thing to be converted. + targetStart - similarly, pointer to pointer to the target buffer. + sourceEnd, targetEnd - respectively pointers to the ends of the + two buffers, for overflow checking only. + + These conversion functions take a ConversionFlags argument. When this + flag is set to strict, both irregular sequences and isolated surrogates + will cause an error. When the flag is set to lenient, both irregular + sequences and isolated surrogates are converted. + + Whether the flag is strict or lenient, all illegal sequences will cause + an error return. This includes sequences such as: , , + or in UTF-8, and values above 0x10FFFF in UTF-32. Conformant code + must check for illegal sequences. + + When the flag is set to lenient, characters over 0x10FFFF are converted + to the replacement character; otherwise (when the flag is set to strict) + they constitute an error. + + Output parameters: + The value "sourceIllegal" is returned from some routines if the input + sequence is malformed. When "sourceIllegal" is returned, the source + value will point to the illegal value that caused the problem. E.g., + in UTF-8 when a sequence is malformed, it points to the start of the + malformed sequence. + + Author: Mark E. Davis, 1994. + Rev History: Rick McGowan, fixes & updates May 2001. + Fixes & updates, Sept 2001. + +------------------------------------------------------------------------ */ + +#ifndef LLVM_SUPPORT_CONVERTUTF_H +#define LLVM_SUPPORT_CONVERTUTF_H + +/* --------------------------------------------------------------------- + The following 4 definitions are compiler-specific. + The C standard does not guarantee that wchar_t has at least + 16 bits, so wchar_t is no less portable than unsigned short! + All should be unsigned values to avoid sign extension during + bit mask & shift operations. +------------------------------------------------------------------------ */ + +typedef unsigned int UTF32; /* at least 32 bits */ +typedef unsigned short UTF16; /* at least 16 bits */ +typedef unsigned char UTF8; /* typically 8 bits */ +typedef unsigned char Boolean; /* 0 or 1 */ + +/* Some fundamental constants */ +#define UNI_REPLACEMENT_CHAR (UTF32)0x0000FFFD +#define UNI_MAX_BMP (UTF32)0x0000FFFF +#define UNI_MAX_UTF16 (UTF32)0x0010FFFF +#define UNI_MAX_UTF32 (UTF32)0x7FFFFFFF +#define UNI_MAX_LEGAL_UTF32 (UTF32)0x0010FFFF + +#define UNI_MAX_UTF8_BYTES_PER_CODE_POINT 4 + +#define UNI_UTF16_BYTE_ORDER_MARK_NATIVE 0xFEFF +#define UNI_UTF16_BYTE_ORDER_MARK_SWAPPED 0xFFFE + +typedef enum { + conversionOK, /* conversion successful */ + sourceExhausted, /* partial character in source, but hit end */ + targetExhausted, /* insuff. room in target for conversion */ + sourceIllegal /* source sequence is illegal/malformed */ +} ConversionResult; + +typedef enum { + strictConversion = 0, + lenientConversion +} ConversionFlags; + +/* This is for C++ and does no harm in C */ +#ifdef __cplusplus +extern "C" { +#endif + +ConversionResult ConvertUTF8toUTF16 ( + const UTF8** sourceStart, const UTF8* sourceEnd, + UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags); + +/** + * Convert a partial UTF8 sequence to UTF32. If the sequence ends in an + * incomplete code unit sequence, returns \c sourceExhausted. + */ +ConversionResult ConvertUTF8toUTF32Partial( + const UTF8** sourceStart, const UTF8* sourceEnd, + UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); + +/** + * Convert a partial UTF8 sequence to UTF32. If the sequence ends in an + * incomplete code unit sequence, returns \c sourceIllegal. + */ +ConversionResult ConvertUTF8toUTF32( + const UTF8** sourceStart, const UTF8* sourceEnd, + UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); + +ConversionResult ConvertUTF16toUTF8 ( + const UTF16** sourceStart, const UTF16* sourceEnd, + UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); + +ConversionResult ConvertUTF32toUTF8 ( + const UTF32** sourceStart, const UTF32* sourceEnd, + UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); + +ConversionResult ConvertUTF16toUTF32 ( + const UTF16** sourceStart, const UTF16* sourceEnd, + UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); + +ConversionResult ConvertUTF32toUTF16 ( + const UTF32** sourceStart, const UTF32* sourceEnd, + UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags); + +Boolean isLegalUTF8Sequence(const UTF8 *source, const UTF8 *sourceEnd); + +Boolean isLegalUTF8String(const UTF8 **source, const UTF8 *sourceEnd); + +unsigned getNumBytesForUTF8(UTF8 firstByte); + +#ifdef __cplusplus +} +#endif + +/* --------------------------------------------------------------------- */ + +#endif \ No newline at end of file diff --git a/src/analyzer/protocol/rdp/CMakeLists.txt b/src/analyzer/protocol/rdp/CMakeLists.txt index 445e853f2c..f48012c010 100644 --- a/src/analyzer/protocol/rdp/CMakeLists.txt +++ b/src/analyzer/protocol/rdp/CMakeLists.txt @@ -5,5 +5,6 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI bro_plugin_begin(Bro RDP) bro_plugin_cc(RDP.cc Plugin.cc) bro_plugin_bif(events.bif) + bro_plugin_bif(types.bif) bro_plugin_pac(rdp.pac rdp-analyzer.pac rdp-protocol.pac) bro_plugin_end() diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index aca184d844..c38292ad21 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -2,17 +2,17 @@ #include "analyzer/protocol/tcp/TCP_Reassembler.h" #include "Reporter.h" #include "events.bif.h" +#include "types.bif.h" using namespace analyzer::rdp; RDP_Analyzer::RDP_Analyzer(Connection* c) - -: tcp::TCP_ApplicationAnalyzer("RDP", c) + : tcp::TCP_ApplicationAnalyzer("RDP", c) { interp = new binpac::RDP::RDP_Conn(this); had_gap = false; - + pia = 0; } RDP_Analyzer::~RDP_Analyzer() @@ -22,12 +22,10 @@ RDP_Analyzer::~RDP_Analyzer() void RDP_Analyzer::Done() { - tcp::TCP_ApplicationAnalyzer::Done(); interp->FlowEOF(true); interp->FlowEOF(false); - } void RDP_Analyzer::EndpointEOF(bool is_orig) @@ -49,13 +47,47 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) // deliver data to the other side if the script layer can handle this. return; - try + // If the data appears (very loosely) to be SSL/TLS + // we'll just move this over to the PIA analyzer. + // Like the comment below says, this is probably the wrong + // way to handle this. + if ( len > 0 && data[0] >= 0x14 && data[0] <= 0x17 ) { - interp->NewData(orig, data, data + len); + if ( ! pia ) + { + pia = new pia::PIA_TCP(Conn()); + + if ( AddChildAnalyzer(pia) ) + { + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); + } + } + + if ( pia ) + { + ForwardStream(len, data, orig); + } } - catch ( const binpac::Exception& e ) + else if ( pia ) { - ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + // This is data that doesn't seem to match + // an SSL record, but we've moved into SSL mode. + // This is probably the wrong way to handle this + // situation but I don't know what these records + // are that don't appear to be SSL/TLS. + return; + } + else + { + try + { + interp->NewData(orig, data, data + len); + } + catch ( const binpac::Exception& e ) + { + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + } } } diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h index cb5197cffe..8bd6510441 100644 --- a/src/analyzer/protocol/rdp/RDP.h +++ b/src/analyzer/protocol/rdp/RDP.h @@ -5,6 +5,7 @@ #include "analyzer/protocol/tcp/TCP.h" +#include "analyzer/protocol/pia/PIA.h" #include "rdp_pac.h" @@ -21,10 +22,7 @@ public: virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(uint64 seq, int len, bool orig); - - // Overriden from tcp::TCP_ApplicationAnalyzer. virtual void EndpointEOF(bool is_orig); - static analyzer::Analyzer* InstantiateAnalyzer(Connection* conn) { return new RDP_Analyzer(conn); } @@ -40,7 +38,7 @@ protected: binpac::RDP::RDP_Conn* interp; bool had_gap; - + pia::PIA_TCP *pia; }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif index 65917e98be..4885377d57 100644 --- a/src/analyzer/protocol/rdp/events.bif +++ b/src/analyzer/protocol/rdp/events.bif @@ -9,14 +9,8 @@ event rdp_client_request%(c: connection, cookie: string%); ## ## c: The connection record for the underlying transport-layer session/flow. ## -## keyboard_layout: The 16-bit integer representing the keyboard layout/language of the client machine. -## -## build: The 16-bit integer representing the version of the RDP client. -## -## hostname: The hostname of the client machine (optional). -## -## product_id: The product ID of the client machine (optional). -event rdp_client_data%(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string%); +## data: The data contained in the client core data structure. +event rdp_client_core_data%(c: connection, data: RDP::ClientCoreData%); ## Generated for MCS server responses when native RDP encryption is used. ## diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 28fb4afa6a..01e4115970 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -1,63 +1,147 @@ +%extern{ +#include "ConvertUTF.h" +#include "file_analysis/Manager.h" +#include "types.bif.h" +%} + refine flow RDP_Flow += { - function proc_rdp_client_request(client_request: Client_Request): bool - %{ - connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${client_request.cookie_value})); + function utf16_to_utf8_val(utf16: bytestring): StringVal + %{ + size_t utf8size = 3 * utf16.length() + 1; + char* utf8stringnative = new char[utf8size]; + const UTF16* sourcestart = reinterpret_cast(utf16.begin()); + const UTF16* sourceend = sourcestart + utf16.length(); + UTF8* targetstart = reinterpret_cast(utf8stringnative); + UTF8* targetend = targetstart + utf8size; - return true; - %} + ConversionResult res = ConvertUTF16toUTF8(&sourcestart, + sourceend, + &targetstart, + targetend, + strictConversion); + *targetstart = 0; - function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool - %{ - connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_result(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${gcc_response.result}); + if ( res != conversionOK ) + { + connection()->bro_analyzer()->Weird("Failed UTF-16 to UTF-8 conversion"); + return new StringVal(utf16.length(), (const char *) utf16.begin()); + } + // We're relying on no nulls being in the string. + return new StringVal(utf8stringnative); + %} + + function proc_rdp_client_request(client_request: Client_Request): bool + %{ + connection()->bro_analyzer()->ProtocolConfirmation(); + BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${client_request.cookie_value})); + return true; + %} + + function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool + %{ + connection()->bro_analyzer()->ProtocolConfirmation(); + BifEvent::generate_rdp_result(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${gcc_response.result}); return true; %} - function proc_rdp_client_data(ccore: Client_Core_Data): bool - %{ - connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_client_data(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${ccore.keyboard_layout}, - ${ccore.client_build}, - bytestring_to_val(${ccore.client_name}), - bytestring_to_val(${ccore.dig_product_id})); + function proc_rdp_client_core_data(ccore: Client_Core_Data): bool + %{ + connection()->bro_analyzer()->ProtocolConfirmation(); - return true; - %} + RecordVal* ec_flags = new RecordVal(BifType::Record::RDP::EarlyCapabilityFlags); + ec_flags->Assign(0, new Val(${ccore.SUPPORT_ERRINFO_PDU}, TYPE_BOOL)); + ec_flags->Assign(1, new Val(${ccore.WANT_32BPP_SESSION}, TYPE_BOOL)); + ec_flags->Assign(2, new Val(${ccore.SUPPORT_STATUSINFO_PDU}, TYPE_BOOL)); + ec_flags->Assign(3, new Val(${ccore.STRONG_ASYMMETRIC_KEYS}, TYPE_BOOL)); + ec_flags->Assign(4, new Val(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}, TYPE_BOOL)); + ec_flags->Assign(5, new Val(${ccore.SUPPORT_NETCHAR_AUTODETECT}, TYPE_BOOL)); + ec_flags->Assign(6, new Val(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}, TYPE_BOOL)); + ec_flags->Assign(7, new Val(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}, TYPE_BOOL)); + ec_flags->Assign(8, new Val(${ccore.SUPPORT_HEARTBEAT_PDU}, TYPE_BOOL)); - function proc_rdp_server_security(ssd: Server_Security_Data): bool - %{ - connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${ssd.encryption_method}, - ${ssd.encryption_level}); + RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData); + ccd->Assign(0, new Val(${ccore.version_major}, TYPE_COUNT)); + ccd->Assign(1, new Val(${ccore.version_minor}, TYPE_COUNT)); + ccd->Assign(2, new Val(${ccore.desktop_width}, TYPE_COUNT)); + ccd->Assign(3, new Val(${ccore.desktop_height}, TYPE_COUNT)); + ccd->Assign(4, new Val(${ccore.color_depth}, TYPE_COUNT)); + ccd->Assign(5, new Val(${ccore.sas_sequence}, TYPE_COUNT)); + ccd->Assign(6, new Val(${ccore.keyboard_layout}, TYPE_COUNT)); + ccd->Assign(7, new Val(${ccore.client_build}, TYPE_COUNT)); + ccd->Assign(8, utf16_to_utf8_val(${ccore.client_name})); + ccd->Assign(9, new Val(${ccore.keyboard_type}, TYPE_COUNT)); + ccd->Assign(10, new Val(${ccore.keyboard_sub}, TYPE_COUNT)); + ccd->Assign(11, new Val(${ccore.keyboard_function_key}, TYPE_COUNT)); + ccd->Assign(12, utf16_to_utf8_val(${ccore.ime_file_name})); + ccd->Assign(13, new Val(${ccore.post_beta2_color_depth}, TYPE_COUNT)); + ccd->Assign(14, new Val(${ccore.client_product_id}, TYPE_COUNT)); + ccd->Assign(15, new Val(${ccore.serial_number}, TYPE_COUNT)); + ccd->Assign(16, new Val(${ccore.high_color_depth}, TYPE_COUNT)); + ccd->Assign(17, new Val(${ccore.supported_color_depths}, TYPE_COUNT)); + ccd->Assign(18, ec_flags); + ccd->Assign(19, utf16_to_utf8_val(${ccore.dig_product_id})); - return true; - %} + BifEvent::generate_rdp_client_core_data(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ccd); + return true; + %} + + function proc_rdp_server_security(ssd: Server_Security_Data): bool + %{ + connection()->bro_analyzer()->ProtocolConfirmation(); + BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ssd.encryption_method}, + ${ssd.encryption_level}); + return true; + %} + + function proc_x509_cert(x509: X509): bool + %{ + const bytestring& cert = ${x509.cert}; + + ODesc file_handle; + file_handle.AddRaw("Analyzer::ANALYZER_RDP"); + file_handle.Add(connection()->bro_analyzer()->Conn()->StartTime()); + connection()->bro_analyzer()->Conn()->IDString(&file_handle); + string file_id = file_mgr->HashHandle(file_handle.Description()); + + file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), + connection()->bro_analyzer()->GetAnalyzerTag(), + connection()->bro_analyzer()->Conn(), + false, // It seems there are only server certs? + file_id); + file_mgr->EndOfFile(file_id); + + return true; + %} }; refine typeattr Client_Request += &let { - proc: bool = $context.flow.proc_rdp_client_request(this); + proc: bool = $context.flow.proc_rdp_client_request(this); }; refine typeattr Client_Core_Data += &let { - proc: bool = $context.flow.proc_rdp_client_data(this); + proc: bool = $context.flow.proc_rdp_client_core_data(this); }; refine typeattr GCC_Server_Create_Response += &let { - proc: bool = $context.flow.proc_rdp_result(this); + proc: bool = $context.flow.proc_rdp_result(this); }; refine typeattr Server_Security_Data += &let { - proc: bool = $context.flow.proc_rdp_server_security(this); + proc: bool = $context.flow.proc_rdp_server_security(this); +}; + +refine typeattr X509 += &let { + proc: bool = $context.flow.proc_x509_cert(this); }; diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index a89e622539..8d24fb05b9 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -1,45 +1,74 @@ -type RDP_PDU(is_orig: bool) = record { - type: uint8; - switch: case type of { - 0x16 -> ssl_encryption: bytestring &restofdata &transient; # send to SSL analyzer in the future - default -> native_encryption: Native_Encryption; # TPKT version - }; -} &byteorder=bigendian; -###################################################################### -# Native Encryption -###################################################################### +type TPKT(is_orig: bool) = record { + version: uint8; + reserved: uint8; + tpkt_len: uint16; -type Native_Encryption = record { - tpkt_reserved: uint8; - tpkt_length: uint16; - cotp: COTP; -}; +# These data structures are merged together into TPKT +# because there are packets that report incorrect +# lengths in the tpkt length field. No clue why. + + cotp: COTP; +} &byteorder=bigendian &length=tpkt_len; type COTP = record { - length: uint8; - pdu: uint8; - switch: case pdu of { - 0xe0 -> cRequest: Client_Request; - 0xf0 -> hdr: COTP_Header; - default -> data: bytestring &restofdata &transient; - }; + cotp_len: uint8; + pdu: uint8; + # Probably should do something with this eventually. + #cotp_crap: padding[cotp_len-2]; + switch: case pdu of { + #0xd0 -> cConfirm: Connect_Confirm; + 0xe0 -> c_request: Client_Request; + 0xf0 -> data: DT_Data; + + # In case we don't support the PDU we just + # consume the rest of it and throw it away. + default -> not_done: bytestring &restofdata &transient; + }; } &byteorder=littleendian; -type COTP_Header = record { - tpdu_number: uint8; - application_defined_type: uint8; # this begins a BER encoded multiple octet variant, but can be safely skipped - application_type: uint8; # this is value for the BER encoded octet variant above - switch: case application_type of { # this seems to cause a binpac exception error - 0x65 -> cHeader: Client_Header; # 0x65 is a client - 0x66 -> sHeader: Server_Header; # 0x66 is a server - default -> data: bytestring &restofdata; - }; +type DT_Data = record { + tpdu_number: uint8; + # multiple octet variant of the ASN.1 type field, should handle this better. + application_defined_type: uint8; + application_type: uint8; + + data: case application_type of { + 0x65 -> client: Client_Header; # 0x65 is a client + 0x66 -> server: Server_Header; # 0x66 is a server + default -> none: empty; + }; } &byteorder=littleendian; +###################################################################### +# Data Blocks +###################################################################### + type Data_Header = record { - type: uint16; - length: uint16; + type: uint16; + length: uint16; +} &byteorder=littleendian; + +type Data_Block = record { + header: Data_Header; + block: case header.type of { + 0xc001 -> client_core: Client_Core_Data; + #0xc002 -> client_security: Client_Security_Data; + #0xc003 -> client_network: Client_Network_Data; + #0xc004 -> client_cluster: Client_Cluster_Data; + #0xc005 -> client_monitor: Client_Monitor_Data; + #0xc006 -> client_msgchannel: Client_MsgChannel_Data; + #0xc008 -> client_monitor_ex: Client_MonitorExtended_Data; + #0xc00A -> client_multitrans: Client_MultiTransport_Data; + + 0x0c01 -> server_core: Server_Core_Data; + 0x0c02 -> server_security: Server_Security_Data; + 0x0c03 -> server_network: Server_Network_Data; + #0x0c04 -> server_msgchannel: Server_MsgChannel_Data; + #0x0c08 -> server_multitrans: Server_MultiTransport_Data; + + default -> unhandled: bytestring &restofdata &transient; + } &length=header.length-4; } &byteorder=littleendian; ###################################################################### @@ -47,11 +76,11 @@ type Data_Header = record { ###################################################################### type Client_Request = record { - destination_reference: uint16; - source_reference: uint16; - flow_control: uint8; - cookie_mstshash: RE/Cookie: mstshash\=/; # &check would be better here, but it is not implemented - cookie_value: RE/[^\x0d]*/; # the value is anything up to \x0d + destination_reference: uint16; + source_reference: uint16; + flow_control: uint8; + cookie_mstshash: RE/Cookie: mstshash\=/; + cookie_value: RE/[^\x0d]*/; }; ###################################################################### @@ -59,158 +88,173 @@ type Client_Request = record { ###################################################################### type Client_Header = record { - type_length: uint8[3]; # BER encoded long variant, can be safely skipped for now - calling_domain_selector: ASN1OctetString; - called_domain_selector: ASN1OctetString; - upward_flag: ASN1Boolean; - target_parameters: ASN1SequenceMeta; - targ_parameters_pad: padding[target_parameters.encoding.length]; - minimum_parameters: ASN1SequenceMeta; - min_parameters_pad: padding[minimum_parameters.encoding.length]; - maximum_parameters: ASN1SequenceMeta; - max_parameters_pad: padding[maximum_parameters.encoding.length]; - user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now - gcc_connection_data: GCC_Client_Connection_Data; - gcc_client_create_request: GCC_Client_Create_Request; - core_header: Data_Header; - core_data: Client_Core_Data; - remainder: bytestring &restofdata &transient; # everything after core_data can be discarded + type_length: ASN1Integer; + calling_domain_selector: ASN1OctetString; + called_domain_selector: ASN1OctetString; + upward_flag: ASN1Boolean; + target_parameters: ASN1SequenceMeta; + targ_parameters_pad: padding[target_parameters.encoding.length]; + minimum_parameters: ASN1SequenceMeta; + min_parameters_pad: padding[minimum_parameters.encoding.length]; + maximum_parameters: ASN1SequenceMeta; + max_parameters_pad: padding[maximum_parameters.encoding.length]; + # BER encoded OctetString and long variant, can be safely skipped for now + user_data_length: uint32; + gcc_connection_data: GCC_Client_Connection_Data; + gcc_client_create_request: GCC_Client_Create_Request; + data_blocks: Data_Block[] &until($input.length() == 0); }; type GCC_Client_Connection_Data = record { - key_object_length: uint16; - key_object: uint8[key_object_length]; - connect_data_connect_pdu: uint16; + key_object_length: uint16; + key_object: uint8[key_object_length]; + connect_data_connect_pdu: uint16; } &byteorder=bigendian; type GCC_Client_Create_Request = record { - extension_bit: uint8; - privileges: uint8; - numeric_length: uint8; - numeric: uint8; - termination_method: uint8; - number_user_data_sets: uint8; - user_data_value_present: uint8; - h221_nonstandard_length: uint8; - h221_nonstandard_key: RE/Duca/; # &check would be better here, but it is not implemented - user_data_value_length: uint16; -}; + extension_bit: uint8; + privileges: uint8; + numeric_length: uint8; + numeric: uint8; + termination_method: uint8; + number_user_data_sets: uint8; + user_data_value_present: uint8; + h221_nonstandard_length: uint8; + h221_nonstandard_key: RE/Duca/; + user_data_value_length: uint16; +} &byteorder=bigendian; type Client_Core_Data = record { - version_major: uint16; - version_minor: uint16; - desktop_width: uint16; - desktop_height: uint16; - color_depth: uint16; - sas_sequence: uint16; - keyboard_layout: uint32; - client_build: uint32; - client_name: bytestring &length=32; - keyboard_type: uint32; - keyboard_sub: uint32; - keyboard_function_key: uint32; - ime_file_name: bytestring &length=64; - post_beta_color_depth: uint16; - product_id: uint16; - serial_number: uint32; - high_color_depth: uint16; - supported_color_depth: uint16; - early_capability_flags: uint16; - dig_product_id: bytestring &length=64; -}; + version_major: uint16; + version_minor: uint16; + desktop_width: uint16; + desktop_height: uint16; + color_depth: uint16; + sas_sequence: uint16; + keyboard_layout: uint32; + client_build: uint32; + client_name: bytestring &length=32; + keyboard_type: uint32; + keyboard_sub: uint32; + keyboard_function_key: uint32; + ime_file_name: bytestring &length=64; + # Everything below here is optional and should be handled better. + # If some of these fields aren't included it could lead to parse failure. + post_beta2_color_depth: uint16; + client_product_id: uint16; + serial_number: uint32; + high_color_depth: uint16; + supported_color_depths: uint16; + early_capability_flags: uint16; + dig_product_id: bytestring &length=64; + # There are more optional fields here but they are + # annoying to optionally parse in binpac. + # Documented here: https://msdn.microsoft.com/en-us/library/cc240510.aspx +} &let { + SUPPORT_ERRINFO_PDU: bool = early_capability_flags & 0x01; + WANT_32BPP_SESSION: bool = early_capability_flags & 0x02; + SUPPORT_STATUSINFO_PDU: bool = early_capability_flags & 0x04; + STRONG_ASYMMETRIC_KEYS: bool = early_capability_flags & 0x08; + SUPPORT_MONITOR_LAYOUT_PDU: bool = early_capability_flags & 0x40; + SUPPORT_NETCHAR_AUTODETECT: bool = early_capability_flags & 0x80; + SUPPORT_DYNVC_GFX_PROTOCOL: bool = early_capability_flags & 0x0100; + SUPPORT_DYNAMIC_TIME_ZONE: bool = early_capability_flags & 0x0200; + SUPPORT_HEARTBEAT_PDU: bool = early_capability_flags & 0x0400; +} &byteorder=littleendian; ###################################################################### # Server MCS ###################################################################### type Server_Header = record { - type_length: uint8[3]; # BER encoded long variant, can be safely skipped for now - connect_response_result: ASN1Enumerated; - connect_response_called_id: ASN1Integer; - connect_response_domain_parameters: ASN1SequenceMeta; - domain_parameters_pad: padding[connect_response_domain_parameters.encoding.length]; # skip this data - user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now - gcc_connection_data: GCC_Server_Connection_Data; - gcc_create_response: GCC_Server_Create_Response; - core_header: Data_Header; - core_data: padding[core_header.length - 4]; # skip this data - network_header: Data_Header; - net_data: padding[network_header.length - 4]; # skip this data - security_header: Data_Header; - security_data: Server_Security_Data; -}; + # We don't need this value, but it's ASN.1 integer in definite length + # so I think we can skip over it. + type_length: uint8[3]; + connect_response_result: ASN1Enumerated; + connect_response_called_id: ASN1Integer; + connect_response_domain_parameters: ASN1SequenceMeta; + # Skipping over domain parameters for now. + domain_parameters: padding[connect_response_domain_parameters.encoding.length]; + # I think this is another definite length encoded value. + user_data_length: uint32; + gcc_connection_data: GCC_Server_Connection_Data; + gcc_create_response: GCC_Server_Create_Response; + data_blocks: Data_Block[] &until($input.length() == 0); +} &byteorder=littleendian; type GCC_Server_Connection_Data = record { - key_object_length: uint16; - key_object: uint8[key_object_length]; - connect_data_connect_pdu: uint8; + key_object_length: uint16; + key_object: uint8[key_object_length]; + connect_data_connect_pdu: uint8; } &byteorder=bigendian; type GCC_Server_Create_Response = record { - extension_bit: uint8; - node_id: uint8[2]; - tag_length: uint8; - tag: uint8; - result: uint8; - number_user_data_sets: uint8; - user_data_value_present: uint8; - h221_nonstandard_length: uint8; - h221_nonstandard_key: RE/McDn/; # &check would be better here, but it is not implemented - user_data_value_length: uint16; -}; + extension_bit: uint8; + node_id: uint16; + tag_length: uint8; + tag: uint8; + result: uint8; + number_user_data_sets: uint8; + user_data_value_present: uint8; + h221_nonstandard_length: uint8; + h221_nonstandard_key: RE/McDn/; + user_data_value_length: uint16; +} &byteorder=bigendian; type Server_Core_Data = record { - version_major: uint16; - version_minor: uint16; - client_requested_protocols: uint32; -}; + version_major: uint16; + version_minor: uint16; + client_requested_protocols: uint32; +} &byteorder=littleendian; type Server_Network_Data = record { - mcs_channel_id: uint16; - channel_count: uint16; -}; + mcs_channel_id: uint16; + channel_count: uint16; +} &byteorder=littleendian; type Server_Security_Data = record { - encryption_method: uint32; - encryption_level: uint32; - server_random_length: uint32 &byteorder=littleendian; - server_cert_length: uint32 &byteorder=littleendian; - server_random: bytestring &length=server_random_length; - server_certificate: Server_Certificate; -}; + encryption_method: uint32; + encryption_level: uint32; + server_random_length: uint32; + server_cert_length: uint32; + server_random: bytestring &length=server_random_length; + server_certificate: Server_Certificate &length=server_cert_length; +} &byteorder=littleendian; type Server_Certificate = record { - cert_type: uint8; - switch: case cert_type of { - 0x01 -> proprietary: Server_Proprietary; - 0x02 -> ssl: SSL; - }; + version: uint32; + switch: case cert_type of { + 0x01 -> proprietary: Server_Proprietary; + 0x02 -> x509: X509; + }; +} &let { + cert_type: uint32 = version & 0x7FFFFFFF; + permanent_issue: bool = (version & 0x80000000) == 0; } &byteorder=littleendian; type Server_Proprietary = record { - cert_type: uint8[3]; # remainder of cert_type value - signature_algorithm: uint32; - key_algorithm: uint32; - public_key_blob_type: uint16; - public_key_blob_length: uint16; - public_key_blob: Public_Key_Blob &length=public_key_blob_length; - signature_blob_type: uint16; - signature_blob_length: uint16; - signature_blob: bytestring &length=signature_blob_length; -}; + signature_algorithm: uint32; + key_algorithm: uint32; + public_key_blob_type: uint16; + public_key_blob_length: uint16; + public_key_blob: Public_Key_Blob &length=public_key_blob_length; + signature_blob_type: uint16; + signature_blob_length: uint16; + signature_blob: bytestring &length=signature_blob_length; +} &byteorder=littleendian; type Public_Key_Blob = record { - magic: bytestring &length=4; - key_length: uint32; - bit_length: uint32; - public_exponent: uint32; - modulus: bytestring &length=key_length; -}; + magic: bytestring &length=4; + key_length: uint32; + bit_length: uint32; + public_exponent: uint32; + modulus: bytestring &length=key_length; +} &byteorder=littleendian; -type SSL = record { - pad1: padding[11]; - x509_cert: bytestring &restofdata &transient; # send to x509 analyzer -}; +type X509 = record { + pad1: padding[8]; + cert: bytestring &restofdata; +} &byteorder=littleendian; ###################################################################### # ASN.1 Encodings @@ -226,7 +270,7 @@ type ASN1EncodingMeta = record { len: uint8; more_len: bytestring &length = long_len ? len & 0x7f : 0; } &let { - long_len: bool = len & 0x80; + long_len: bool = (len & 0x80) > 0; length: uint64 = long_len ? binary_to_int64(more_len) : len & 0x7f; }; @@ -251,7 +295,7 @@ type ASN1Boolean = record { }; type ASN1Enumerated = record { - encoding: ASN1Encoding; + encoding: ASN1Encoding; }; ###################################################################### @@ -261,7 +305,6 @@ type ASN1Enumerated = record { function binary_to_int64(bs: bytestring): int64 %{ int64 rval = 0; - for ( int i = 0; i < bs.length(); ++i ) { uint64 byte = bs[i]; diff --git a/src/analyzer/protocol/rdp/rdp.pac b/src/analyzer/protocol/rdp/rdp.pac index 1d0f7f6197..088896c663 100644 --- a/src/analyzer/protocol/rdp/rdp.pac +++ b/src/analyzer/protocol/rdp/rdp.pac @@ -19,8 +19,7 @@ connection RDP_Conn(bro_analyzer: BroAnalyzer) { %include rdp-protocol.pac flow RDP_Flow(is_orig: bool) { - #flowunit = RDP_PDU(is_orig) withcontext(connection, this); - datagram = RDP_PDU(is_orig) withcontext(connection, this); + flowunit = TPKT(is_orig) withcontext(connection, this); }; %include rdp-analyzer.pac diff --git a/src/analyzer/protocol/rdp/types.bif b/src/analyzer/protocol/rdp/types.bif new file mode 100644 index 0000000000..8222560331 --- /dev/null +++ b/src/analyzer/protocol/rdp/types.bif @@ -0,0 +1,5 @@ + +module RDP; + +type EarlyCapabilityFlags: record; +type ClientCoreData: record; diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log new file mode 100644 index 0000000000..3a1fcec5ee --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path rdp +#open 2015-03-04-17-59-16 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method +#types time string addr port addr port string string string string string count count string string string string +1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 English - United States RDP 6.0 FROG-POND (empty) 1152 864 32-bit Success High 128bit +1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 - - - - - - - - - - +#close 2015-03-04-17-59-16 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log new file mode 100644 index 0000000000..cfcbc9453b --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path rdp +#open 2015-03-04-17-53-51 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method +#types time string addr port addr port string string string string string count count string string string string +1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI - - - - - - - - - - +1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI - - - - - - - - - - +#close 2015-03-04-17-53-51 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log new file mode 100644 index 0000000000..980188fc09 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/ssl.log @@ -0,0 +1,11 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-04-17-53-51 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1297551044.626170 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T FQWlpb1SuS5r4ERXej (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx - - +1297551078.965110 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 TLSv10 TLS_RSA_WITH_AES_128_CBC_SHA - 192.168.1.150 F - - T F4ERrj2uG50Lwz8259 (empty) CN=WIN2K8R2.awakecoding.ath.cx CN=WIN2K8R2.awakecoding.ath.cx - - +#close 2015-03-04-17-53-51 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log new file mode 100644 index 0000000000..e17efa3f31 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path rdp +#open 2015-03-04-17-56-41 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method +#types time string addr port addr port string string string string string count count string string string string +1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit Success Client compatible 128bit +#close 2015-03-04-17-56-41 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log new file mode 100644 index 0000000000..2e1ad5bb02 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2015-03-04-17-56-41 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1423755602.103140 F71ADVSn3rOqVhNh1 3 59EB28CB02B1A0D4 L=TURNBKL+CN=SERVR L=TURNBKL+CN=SERVR 1423664106.000000 1431388800.000000 rsaEncryption sha1WithRSA rsa 512 65537 - - - - - T 0 +#close 2015-03-04-17-56-41 diff --git a/testing/btest/Traces/rdp/RDP-004.pcap b/testing/btest/Traces/rdp/rdp-proprietary-encryption.pcap similarity index 100% rename from testing/btest/Traces/rdp/RDP-004.pcap rename to testing/btest/Traces/rdp/rdp-proprietary-encryption.pcap diff --git a/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap b/testing/btest/Traces/rdp/rdp-to-ssl.pcap similarity index 83% rename from testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap rename to testing/btest/Traces/rdp/rdp-to-ssl.pcap index 3a6a2999eba4fa36f1655a95464494db44c8bede..e57d4b7cf7902c952a1959cd2bbdcd130ae6a050 100644 GIT binary patch delta 6977 zcmZvhdt6Of8^_ODRFrb)HTIj0jC&-P5poOTI+>1{sl6wq7&@my<*t+@x(#8?Sh-}} zW>7hp{WjYSCdL@I+y*n`lFLhOsVGv)`>fr&$LE}#&&MBY@9*#TJnMPZ+IyeXA6uII zv8BlxZ(iJUbT>K$|JNV&bR6n8<8rMI{v}{n-Q~2kfhoNBAFKOyn^J$6Y0x8Gxv&no zVKIsHL>wL)M{cz2Ll&ZQy!fM~;)**cmMV%?Bm{$GAo&_|*rrJO0e{>W3*qFMEr%lx zNw#+7h!+Da=?Mf;pxSYZXGXr{1a<{Ra)nq)O+H8}q_cDe^sqH>uM^MfBtMSjJIRtTTm@nT5M!lt(li$rjQmI( z|8M-jS<2)gUEv)ue8}OeNhJKk3%vh%OSRuTv$4-p$e=8zwdB{aOCv1KB5_?fTylWW zF2TIG#F7`{&Bne7z)zmOSZdkT7V?R(B6a}rJrJJB9mz-C3b7bY^xZk!PatmH3wbfj z5*HoK#(vEW+?xX8NL<|jH<7n)9A40#e9!}MqZPgo@Wp^n`;{lndIAt?1>^!?2Ee`4 zNU(b$_J2TbyK~qOCRMoyK!N{d$p@@A8$CG#_v(1*E@^gOzs9_nX-NdOF&hW=H9$`* zUXmhDH{QQ*g8*(6Ms112NBrg;M?8Sab405Z&*!{gdZqIYgz{5>vHyQ%ACZClA%bEv_+GIyid)c%_iuQ5-&bNSYAk z3d3YFGn%tk$)KBxZB8`UuGHF2%QNWT#HsKH_Y}BzP7N=v(86D}2iO?`)y>_6I*CaQ z5WgDqRr6H4^aqMv;e4=Lu7#&}0~ivO$`@>cyc5alMep;z{z%cDTLgJ8(`sk*G3Z|- zHPE0Z3fwdX0wpv6Z-Q1(2;>^;3JYYZmI$>0!X1dfC2VH#4G=pG`pVU6!09DQz=82K zSd1gl3C?y-tUbp{CEum22TR}@hhdnW!2Dvhex}w?%i?3D_5D0nruZ2XVFED?z{^;d zz%G6{vsn3IXRg0N1i^f!)?L7I2=Hh%mAi0dX^(t%bRyJj1!UEtI@U4bi+>32|^0 zlza}mZ5PEl0+I`>S;?c}8ix;elpNNul%upUW-W#uO*-7MzT`o*ieK?sNI9|r_&)0o z*ww9L?z4&OH;TL0H*7eI1b)let5&``5}nyr+Vt%LnA}XQSEN6yH+Z>ICXOJ!nTl6f zrYmF`t`$VNLA|!B_DdTxdvaz2WNP(#VGpaQZvgfL_q!We=}aVk^ZV2aY!&U1&9IHE z-Ze}coyFF@8mMIx1%8tSfvny;44z{L1wRgf^xv^A&d}yPCmM(^f$-VNQkhPs?sRUh zXFDUWq`vCW&6E(`wnG=cVz=#L;P%SA5^4AjR-0*Xjl(dE-O0LW^|`>Zn75qm1=a6u zbHz{i0a6apCN!@EU}vzKy^FaAlQp{)_w3zlIE57K;hL&ekH~@D?Iee6*2EyK)q)V# z6R^t4VcI~FpQ~71&t*-VtQ9Q$2x?oPx^Mr0B`SHDnf?23GUYpoO>5z0)(NmL*vIU@ zB+vJA_Nus%iz0SEz{H|9)S{cL#``-+`9CtTK<-K$hGC7whW;>gCcX1)?Du!5@4`D? z@e9mjetufN7++RnFnInGGx&n&4=R3c2ifp*;`1~2kC$Hu#Vh@1=JlD@EA}_`C;_jw zhnRR08Gcyt`tmTVn?WmBvYxGHHPyd6DfYh{VfMaSI<7x^aDcr}KC}On%s%=)w;kP> znCv|Yt8F5gdfd5rQ?`UvZ{O~U_v2&iE$RdJIh^e$#U5uypOCEIIs0tC`hxA~r5N4( z9k$T~Z4yhDK>c|Y?&_h~a(^(}@np?O#WwpSvmHkYPQAD7-cPZ0I1RRAwYCYRP`W*; zZJq*4W6v<#F(m)2Vtf58E8}Rbcv%%&uc|nB0GWEDE%7=B`{ZLSoH&iu940^MJlnXV z$ny*DvphOT(YjxREJtd!%OlvzRRc{NtiWNHAkc^g;H#_w5GdhK7RZ~ly~5e=Os%i7 zahReFyaIuSYqd$Y*`q>*i-s$3=2ZwZObf3V$6B&8RoeF#3pAAYTzem=*GNU1ehmT* z(P~#tVowb<(7aI!eDXR38r%SUh&2fU-7aJe_F8w7!!UBW$wq_7kX!G=P94LXq}W?* zEf3UMrSxK50I_2c6AvIBcNDMjcUX@-wSrU(rJtrII&*?zpM96v_iupS#%d4tL+&&C zkI0n&zRxY-Q)QM}|AmtD(`wV^vnR}!l=?>9Rbc7*1GW_Vl1arJ-jX6k6f@gCFmxtc zAKBQebk=8zb-^Rpg}vF`=8xFpMZG=#b0zI2PnekpNqDN5ZG6hidXdA=xPOc;_$y@1 zGd4kYZIY|jK>e;lCaaz^aZj?ZRPj1px(Nh5w1U+epne4)NGNA-G&e1g(TG(Th{G?~ z`>1;Z#CBFybu#aQl(}YBz+AhLORt>mn!)Wa!C+q{%c(0|<8WrO^z;=Qc3}u{t+KJt zOs+5O7a__VeX7_TJ8Q$Og`fU!ioxLa8)ndHU5#SrQsWJyjwJ9c*HpEtB^_$oNt@m} zppN2)TBmjJZme3Y!t?2YR;Zm+TkzK7aVs16-B_4Lw}qfcUN~uG zn_@OTf5m>khg_#Ur=q3U?6)8J6##tWAlB)IC(1^M**P?p)BRz!i~0ff_i+S`aCv2clQGeTw~+sKEE z5EhHA=;|=I(7%H24r4)zEG?${n~i1m?3d}OcJlKuG#WB>wnEYYnGPLK?4K|DMxe8B zKGTx&(ctQlD0@buPi%Ryg;rCY2&--zAXy8QR_N)4MWE^aGkv^>RlbmomCA>Tvd3Z+ z0^M<V03>&kt z7QP{>vbqnab@6QOc?}X=RhG{#`QxR?9${f8H6%a+V{>VE0?Ocp<5rS0fQ^`n2BSNzVT*+9?)h25|V)J9=m(tVdxM9g+;= zMpvkRGRo(LT+5V<@NM_*GdO_R7)0bgDd;X#OJ{{-0s>!fuk>AVX|FVt#|yt`2$QaZ zfvY^bH$Z-uhE^b6sIx+DnN7MJ==z8*M!NNDW@2^FV`M}b+e-<3&$F}e*3!f@ z(ro%Dz@UHpYwgwg$$z)hi4KoOJT?A~qOedy+n-?7sV;jKUk}g+PV{IK%-eNUsxz7a z93DJG9&`d#LQ~&RbP74!!gp77=uD*pgk9tCG8fwB6l`H(9nEFqJw53kr_c>v zSZkS8*fF!I|EKK4XWUDACCk2NQ2^9yixqMQ zkjt=&H($%8CkmL!5lbSXze-GKM03xf98GT{!d2qi96I+rs>VVYjl2MfJ#Il$FQ7au zWK-{pFn(S{11_R!Uf5$5qrzWS4trJw&lOep`45B-`Lb`22q= zWzt$uAUZVpH#ATj%*@P$qOz=Th)(wePA?z6(5;VyC(dYPLr``f zp4NNmp{HyCthbCBbJ}bg^gHbA9Nky+(lb~9etz^^37h{0xwr)FgBM&UOGz9to4lHW zB(${){jm%c@&5NMiTH6Uar?5ox19CP{~kU60$k^p%a2~52q+n{)Fkv(H4kg#$O`lc zl+2qRt^|#HPx@CSd$d^{lPue;O2)L754=LZfor^_Ya#+<3VY_Pc_L?2DRqytLi_=d z0NLc(MLzLH>D3Z?w;BR>{9LZ7Ry0-zXv=kG)8HW3yyZDNf+d$(Elnn}*o2*H*J`@{u~l*6M65sXZWpu$5j!Wy&w#feRLrsRx3;t_)0<$0KYH zwpM3hNk5xSL%V>coBe({5@WU+=UdKjg%cpLuo^G>w35GX1PB(A=&{CN>-1Q@(O9va zYo*z3HVx|xn(mwHWMm5n780qW9caFemb=>FUm%Xvi+?3Ny@yA_!YJCcN3LyxV*s%_ z23rX`bU0gXX%COd#9m1ylJ0W=TQ_(4w1bk0RS%Q5nN8lThdF1HXlXMHUplL3h$Bcg qOr$Z67@mupEt5}aqbf4?(-BVCmluv&5#9>XqB`g31DflEH~tTw;UQZ9 delta 6977 zcmZ`;d0Z3M7S4?VDiWgkY4Z>xc5y+$r7bE|K)Y$H68oM@6%|}a00rW%2u4T%rHVS% zp(0kSwpMU_c7Akh-Rp{?NG+|Rh}bGB%3=i(1mC&$P6&N7@%QtOoB6))oco<~&n%qV z+2P#I4x55J6^fJl&;|Iv?WCXEsLAuMH7nqsS?Q&)6mJemm0oYjT=(q)y&5Sj`CE{; zQlVf5BCXQWz})OQgjtR*OBlcT0AmehFri99`9i5xTF3C;DnDqC6&^clmC5eBvr8?K z(2E~uuG`;DuT{LX>Ud2@4<#lHa@8tRqxo^JKRV$h>H-<$Gd;Tef>&jDRm8mLV#cde zUAsA{8*AY5mt9HhQ(eV$TiV7N<~C};Yr)+)!+;#Uwy_kFtJ8eYUW!QP41=8Y+UJRo z?_}*i^CcSkVnB=r#K(~D91jmAQZVtJ|HA2Jc+zzBufy)6naI}*CHj+>aE2k3kU>rI zPJZ$mecItI#P@-WTNt*_Yzcm90%sU%2K)?572mb5^FRC}`Aq!=5PJdP2NLh}E5U;5 z{zTBbe~CnJnj2?$+g-1HQ2=l+ZvubmP2k-J$iSBad?mo=0KD@+89*)oH~{znKyF6Zi(7=~9EIZ{rMpTD`XZbn-+#dgx>+BBTdr7(P@_Yg*>#E!lzy01s1q`L~9p zDIdVrKZ0RRLM?_x+2|TWyXAaddVtu#Z9l;g)=bqCz!w zg6C2NySW_oV4jaGl?21^5eN#<+p1$~My7A+}dWJ;#4H(zbD)9+P4&)-dz{}eCEk?m zz>kP$VrdSfI0zWYKmnp`0aNQqz;)~714cH}YVo_)I|vwM5KD9`jrKxqy2jlZEN`%d zaBn0b4sRfq!)2FPS`of*BelFXogT1F4pLsY5^6NbrZ=;h=v8c%PkG^=v_5>x7OL*G zm8kn~rOS{n?Y$Zd6DXr6pZVo7`R zxtu4tHSxBkh8dh^zt_C-Bzhrv4)j(9i}R-HM=GE`O!T}D)8+V|?72jllI)c>4(Y8fs?e` zPHWsd(iW!L!TpK$!&CGw8g`l_7I&HoWu0jwtF-|M5jCd*Tw2y>ZEbjcXg)&XC!|n6R5Y z8UM@j=Ol5CI722~p$E6B(4OVV5rpe=RX)q4sJ1g?!g~Z9Q6wKIsaTvL=3i-`p1;`x z83G75-IptV+c3xx_qGINpxz^Kug{y z;PW@+10^4!MdELlkOFVHMe5>lif;R?v8^R zuTz5cb8HQ=;1eRhzubZRx@^(=k$+P8S%2Acn?8~3GV3pSOV%%?6NXw+PQd()d$biN zRgg5JDyZzF3JtUCfqmL!eMY1U9*|QASKS}99pU5tP15f0h>DpjiP-i^Dt7d-J;%Z+ z1ljc1!3H;M0{@C(+Ha_$HrVEAS6SG;gkTa7RmTM;+#mK6P+EO5fdf zq`aC*_L}jG?6s&~ zeCxpLZcgOAkF7Z+q;4Fc3-c70!ntnU~SIV_GRHVbMHP zBrW~i6wXj>hK7bWPIh)UlD_kb2yJ7yRmJWNm&t5y0nwm{!3Kn1bJ=VIWM)+fM+^`a z|FAKF?ss2=Optj~I73Y*@@Cp1R7Ic22R#;u@r?XXeJL=Q0HMyoVTlZs?;Mn!MEw(b&a{ndJ8l@Tcg zNDfqeG>Gi_LQVuDYRFmg6-*mYo}a`&;~38P&UC%{;c?sMzh0wa15L=2HJm}Q*sfk@ zu{-z!AiWi^_f+i34oXj#zM?w-05=kZ5ob{y@e^G@8fSR!g44#1JCAONYuMFgr$Yey^L}sVWJ{!2$&L!ub@V}m6$?E3~I2h5ar=@&{dqMik*HH zHA)qpaYn!0(9@Rz5nDtR7W_&Tl7B_TSYhThSf|bsmS00B+DRm0u5iX-<3Zw$WR>vQ zA1Fq;SChsDu~rGC*HJL3i*E@|?6xqr1f@wiizl>ljtkW{Q7^(#mtszW;9ZIaNI6TM zw{j8$(`|s@^mmqF&PMid8LF0Kzs%H1*(jX8gWkiGZFezaqTq2CZIeb>egr7l@J09v zoT!37k%ttrLJbhOZ9HEI5am69;6!xyv8+xQeqWaJGiMyW3l3@_K%y(;AS>MgQU{P# z$pONi2T)%un_Y=dL>)O1kKpU&{ilj;@i1{dw2g~O99G31sg!AeRr#E8#2Gl*Ie;j7 zOdH_x6JVrF6e^yegVL|9@eF75?+BD|YXbX24JwnEnlQE%aa=f1E7tDHQ=G?f;lWcB zCAG{vw3V|{h{?{zYxZS9U$imz~}9{nO!O+)~hMepB2dV`#)iBkZ= z10)lCKl?(gRe2*0tP`3Vwfw{xNA&?tKj6eDl``FERRJUp zy73x7_O=5EmOa&;%HC`*Cu`lu83Wz|PJiGaXMkXin+xUiby5B-O(hwocVG-OMj4#Y z<_^kLG7vbSfwdSxhbV{ fF|~({VX0zAtCYc#4owXrh%SveFe!6Y%I*IH`)Fx@ diff --git a/testing/btest/Traces/rdp/rdp-x509.pcap b/testing/btest/Traces/rdp/rdp-x509.pcap new file mode 100644 index 0000000000000000000000000000000000000000..073d03e4eefacfb949433fc52d146b0eabae4c76 GIT binary patch literal 3135 zcmbtWc~DhV82`>)9*Ylst{^61)C_@7?uGZj4MQI*yWDC+V&6GW}%@s|v!kRI0YRX*N)y&uLJMSq74sG||@80ix=bYa;-+IrH zUE4P)q|uct5Fiq0Oy2$Fom<<8CV*$6{MqX+*(mx0+rX@Fx}C@|Vow%%EjgS0TZ8~9 zM-N10_G;GtUX?!u(-7zY8z%zBjnv*g@V%>OMtQbLs zn}}4Rl%(T4ow6$`%1S+>)Dn1UhD z$!%k9-OP(l-^J$Og+p#rdo}C!{FsY7n^WYX{d*rI>gOOO1bhd8+qQ`wfRpkh@R0ui z{6uVzX3CXjlDlQ_kQ0L@|8HhuZNA5%SN+^I788?ZNo{WJqRk*_CfmiGpU#!`#%m_9 z4nHL57bGH6S3iqyQsy$&q+&LAhXT4CF*7J13Y?2&lZze7Iqw4=pV+P;T?DRxF<22d zDMC>MDMEzaN+19ccR_OXkpmPhp1W>Pc#Lu>T7J7s)O_L&(rLg-5_LInu8oABCN3*- z)r}VZ?@5Em8#YoCd(@@~6dLa>L{n)7ltCsk$V~>;P9q0ePH+y$9aIR;h2Bx%?NZ{A{U&;d!X#Grm*%(9 zz>ru0KP1Gf{*kZ%QKfr{yHd)$Uhq}rZrSh`EiPSBDSI0I?n?K4diVjILnQO!1(T(05~- zMQ?1cDD4%nHZ~7CR@ioO$P@jX84H#syY2PutuJ7#m&Y%JZw#Nf3l!0aO({zFyizc>UyxuZPE+xwPv_`t54dF@BI1Y z*`J^7Q;@KKi!b8WvbIm|iP^Jt`=&!l%g>a}SzSLmtm%)wix<9iIk2qZ#U|zQwx>KO z_=Zn)f%*hZtaCz$POJP&i?Dsu42R(~aXX!C-*huI4Ucn_bJTpJ?m@F|tuZXXHpbJ8rQf`>u}*u_Pi(4Pp>bTIOTM^_x!yrm()csxu?J1{`@EO-OVc+ z&TjG4*uMSa#4Qz*R;^6?ywJM0rTFnN{XeWtUNm9d_F>yT3cAoI-bDDe7y~R3$rjXE zUq(L^+kmDCB$F|=LyF=W(1uUPW{Y5q3aSDXQ#Fz%8yuU5-!4c>!Ii^FM&167={irZ zdmCEG6B?%v*V7wNO^ZRVLYfApQz;#W8HI|*^~;012yHtIXrk8yS14E9tlys=W!LH546kJyPH?O8O+Ue4{CU(Jl zG@(XFy96iwLxGrq4|3Lw#%4$T_eQr~ud zb**z>eZniYBmVcYR&J(-LF4i~?W@f95+3_u$A-B#y1r#-0N6#%Prx!Q4H?slk8na@}`gMiiPU|~7M2MaF_qaQCs@CiMV I52q~q3w Date: Wed, 4 Mar 2015 13:24:59 -0500 Subject: [PATCH 032/121] SSH: A bit of code cleanup. --- src/analyzer/protocol/ssh/ssh-analyzer.pac | 42 +++++++++++----------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index e1f9fc5f86..d448bdae60 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -43,7 +43,6 @@ VectorVal* name_list_to_vector(const bytestring nl) word = name_list.substr(start, name_list.size() - start); vv->Assign(vv->Size(), new StringVal(word)); } - return vv; } %} @@ -68,27 +67,28 @@ refine flow SSH_Flow += { function proc_ssh_kexinit(msg: SSH_KEXINIT): bool %{ - if ( ssh_capabilities ) - { - RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities); - result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); - result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); - result->Assign(2, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); - result->Assign(3, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); - result->Assign(4, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); - result->Assign(5, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); - result->Assign(6, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); - result->Assign(7, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); - if ( ${msg.languages_client_to_server.len} ) - result->Assign(8, name_list_to_vector(${msg.languages_client_to_server.val})); - if ( ${msg.languages_server_to_client.len} ) - result->Assign(9, name_list_to_vector(${msg.languages_server_to_client.val})); - result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL)); + if ( ! ssh_capabilities ) + return false; + + RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities); + result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); + result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); + result->Assign(2, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); + result->Assign(3, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); + result->Assign(4, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); + result->Assign(5, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); + result->Assign(6, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); + result->Assign(7, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); + if ( ${msg.languages_client_to_server.len} ) + result->Assign(8, name_list_to_vector(${msg.languages_client_to_server.val})); + if ( ${msg.languages_server_to_client.len} ) + result->Assign(9, name_list_to_vector(${msg.languages_server_to_client.val})); + result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL)); + + BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), + result); - BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), - result); - } return true; %} From 0d04557ac4d4c76f46660a1e9f2d4eacae156ba8 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Wed, 4 Mar 2015 14:50:41 -0500 Subject: [PATCH 033/121] New script to add a field to rdp.log when the connection is upgraded to SSL. --- scripts/policy/protocols/rdp/indicate_ssl.bro | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 scripts/policy/protocols/rdp/indicate_ssl.bro diff --git a/scripts/policy/protocols/rdp/indicate_ssl.bro b/scripts/policy/protocols/rdp/indicate_ssl.bro new file mode 100644 index 0000000000..91be13d3ef --- /dev/null +++ b/scripts/policy/protocols/rdp/indicate_ssl.bro @@ -0,0 +1,22 @@ +##! If an RDP session is "upgraded" to SSL, this will be indicated +##! with this script in a new field added to the RDP log. + +@load base/protocols/rdp +@load base/protocols/ssl + +module RDP; + +export { + redef record RDP::Info += { + ## Flag the connection if it was seen over SSL. + ssl: bool &log &default=F; + }; +} + +event ssl_established(c: connection) + { + if ( c?$rdp ) + { + c$rdp$ssl = T; + } + } \ No newline at end of file From f45e05777955769f5d68aaf44a49c32532fd4d55 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 01:15:12 -0500 Subject: [PATCH 034/121] Another big RDP update. - New fields for certificate type, number of certificates, if certificates are permanent on the server, and the selected security protocol. - Fixed some issues with X.509 certificate handling over RDP (the event handler wasn't sufficiently constrained). - Better detection of and transition into encrypted mode. No more binpac parse failures from the test traces anymore! - Some event name clean up and new events. - X.509 Certificate chains are now handled correctly (was only grabbing a single certificate). --- scripts/base/protocols/rdp/consts.bro | 21 ++ scripts/base/protocols/rdp/main.bro | 70 +++++-- src/analyzer/protocol/rdp/RDP.cc | 36 ++-- src/analyzer/protocol/rdp/events.bif | 37 +++- src/analyzer/protocol/rdp/rdp-analyzer.pac | 185 ++++++++++++------ src/analyzer/protocol/rdp/rdp-protocol.pac | 111 +++++++++-- .../rdp.log | 12 +- .../rdp.log | 12 +- .../rdp.log | 10 +- .../x509.log | 5 +- 10 files changed, 364 insertions(+), 135 deletions(-) diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.bro index a37e1d3188..19a7c44c5a 100644 --- a/scripts/base/protocols/rdp/consts.bro +++ b/scripts/base/protocols/rdp/consts.bro @@ -19,6 +19,27 @@ export { [25282] = "RDP 8.0 (Mac)" } &default = function(n: count): string { return fmt("client_build-%d", n); }; + const security_protocols = { + [0x00] = "RDP", + [0x01] = "SSL", + [0x02] = "HYBRID", + [0x08] = "HYBRID_EX" + } &default = function(n: count): string { return fmt("security_protocol-%d", n); }; + + const failure_codes = { + [0x01] = "SSL_REQUIRED_BY_SERVER", + [0x02] = "SSL_NOT_ALLOWED_BY_SERVER", + [0x03] = "SSL_CERT_NOT_ON_SERVER", + [0x04] = "INCONSISTENT_FLAGS", + [0x05] = "HYBRID_REQUIRED_BY_SERVER", + [0x06] = "SSL_WITH_USER_AUTH_REQUIRED_BY_SERVER" + } &default = function(n: count): string { return fmt("failure_code-%d", n); }; + + const cert_types = { + [1] = "RSA", + [2] = "X.509" + } &default = function(n: count): string { return fmt("cert_type-%d", n); }; + const encryption_methods = { [0] = "None", [1] = "40bit", diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 9297ec83a3..f8fb15382d 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -15,6 +15,11 @@ export { ## Cookie value used by the client machine. ## This is typically a username. cookie: string &log &optional; + ## Status result for the connection. It's a mix between + ## RDP negotation failure messages and GCC server create + ## response messages. + result: string &log &optional; + ## Keyboard layout (language) of the client machine. keyboard_layout: string &log &optional; ## RDP client version used by the client machine. @@ -30,8 +35,19 @@ export { ## The color depth requested by the client in ## the high_color_depth field. requested_color_depth: string &log &optional; - ## GCC result for the connection. - result: string &log &optional; + + ## If the connection is being encrypted with native + ## RDP encryption, this is the type of cert + ## being used. + cert_type: string &log &optional; + ## The number of certs seen. X.509 can transfer an + ## entire certificate chain. + cert_count: count &log &default=0; + ## Indicates if the provided certificate or certificate + ## chain is permanent or temporary. + cert_permanent: bool &log &optional; + ## Security protocol chosen by the server. + selected_security_protocol: string &log &optional; ## Encryption level of the connection. encryption_level: string &log &optional; ## Encryption method of the connection. @@ -132,13 +148,27 @@ function set_session(c: connection) } } -event rdp_client_request(c: connection, cookie: string) &priority=5 +event rdp_connect_request(c: connection, cookie: string) &priority=5 { set_session(c); c$rdp$cookie = cookie; } +event rdp_negotiation_response(c: connection, selected_security_protocol: count) &priority=5 + { + set_session(c); + + c$rdp$selected_security_protocol = security_protocols[selected_security_protocol]; + } + +event rdp_negotiation_failure(c: connection, failure_code: count) &priority=5 + { + set_session(c); + + c$rdp$result = failure_codes[failure_code]; + } + event rdp_client_core_data(c: connection, data: RDP::ClientCoreData) &priority=5 { set_session(c); @@ -150,12 +180,12 @@ event rdp_client_core_data(c: connection, data: RDP::ClientCoreData) &priority=5 c$rdp$desktop_width = data$desktop_width; c$rdp$desktop_height = data$desktop_height; if ( data?$ec_flags && data$ec_flags$want_32bpp_session ) - c$rdp$requested_color_depth = "32-bit"; + c$rdp$requested_color_depth = "32bit"; else c$rdp$requested_color_depth = RDP::high_color_depths[data$high_color_depth]; } -event rdp_result(c: connection, result: count) &priority=5 +event rdp_gcc_server_create_response(c: connection, result: count) &priority=5 { set_session(c); @@ -170,13 +200,31 @@ event rdp_server_security(c: connection, encryption_method: count, encryption_le c$rdp$encryption_level = RDP::encryption_levels[encryption_level]; } -event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) +event rdp_server_certificate(c: connection, cert_type: count, permanently_issued: bool) &priority=5 { - Files::add_analyzer(f, Files::ANALYZER_X509); - # always calculate hashes. They are not necessary for base scripts - # but very useful for identification, and required for policy scripts - Files::add_analyzer(f, Files::ANALYZER_MD5); - Files::add_analyzer(f, Files::ANALYZER_SHA1); + set_session(c); + + c$rdp$cert_type = RDP::cert_types[cert_type]; + + # There are no events for proprietary/RSA certs right + # now so we manually count this one. + if ( c$rdp$cert_type == "RSA" ) + ++c$rdp$cert_count; + + c$rdp$cert_permanent = permanently_issued; + } + +event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5 + { + if ( c?$rdp && f$source == "RDP" ) + { + ## Count up X509 certs. + ++c$rdp$cert_count; + + Files::add_analyzer(f, Files::ANALYZER_X509); + Files::add_analyzer(f, Files::ANALYZER_MD5); + Files::add_analyzer(f, Files::ANALYZER_SHA1); + } } event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5 diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index c38292ad21..dafa7f4c2f 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -51,34 +51,26 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) // we'll just move this over to the PIA analyzer. // Like the comment below says, this is probably the wrong // way to handle this. - if ( len > 0 && data[0] >= 0x14 && data[0] <= 0x17 ) + if ( interp->is_encrypted() ) { - if ( ! pia ) + if ( len > 0 && data[0] >= 0x14 && data[0] <= 0x17 ) { - pia = new pia::PIA_TCP(Conn()); - - if ( AddChildAnalyzer(pia) ) + if ( ! pia ) { - pia->FirstPacket(true, 0); - pia->FirstPacket(false, 0); - } - } + pia = new pia::PIA_TCP(Conn()); - if ( pia ) - { - ForwardStream(len, data, orig); + if ( AddChildAnalyzer(pia) ) + { + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); + } + } + + if ( pia ) + ForwardStream(len, data, orig); } } - else if ( pia ) - { - // This is data that doesn't seem to match - // an SSL record, but we've moved into SSL mode. - // This is probably the wrong way to handle this - // situation but I don't know what these records - // are that don't appear to be SSL/TLS. - return; - } - else + else // if not encrypted { try { diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif index 4885377d57..80546780f5 100644 --- a/src/analyzer/protocol/rdp/events.bif +++ b/src/analyzer/protocol/rdp/events.bif @@ -1,25 +1,39 @@ -## Generated for X.224 client requests when native RDP encryption is used. +## Generated for X.224 client requests. ## ## c: The connection record for the underlying transport-layer session/flow. ## ## cookie: The cookie included in the request. -event rdp_client_request%(c: connection, cookie: string%); +event rdp_connect_request%(c: connection, cookie: string%); -## Generated for MCS client requests when native RDP encryption is used. +## Generated for RDP Negotiation Response messages. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## selected_security_protocol: The security protocol selected by the server. +event rdp_negotiation_response%(c: connection, selected_security_protocol: count%); + +## Generated for RDP Negotiation Failure messages. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## failure_code: The failure code sent by the server. +event rdp_negotiation_failure%(c: connection, failure_code: count%); + +## Generated for MCS client requests. ## ## c: The connection record for the underlying transport-layer session/flow. ## ## data: The data contained in the client core data structure. event rdp_client_core_data%(c: connection, data: RDP::ClientCoreData%); -## Generated for MCS server responses when native RDP encryption is used. +## Generated for MCS server responses. ## ## c: The connection record for the underlying transport-layer session/flow. ## ## result: The 8-bit integer representing the GCC Conference Create Response result. -event rdp_result%(c: connection, result: count%); +event rdp_gcc_server_create_response%(c: connection, result: count%); -## Generated for MCS server responses when native RDP encryption is used. +## Generated for MCS server responses. ## ## c: The connection record for the underlying transport-layer session/flow. ## @@ -27,3 +41,14 @@ event rdp_result%(c: connection, result: count%); ## ## encryption_level: The 32-bit integer representing the encryption level used in the connection. event rdp_server_security%(c: connection, encryption_method: count, encryption_level: count%); + +## Generated for a server certificate section. If multiple X.509 +## certificates are included in chain, this event will still +## only be generated a single time. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## cert_type: Indicates the type of certificate. +## +## permanently_issued: Value will be true is the certificate(s) is permanent on the server. +event rdp_server_certificate%(c: connection, cert_type: count, permanently_issued: bool%); \ No newline at end of file diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 01e4115970..b594172333 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -8,11 +8,14 @@ refine flow RDP_Flow += { function utf16_to_utf8_val(utf16: bytestring): StringVal %{ - size_t utf8size = 3 * utf16.length() + 1; - char* utf8stringnative = new char[utf8size]; + std::string resultstring; + size_t widesize = utf16.length(); + + size_t utf8size = 3 * widesize + 1; + resultstring.resize(utf8size, '\0'); const UTF16* sourcestart = reinterpret_cast(utf16.begin()); - const UTF16* sourceend = sourcestart + utf16.length(); - UTF8* targetstart = reinterpret_cast(utf8stringnative); + const UTF16* sourceend = sourcestart + widesize; + UTF8* targetstart = reinterpret_cast(&resultstring[0]); UTF8* targetend = targetstart + utf8size; ConversionResult res = ConvertUTF16toUTF8(&sourcestart, @@ -20,33 +23,63 @@ refine flow RDP_Flow += { &targetstart, targetend, strictConversion); - *targetstart = 0; - if ( res != conversionOK ) { connection()->bro_analyzer()->Weird("Failed UTF-16 to UTF-8 conversion"); return new StringVal(utf16.length(), (const char *) utf16.begin()); } + *targetstart = 0; // We're relying on no nulls being in the string. - return new StringVal(utf8stringnative); + return new StringVal(resultstring.c_str()); %} - function proc_rdp_client_request(client_request: Client_Request): bool + function proc_rdp_connect_request(cr: Connect_Request): bool %{ - connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${client_request.cookie_value})); + if ( rdp_connect_request ) + { + BifEvent::generate_rdp_connect_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${cr.cookie_value})); + } + return true; %} - function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool + function proc_rdp_negotiation_response(nr: RDP_Negotiation_Response): bool + %{ + if ( rdp_negotiation_response ) + { + BifEvent::generate_rdp_negotiation_response(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${nr.selected_protocol}); + } + + return true; + %} + + function proc_rdp_negotiation_failure(nf: RDP_Negotiation_Failure): bool + %{ + if ( rdp_negotiation_failure ) + { + BifEvent::generate_rdp_negotiation_failure(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${nf.failure_code}); + } + + return true; + %} + + + function proc_rdp_gcc_server_create_response(gcc_response: GCC_Server_Create_Response): bool %{ connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_result(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${gcc_response.result}); + + if ( rdp_gcc_server_create_response ) + BifEvent::generate_rdp_gcc_server_create_response(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${gcc_response.result}); + return true; %} @@ -55,56 +88,76 @@ refine flow RDP_Flow += { %{ connection()->bro_analyzer()->ProtocolConfirmation(); - RecordVal* ec_flags = new RecordVal(BifType::Record::RDP::EarlyCapabilityFlags); - ec_flags->Assign(0, new Val(${ccore.SUPPORT_ERRINFO_PDU}, TYPE_BOOL)); - ec_flags->Assign(1, new Val(${ccore.WANT_32BPP_SESSION}, TYPE_BOOL)); - ec_flags->Assign(2, new Val(${ccore.SUPPORT_STATUSINFO_PDU}, TYPE_BOOL)); - ec_flags->Assign(3, new Val(${ccore.STRONG_ASYMMETRIC_KEYS}, TYPE_BOOL)); - ec_flags->Assign(4, new Val(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}, TYPE_BOOL)); - ec_flags->Assign(5, new Val(${ccore.SUPPORT_NETCHAR_AUTODETECT}, TYPE_BOOL)); - ec_flags->Assign(6, new Val(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}, TYPE_BOOL)); - ec_flags->Assign(7, new Val(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}, TYPE_BOOL)); - ec_flags->Assign(8, new Val(${ccore.SUPPORT_HEARTBEAT_PDU}, TYPE_BOOL)); + if ( rdp_client_core_data ) + { + RecordVal* ec_flags = new RecordVal(BifType::Record::RDP::EarlyCapabilityFlags); + ec_flags->Assign(0, new Val(${ccore.SUPPORT_ERRINFO_PDU}, TYPE_BOOL)); + ec_flags->Assign(1, new Val(${ccore.WANT_32BPP_SESSION}, TYPE_BOOL)); + ec_flags->Assign(2, new Val(${ccore.SUPPORT_STATUSINFO_PDU}, TYPE_BOOL)); + ec_flags->Assign(3, new Val(${ccore.STRONG_ASYMMETRIC_KEYS}, TYPE_BOOL)); + ec_flags->Assign(4, new Val(${ccore.SUPPORT_MONITOR_LAYOUT_PDU}, TYPE_BOOL)); + ec_flags->Assign(5, new Val(${ccore.SUPPORT_NETCHAR_AUTODETECT}, TYPE_BOOL)); + ec_flags->Assign(6, new Val(${ccore.SUPPORT_DYNVC_GFX_PROTOCOL}, TYPE_BOOL)); + ec_flags->Assign(7, new Val(${ccore.SUPPORT_DYNAMIC_TIME_ZONE}, TYPE_BOOL)); + ec_flags->Assign(8, new Val(${ccore.SUPPORT_HEARTBEAT_PDU}, TYPE_BOOL)); - RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData); - ccd->Assign(0, new Val(${ccore.version_major}, TYPE_COUNT)); - ccd->Assign(1, new Val(${ccore.version_minor}, TYPE_COUNT)); - ccd->Assign(2, new Val(${ccore.desktop_width}, TYPE_COUNT)); - ccd->Assign(3, new Val(${ccore.desktop_height}, TYPE_COUNT)); - ccd->Assign(4, new Val(${ccore.color_depth}, TYPE_COUNT)); - ccd->Assign(5, new Val(${ccore.sas_sequence}, TYPE_COUNT)); - ccd->Assign(6, new Val(${ccore.keyboard_layout}, TYPE_COUNT)); - ccd->Assign(7, new Val(${ccore.client_build}, TYPE_COUNT)); - ccd->Assign(8, utf16_to_utf8_val(${ccore.client_name})); - ccd->Assign(9, new Val(${ccore.keyboard_type}, TYPE_COUNT)); - ccd->Assign(10, new Val(${ccore.keyboard_sub}, TYPE_COUNT)); - ccd->Assign(11, new Val(${ccore.keyboard_function_key}, TYPE_COUNT)); - ccd->Assign(12, utf16_to_utf8_val(${ccore.ime_file_name})); - ccd->Assign(13, new Val(${ccore.post_beta2_color_depth}, TYPE_COUNT)); - ccd->Assign(14, new Val(${ccore.client_product_id}, TYPE_COUNT)); - ccd->Assign(15, new Val(${ccore.serial_number}, TYPE_COUNT)); - ccd->Assign(16, new Val(${ccore.high_color_depth}, TYPE_COUNT)); - ccd->Assign(17, new Val(${ccore.supported_color_depths}, TYPE_COUNT)); - ccd->Assign(18, ec_flags); - ccd->Assign(19, utf16_to_utf8_val(${ccore.dig_product_id})); + RecordVal* ccd = new RecordVal(BifType::Record::RDP::ClientCoreData); + ccd->Assign(0, new Val(${ccore.version_major}, TYPE_COUNT)); + ccd->Assign(1, new Val(${ccore.version_minor}, TYPE_COUNT)); + ccd->Assign(2, new Val(${ccore.desktop_width}, TYPE_COUNT)); + ccd->Assign(3, new Val(${ccore.desktop_height}, TYPE_COUNT)); + ccd->Assign(4, new Val(${ccore.color_depth}, TYPE_COUNT)); + ccd->Assign(5, new Val(${ccore.sas_sequence}, TYPE_COUNT)); + ccd->Assign(6, new Val(${ccore.keyboard_layout}, TYPE_COUNT)); + ccd->Assign(7, new Val(${ccore.client_build}, TYPE_COUNT)); + ccd->Assign(8, utf16_to_utf8_val(${ccore.client_name})); + ccd->Assign(9, new Val(${ccore.keyboard_type}, TYPE_COUNT)); + ccd->Assign(10, new Val(${ccore.keyboard_sub}, TYPE_COUNT)); + ccd->Assign(11, new Val(${ccore.keyboard_function_key}, TYPE_COUNT)); + ccd->Assign(12, utf16_to_utf8_val(${ccore.ime_file_name})); + ccd->Assign(13, new Val(${ccore.post_beta2_color_depth}, TYPE_COUNT)); + ccd->Assign(14, new Val(${ccore.client_product_id}, TYPE_COUNT)); + ccd->Assign(15, new Val(${ccore.serial_number}, TYPE_COUNT)); + ccd->Assign(16, new Val(${ccore.high_color_depth}, TYPE_COUNT)); + ccd->Assign(17, new Val(${ccore.supported_color_depths}, TYPE_COUNT)); + ccd->Assign(18, ec_flags); + ccd->Assign(19, utf16_to_utf8_val(${ccore.dig_product_id})); + + BifEvent::generate_rdp_client_core_data(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ccd); + } - BifEvent::generate_rdp_client_core_data(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ccd); return true; %} function proc_rdp_server_security(ssd: Server_Security_Data): bool %{ connection()->bro_analyzer()->ProtocolConfirmation(); - BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${ssd.encryption_method}, - ${ssd.encryption_level}); + + if ( rdp_server_security ) + BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ssd.encryption_method}, + ${ssd.encryption_level}); + return true; %} - function proc_x509_cert(x509: X509): bool + function proc_rdp_server_certificate(cert: Server_Certificate): bool + %{ + if ( rdp_server_certificate ) + { + BifEvent::generate_rdp_server_certificate(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${cert.cert_type}, + ${cert.permanently_issued}); + } + + return true; + %} + + function proc_x509_cert_data(x509: X509_Cert_Data): bool %{ const bytestring& cert = ${x509.cert}; @@ -126,8 +179,16 @@ refine flow RDP_Flow += { %} }; -refine typeattr Client_Request += &let { - proc: bool = $context.flow.proc_rdp_client_request(this); +refine typeattr Connect_Request += &let { + proc: bool = $context.flow.proc_rdp_connect_request(this); +}; + +refine typeattr RDP_Negotiation_Response += &let { + proc: bool = $context.flow.proc_rdp_negotiation_response(this); +}; + +refine typeattr RDP_Negotiation_Failure += &let { + proc: bool = $context.flow.proc_rdp_negotiation_failure(this); }; refine typeattr Client_Core_Data += &let { @@ -135,13 +196,17 @@ refine typeattr Client_Core_Data += &let { }; refine typeattr GCC_Server_Create_Response += &let { - proc: bool = $context.flow.proc_rdp_result(this); + proc: bool = $context.flow.proc_rdp_gcc_server_create_response(this); }; refine typeattr Server_Security_Data += &let { proc: bool = $context.flow.proc_rdp_server_security(this); }; -refine typeattr X509 += &let { - proc: bool = $context.flow.proc_x509_cert(this); +refine typeattr Server_Certificate += &let { + proc: bool = $context.flow.proc_rdp_server_certificate(this); +}; + +refine typeattr X509_Cert_Data += &let { + proc: bool = $context.flow.proc_x509_cert_data(this); }; diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 8d24fb05b9..d2efcc6194 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -14,12 +14,10 @@ type TPKT(is_orig: bool) = record { type COTP = record { cotp_len: uint8; pdu: uint8; - # Probably should do something with this eventually. - #cotp_crap: padding[cotp_len-2]; switch: case pdu of { - #0xd0 -> cConfirm: Connect_Confirm; - 0xe0 -> c_request: Client_Request; - 0xf0 -> data: DT_Data; + 0xd0 -> connect_confirm: Connect_Confirm; + 0xe0 -> client_request: Connect_Request; + 0xf0 -> data: DT_Data; # In case we don't support the PDU we just # consume the rest of it and throw it away. @@ -75,14 +73,59 @@ type Data_Block = record { # Client X.224 ###################################################################### -type Client_Request = record { +type Connect_Request = record { destination_reference: uint16; source_reference: uint16; flow_control: uint8; cookie_mstshash: RE/Cookie: mstshash\=/; - cookie_value: RE/[^\x0d]*/; + cookie_value: RE/[^\x0d]+/; + cookie_terminator: RE/\x0d\x0a/; + rdp_neg_req: RDP_Negotiation_Request; +} &byteorder=littleendian; + +type RDP_Negotiation_Request = record { + type: uint8; + flags: uint8; + length: uint16; # must be set to 8 + requested_protocols: uint32; +} &let { + PROTOCOL_RDP: bool = requested_protocols & 0x00; + PROTOCOL_SSL: bool = requested_protocols & 0x01; + PROTOCOL_HYBRID: bool = requested_protocols & 0x02; + PROTOCOL_HYBRID_EX: bool = requested_protocols & 0x08; +} &byteorder=littleendian; + +###################################################################### +# Server X.224 +###################################################################### + +type Connect_Confirm = record { + destination_reference: uint16; + source_reference: uint16; + flags: uint8; + response_type: uint8; + response_switch: case response_type of { + 0x02 -> neg_resp: RDP_Negotiation_Response; + 0x03 -> neg_fail: RDP_Negotiation_Failure; + }; }; +type RDP_Negotiation_Response = record { + flags: uint8; + length: uint16; # must be set to 8 + selected_protocol: uint32; +} &let { + # Seems to be encrypted after this message if + # selected_protocol > 0 + enc: bool = $context.connection.go_encrypted(selected_protocol>0); +} &byteorder=littleendian; + +type RDP_Negotiation_Failure = record { + flags: uint8; + length: uint16; + failure_code: uint32; +} &byteorder=littleendian; + ###################################################################### # Client MCS ###################################################################### @@ -93,11 +136,11 @@ type Client_Header = record { called_domain_selector: ASN1OctetString; upward_flag: ASN1Boolean; target_parameters: ASN1SequenceMeta; - targ_parameters_pad: padding[target_parameters.encoding.length]; + targ_parameters_pad: bytestring &length=target_parameters.encoding.length &transient; minimum_parameters: ASN1SequenceMeta; - min_parameters_pad: padding[minimum_parameters.encoding.length]; + min_parameters_pad: bytestring &length=minimum_parameters.encoding.length &transient; maximum_parameters: ASN1SequenceMeta; - max_parameters_pad: padding[maximum_parameters.encoding.length]; + max_parameters_pad: bytestring &length=maximum_parameters.encoding.length &transient; # BER encoded OctetString and long variant, can be safely skipped for now user_data_length: uint32; gcc_connection_data: GCC_Client_Connection_Data; @@ -174,7 +217,7 @@ type Server_Header = record { connect_response_called_id: ASN1Integer; connect_response_domain_parameters: ASN1SequenceMeta; # Skipping over domain parameters for now. - domain_parameters: padding[connect_response_domain_parameters.encoding.length]; + domain_parameters: bytestring &length=connect_response_domain_parameters.encoding.length &transient; # I think this is another definite length encoded value. user_data_length: uint32; gcc_connection_data: GCC_Server_Connection_Data; @@ -219,20 +262,24 @@ type Server_Security_Data = record { server_cert_length: uint32; server_random: bytestring &length=server_random_length; server_certificate: Server_Certificate &length=server_cert_length; +} &let { + # Seems to be encrypted after this message if + # encryption level is >0 + enc: bool = $context.connection.go_encrypted(encryption_level>0); } &byteorder=littleendian; type Server_Certificate = record { version: uint32; switch: case cert_type of { - 0x01 -> proprietary: Server_Proprietary; + 0x01 -> proprietary: Server_Proprietary_Cert(this); 0x02 -> x509: X509; }; } &let { - cert_type: uint32 = version & 0x7FFFFFFF; - permanent_issue: bool = (version & 0x80000000) == 0; + cert_type: uint32 = version & 0x7FFFFFFF; + permanently_issued: bool = (version & 0x80000000) == 0; } &byteorder=littleendian; -type Server_Proprietary = record { +type Server_Proprietary_Cert(cert: Server_Certificate) = record { signature_algorithm: uint32; key_algorithm: uint32; public_key_blob_type: uint16; @@ -252,8 +299,13 @@ type Public_Key_Blob = record { } &byteorder=littleendian; type X509 = record { - pad1: padding[8]; - cert: bytestring &restofdata; + num_of_certs: uint32; + certs: X509_Cert_Data[num_of_certs]; +} &byteorder=littleendian; + +type X509_Cert_Data = record { + cert_len: uint32; + cert: bytestring &length=cert_len; } &byteorder=littleendian; ###################################################################### @@ -314,3 +366,28 @@ function binary_to_int64(bs: bytestring): int64 return rval; %} +refine connection RDP_Conn += { + + %member{ + bool is_encrypted_; + %} + + %init{ + is_encrypted_ = false; + %} + + function go_encrypted(should_we: bool): bool + %{ + if ( should_we ) + { + printf("going encrypted\n"); + is_encrypted_ = true; + } + return is_encrypted_; + %} + + function is_encrypted(): bool + %{ + return is_encrypted_; + %} +}; \ No newline at end of file diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log index 3a1fcec5ee..f263ae8fbb 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-04-17-59-16 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method -#types time string addr port addr port string string string string string count count string string string string -1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 English - United States RDP 6.0 FROG-POND (empty) 1152 864 32-bit Success High 128bit -1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 - - - - - - - - - - -#close 2015-03-04-17-59-16 +#open 2015-03-05-06-05-01 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method +#types time string addr port addr port string string string string string string count count string string count bool string string string +1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - 0 - - - - +1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 Success English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T RDP High 128bit +#close 2015-03-05-06-05-01 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log index cfcbc9453b..82fac39a72 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-04-17-53-51 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method -#types time string addr port addr port string string string string string count count string string string string -1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI - - - - - - - - - - -1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI - - - - - - - - - - -#close 2015-03-04-17-53-51 +#open 2015-03-05-05-25-45 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method +#types time string addr port addr port string string string string string string count count string string count bool string string string +1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - - +1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - - +#close 2015-03-05-05-25-45 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log index e17efa3f31..dee1e42cee 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-04-17-56-41 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth result encryption_level encryption_method -#types time string addr port addr port string string string string string count count string string string string -1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit Success Client compatible 128bit -#close 2015-03-04-17-56-41 +#open 2015-03-05-05-26-13 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method +#types time string addr port addr port string string string string string string count count string string count bool string string string +1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F RDP Client compatible 128bit +#close 2015-03-05-05-26-13 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log index 2e1ad5bb02..31e42b000e 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log @@ -3,8 +3,9 @@ #empty_field (empty) #unset_field - #path x509 -#open 2015-03-04-17-56-41 +#open 2015-03-05-05-26-13 #fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len #types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count 1423755602.103140 F71ADVSn3rOqVhNh1 3 59EB28CB02B1A0D4 L=TURNBKL+CN=SERVR L=TURNBKL+CN=SERVR 1423664106.000000 1431388800.000000 rsaEncryption sha1WithRSA rsa 512 65537 - - - - - T 0 -#close 2015-03-04-17-56-41 +1423755602.103140 F71ADVSn3rOqVhNh1 3 0100000001 serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\0D\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR L=TURNBKL+CN=SERVR 1365174955.000000 1483228799.000000 md5WithRSAEncryption sha1WithRSA - - - - - - - - - - +#close 2015-03-05-05-26-13 From e05bebc5fbe2b017724ae0d44967d87895e5b0ec Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 02:10:11 -0500 Subject: [PATCH 035/121] Removing a stray printf from RDP analyzer. --- src/analyzer/protocol/rdp/rdp-protocol.pac | 1 - 1 file changed, 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index d2efcc6194..247cd68e5b 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -380,7 +380,6 @@ refine connection RDP_Conn += { %{ if ( should_we ) { - printf("going encrypted\n"); is_encrypted_ = true; } return is_encrypted_; From d59d0b57c1163d89c8cf51421bcd572e2f726b17 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 02:23:35 -0500 Subject: [PATCH 036/121] Fixed an issue with parse failure on an optional field. - Quite a bit more of this needs to happen. --- src/analyzer/protocol/rdp/rdp-protocol.pac | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 247cd68e5b..0a2c54349e 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -59,7 +59,7 @@ type Data_Block = record { #0xc008 -> client_monitor_ex: Client_MonitorExtended_Data; #0xc00A -> client_multitrans: Client_MultiTransport_Data; - 0x0c01 -> server_core: Server_Core_Data; + 0x0c01 -> server_core: Server_Core_Data(header); 0x0c02 -> server_security: Server_Security_Data; 0x0c03 -> server_network: Server_Network_Data; #0x0c04 -> server_msgchannel: Server_MsgChannel_Data; @@ -244,10 +244,13 @@ type GCC_Server_Create_Response = record { user_data_value_length: uint16; } &byteorder=bigendian; -type Server_Core_Data = record { - version_major: uint16; - version_minor: uint16; - client_requested_protocols: uint32; +type Server_Core_Data(h: Data_Header) = record { + version_major: uint16; + version_minor: uint16; + switch1: case h.length of { + 8 -> none: empty; + default -> client_requested_protocols: uint32; + }; } &byteorder=littleendian; type Server_Network_Data = record { From b4e3fbc9e70a387b1471b83ade2e9ef1e6aaf3ce Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 02:30:32 -0500 Subject: [PATCH 037/121] Changed UTF-16 to UTF-8 conversion to be more lenient. - This seems to solve the occasional problems with strings not getting converted. --- src/analyzer/protocol/rdp/rdp-analyzer.pac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index b594172333..512b515567 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -22,7 +22,7 @@ refine flow RDP_Flow += { sourceend, &targetstart, targetend, - strictConversion); + lenientConversion); if ( res != conversionOK ) { connection()->bro_analyzer()->Weird("Failed UTF-16 to UTF-8 conversion"); From 374ac428146016d659eb7daa7cbdc0a0f0697a2b Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 02:48:21 -0500 Subject: [PATCH 038/121] Support RDP negotiation requests optionally and support zero length cookies. --- src/analyzer/protocol/rdp/rdp-protocol.pac | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 0a2c54349e..abb3fec004 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -8,15 +8,15 @@ type TPKT(is_orig: bool) = record { # because there are packets that report incorrect # lengths in the tpkt length field. No clue why. - cotp: COTP; + cotp: COTP(this); } &byteorder=bigendian &length=tpkt_len; -type COTP = record { +type COTP(tpkt: TPKT) = record { cotp_len: uint8; pdu: uint8; switch: case pdu of { - 0xd0 -> connect_confirm: Connect_Confirm; - 0xe0 -> client_request: Connect_Request; + 0xd0 -> connect_confirm: Connect_Confirm(this); + 0xe0 -> client_request: Connect_Request(this); 0xf0 -> data: DT_Data; # In case we don't support the PDU we just @@ -73,14 +73,17 @@ type Data_Block = record { # Client X.224 ###################################################################### -type Connect_Request = record { +type Connect_Request(cotp: COTP) = record { destination_reference: uint16; source_reference: uint16; flow_control: uint8; cookie_mstshash: RE/Cookie: mstshash\=/; - cookie_value: RE/[^\x0d]+/; + cookie_value: RE/[^\x0d]*/; cookie_terminator: RE/\x0d\x0a/; - rdp_neg_req: RDP_Negotiation_Request; + switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { + 0 -> none: empty; + default -> rdp_neg_req: RDP_Negotiation_Request; + }; } &byteorder=littleendian; type RDP_Negotiation_Request = record { @@ -99,7 +102,7 @@ type RDP_Negotiation_Request = record { # Server X.224 ###################################################################### -type Connect_Confirm = record { +type Connect_Confirm(cotp: COTP) = record { destination_reference: uint16; source_reference: uint16; flags: uint8; From 6909d0de877ff3a8e8b8cb94b5ac87f698e3725d Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 03:02:19 -0500 Subject: [PATCH 039/121] Fixes another optional part of an RDP unit. --- src/analyzer/protocol/rdp/rdp-protocol.pac | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index abb3fec004..32f59bd75f 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -106,8 +106,15 @@ type Connect_Confirm(cotp: COTP) = record { destination_reference: uint16; source_reference: uint16; flags: uint8; + switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { + 0 -> none1: empty; + default -> response: Connect_Confirm_Record; + }; +}; + +type Connect_Confirm_Record = record { response_type: uint8; - response_switch: case response_type of { + switch1: case response_type of { 0x02 -> neg_resp: RDP_Negotiation_Response; 0x03 -> neg_fail: RDP_Negotiation_Failure; }; From b92a68e2bd7042e1cee83bce1183eb62dac3fa66 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 11:37:37 -0500 Subject: [PATCH 040/121] Adds some comments and fixes a broxygen warning. --- scripts/base/protocols/rdp/main.bro | 2 +- src/analyzer/protocol/rdp/rdp-protocol.pac | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index f8fb15382d..04ca05ba87 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -218,7 +218,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori { if ( c?$rdp && f$source == "RDP" ) { - ## Count up X509 certs. + # Count up X509 certs. ++c$rdp$cert_count; Files::add_analyzer(f, Files::ANALYZER_X509); diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 32f59bd75f..0d5475c8be 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -80,6 +80,8 @@ type Connect_Request(cotp: COTP) = record { cookie_mstshash: RE/Cookie: mstshash\=/; cookie_value: RE/[^\x0d]*/; cookie_terminator: RE/\x0d\x0a/; + # Terrifying little case statement to figure out if there + # is any data left in the COTP structure. switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { 0 -> none: empty; default -> rdp_neg_req: RDP_Negotiation_Request; @@ -106,6 +108,8 @@ type Connect_Confirm(cotp: COTP) = record { destination_reference: uint16; source_reference: uint16; flags: uint8; + # Terrifying little case statement to figure out if there + # is any data left in the COTP structure. switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { 0 -> none1: empty; default -> response: Connect_Confirm_Record; From 276e072e6eaebfe30255c59d1d534ce35ab45e21 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 13:38:54 -0500 Subject: [PATCH 041/121] A few more changes to handling encryption in RDP. --- scripts/base/protocols/rdp/main.bro | 19 +++++++++++++++---- src/analyzer/protocol/rdp/events.bif | 13 ++++++++++--- src/analyzer/protocol/rdp/rdp-protocol.pac | 19 ++++++++++++------- .../rdp.log | 12 ++++++------ .../rdp.log | 12 ++++++------ .../rdp.log | 10 +++++----- 6 files changed, 54 insertions(+), 31 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 04ca05ba87..9cbfa56bae 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -19,6 +19,8 @@ export { ## RDP negotation failure messages and GCC server create ## response messages. result: string &log &optional; + ## Security protocol chosen by the server. + security_protocol: string &log &optional; ## Keyboard layout (language) of the client machine. keyboard_layout: string &log &optional; @@ -46,8 +48,6 @@ export { ## Indicates if the provided certificate or certificate ## chain is permanent or temporary. cert_permanent: bool &log &optional; - ## Security protocol chosen by the server. - selected_security_protocol: string &log &optional; ## Encryption level of the connection. encryption_level: string &log &optional; ## Encryption method of the connection. @@ -155,11 +155,11 @@ event rdp_connect_request(c: connection, cookie: string) &priority=5 c$rdp$cookie = cookie; } -event rdp_negotiation_response(c: connection, selected_security_protocol: count) &priority=5 +event rdp_negotiation_response(c: connection, security_protocol: count) &priority=5 { set_session(c); - c$rdp$selected_security_protocol = security_protocols[selected_security_protocol]; + c$rdp$security_protocol = security_protocols[security_protocol]; } event rdp_negotiation_failure(c: connection, failure_code: count) &priority=5 @@ -214,6 +214,17 @@ event rdp_server_certificate(c: connection, cert_type: count, permanently_issued c$rdp$cert_permanent = permanently_issued; } +event rdp_begin_encryption(c: connection, security_protocol: count) &priority=5 + { + set_session(c); + + if ( ! c$rdp?$result ) + { + c$rdp$result = "encrypted"; + } + c$rdp$security_protocol = security_protocols[security_protocol]; + } + event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5 { if ( c?$rdp && f$source == "RDP" ) diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif index 80546780f5..3a86e45773 100644 --- a/src/analyzer/protocol/rdp/events.bif +++ b/src/analyzer/protocol/rdp/events.bif @@ -9,8 +9,8 @@ event rdp_connect_request%(c: connection, cookie: string%); ## ## c: The connection record for the underlying transport-layer session/flow. ## -## selected_security_protocol: The security protocol selected by the server. -event rdp_negotiation_response%(c: connection, selected_security_protocol: count%); +## security_protocol: The security protocol selected by the server. +event rdp_negotiation_response%(c: connection, security_protocol: count%); ## Generated for RDP Negotiation Failure messages. ## @@ -51,4 +51,11 @@ event rdp_server_security%(c: connection, encryption_method: count, encryption_l ## cert_type: Indicates the type of certificate. ## ## permanently_issued: Value will be true is the certificate(s) is permanent on the server. -event rdp_server_certificate%(c: connection, cert_type: count, permanently_issued: bool%); \ No newline at end of file +event rdp_server_certificate%(c: connection, cert_type: count, permanently_issued: bool%); + +## Generated when an RDP session becomes encrypted. +## +## c: The connection record for the underlying transport-layer session/flow. +## +## security_protocol: The security protocol being used for the session. +event rdp_begin_encryption%(c: connection, security_protocol: count%); \ No newline at end of file diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 0d5475c8be..950744301f 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -129,9 +129,9 @@ type RDP_Negotiation_Response = record { length: uint16; # must be set to 8 selected_protocol: uint32; } &let { - # Seems to be encrypted after this message if - # selected_protocol > 0 - enc: bool = $context.connection.go_encrypted(selected_protocol>0); + # Seems to be SSL encrypted (maybe CredSSP also?) + # after this message if the selected_protocol is > 0. + enc_ssl: bool = $context.connection.go_encrypted(selected_protocol) &if(selected_protocol > 0); } &byteorder=littleendian; type RDP_Negotiation_Failure = record { @@ -282,7 +282,8 @@ type Server_Security_Data = record { } &let { # Seems to be encrypted after this message if # encryption level is >0 - enc: bool = $context.connection.go_encrypted(encryption_level>0); + # 0 means RDP encryption. + enc: bool = $context.connection.go_encrypted(0) &if(encryption_method > 0 && encryption_level > 0); } &byteorder=littleendian; type Server_Certificate = record { @@ -393,12 +394,16 @@ refine connection RDP_Conn += { is_encrypted_ = false; %} - function go_encrypted(should_we: bool): bool + function go_encrypted(method: uint32): bool %{ - if ( should_we ) + is_encrypted_ = true; + if ( rdp_begin_encryption ) { - is_encrypted_ = true; + BifEvent::generate_rdp_begin_encryption(bro_analyzer(), + bro_analyzer()->Conn(), + ${method}); } + return is_encrypted_; %} diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log index f263ae8fbb..41d83d5ecd 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-proprietary-encryption/rdp.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-05-06-05-01 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method -#types time string addr port addr port string string string string string string count count string string count bool string string string -1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - 0 - - - - -1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 Success English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T RDP High 128bit -#close 2015-03-05-06-05-01 +#open 2015-03-05-18-37-55 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method +#types time string addr port addr port string string string string string string string count count string string count bool string string +1193369795.014346 CXWv6p3arKYeMETxOg 172.21.128.16 1311 10.226.24.52 3389 FTBCO\A70 SSL_NOT_ALLOWED_BY_SERVER - - - - - - - - - 0 - - - +1193369797.582740 CjhGID4nQcgTWjvg4c 172.21.128.16 1312 10.226.24.52 3389 FTBCO\A70 Success RDP English - United States RDP 6.0 FROG-POND (empty) 1152 864 32bit RSA 1 T High 128bit +#close 2015-03-05-18-37-55 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log index 82fac39a72..69bf203e0c 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-to-ssl/rdp.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-05-05-25-45 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method -#types time string addr port addr port string string string string string string count count string string count bool string string string -1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - - -1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI - - - - - - - - - 0 - HYBRID - - -#close 2015-03-05-05-25-45 +#open 2015-03-05-18-38-05 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method +#types time string addr port addr port string string string string string string string count count string string count bool string string +1297551041.284715 CXWv6p3arKYeMETxOg 192.168.1.200 49206 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - - +1297551078.958821 CjhGID4nQcgTWjvg4c 192.168.1.200 49207 192.168.1.150 3389 AWAKECODI encrypted HYBRID - - - - - - - - 0 - - - +#close 2015-03-05-18-38-05 diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log index dee1e42cee..911df77eee 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/rdp.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path rdp -#open 2015-03-05-05-26-13 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent selected_security_protocol encryption_level encryption_method -#types time string addr port addr port string string string string string string count count string string count bool string string string -1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F RDP Client compatible 128bit -#close 2015-03-05-05-26-13 +#open 2015-03-05-18-38-10 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p cookie result security_protocol keyboard_layout client_build client_name client_dig_product_id desktop_width desktop_height requested_color_depth cert_type cert_count cert_permanent encryption_level encryption_method +#types time string addr port addr port string string string string string string string count count string string count bool string string +1423755598.202845 CXWv6p3arKYeMETxOg 192.168.1.1 54990 192.168.1.2 3389 JOHN-PC Success RDP English - United States RDP 8.1 JOHN-PC-LAPTOP 3c571ed0-3415-474b-ae94-74e151b 1920 1080 16bit X.509 2 F Client compatible 128bit +#close 2015-03-05-18-38-10 From 9441dc68ec51ef55fac12c5640c1f9abddf65735 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 5 Mar 2015 12:59:03 -0800 Subject: [PATCH 042/121] add a special case to the X509 code that deals with RDP certificates. Basically, at least some rdp certificates specify a completely invalid and nonsensical value for theyr key type. OpenSSL does not like this and refuses to parse the key in this case. With this change, we detect this case and special-case it, hinting to OpenSSL what kind of key we have. This gives us additional information that we would not have otherwhise in the log file (like key length and the exponent). --- src/file_analysis/analyzer/x509/X509.cc | 18 ++++++++++++++++++ .../x509.log | 6 +++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/file_analysis/analyzer/x509/X509.cc b/src/file_analysis/analyzer/x509/X509.cc index 69f399c9dc..b294d448be 100644 --- a/src/file_analysis/analyzer/x509/X509.cc +++ b/src/file_analysis/analyzer/x509/X509.cc @@ -120,6 +120,19 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val) pX509Cert->Assign(6, new StringVal(buf)); + // Special case for RDP server certificates. For some reason some (all?) RDP server + // certificates like to specify their key algorithm as md5WithRSAEncryption, which + // is wrong on so many levels. We catch this special case here and set it to what is + // actually should be (namely - rsaEncryption), so that OpenSSL will parse out the + // key later. Otherwise it will just fail to parse the certificate key. + + ASN1_OBJECT* old_algorithm = 0; + if ( OBJ_obj2nid(ssl_cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption ) + { + old_algorithm = ssl_cert->cert_info->key->algor->algorithm; + ssl_cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); + } + if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->sig_alg->algorithm) ) buf[0] = 0; @@ -152,6 +165,11 @@ RecordVal* file_analysis::X509::ParseCertificate(X509Val* cert_val) } #endif + // set key algorithm back. We do not have to free the value that we created because (I think) it + // comes out of a static array from OpenSSL memory. + if ( old_algorithm ) + ssl_cert->cert_info->key->algor->algorithm = old_algorithm; + unsigned int length = KeyLength(pkey); if ( length > 0 ) pX509Cert->Assign(9, new Val(length, TYPE_COUNT)); diff --git a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log index 31e42b000e..b936507784 100644 --- a/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log +++ b/testing/btest/Baseline/scripts.base.protocols.rdp.rdp-x509/x509.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path x509 -#open 2015-03-05-05-26-13 +#open 2015-03-05-20-58-46 #fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len #types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count 1423755602.103140 F71ADVSn3rOqVhNh1 3 59EB28CB02B1A0D4 L=TURNBKL+CN=SERVR L=TURNBKL+CN=SERVR 1423664106.000000 1431388800.000000 rsaEncryption sha1WithRSA rsa 512 65537 - - - - - T 0 -1423755602.103140 F71ADVSn3rOqVhNh1 3 0100000001 serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\0D\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR L=TURNBKL+CN=SERVR 1365174955.000000 1483228799.000000 md5WithRSAEncryption sha1WithRSA - - - - - - - - - - -#close 2015-03-05-05-26-13 +1423755602.103140 F71ADVSn3rOqVhNh1 3 0100000001 serialNumber=1BcKefYSF97EvkaiCqahPY8uPd0=\0D\0A+L=ncalrpc:SERVR+CN=ncalrpc:SERVR L=TURNBKL+CN=SERVR 1365174955.000000 1483228799.000000 md5WithRSAEncryption sha1WithRSA rsa 512 65537 - - - - - - - +#close 2015-03-05-20-58-46 From ffdf2a46d77357feb4e9c4499ab856ea48d8809b Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 16:08:18 -0500 Subject: [PATCH 043/121] Fixes tests in RDP branch. - Re-enable MySQL. It had accidentally been disabled. --- scripts/base/init-default.bro | 2 +- scripts/test-all-policy.bro | 1 + src/analyzer/protocol/CMakeLists.txt | 1 + .../canonified_loaded_scripts.log | 7 +- .../canonified_loaded_scripts.log | 9 +- .../btest/Baseline/coverage.find-bro-logs/out | 1 + testing/btest/Baseline/plugins.hooks/output | 480 ++++++++++-------- .../all-events.log | 208 ++++---- .../smtp-events.log | 52 +- 9 files changed, 400 insertions(+), 361 deletions(-) diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.bro index b4f0769737..2af8f3bc3d 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.bro @@ -46,7 +46,7 @@ @load base/protocols/http @load base/protocols/irc @load base/protocols/modbus -#@load base/protocols/mysql +@load base/protocols/mysql @load base/protocols/pop3 @load base/protocols/radius @load base/protocols/rdp diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 0fb74f91cf..468b02a81a 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -77,6 +77,7 @@ @load protocols/modbus/known-masters-slaves.bro @load protocols/modbus/track-memmap.bro @load protocols/mysql/software.bro +@load protocols/rdp/indicate_ssl.bro @load protocols/smtp/blocklists.bro @load protocols/smtp/detect-suspicious-orig.bro @load protocols/smtp/entities-excerpt.bro diff --git a/src/analyzer/protocol/CMakeLists.txt b/src/analyzer/protocol/CMakeLists.txt index 783f1e7469..cb823af519 100644 --- a/src/analyzer/protocol/CMakeLists.txt +++ b/src/analyzer/protocol/CMakeLists.txt @@ -21,6 +21,7 @@ add_subdirectory(irc) add_subdirectory(login) add_subdirectory(mime) add_subdirectory(modbus) +add_subdirectory(mysql) add_subdirectory(ncp) add_subdirectory(netbios) add_subdirectory(netflow) diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 7b144198ee..e5b4c00b9f 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2015-02-03-22-47-13 +#open 2015-03-05-20-42-42 #fields name #types string scripts/base/init-bare.bro @@ -79,7 +79,6 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro @@ -88,6 +87,8 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro + build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro + build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro @@ -121,4 +122,4 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro scripts/policy/misc/loaded-scripts.bro scripts/base/utils/paths.bro -#close 2015-02-03-22-47-13 +#close 2015-03-05-20-42-42 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index b102ad26a5..ec0bae5e06 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2015-02-03-22-47-15 +#open 2015-03-05-20-59-07 #fields name #types string scripts/base/init-bare.bro @@ -88,6 +88,8 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro + build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro + build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro @@ -231,6 +233,9 @@ scripts/base/init-default.bro scripts/base/protocols/radius/__load__.bro scripts/base/protocols/radius/main.bro scripts/base/protocols/radius/consts.bro + scripts/base/protocols/rdp/__load__.bro + scripts/base/protocols/rdp/consts.bro + scripts/base/protocols/rdp/main.bro scripts/base/protocols/snmp/__load__.bro scripts/base/protocols/snmp/main.bro scripts/base/protocols/smtp/__load__.bro @@ -253,4 +258,4 @@ scripts/base/init-default.bro scripts/base/misc/find-checksum-offloading.bro scripts/base/misc/find-filtered-trace.bro scripts/policy/misc/loaded-scripts.bro -#close 2015-02-03-22-47-15 +#close 2015-03-05-20-59-07 diff --git a/testing/btest/Baseline/coverage.find-bro-logs/out b/testing/btest/Baseline/coverage.find-bro-logs/out index 7c86f9e59b..8feda88d15 100644 --- a/testing/btest/Baseline/coverage.find-bro-logs/out +++ b/testing/btest/Baseline/coverage.find-bro-logs/out @@ -26,6 +26,7 @@ notice notice_alarm packet_filter radius +rdp reporter signatures smtp diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 7c2f35b641..df8f2156ca 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -32,6 +32,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> +0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> @@ -85,6 +86,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) -> +0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> @@ -115,6 +117,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) -> +0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> @@ -147,6 +150,7 @@ 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> @@ -178,6 +182,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -> @@ -192,7 +197,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -210,6 +215,7 @@ 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Notice::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RADIUS::LOG)) -> +0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (RDP::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Reporter::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SMTP::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (SNMP::LOG)) -> @@ -241,6 +247,7 @@ 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> @@ -272,6 +279,7 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -> @@ -286,8 +294,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -371,6 +379,8 @@ 0.000000 MetaHookPost LoadFile(./Bro_PIA.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_POP3.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_RADIUS.events.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./Bro_RDP.events.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./Bro_RDP.types.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_RPC.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_RawReader.raw.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_SMB.events.bif.bro) -> -1 @@ -519,6 +529,7 @@ 0.000000 MetaHookPost LoadFile(base<...>/pop3) -> -1 0.000000 MetaHookPost LoadFile(base<...>/queue) -> -1 0.000000 MetaHookPost LoadFile(base<...>/radius) -> -1 +0.000000 MetaHookPost LoadFile(base<...>/rdp) -> -1 0.000000 MetaHookPost LoadFile(base<...>/reporter) -> -1 0.000000 MetaHookPost LoadFile(base<...>/reporter.bif) -> -1 0.000000 MetaHookPost LoadFile(base<...>/signatures) -> -1 @@ -577,6 +588,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) +0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) @@ -630,6 +642,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 1434/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_MYSQL, 3306/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RADIUS, 1812/udp)) +0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_RDP, 3389/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 25/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SMTP, 587/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) @@ -660,6 +673,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MODBUS, {502/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_MYSQL, {3306<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RADIUS, {1812/udp})) +0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_RDP, {3389/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) @@ -692,6 +706,7 @@ 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) @@ -723,6 +738,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) @@ -737,7 +753,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -755,6 +771,7 @@ 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Notice::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (PacketFilter::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RADIUS::LOG)) +0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (RDP::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Reporter::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SMTP::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (SNMP::LOG)) @@ -786,6 +803,7 @@ 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::add_filter, , (RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) @@ -817,6 +835,7 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (RDP::LOG, [columns=, ev=RDP::log_rdp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) @@ -831,8 +850,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -916,6 +935,8 @@ 0.000000 MetaHookPre LoadFile(./Bro_PIA.events.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_POP3.events.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_RADIUS.events.bif.bro) +0.000000 MetaHookPre LoadFile(./Bro_RDP.events.bif.bro) +0.000000 MetaHookPre LoadFile(./Bro_RDP.types.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_RPC.events.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_RawReader.raw.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_SMB.events.bif.bro) @@ -1064,6 +1085,7 @@ 0.000000 MetaHookPre LoadFile(base<...>/pop3) 0.000000 MetaHookPre LoadFile(base<...>/queue) 0.000000 MetaHookPre LoadFile(base<...>/radius) +0.000000 MetaHookPre LoadFile(base<...>/rdp) 0.000000 MetaHookPre LoadFile(base<...>/reporter) 0.000000 MetaHookPre LoadFile(base<...>/reporter.bif) 0.000000 MetaHookPre LoadFile(base<...>/signatures) @@ -1122,6 +1144,7 @@ 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) +0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) @@ -1175,6 +1198,7 @@ 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 1434/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_MYSQL, 3306/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RADIUS, 1812/udp) +0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_RDP, 3389/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 25/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SMTP, 587/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) @@ -1205,6 +1229,7 @@ 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, {3306<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, {1812/udp}) +0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, {3389/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp}) @@ -1236,6 +1261,7 @@ 0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) @@ -1267,6 +1293,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=, ev=Notice::log_notice]) 0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=, ev=]) 0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius]) +0.000000 | HookCallFunction Log::__create_stream(RDP::LOG, [columns=, ev=RDP::log_rdp]) 0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=, ev=]) 0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp]) 0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp]) @@ -1281,7 +1308,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1299,6 +1326,7 @@ 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG) 0.000000 | HookCallFunction Log::add_default_filter(PacketFilter::LOG) 0.000000 | HookCallFunction Log::add_default_filter(RADIUS::LOG) +0.000000 | HookCallFunction Log::add_default_filter(RDP::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Reporter::LOG) 0.000000 | HookCallFunction Log::add_default_filter(SMTP::LOG) 0.000000 | HookCallFunction Log::add_default_filter(SNMP::LOG) @@ -1330,6 +1358,7 @@ 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::add_filter(RDP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) @@ -1361,6 +1390,7 @@ 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=, ev=Notice::log_notice]) 0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=, ev=]) 0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius]) +0.000000 | HookCallFunction Log::create_stream(RDP::LOG, [columns=, ev=RDP::log_rdp]) 0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=, ev=]) 0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp]) 0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp]) @@ -1375,8 +1405,8 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1425348860.085231, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1425589463.487177, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) @@ -1428,45 +1458,45 @@ 1362692526.869344 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> 1362692526.869344 MetaHookPost CallFunction(filter_change_tracking, , ()) -> 1362692526.869344 MetaHookPost CallFunction(net_stats, , ()) -> -1362692526.869344 MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +1362692526.869344 MetaHookPost CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692526.869344 MetaHookPost DrainEvents() -> 1362692526.869344 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false 1362692526.869344 MetaHookPost QueueEvent(filter_change_tracking()) -> false -1362692526.869344 MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +1362692526.869344 MetaHookPost QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false 1362692526.869344 MetaHookPost UpdateNetworkTime(1362692526.869344) -> 1362692526.869344 MetaHookPre BroObjDtor() 1362692526.869344 MetaHookPre CallFunction(ChecksumOffloading::check, , ()) 1362692526.869344 MetaHookPre CallFunction(filter_change_tracking, , ()) 1362692526.869344 MetaHookPre CallFunction(net_stats, , ()) -1362692526.869344 MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692526.869344 MetaHookPre CallFunction(new_connection, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.869344 MetaHookPre DrainEvents() 1362692526.869344 MetaHookPre QueueEvent(ChecksumOffloading::check()) 1362692526.869344 MetaHookPre QueueEvent(filter_change_tracking()) -1362692526.869344 MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692526.869344 MetaHookPre QueueEvent(new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.869344 MetaHookPre UpdateNetworkTime(1362692526.869344) 1362692526.869344 | HookBroObjDtor 1362692526.869344 | HookUpdateNetworkTime 1362692526.869344 1362692526.869344 | HookCallFunction ChecksumOffloading::check() 1362692526.869344 | HookCallFunction filter_change_tracking() 1362692526.869344 | HookCallFunction net_stats() -1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.869344 | HookDrainEvents 1362692526.869344 | HookQueueEvent ChecksumOffloading::check() 1362692526.869344 | HookQueueEvent filter_change_tracking() -1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692526.869344 | HookQueueEvent new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, addl=, hot=0, history=, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.869344 | RequestObjDtor ChecksumOffloading::check() -1362692526.939084 MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +1362692526.939084 MetaHookPost CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692526.939084 MetaHookPost DrainEvents() -> -1362692526.939084 MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +1362692526.939084 MetaHookPost QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false 1362692526.939084 MetaHookPost UpdateNetworkTime(1362692526.939084) -> -1362692526.939084 MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692526.939084 MetaHookPre CallFunction(connection_established, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.939084 MetaHookPre DrainEvents() -1362692526.939084 MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692526.939084 MetaHookPre QueueEvent(connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692526.939084 MetaHookPre UpdateNetworkTime(1362692526.939084) 1362692526.939084 | HookUpdateNetworkTime 1362692526.939084 -1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692526.939084 | HookCallFunction connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.939084 | HookDrainEvents -1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692526.939084 | HookQueueEvent connection_established([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=64, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.06974, service={}, addl=, hot=0, history=Sh, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692526.939378 MetaHookPost DrainEvents() -> 1362692526.939378 MetaHookPost UpdateNetworkTime(1362692526.939378) -> 1362692526.939378 MetaHookPre DrainEvents() @@ -1475,114 +1505,114 @@ 1362692526.939378 | HookDrainEvents 1362692526.939527 MetaHookPost CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) -> 1362692526.939527 MetaHookPost CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> -1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -> +1362692526.939527 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T)) -> 1362692526.939527 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> 1362692526.939527 MetaHookPost CallFunction(fmt, , (-%s, HTTP)) -> -1362692526.939527 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692526.939527 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692526.939527 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> 1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -> -1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -> -1362692526.939527 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> +1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -> +1362692526.939527 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -> +1362692526.939527 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> 1362692526.939527 MetaHookPost CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> 1362692526.939527 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> 1362692526.939527 MetaHookPost CallFunction(network_time, , ()) -> -1362692526.939527 MetaHookPost CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> +1362692526.939527 MetaHookPost CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) -> 1362692526.939527 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692526.939527 MetaHookPost CallFunction(split_string1, , (bro.org, <...>/)) -> 1362692526.939527 MetaHookPost DrainEvents() -> -1362692526.939527 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +1362692526.939527 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +1362692526.939527 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +1362692526.939527 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) -> false 1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -> false -1362692526.939527 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false +1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -> false +1362692526.939527 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -> false +1362692526.939527 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) -> false 1362692526.939527 MetaHookPost QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) -> false 1362692526.939527 MetaHookPost UpdateNetworkTime(1362692526.939527) -> 1362692526.939527 MetaHookPre CallFunction(Analyzer::__name, , (Analyzer::ANALYZER_HTTP)) 1362692526.939527 MetaHookPre CallFunction(Analyzer::name, , (Analyzer::ANALYZER_HTTP)) -1362692526.939527 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) -1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::new_http_session, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T)) +1362692526.939527 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T)) 1362692526.939527 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692526.939527 MetaHookPre CallFunction(fmt, , (-%s, HTTP)) -1362692526.939527 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) 1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -1362692526.939527 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) +1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) +1362692526.939527 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) +1362692526.939527 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) 1362692526.939527 MetaHookPre CallFunction(http_request, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) 1362692526.939527 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692526.939527 MetaHookPre CallFunction(network_time, , ()) -1362692526.939527 MetaHookPre CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) +1362692526.939527 MetaHookPre CallFunction(protocol_confirmation, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3)) 1362692526.939527 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) 1362692526.939527 MetaHookPre CallFunction(split_string1, , (bro.org, <...>/)) 1362692526.939527 MetaHookPre DrainEvents() -1362692526.939527 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692526.939527 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692526.939527 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*)) 1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0))) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) -1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) -1362692526.939527 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) +1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive)) +1362692526.939527 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org)) +1362692526.939527 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124])) 1362692526.939527 MetaHookPre QueueEvent(http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1)) 1362692526.939527 MetaHookPre UpdateNetworkTime(1362692526.939527) 1362692526.939527 | HookUpdateNetworkTime 1362692526.939527 1362692526.939527 | HookCallFunction Analyzer::__name(Analyzer::ANALYZER_HTTP) 1362692526.939527 | HookCallFunction Analyzer::name(Analyzer::ANALYZER_HTTP) -1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) -1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T) +1362692526.939527 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction HTTP::new_http_session([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, T) +1362692526.939527 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=[pending={}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, T) 1362692526.939527 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692526.939527 | HookCallFunction fmt(-%s, HTTP) -1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, referrer=, user_agent=, request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=0, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) 1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive) -1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org) -1362692526.939527 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) +1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive) +1362692526.939527 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org) +1362692526.939527 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) 1362692526.939527 | HookCallFunction http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) 1362692526.939527 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692526.939527 | HookCallFunction network_time() -1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) +1362692526.939527 | HookCallFunction protocol_confirmation([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], Analyzer::ANALYZER_HTTP, 3) 1362692526.939527 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) 1362692526.939527 | HookCallFunction split_string1(bro.org, <...>/) 1362692526.939527 | HookDrainEvents -1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692526.939527 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/*) 1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0)) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive) -1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org) -1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) +1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, CONNECTION, Keep-Alive) +1362692526.939527 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=136, state=4, num_pkts=2, num_bytes_ip=116, flow_label=0], resp=[size=0, state=4, num_pkts=1, num_bytes_ip=60, flow_label=0], start_time=1362692526.869344, duration=0.070183, service={HTTP}, addl=, hot=0, history=ShAD, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, HOST, bro.org) +1362692526.939527 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T, [start=1362692526.939527, interrupted=F, finish_msg=message ends normally, body_length=0, content_gap_length=0, header_length=124]) 1362692526.939527 | HookQueueEvent http_request([id=[orig_h=141.142.228.5, orig_p=59856<...>/CHANGES.bro-aux.txt, 1.1) 1362692527.008509 MetaHookPost DrainEvents() -> 1362692527.008509 MetaHookPost UpdateNetworkTime(1362692527.008509) -> @@ -1592,142 +1622,142 @@ 1362692527.008509 | HookDrainEvents 1362692527.009512 MetaHookPost CallFunction(Files::__enable_reassembly, , (FakNcS1Jfe01uljb3)) -> 1362692527.009512 MetaHookPost CallFunction(Files::__set_reassembly_buffer, , (FakNcS1Jfe01uljb3, 1048576)) -> -1362692527.009512 MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -> -1362692527.009512 MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576)) -> +1362692527.009512 MetaHookPost CallFunction(Files::enable_reassembly, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -> +1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> +1362692527.009512 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -> +1362692527.009512 MetaHookPost CallFunction(Files::set_reassembly_buffer_size, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576)) -> 1362692527.009512 MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> -1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> +1362692527.009512 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> +1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> +1362692527.009512 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> 1362692527.009512 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009512 MetaHookPost CallFunction(file_new, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> -1362692527.009512 MetaHookPost CallFunction(file_over_new_connection, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009512 MetaHookPost CallFunction(file_new, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> +1362692527.009512 MetaHookPost CallFunction(file_over_new_connection, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> 1362692527.009512 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.009512 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -> -1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> +1362692527.009512 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009512 MetaHookPost CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -> +1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> 1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> 1362692527.009512 MetaHookPost CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> -1362692527.009512 MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> +1362692527.009512 MetaHookPost CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> 1362692527.009512 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> 1362692527.009512 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.009512 MetaHookPost CallFunction(split_string_all, , (HTTP, <...>/)) -> 1362692527.009512 MetaHookPost DrainEvents() -> -1362692527.009512 MetaHookPost QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> false -1362692527.009512 MetaHookPost QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false +1362692527.009512 MetaHookPost QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -> false +1362692527.009512 MetaHookPost QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +1362692527.009512 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) -> false 1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) -> false 1362692527.009512 MetaHookPost QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -> false -1362692527.009512 MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> false +1362692527.009512 MetaHookPost QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) -> false 1362692527.009512 MetaHookPost UpdateNetworkTime(1362692527.009512) -> 1362692527.009512 MetaHookPre CallFunction(Files::__enable_reassembly, , (FakNcS1Jfe01uljb3)) 1362692527.009512 MetaHookPre CallFunction(Files::__set_reassembly_buffer, , (FakNcS1Jfe01uljb3, 1048576)) -1362692527.009512 MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) -1362692527.009512 MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576)) +1362692527.009512 MetaHookPre CallFunction(Files::enable_reassembly, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) +1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) +1362692527.009512 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=])) +1362692527.009512 MetaHookPre CallFunction(Files::set_reassembly_buffer_size, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576)) 1362692527.009512 MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) -1362692527.009512 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) +1362692527.009512 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) +1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) +1362692527.009512 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) 1362692527.009512 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009512 MetaHookPre CallFunction(file_new, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -1362692527.009512 MetaHookPre CallFunction(file_over_new_connection, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre CallFunction(file_new, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) +1362692527.009512 MetaHookPre CallFunction(file_over_new_connection, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) 1362692527.009512 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.009512 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) +1362692527.009512 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre CallFunction(http_begin_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) +1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) 1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) 1362692527.009512 MetaHookPre CallFunction(http_header, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -1362692527.009512 MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) +1362692527.009512 MetaHookPre CallFunction(http_reply, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) 1362692527.009512 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692527.009512 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.009512 MetaHookPre CallFunction(split_string_all, , (HTTP, <...>/)) 1362692527.009512 MetaHookPre DrainEvents() -1362692527.009512 MetaHookPre QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) -1362692527.009512 MetaHookPre QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) -1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) +1362692527.009512 MetaHookPre QueueEvent(file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=])) +1362692527.009512 MetaHookPre QueueEvent(file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre QueueEvent(http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0")) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100)) +1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT)) 1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora))) 1362692527.009512 MetaHookPre QueueEvent(http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8)) -1362692527.009512 MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) +1362692527.009512 MetaHookPre QueueEvent(http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK)) 1362692527.009512 MetaHookPre UpdateNetworkTime(1362692527.009512) 1362692527.009512 | HookUpdateNetworkTime 1362692527.009512 1362692527.009512 | HookCallFunction Files::__enable_reassembly(FakNcS1Jfe01uljb3) 1362692527.009512 | HookCallFunction Files::__set_reassembly_buffer(FakNcS1Jfe01uljb3, 1048576) -1362692527.009512 | HookCallFunction Files::enable_reassembly([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=]) -1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) -1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=]) -1362692527.009512 | HookCallFunction Files::set_reassembly_buffer_size([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576) +1362692527.009512 | HookCallFunction Files::enable_reassembly([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=]) +1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) +1362692527.009512 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=]) +1362692527.009512 | HookCallFunction Files::set_reassembly_buffer_size([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={}, rx_hosts={}, conn_uids={}, source=HTTP, depth=0, analyzers={}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=], 1048576) 1362692527.009512 | HookCallFunction HTTP::code_in_range(200, 100, 199) -1362692527.009512 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) -1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) +1362692527.009512 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) +1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) +1362692527.009512 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) 1362692527.009512 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009512 | HookCallFunction file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) -1362692527.009512 | HookCallFunction file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookCallFunction file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) +1362692527.009512 | HookCallFunction file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) 1362692527.009512 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.009512 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0") -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100) -1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) +1362692527.009512 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookCallFunction http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0") +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100) +1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) 1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) 1362692527.009512 | HookCallFunction http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) -1362692527.009512 | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) +1362692527.009512 | HookCallFunction http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) 1362692527.009512 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692527.009512 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80) 1362692527.009512 | HookCallFunction split_string_all(HTTP, <...>/) 1362692527.009512 | HookDrainEvents -1362692527.009512 | HookQueueEvent file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) -1362692527.009512 | HookQueueEvent file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0") -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100) -1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) +1362692527.009512 | HookQueueEvent file_new([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]}, last_active=1362692527.009512, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=]) +1362692527.009512 | HookQueueEvent file_over_new_connection([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookQueueEvent http_begin_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ACCEPT-RANGES, bytes) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONNECTION, Keep-Alive) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, CONTENT-LENGTH, 4705) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, DATE, Thu, 07 Mar 2013 21:43:07 GMT) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, ETAG, "1261-4c870358a6fc0") +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, KEEP-ALIVE, timeout=5, max=100) +1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, LAST-MODIFIED, Wed, 29 Aug 2012 23:49:27 GMT) 1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/2.4.3 (Fedora)) 1362692527.009512 | HookQueueEvent http_header([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain; charset=UTF-8) -1362692527.009512 | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) +1362692527.009512 | HookQueueEvent http_reply([id=[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=, status_msg=, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=, resp_mime_types=, current_entity=, orig_mime_depth=1, resp_mime_depth=0]}, current_request=1, current_response=0], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], 1.1, 200, OK) 1362692527.009721 MetaHookPost DrainEvents() -> 1362692527.009721 MetaHookPost UpdateNetworkTime(1362692527.009721) -> 1362692527.009721 MetaHookPre DrainEvents() @@ -1743,8 +1773,8 @@ 1362692527.009775 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -> 1362692527.009775 MetaHookPost CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -> 1362692527.009775 MetaHookPost CallFunction(HTTP::code_in_range, , (200, 100, 199)) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> +1362692527.009775 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009775 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> 1362692527.009775 MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -> 1362692527.009775 MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> 1362692527.009775 MetaHookPost CallFunction(Log::default_path_func, , (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -> @@ -1757,9 +1787,9 @@ 1362692527.009775 MetaHookPost CallFunction(fmt, , (%s, Files::LOG)) -> 1362692527.009775 MetaHookPost CallFunction(fmt, , (%s, HTTP::LOG)) -> 1362692527.009775 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.009775 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> -1362692527.009775 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> +1362692527.009775 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009775 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> +1362692527.009775 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> 1362692527.009775 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> 1362692527.009775 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.009775 MetaHookPost CallFunction(split_string1, , (Files::LOG, <...>/)) -> @@ -1771,15 +1801,15 @@ 1362692527.009775 MetaHookPost DrainEvents() -> 1362692527.009775 MetaHookPost QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) -> false 1362692527.009775 MetaHookPost QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -> false -1362692527.009775 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009775 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false -1362692527.009775 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false +1362692527.009775 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +1362692527.009775 MetaHookPost QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> false +1362692527.009775 MetaHookPost QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> false 1362692527.009775 MetaHookPost UpdateNetworkTime(1362692527.009775) -> 1362692527.009775 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) 1362692527.009775 MetaHookPre CallFunction(Files::set_info, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) 1362692527.009775 MetaHookPre CallFunction(HTTP::code_in_range, , (200, 100, 199)) -1362692527.009775 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) +1362692527.009775 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009775 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) 1362692527.009775 MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) 1362692527.009775 MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) 1362692527.009775 MetaHookPre CallFunction(Log::default_path_func, , (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) @@ -1792,9 +1822,9 @@ 1362692527.009775 MetaHookPre CallFunction(fmt, , (%s, Files::LOG)) 1362692527.009775 MetaHookPre CallFunction(fmt, , (%s, HTTP::LOG)) 1362692527.009775 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.009775 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) +1362692527.009775 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009775 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009775 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) 1362692527.009775 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692527.009775 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.009775 MetaHookPre CallFunction(split_string1, , (Files::LOG, <...>/)) @@ -1806,16 +1836,16 @@ 1362692527.009775 MetaHookPre DrainEvents() 1362692527.009775 MetaHookPre QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) 1362692527.009775 MetaHookPre QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -1362692527.009775 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -1362692527.009775 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) +1362692527.009775 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009775 MetaHookPre QueueEvent(http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) +1362692527.009775 MetaHookPre QueueEvent(http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) 1362692527.009775 MetaHookPre UpdateNetworkTime(1362692527.009775) 1362692527.009775 | HookUpdateNetworkTime 1362692527.009775 1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/1.14 (darwin12.2.0), request_body_len=0, response_body_len=0, status_code=200, status_msg=OK, info_code=, info_msg=, filename=, tags={}, username=, password=, capture_password=F, proxied=, range_request=F, orig_fuids=, orig_mime_types=, resp_fuids=[FakNcS1Jfe01uljb3], resp_mime_types=, current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=]) 1362692527.009775 | HookCallFunction Files::set_info([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=]) 1362692527.009775 | HookCallFunction HTTP::code_in_range(200, 100, 199) -1362692527.009775 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) +1362692527.009775 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) 1362692527.009775 | HookCallFunction Log::__write(Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=]) 1362692527.009775 | HookCallFunction Log::__write(HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) 1362692527.009775 | HookCallFunction Log::default_path_func(Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=]) @@ -1828,9 +1858,9 @@ 1362692527.009775 | HookCallFunction fmt(%s, Files::LOG) 1362692527.009775 | HookCallFunction fmt(%s, HTTP::LOG) 1362692527.009775 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) +1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) 1362692527.009775 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692527.009775 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80) 1362692527.009775 | HookCallFunction split_string1(Files::LOG, <...>/) @@ -1842,9 +1872,9 @@ 1362692527.009775 | HookDrainEvents 1362692527.009775 | HookQueueEvent file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain) 1362692527.009775 | HookQueueEvent file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=]) -1362692527.009775 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) -1362692527.009775 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) +1362692527.009775 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009775 | HookQueueEvent http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) +1362692527.009775 | HookQueueEvent http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) 1362692527.009855 MetaHookPost DrainEvents() -> 1362692527.009855 MetaHookPost UpdateNetworkTime(1362692527.009855) -> 1362692527.009855 MetaHookPre DrainEvents() @@ -1870,20 +1900,20 @@ 1362692527.080828 | HookUpdateNetworkTime 1362692527.080828 1362692527.080828 | HookDrainEvents 1362692527.080972 MetaHookPost CallFunction(ChecksumOffloading::check, , ()) -> -1362692527.080972 MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -> -1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> -1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> -1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692527.080972 MetaHookPost CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -> +1362692527.080972 MetaHookPost CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(Log::default_path_func, , (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(bro_done, , ()) -> 1362692527.080972 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.080972 MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> +1362692527.080972 MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, , ()) -> 1362692527.080972 MetaHookPost CallFunction(fmt, , (%s, Conn::LOG)) -> 1362692527.080972 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> -1362692527.080972 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> +1362692527.080972 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> 1362692527.080972 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> 1362692527.080972 MetaHookPost CallFunction(is_tcp_port, , (59856/tcp)) -> @@ -1899,25 +1929,25 @@ 1362692527.080972 MetaHookPost DrainEvents() -> 1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false 1362692527.080972 MetaHookPost QueueEvent(bro_done()) -> false -1362692527.080972 MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false +1362692527.080972 MetaHookPost QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> false 1362692527.080972 MetaHookPost QueueEvent(filter_change_tracking()) -> false -1362692527.080972 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false +1362692527.080972 MetaHookPost QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> false 1362692527.080972 MetaHookPost UpdateNetworkTime(1362692527.080972) -> 1362692527.080972 MetaHookPre CallFunction(ChecksumOffloading::check, , ()) -1362692527.080972 MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) -1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692527.080972 MetaHookPre CallFunction(Conn::conn_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp)) +1362692527.080972 MetaHookPre CallFunction(Conn::determine_service, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::default_path_func, , (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(bro_done, , ()) 1362692527.080972 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.080972 MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692527.080972 MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, , ()) 1362692527.080972 MetaHookPre CallFunction(fmt, , (%s, Conn::LOG)) 1362692527.080972 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -1362692527.080972 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692527.080972 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) 1362692527.080972 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692527.080972 MetaHookPre CallFunction(is_tcp_port, , (59856/tcp)) @@ -1933,26 +1963,26 @@ 1362692527.080972 MetaHookPre DrainEvents() 1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) 1362692527.080972 MetaHookPre QueueEvent(bro_done()) -1362692527.080972 MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) +1362692527.080972 MetaHookPre QueueEvent(connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre QueueEvent(filter_change_tracking()) -1362692527.080972 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) +1362692527.080972 MetaHookPre QueueEvent(get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre UpdateNetworkTime(1362692527.080972) 1362692527.080972 | HookUpdateNetworkTime 1362692527.080972 1362692527.080972 | HookCallFunction ChecksumOffloading::check() -1362692527.080972 | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp) -1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) -1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) -1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692527.080972 | HookCallFunction Conn::conn_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], tcp) +1362692527.080972 | HookCallFunction Conn::determine_service([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction bro_done() 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) -1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookCallFunction filter_change_tracking() 1362692527.080972 | HookCallFunction fmt(%s, Conn::LOG) 1362692527.080972 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) -1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction get_port_transport_proto(80/tcp) 1362692527.080972 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692527.080972 | HookCallFunction is_tcp_port(59856/tcp) @@ -1968,6 +1998,6 @@ 1362692527.080972 | HookDrainEvents 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() 1362692527.080972 | HookQueueEvent bro_done() -1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) +1362692527.080972 | HookQueueEvent connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookQueueEvent filter_change_tracking() -1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) +1362692527.080972 | HookQueueEvent get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log index 1aa93d5a04..397812ae7c 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log @@ -1,62 +1,62 @@ 0.000000 bro_init 0.000000 filter_change_tracking 1254722767.492060 protocol_confirmation - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] atype: enum = Analyzer::ANALYZER_DNS [2] aid: count = 3 1254722767.492060 ChecksumOffloading::check 1254722767.492060 filter_change_tracking 1254722767.492060 new_connection - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722767.492060 dns_message - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] is_orig: bool = T [2] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0] [3] len: count = 34 1254722767.492060 dns_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=, qclass=, qclass_name=, qtype=, qtype_name=, rcode=, rcode_name=, AA=F, TC=F, RD=F, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=, qclass=, qclass_name=, qtype=, qtype_name=, rcode=, rcode_name=, AA=F, TC=F, RD=F, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=, qclass=, qclass_name=, qtype=, qtype_name=, rcode=, rcode_name=, AA=F, TC=F, RD=F, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=, qclass=, qclass_name=, qtype=, qtype_name=, rcode=, rcode_name=, AA=F, TC=F, RD=F, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0] [2] query: string = mail.patriots.in [3] qtype: count = 1 [4] qclass: count = 1 1254722767.492060 dns_end - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={^J^IDNS^J}, addl=, hot=0, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=F, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=F, AA=F, TC=F, RD=T, RA=F, Z=0, num_queries=1, num_answers=0, num_auth=0, num_addl=0] 1254722767.526085 dns_message - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=T, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^I[31062] = [initialized=T, vals={^J^I^I[0] = [ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=, rcode_name=, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=, total_replies=, saw_query=T, saw_reply=F]^J^I}, settings=[max_len=], top=1, bottom=0, size=0]^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] is_orig: bool = F [2] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0] [3] len: count = 100 1254722767.526085 dns_CNAME_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=F, Z=0, answers=, TTLs=, rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0] [2] ans: dns_answer = [answer_type=1, query=mail.patriots.in, qtype=5, qclass=1, TTL=3.0 hrs 27.0 secs] [3] name: string = patriots.in 1254722767.526085 dns_A_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in], TTLs=[3.0 hrs 27.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0] [2] ans: dns_answer = [answer_type=1, query=patriots.in, qtype=1, qclass=1, TTL=3.0 hrs 28.0 secs] [3] a: addr = 74.53.140.153 1254722767.526085 dns_end - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=[ts=1254722767.49206, uid=CXWv6p3arKYeMETxOg, id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], proto=udp, trans_id=31062, query=mail.patriots.in, qclass=1, qclass_name=C_INTERNET, qtype=1, qtype_name=A, rcode=0, rcode_name=NOERROR, AA=F, TC=F, RD=T, RA=T, Z=0, answers=[patriots.in, 74.53.140.153], TTLs=[3.0 hrs 27.0 secs, 3.0 hrs 28.0 secs], rejected=F, total_answers=2, total_replies=4, saw_query=T, saw_reply=F], dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] msg: dns_msg = [id=31062, opcode=0, rcode=0, QR=T, AA=F, TC=F, RD=T, RA=T, Z=0, num_queries=1, num_answers=2, num_auth=2, num_addl=0] 1254722767.529046 new_connection - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722767.875996 connection_established - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], resp=[size=0, state=4, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.529046, duration=0.34695, service={^J^J}, addl=, hot=0, history=Sh, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -64,7 +64,7 @@ [5] cont_resp: bool = T 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -72,7 +72,7 @@ [5] cont_resp: bool = T 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -80,18 +80,18 @@ [5] cont_resp: bool = F 1254722768.224809 protocol_confirmation - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] atype: enum = Analyzer::ANALYZER_SMTP [2] aid: count = 7 1254722768.224809 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = EHLO [3] arg: string = GP 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -99,7 +99,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -107,7 +107,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -115,7 +115,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -123,7 +123,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -131,7 +131,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -139,13 +139,13 @@ [5] cont_resp: bool = F 1254722768.568729 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = AUTH [3] arg: string = LOGIN 1254722768.911081 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 334 [3] cmd: string = AUTH @@ -153,13 +153,13 @@ [5] cont_resp: bool = F 1254722768.911655 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = ** [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu 1254722769.253544 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 334 [3] cmd: string = AUTH_ANSWER @@ -167,13 +167,13 @@ [5] cont_resp: bool = F 1254722769.254118 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = ** [3] arg: string = cHVuamFiQDEyMw== 1254722769.613798 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 235 [3] cmd: string = AUTH_ANSWER @@ -181,13 +181,13 @@ [5] cont_resp: bool = F 1254722769.614414 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = MAIL [3] arg: string = FROM: 1254722769.956765 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = MAIL @@ -195,13 +195,13 @@ [5] cont_resp: bool = F 1254722769.957250 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = RCPT [3] arg: string = TO: 1254722770.319708 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = RCPT @@ -209,16 +209,16 @@ [5] cont_resp: bool = F 1254722770.320203 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = DATA [3] arg: string = 1254722770.320203 mime_begin_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] 1254722770.661679 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 354 [3] cmd: string = DATA @@ -226,243 +226,243 @@ [5] cont_resp: bool = F 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=FROM, value="Gurpartap Singh" ] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=TO, value=] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=SUBJECT, value=SMTP] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=DATE, value=Mon, 5 Oct 2009 11:36:07 +0530] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=MESSAGE-ID, value=<000301ca4581$ef9e57f0$cedb07d0$@in>] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=MIME-VERSION, value=1.0] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/mixed;^Iboundary="----=_NextPart_000_0004_01CA45B0.095693F0"] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=X-MAILER, value=Microsoft Office Outlook 12.0] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=THREAD-INDEX, value=AcpFgem9BvjjZEDeR1Kh8i+hUyVo0A==] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-LANGUAGE, value=en-us] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=X-CR-HASHEDPUZZLE, value=SeA= AAR2 ADaH BpiO C4G1 D1gW FNB1 FPkR Fn+W HFCP HnYJ JO7s Kum6 KytW LFcI LjUt;1;cgBhAGoAXwBkAGUAbwBsADIAMAAwADIAaQBuAEAAeQBhAGgAbwBvAC4AYwBvAC4AaQBuAA==;Sosha1_v1;7;{CAA37F59-1850-45C7-8540-AA27696B5398};ZwB1AHIAcABhAHIAdABhAHAAQABwAGEAdAByAGkAbwB0AHMALgBpAG4A;Mon, 05 Oct 2009 06:06:01 GMT;UwBNAFQAUAA=] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=X-CR-PUZZLEID, value={CAA37F59-1850-45C7-8540-AA27696B5398}] 1254722770.692743 mime_begin_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=2], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=2], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TYPE, value=multipart/alternative;^Iboundary="----=_NextPart_001_0005_01CA45B0.095693F0"] 1254722770.692743 mime_begin_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=2], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=2], socks=, ssh=, syslog=] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Icharset="us-ascii"] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=7bit] 1254722770.692743 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692743 file_new - [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] 1254722770.692743 file_over_new_connection - [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692743 mime_end_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] 1254722770.692743 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722770.692743 file_mime_type - [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] [1] mime_type: string = text/plain 1254722770.692743 file_state_remove - [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=text/plain, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Fel9gs4OtNEV6gUJZ5, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Hello^M^J^M^J ^M^J^M^JI send u smtp pcap file ^M^J^M^JFind the attachment^M^J^M^J ^M^J^M^JGPS^M^J^M^J, info=[ts=1254722770.692743, fuid=Fel9gs4OtNEV6gUJZ5, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=3, analyzers={^J^J}, mime_type=text/plain, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=77, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] 1254722770.692743 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692743 mime_begin_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=3], socks=, ssh=, syslog=] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/html;^Icharset="us-ascii"] 1254722770.692743 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable] 1254722770.692743 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692743 file_new - [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] 1254722770.692743 file_over_new_connection - [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692743, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=1610, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163697, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692804 mime_end_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] 1254722770.692804 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722770.692804 file_mime_type - [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J

^M^J^M^J

Hello

^M^J^M^J

 

^M^J^M^J

I send u smtp pcap file

^M^J^M^J

Find the attachment

^M^J^M^J

 

^M^J^M^J

GPS

^M^J^M^J
^M^J^M^J^M^J^M^J^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J
^M^J^M^J

Hello

^M^J^M^J

 

^M^J^M^J

I send u smtp pcap file

^M^J^M^J

Find the attachment

^M^J^M^J

 

^M^J^M^J

GPS

^M^J^M^J
^M^J^M^J^M^J^M^J^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] [1] mime_type: string = text/html 1254722770.692804 file_state_remove - [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J
^M^J^M^J

Hello

^M^J^M^J

 

^M^J^M^J

I send u smtp pcap file

^M^J^M^J

Find the attachment

^M^J^M^J

 

^M^J^M^J

GPS

^M^J^M^J
^M^J^M^J^M^J^M^J^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=text/html, filename=, duration=61.0 usecs, local_orig=, is_orig=F, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=Ft4M3f2yMvLlmwtbq9, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J^M^J
^M^J^M^J

Hello

^M^J^M^J

 

^M^J^M^J

I send u smtp pcap file

^M^J^M^J

Find the attachment

^M^J^M^J

 

^M^J^M^J

GPS

^M^J^M^J
^M^J^M^J^M^J^M^J^M^J^M^J, info=[ts=1254722770.692743, fuid=Ft4M3f2yMvLlmwtbq9, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=4, analyzers={^J^J}, mime_type=text/html, filename=, duration=61.0 usecs, local_orig=, is_orig=F, seen_bytes=1868, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] 1254722770.692804 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692804 mime_end_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] 1254722770.692804 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722770.692804 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692804 mime_begin_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=4], socks=, ssh=, syslog=] 1254722770.692804 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TYPE, value=text/plain;^Iname="NEWS.txt"] 1254722770.692804 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-TRANSFER-ENCODING, value=quoted-printable] 1254722770.692804 mime_one_header - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] h: mime_header_rec = [name=CONTENT-DISPOSITION, value=attachment;^Ifilename="NEWS.txt"] 1254722770.692804 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.692804 file_new - [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=, ftp=, http=, irc=, u2_events=] 1254722770.692804 file_over_new_connection - [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722770.692804, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=, info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^J}, rx_hosts={^J^J}, conn_uids={^J^J}, source=SMTP, depth=0, analyzers={^J^J}, mime_type=, filename=, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722770.695115 new_connection - [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722771.494181 file_mime_type - [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J - Strip executable^M^J - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J compiler: -D__DEBUG__^M^J* Each project creates a _private.h file containing version^M^J information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=, filename=NEWS.txt, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=4530, state=4, num_pkts=11, num_bytes_ip=3518, flow_label=0], resp=[size=462, state=4, num_pkts=10, num_bytes_ip=870, flow_label=0], start_time=1254722767.529046, duration=3.163758, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722771.494181, seen_bytes=4027, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J - Strip executable^M^J - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J compiler: -D__DEBUG__^M^J* Each project creates a _private.h file containing version^M^J information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=, filename=NEWS.txt, duration=0 secs, local_orig=, is_orig=F, seen_bytes=0, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] [1] mime_type: string = text/plain 1254722771.858334 mime_end_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=NEWS.txt], fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722771.858334 file_state_remove - [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J - Strip executable^M^J - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J compiler: -D__DEBUG__^M^J* Each project creates a _private.h file containing version^M^J information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=, is_orig=F, seen_bytes=4027, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] + [0] f: fa_file = [id=FL9Y0d45OI4LpS6fmh, parent_id=, source=SMTP, is_orig=F, conns={^J^I[[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp]] = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^I^ISMTP^J^I}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^I^J^I}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^I^J^I}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=]^J}, last_active=1254722771.858316, seen_bytes=10809, total_bytes=, missing_bytes=0, overflow_bytes=0, timeout_interval=2.0 mins, bof_buffer_size=4096, bof_buffer=Version 4.9.9.1^M^J* Many bug fixes^M^J* Improved editor^M^J^M^JVersion 4.9.9.0^M^J* Support for latest Mingw compiler system builds^M^J* Bug fixes^M^J^M^JVersion 4.9.8.9^M^J* New code tooltip display^M^J* Improved Indent/Unindent and Remove Comment^M^J* Improved automatic indent^M^J* Added support for the "interface" keyword^M^J* WebUpdate should now report installation problems from PackMan^M^J* New splash screen and association icons^M^J* Improved installer^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.7^M^J* Added support for GCC > 3.2^M^J* Debug variables are now resent during next debug session^M^J* Watched Variables not in correct context are now kept and updated when it is needed^M^J* Added new compiler/linker options: ^M^J - Strip executable^M^J - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, ^M^J k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2)^M^J - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow)^M^J* "Default" button in Compiler Options is back^M^J* Error messages parsing improved^M^J* Bug fixes^M^J^M^JVersion 4.9.8.5^M^J* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value")^M^J* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features.^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.4^M^J* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup^M^J* Improved code completion cache^M^J* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP^M^J* Big speed up in function parameters listing while editing^M^J* Bug fixes^M^J^M^JVersion 4.9.8.3^M^J* On Dev-C++ first time configuration dialog, a code completion cache of all the standard ^M^J include files can now be generated.^M^J* Improved WebUpdate module^M^J* Many bug fixes^M^J^M^JVersion 4.9.8.2^M^J* New debug feature for DLLs: attach to a running process^M^J* New project option: Use custom Makefile. ^M^J* New WebUpdater module.^M^J* Allow user to specify an alternate configuration file in Environment Options ^M^J (still can be overriden by using "-c" command line parameter).^M^J* Lots of bug fixes.^M^J^M^JVersion 4.9.8.1^M^J* When creating a DLL, the created static lib respects now the project-defined output directory^M^J^M^JVersion 4.9.8.0^M^J* Changed position of compiler/linker parameters in Project Options.^M^J* Improved help file^M^J* Bug fixes^M^J^M^JVersion 4.9.7.9^M^J* Resource errors are now reported in the Resource sheet^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.8^M^J* Made whole bottom report control floating instead of only debug output.^M^J* Many bug fixes^M^J^M^JVersion 4.9.7.7^M^J* Printing settings are now saved^M^J* New environment options : "watch variable under mouse" and "Report watch errors"^M^J* Bug fixes^M^J^M^JVersion 4.9.7.6^M^J* Debug variable browser^M^J* Added possibility to include in a Template the Project's directories (include, libs and ressources)^M^J* Changed tint of Class browser pictures colors to match the New Look style^M^J* Bug fixes^M^J^M^JVersion 4.9.7.5^M^J* Bug fixes^M^J^M^JVersion 4.9.7.4^M^J* When compiling with debugging symbols, an extra definition is passed to the^M^J compiler: -D__DEBUG__^M^J* Each project creates a _private.h file containing version^M^J information definitions^M^J* When compiling the current file only, no dependency checks are performed^M^J* ~300% Speed-up in class parser^M^J* Added "External programs" in Tools/Environment Options (for units "Open with")^M^J* Added "Open with" in project units context menu^M^J* Added "Classes" toolbar^M^J* Fixed pre-compilation dependency checks to work correctly^M^J* Added new file menu entry: Save Project As^M^J* Bug-fix for double quotes in devcpp.cfg file read by vUpdate^M^J* Other bug fixes^M^J^M^JVersion 4.9.7.3^M^J* When adding debugging symbols on request, remove "-s" option from linker^M^J* Compiling progress window^M^J* Environment options : "Show progress window" and "Auto-close progress , info=[ts=1254722770.692804, fuid=FL9Y0d45OI4LpS6fmh, tx_hosts={^J^I74.53.140.153^J}, rx_hosts={^J^I10.10.1.4^J}, conn_uids={^J^ICjhGID4nQcgTWjvg4c^J}, source=SMTP, depth=5, analyzers={^J^J}, mime_type=text/plain, filename=NEWS.txt, duration=801.0 msecs 376.0 usecs, local_orig=, is_orig=F, seen_bytes=4027, total_bytes=, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=], ftp=, http=, irc=, u2_events=] 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722771.858334 mime_end_entity - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = T 1254722771.858334 get_file_handle [0] tag: enum = Analyzer::ANALYZER_SMTP - [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [1] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [2] is_orig: bool = F 1254722771.858334 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = . [3] arg: string = . 1254722772.248789 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = . @@ -470,13 +470,13 @@ [5] cont_resp: bool = F 1254722774.763825 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = QUIT [3] arg: string = 1254722775.105467 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 221 [3] cmd: string = QUIT @@ -484,24 +484,24 @@ [5] cont_resp: bool = F 1254722776.690444 new_connection - [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CsRx2w45OKnoww6xl4, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=, uid=CsRx2w45OKnoww6xl4, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722776.690444 net_done [0] t: time = 1254722776.690444 1254722776.690444 ChecksumOffloading::check 1254722776.690444 connection_state_remove - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=1, num_bytes_ip=62, flow_label=0], resp=[size=100, state=1, num_pkts=1, num_bytes_ip=128, flow_label=0], start_time=1254722767.49206, duration=0.034025, service={^J^IDNS^J}, addl=, hot=0, history=Dd, uid=CXWv6p3arKYeMETxOg, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=[pending_queries={^J^J}, pending_replies={^J^J}], ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722776.690444 filter_change_tracking 1254722776.690444 connection_state_remove - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=28, num_bytes_ip=21673, flow_label=0], resp=[size=538, state=5, num_pkts=25, num_bytes_ip=1546, flow_label=0], start_time=1254722767.529046, duration=7.576953, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaFf, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=221 xc90.websitewelcome.com closing connection, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] 1254722776.690444 connection_state_remove - [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.20, orig_p=138/udp, resp_h=10.10.1.255, resp_p=138/udp], orig=[size=201, state=1, num_pkts=1, num_bytes_ip=229, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722776.690444, duration=0.0, service={^J^J}, addl=, hot=0, history=D, uid=CsRx2w45OKnoww6xl4, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722776.690444 connection_state_remove - [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=192.168.1.1, orig_p=3/icmp, resp_h=10.10.1.4, resp_p=4/icmp], orig=[size=2192, state=1, num_pkts=4, num_bytes_ip=2304, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722770.695115, duration=0.001519, service={^J^J}, addl=, hot=0, history=, uid=CCvvfg3TEfuqmmG4bh, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] 1254722776.690444 bro_done 1254722776.690444 ChecksumOffloading::check diff --git a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log index fbe9032fe7..7a2a9d4137 100644 --- a/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log +++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log @@ -1,5 +1,5 @@ 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -7,7 +7,7 @@ [5] cont_resp: bool = T 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500 , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -15,7 +15,7 @@ [5] cont_resp: bool = T 1254722768.219663 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=0, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=1, num_bytes_ip=48, flow_label=0], start_time=1254722767.529046, duration=0.690617, service={^J^J}, addl=, hot=0, history=ShAd, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 We do not authorize the use of this system to transport unsolicited, , path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 220 [3] cmd: string = > @@ -23,13 +23,13 @@ [5] cont_resp: bool = F 1254722768.224809 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=2, num_bytes_ip=88, flow_label=0], resp=[size=181, state=4, num_pkts=2, num_bytes_ip=269, flow_label=0], start_time=1254722767.529046, duration=0.695763, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdD, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = EHLO [3] arg: string = GP 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=220 and/or bulk e-mail., path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -37,7 +37,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 xc90.websitewelcome.com Hello GP [122.162.143.157], path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -45,7 +45,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 SIZE 52428800, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -53,7 +53,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 PIPELINING, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -61,7 +61,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 AUTH PLAIN LOGIN, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -69,7 +69,7 @@ [5] cont_resp: bool = T 1254722768.566183 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=9, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=3, num_bytes_ip=309, flow_label=0], start_time=1254722767.529046, duration=1.037137, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 STARTTLS, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = EHLO @@ -77,13 +77,13 @@ [5] cont_resp: bool = F 1254722768.568729 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=3, num_bytes_ip=137, flow_label=0], resp=[size=318, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.039683, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = AUTH [3] arg: string = LOGIN 1254722768.911081 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=21, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=4, num_bytes_ip=486, flow_label=0], start_time=1254722767.529046, duration=1.382035, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 HELP, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 334 [3] cmd: string = AUTH @@ -91,13 +91,13 @@ [5] cont_resp: bool = F 1254722768.911655 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=4, num_bytes_ip=189, flow_label=0], resp=[size=336, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.382609, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = ** [3] arg: string = Z3VycGFydGFwQHBhdHJpb3RzLmlu 1254722769.253544 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=51, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=5, num_bytes_ip=544, flow_label=0], start_time=1254722767.529046, duration=1.724498, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 VXNlcm5hbWU6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 334 [3] cmd: string = AUTH_ANSWER @@ -105,13 +105,13 @@ [5] cont_resp: bool = F 1254722769.254118 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=5, num_bytes_ip=259, flow_label=0], resp=[size=354, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=1.725072, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = ** [3] arg: string = cHVuamFiQDEyMw== 1254722769.613798 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=69, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=6, num_bytes_ip=602, flow_label=0], start_time=1254722767.529046, duration=2.084752, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=334 UGFzc3dvcmQ6, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 235 [3] cmd: string = AUTH_ANSWER @@ -119,13 +119,13 @@ [5] cont_resp: bool = F 1254722769.614414 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=6, num_bytes_ip=317, flow_label=0], resp=[size=384, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.085368, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = MAIL [3] arg: string = FROM: 1254722769.956765 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=105, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=7, num_bytes_ip=672, flow_label=0], start_time=1254722767.529046, duration=2.427719, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=235 Authentication succeeded, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = MAIL @@ -133,13 +133,13 @@ [5] cont_resp: bool = F 1254722769.957250 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=7, num_bytes_ip=393, flow_label=0], resp=[size=392, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.428204, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = RCPT [3] arg: string = TO: 1254722770.319708 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=144, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=8, num_bytes_ip=720, flow_label=0], start_time=1254722767.529046, duration=2.790662, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 OK, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = RCPT @@ -147,13 +147,13 @@ [5] cont_resp: bool = F 1254722770.320203 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=8, num_bytes_ip=472, flow_label=0], resp=[size=406, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=2.791157, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=0], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = DATA [3] arg: string = 1254722770.661679 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=150, state=4, num_pkts=9, num_bytes_ip=518, flow_label=0], resp=[size=462, state=4, num_pkts=9, num_bytes_ip=774, flow_label=0], start_time=1254722767.529046, duration=3.132633, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=250 Accepted, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=T, entity=[filename=], fuids=[]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=1], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 354 [3] cmd: string = DATA @@ -161,13 +161,13 @@ [5] cont_resp: bool = F 1254722771.858334 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=23, num_bytes_ip=21438, flow_label=0], resp=[size=462, state=4, num_pkts=15, num_bytes_ip=1070, flow_label=0], start_time=1254722767.529046, duration=4.329288, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = . [3] arg: string = . 1254722772.248789 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14699, state=4, num_pkts=24, num_bytes_ip=21507, flow_label=0], resp=[size=490, state=4, num_pkts=21, num_bytes_ip=1310, flow_label=0], start_time=1254722767.529046, duration=4.719743, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722768.219663, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=1, helo=GP, mailfrom=, rcptto={^J^I^J}, date=Mon, 5 Oct 2009 11:36:07 +0530, from="Gurpartap Singh" , to={^J^I^J}, reply_to=, msg_id=<000301ca4581$ef9e57f0$cedb07d0$@in>, in_reply_to=, subject=SMTP, x_originating_ip=, first_received=, second_received=, last_reply=354 Enter message, ending with "." on a line by itself, path=[74.53.140.153, 10.10.1.4], user_agent=Microsoft Office Outlook 12.0, tls=F, process_received_from=T, has_client_activity=T, entity=, fuids=[Fel9gs4OtNEV6gUJZ5, Ft4M3f2yMvLlmwtbq9, FL9Y0d45OI4LpS6fmh]], smtp_state=[helo=GP, messages_transferred=0, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 250 [3] cmd: string = . @@ -175,13 +175,13 @@ [5] cont_resp: bool = F 1254722774.763825 smtp_request - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=4, num_pkts=25, num_bytes_ip=21547, flow_label=0], resp=[size=490, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.234779, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDa, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = T [2] command: string = QUIT [3] arg: string = 1254722775.105467 smtp_reply - [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] + [0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], orig=[size=14705, state=5, num_pkts=27, num_bytes_ip=21633, flow_label=0], resp=[size=538, state=4, num_pkts=22, num_bytes_ip=1378, flow_label=0], start_time=1254722767.529046, duration=7.576421, service={^J^ISMTP^J}, addl=, hot=0, history=ShAdDaF, uid=CjhGID4nQcgTWjvg4c, tunnel=, dpd=, conn=, extract_orig=F, extract_resp=F, dhcp=, dnp3=, dns=, dns_state=, ftp=, ftp_data_reuse=F, ssl=, http=, http_state=, irc=, modbus=, mysql=, radius=, rdp=, snmp=, smtp=[ts=1254722772.248789, uid=CjhGID4nQcgTWjvg4c, id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp], trans_depth=2, helo=GP, mailfrom=, rcptto=, date=, from=, to=, reply_to=, msg_id=, in_reply_to=, subject=, x_originating_ip=, first_received=, second_received=, last_reply=, path=[74.53.140.153, 10.10.1.4], user_agent=, tls=F, process_received_from=T, has_client_activity=F, entity=, fuids=[]], smtp_state=[helo=GP, messages_transferred=1, pending_messages=, mime_depth=5], socks=, ssh=, syslog=] [1] is_orig: bool = F [2] code: count = 221 [3] cmd: string = QUIT From 371cf10c8635e3a0f6184774ee20df80199b3004 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 16:57:58 -0500 Subject: [PATCH 044/121] Improved transition into SSL/TLS from RDP. --- src/analyzer/protocol/rdp/RDP.cc | 11 ++++++----- src/analyzer/protocol/rdp/rdp-protocol.pac | 9 +++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index dafa7f4c2f..25d5429e8d 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -47,13 +47,12 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) // deliver data to the other side if the script layer can handle this. return; - // If the data appears (very loosely) to be SSL/TLS - // we'll just move this over to the PIA analyzer. - // Like the comment below says, this is probably the wrong - // way to handle this. if ( interp->is_encrypted() ) { - if ( len > 0 && data[0] >= 0x14 && data[0] <= 0x17 ) + // 0x00 is RDP native encryption which we don't do anything with now. + // 0x01 is SSL/TLS + // 0x03-0x04 is CredSSP which is effectively SSL/TLS + if ( interp->encryption_method() > 0x00 ) { if ( ! pia ) { @@ -67,7 +66,9 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } if ( pia ) + { ForwardStream(len, data, orig); + } } } else // if not encrypted diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 950744301f..adb13948ef 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -388,15 +388,19 @@ refine connection RDP_Conn += { %member{ bool is_encrypted_; + uint32 encryption_method_; %} %init{ is_encrypted_ = false; + encryption_method_ = 0; %} function go_encrypted(method: uint32): bool %{ is_encrypted_ = true; + encryption_method_ = method; + if ( rdp_begin_encryption ) { BifEvent::generate_rdp_begin_encryption(bro_analyzer(), @@ -411,4 +415,9 @@ refine connection RDP_Conn += { %{ return is_encrypted_; %} + + function encryption_method(): uint32 + %{ + return encryption_method_; + %} }; \ No newline at end of file From 6ab5701ad023aeaa2d1d2d86902febb1f6fae7b8 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 9 Mar 2015 12:33:56 -0700 Subject: [PATCH 045/121] Update certificate validation script - new version will cache valid intermediate chains that it encounters on the wire and use those to try to validate chains that might be missing intermediate certificates. This vastly improves the number of certificates that Bro can validate. The only drawback is that now validation behavior is not entirely predictable anymore - the certificate of a server can fail to validate when Bro just started up (due to the intermediate missing), and succeed later, when the intermediate can be found in the cache. Has been tested on big-ish clusters and should not introduce any performance problems. --- .../policy/protocols/ssl/validate-certs.bro | 129 +++++++++++++++--- .../ssl.log | 15 ++ .../ssl-all.log | 23 ++++ .../ssl.log | 11 -- .../Traces/tls/missing-intermediate.pcap | Bin 0 -> 13449 bytes .../protocols/ssl/validate-certs-cluster.bro | 37 +++++ .../policy/protocols/ssl/validate-certs.bro | 7 +- 7 files changed, 191 insertions(+), 31 deletions(-) create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log delete mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log create mode 100644 testing/btest/Traces/tls/missing-intermediate.pcap create mode 100644 testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index 19b0b70806..d2b3befaed 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -1,4 +1,6 @@ ##! Perform full certificate chain validation for SSL certificates. +# Also caches all intermediate certificates encountered so far and use them +# for future validations. @load base/frameworks/notice @load base/protocols/ssl @@ -19,12 +21,92 @@ export { }; ## MD5 hash values for recently validated chains along with the - ## validation status message are kept in this table to avoid constant + ## validation status are kept in this table to avoid constant ## validation every time the same certificate chain is seen. global recently_validated_certs: table[string] of string = table() - &read_expire=5mins &synchronized &redef; + &read_expire=5mins &redef; + + ## Event from a worker to the manager that it has encountered a new + ## valid intermediate + global intermediate_add: event(key: string, value: vector of opaque of x509); + + ## Event from the manager to the workers that a new intermediate chain + ## is to be added + global new_intermediate: event(key: string, value: vector of opaque of x509); } +global intermediate_cache: table[string] of vector of opaque of x509; + +@if ( Cluster::is_enabled() ) +@load base/frameworks/cluster +redef Cluster::manager2worker_events += /SSL::intermediate_add/; +redef Cluster::worker2manager_events += /SSL::new_intermediate/; +@endif + + +function add_to_cache(key: string, value: vector of opaque of x509) + { + intermediate_cache[key] = value; +@if ( Cluster::is_enabled() ) + event SSL::new_intermediate(key, value); +@endif + } + +@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) +event SSL::intermediate_add(key: string, value: vector of opaque of x509) + { + intermediate_cache[key] = value; + } +@endif + +@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) +event SSL::new_intermediate(key: string, value: vector of opaque of x509) + { + if ( key in intermediate_cache ) + return; + + intermediate_cache[key] = value; + event SSL::intermediate_add(key, value); + } +@endif + +function cache_validate(chain: vector of opaque of x509): string + { + local chain_hash: vector of string = vector(); + + for ( i in chain ) + chain_hash[i] = sha1_hash(x509_get_certificate_string(chain[i])); + + local chain_id = join_string_vec(chain_hash, "."); + + # If we tried this certificate recently, just return the cached result. + if ( chain_id in recently_validated_certs ) + return recently_validated_certs[chain_id]; + + local result = x509_verify(chain, root_certs); + recently_validated_certs[chain_id] = result$result_string; + + # if we have a working chain where we did not store the intermediate certs + # in our cache yet - do so + if ( result$result_string == "ok" && result?$chain_certs && |result$chain_certs| > 2 ) + { + local result_chain = result$chain_certs; + local icert = x509_parse(result_chain[1]); + if ( icert$subject !in intermediate_cache ) + { + local cachechain: vector of opaque of x509; + for ( i in result_chain ) + { + if ( i >=1 && i<=|result_chain|-2 ) + cachechain[i-1] = result_chain[i]; + } + add_to_cache(icert$subject, cachechain); + } + } + + return result$result_string; + } + event ssl_established(c: connection) &priority=3 { # If there aren't any certs we can't very well do certificate validation. @@ -32,9 +114,30 @@ event ssl_established(c: connection) &priority=3 ! c$ssl$cert_chain[0]?$x509 ) return; - local chain_id = join_string_vec(c$ssl$cert_chain_fuids, "."); - local hash = c$ssl$cert_chain[0]$sha1; + local intermediate_chain: vector of opaque of x509 = vector(); + local issuer = c$ssl$cert_chain[0]$x509$certificate$issuer; + local result: string; + # look if we already have a working chain for the issuer of this cert. + # If yes, try this chain first instead of using the chain supplied from + # the server. + if ( issuer in intermediate_cache ) + { + intermediate_chain[0] = c$ssl$cert_chain[0]$x509$handle; + for ( i in intermediate_cache[issuer] ) + intermediate_chain[i+1] = intermediate_cache[issuer][i]; + + result = cache_validate(intermediate_chain); + if ( result == "ok" ) + { + c$ssl$validation_status = result; + return; + } + } + + # validation with known chains failed or there was no fitting intermediate + # in our store. + # Fall back to validating the certificate with the server-supplied chain local chain: vector of opaque of x509 = vector(); for ( i in c$ssl$cert_chain ) { @@ -42,24 +145,14 @@ event ssl_established(c: connection) &priority=3 chain[i] = c$ssl$cert_chain[i]$x509$handle; } - if ( chain_id in recently_validated_certs ) - { - c$ssl$validation_status = recently_validated_certs[chain_id]; - } - else - { - local result = x509_verify(chain, root_certs); - c$ssl$validation_status = result$result_string; - recently_validated_certs[chain_id] = result$result_string; - } + result = cache_validate(chain); + c$ssl$validation_status = result; - if ( c$ssl$validation_status != "ok" ) + if ( result != "ok" ) { local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status); NOTICE([$note=Invalid_Server_Cert, $msg=message, $sub=c$ssl$subject, $conn=c, - $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_status)]); + $identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status)]); } } - - diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log new file mode 100644 index 0000000000..df2cdf9732 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-cluster/ssl.log @@ -0,0 +1,15 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-09-19-32-44 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string +1425929564.247511 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FTzCuuqU5y7w85H89 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate +1425929565.270104 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FXzQOu1ZSKSF7H8Ez6 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate +1425929566.843026 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T F5l2dVkZHiwiOWR67,Fkw2ETDXfIXIvatba,Fbgf8A3V6m8v33wTcj (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +1425929571.372511 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FhEtvg4pQ90832J56f (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +1425929567.865619 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fyc6cQ2rMCAhpIGcM5,FoJ8j735m9ogDYopYj,FHaYhA3ykzVlKPnnsc (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +1425929572.395104 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FwZZ8034tgyXSponwg (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +#close 2015-03-09-19-32-53 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log new file mode 100644 index 0000000000..77ba9233ae --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl-all.log @@ -0,0 +1,23 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-09-19-44-42 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string +1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - F - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired +1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok +#close 2015-03-09-19-44-42 +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-09-19-44-42 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string +1417039703.224578 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FghNi02cFL9n6ttuMa (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate +1417039705.820093 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +1417039710.349578 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FRcFYq3e3hgYkZ8dS1 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +#close 2015-03-09-19-44-42 diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log deleted file mode 100644 index a464c64670..0000000000 --- a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log +++ /dev/null @@ -1,11 +0,0 @@ -#separator \x09 -#set_separator , -#empty_field (empty) -#unset_field - -#path ssl -#open 2014-08-08-17-13-58 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status -#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string -1394745602.951961 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 TLSv10 TLS_DHE_RSA_WITH_AES_256_CBC_SHA - - F - - T F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl (empty) CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB - - certificate has expired -1394745618.791420 CjhGID4nQcgTWjvg4c 192.168.4.149 60540 122.1.240.204 443 TLSv10 TLS_RSA_WITH_AES_256_CBC_SHA - - F - - T F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h (empty) CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US - - ok -#close 2014-08-08-17-13-58 diff --git a/testing/btest/Traces/tls/missing-intermediate.pcap b/testing/btest/Traces/tls/missing-intermediate.pcap new file mode 100644 index 0000000000000000000000000000000000000000..9f44e3e4d25f2f584096819fd7ac4ace9b758455 GIT binary patch literal 13449 zcmeHOc|29y+h1oi3&&XG6v=EK^N=DTWK49ZB;%1OPDGibXfPy=N(hxoQW~y0CEYR< zH&-f(kOn1@S>CmeWW4V0{yy&?@8|v8UF(y*?fre$de(P;_j;c7R9jkj1`F_D;=lt8 zJh8V7vfa1|2Q1*vXaiDv+YdzLk=<99TeAW~0Q8Es>j6C?0E|5R;Yjki{jFy(x5Z+e zOwgMPu%n}$q5xp=gdz+MhsR)8+3^Zz-lD(5W5>`#yeH7daK~(np;Pq$*h%a=fFh$7 zFt=OJxRX=*p#{?dK0R>$-Y;~3qNB*@fx+OhXx}eD^p)@&Z8Q3=dc4O77&^2hAj)?I*;5Y}OFj?;Fs;P*AI1EM!12A$pTz+nKrB3eA z(PkFe601!Lq?(TIngq|PTYN}1TUWYe7XYaYgdxw6W=Jyl8SEenoCaHg7tjKlU@zFi zP-ZAHWEoP7c?<$b2f9EF>}Du2=Rxv0H1%?b` z34@z~2PeTYpajx@K44++GFTX#3@ji3JcEzH3IqX(!NtGf3y8pLoIn`f%nlzHV&2XI9~6KrBR~)mU4v*ydQBmYQHVc5wyd32toCQKIr5yVrSRM|K0}$2$ zf(;;8BGCjhBpR=h!R$YaoaFhI-Xk#x7m-aiZgpHA7Y4&Y07%qB3J1bQ#I3^(h>8QELs^7~k99_Pm7k9@&6jN8=SvUp^CsIld(&JY zq$@=b;U6>26&xI_=n_Pu1uFUlcp%Z3#giR}Apl%7W*&go*|E_W49Jt>@av*`XjLz? z5>F|9(Ds1F`(4d_MK0Y~cyFM;^p6YbBVrrQoIl&R4}D*dI9P(EBLnxw_Gv3<2s*)5^P1+;OW~ z!cKAO$!okn5>IUNa3{V`3=P^~XO`ihv-sltr+NPEt_O!*Kfc@5O&WY{xy7kPohWbp zz=N{)+%{60%|!td8S&%t%OAQPCHf?fvg+6x^3)Uz_fmfo;XYr^$+;)FV<#2|btEeq z^ALLEJ~9vbP>h7ZjN%Ch)EIz>p%<3mQSY+K5itY;3l8(^CoGe3V)M}Z@i;6Y1JOZm z7so>$AV`K{hJ4&F_5^s(!ks{Onul^AML|Q+CBPe@q7RetHi#8sLFCvRw;B^S;)`Js z!XPUU-EpH>j38waBY#rrZ-|LRMUOuZB|ZqDBeLV?2qtdfPdq=DK>t}fi5UI57aOPj zk8Lx@2**cfa#&0PFN_FA@-H!r^0boD)YVatzfMq_cwLIhGVqG==T>G*m>l<1}#YIz9P_vRO*KzU8p4u4m46p7 zXnbARXU|fQzK*Vedw4xn;9$Z29q-D`g6^uBjvi?^pHwtysN}RIT&e@galnETZHd3sWs3XF!Kth#21uDN0{92%G zy7B`}>Pl4kiw{jz{-bA@$}jw*LZWx7@^eEJ6!jrQT?v0i+w`wGP?g}B?W?{y+?{;% zY$T6(^`v#e2lShQBKk+-zz+CrMB8*kj8__V4n$!x_zH*jbLGKAMAr#K9{7dD0J6>A zm0Y_?)DlGV{^>i}_b=M$U0>w8;WW>F!?+F-QrjoRUhkJKuGbe%8?ERRvm4rc%6T{= zv#aHgll?K&;@9Fg{Ic@*9Sfn~v=c9N*zu|}%|cC^?Rj|HHak146%dtu!6F;K#c_Q; zF>8Lgnd9{>N&4DH_N=Y1$q?mLD7oL|-*;A{IV$g|%{#xyT1C*B8?_<{v)1d0s=))m8cJy<3{-i;^y}6FXAYuBRn#aCK5fGjVhtsdI4(khMtWrH%<2>@#Xdos@25;vr!#C@v!xZ2Rr!#yysb@9Wcz~ zM|BPZ9RkS7^q8ZgTeNTK|CxG6EIw=A2?0re$z;toQ;*k6?hv(Kqw|pV5(n2O=o)1f zzBo}0n0(nfjW1`#Vx5a3g+~q#{G5lMD}@h}jAKL2c%KSSvs!Z0p{+`3qcE<5J>~9HD$bc(6Mz? zh8_3pU}989`Gx&`58A|Xh-{s#!V=?XEY};h39CS zF?Q$>J)lgi-Gw6m^k!x(b>2#7VRZ(dX3|MLCb}yg%gWATcCrGmaG@PWXe=mlF+~3B znXd|)wco2Dx&e%tcAgPKucv?w2+7TpW5o z+%a&6-}i@N)~mA@+Tu25&_rC=g5n0Y{Tnm=jG53`aBrTN*BOja_3B0$Lrb2<7=xJm z7k5SSfKbfOmeJi9C1%?*C#K&86;)f2LlEIfZ!_prthAeS_3nt>tsj=*uH3k#~L=L?RN0JOe!$rlP zD{|PcK>Ez}{@+H7_w>tzwLTXJiJ$y(;tuG1jJ(t0b{mQ?oRZkX3{`bet8>F05Mo*SH= z${*p~llI1EW8EHYh0P6DQ^m{z&fb>xEEU@JbpFF?Hv)^`f&H~|neOvq^7~?ih5wKf zQ*+GY^7dd$4Qtu`f?~(G#gRI{Y5kK=S^|IWUQoGG+`jjrnpODaYXU*f16u-5Ygjh2 zMX)&!k_}qcm<1f!FFSgA9z$n5Vyu9k`W@kft{saQu?UzE5B^Q~sDwVui?UAZBVa~@n(n#Vmvuc#vz)B`nVYwC;y7Q|2}gwP2AA15moB`xt01m zQ>itkDmDL!aqXXXYpPO%7IXK6W{+zkE1Y*ST0ivko7xI(>2Q0o=6IP)1+pkCZ&mA4Czh ztvjN$!Uio^G!L;|Qrt;Qs_hyy00cbzuE5+A?)}(z1;aAU@kmtSe^YKY3O&x6Y3)Biu;!N1ECwk5fnbqpA7J4cSW^TGSB>EqS3sO=U$ zlD!o|r2c|!)ZL+5B8lTW$FsP`JBF1-*`H_Sob zdL#GJiU+nmMU+*IhwS!eui11WzCtqQ#9RBY;(9*u$FV*=HIZFbC-z*b<=`O)X70Uyxby(m?){rjK6|1wS6( zULGWLH!MCfa+N{5LX!d8_Lu7KFTRS`{=Sj#paec&aJM=K8PhkvbYEVDY9taEh}@)lGHainhh-M|@FxH#jb5T^rgr-}TK6 zE9c6!)_O8#_j@jBJGG)p&4HhDP2I~>YW1l~Ez&)%)Z4C3RqFDKQk53Y25lquIU4>? z4CD$@OH)2HJDuk-DWy9L;@3{xL4!j>G@PNH)t3OyY`(atDpHNbgJtCwTz^P)f#RZ^%x2%v zs1YPTRQz}9PJnBMqS}Z=W6ORDE12f^|C_=JiKPV>+ROv4yHzwO$|~@$nwFZD!~ek^ z|D8gXe7=Vp?oAxVUh#80z4}FZ$lJ_foU@&9sqyva<+^H$@dkZoXeVAL%pW0+SCcKnk*wAHCB{w$A8ywSRz8{0+SMYP&p zGV5O#V2>5)7urVsv{0IbUY5T4j(1T{c0sqRMo0>y!)Q}Pv(MT!TP|0LbGY2rP9GW$ z0Y{zbPo<*uT)GPbyhON;mDh4_uhbaY7k`i1wI#yos*@YipIdAmO=gRWBU{ilyDiOTbg{HrsajS%wfZPG_q*4_ zr5)l)U1JKl64Co7>NuZWGtLq1zJvfa)Us!w$ zTz~IwX42OGKBrpJQ2#eaUE7FHCO@LUbE?Fh^LjD{t5k=AhXP;P*ZD_X;mG~sJ4}T8 zB4^&$1oJd%rF?CE%6P$^({|{p?1~GTca$oI1h;Yd@&#Vlt62DT^lDM6q=4zS57%jf zYl_tNswH%LIIQdoQA}N^VH1AlyUT?dJBd>!_YbTUZMA;+pylEAhdU~lMI`H{-_R1* ziQk9xo>a?89wIVUHmCiLDm4#O>K8ESfVSz`4^ZLNhbpya?^LB0H)ATbFbMtg%v7cB z@$|t5cVRz+^jybubHjorPc?Dj*2@)=E7kX37zjpkwuYh$81RF;}v|I zrFQ4sTsw@C@XMQExAMHHVC(Q?)lBZ?^g79tX7LtICktB+RK{;H2m z#E-KfN(yiR2J`^hW+a3Qm%-%Lc^%^167;XsJFaacbXqUG1FW?TK(CX4&8UBp6PD9Ynmx)6E3+NRSLqwdwuq-(-7y1s>U9gKu@4dNQ7YdS39$(KaO zQx5Be9>UA=fUz0#Hp=9cdx8XU^pj_%{M%(;E_5z_*t={|^}to?x*bG|foEww#U3uv zY7U7l9frz!Z_L$BE)gAx*zi2eLtrs?|BE4k6T9!Hh>CtW- zE{1WvKum7u;i!6PA}{+_R;<~L2Ne%CUKc&p^txfirNcTEZpwbcCs;|wDfLbFqVp~r zo7<^*Eh;YZ8nQolK|2fZFBNl>wYpO#+owCQaU{NkFRlt3(4`~il(ETzSX2J2L{@#0 zPrt0Z{#I-^WvEVHS9>4`ul`cDSg1l#XN!HU3~MG!)mLZRRv{7F;1j4%Z$qE{b*h|C zU{;O{#!|_xkjI^qSf|Tkmd?HrB3>KD0%u4#w9R1MTA%xKAfl{`9cSH5X%tZa&eHs! zB&l7Z^ZeOmL-WChZLycUYZ5I3TTp{6BiK2HAeKIx!Al~{A;5i}i6M*`WDdar_iG5# zi3Zks4WLA$c~2!8xi#kgrTHk)epebN+IbRQ;ifcm2tVg!*y2cg!Z+*9CUn8?A1ik# z`5ilm8oUJ!j?cmjgQ{MGOoP*yy$HuN$O}SiuTM3IB3e7*fI6H2w9S|W>AkpFoiZQ2 z*$TcBbO!)7K@>wH!WoHLIcdshIP1utHq z(O_g>$I#J459+g5P4a z%~&sJQlBx4Ww29~KXpG-`C;K4i`!J?M`J@2H4UQv^*Vv;#cW@7A6~D*)Fik9o>Vwj z0_%}1cu_VsbUf~wST+4bge%~Q!nrX-be-_Ca86CU*t{giQR3XA)5#Fl3TbUl&SY$pIm2JcUNjp z{OaIG68U>8WJ)_k1cJTa>@v>3uw7f>N&e}g6WfFjY)*GP)y&SgD3M*c;Uzsr%k8&F zleeY8qF)A2?T@)5BSz}?{$Mqlx1{3i;f42Ovw$xd^G1{uZCP2{t@{2Idm=_jhPF`m zk<-g%tMVkm`NirCx(!oxKYa2^EWBdehD&dgE`+XlxYt4$v#-Aaj7Z8bBw zQ{cFwMDvHB|00zy`fbI&JI_(RKCnw=(^7vzx}MN?H+P$BVfve_)st%1Ot@V+uFX#j zx_Zp#wpo4R6>8O&K7TI!cgiDLt?W6^Msyy2dqtS5aIO~R%k`Jj_>#mk>T8S^&dKpj z;Y-dWEuH*qqDT;6Tj8nvRNj# z$Hu%oI^q^;C>$F4>o+0_{?~+={Po?$>^cmnCJN`q455e$Z4-zy-dt4&J?2atn>G_L zmhg2#3+H$hf6c@Kyu!Ua6ft@d;>^`OD>7>zoyOcdrH>b&GZvtTi4YMj!$aGQK1w?< V|3k+0?AiK=mf|_W4d$`qe*hjM$^QTV literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro new file mode 100644 index 0000000000..db9c6cd9da --- /dev/null +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro @@ -0,0 +1,37 @@ +# @TEST-SERIALIZE: comm +# +# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT" +# @TEST-EXEC: sleep 1 +# @TEST-EXEC: btest-bg-run proxy-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-1 bro %INPUT" +# @TEST-EXEC: btest-bg-run proxy-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-2 bro %INPUT" +# @TEST-EXEC: sleep 1 +# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT" +# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT" +# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log +# + +redef Log::default_rotation_interval = 0secs; + +@TEST-START-FILE cluster-layout.bro +redef Cluster::nodes = { + ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")], + ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")], + ["proxy-2"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")], + ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"], + ["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth1"], +}; +@TEST-END-FILE + +event terminate_me() { + terminate(); +} + +event remote_connection_closed(p: event_peer) { + schedule 1sec { terminate_me() }; +} + + +@load base/frameworks/cluster +@load protocols/ssl/validate-certs.bro diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro index 56408483f0..19fca8cb89 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro @@ -1,4 +1,7 @@ # @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT -# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: cat ssl.log > ssl-all.log +# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT +# @TEST-EXEC: cat ssl.log >> ssl-all.log +# @TEST-EXEC: btest-diff ssl-all.log -@load protocols/ssl/validate-certs +@load protocols/ssl/validate-certs.bro From 144302d3e7cb07e2001a10a9c0c4009112254578 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 9 Mar 2015 12:53:17 -0700 Subject: [PATCH 046/121] add knob to revert to old validation behavior --- .../policy/protocols/ssl/validate-certs.bro | 19 +++++++++++++++++-- .../ssl.log | 12 ++++++++++++ .../protocols/ssl/validate-certs-no-cache.bro | 6 ++++++ 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log create mode 100644 testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index d2b3befaed..09000164aa 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -26,6 +26,18 @@ export { global recently_validated_certs: table[string] of string = table() &read_expire=5mins &redef; + ## Use intermediate CA certificate caching when trying to validate + ## certificates. When this is enabled, Bro keeps track of all valid + ## intermediate CA certificates that it has seen in the past. When + ## encountering a host-certificate that cannot be validated because + ## of missing intermediate CA certificate, the cached list is used + ## to try to validate the cert. This is similar to how Firefox is + ## doing certificate validation. + ## Disabling this will usually greatly increase the number of validation + ## warnings that you encounter. Only disable if you want to find misconfigured + ## servers. + global ssl_cache_intermediate_ca: bool = T &redef; + ## Event from a worker to the manager that it has encountered a new ## valid intermediate global intermediate_add: event(key: string, value: vector of opaque of x509); @@ -88,7 +100,10 @@ function cache_validate(chain: vector of opaque of x509): string # if we have a working chain where we did not store the intermediate certs # in our cache yet - do so - if ( result$result_string == "ok" && result?$chain_certs && |result$chain_certs| > 2 ) + if ( ssl_cache_intermediate_ca && + result$result_string == "ok" && + result?$chain_certs && + |result$chain_certs| > 2 ) { local result_chain = result$chain_certs; local icert = x509_parse(result_chain[1]); @@ -121,7 +136,7 @@ event ssl_established(c: connection) &priority=3 # look if we already have a working chain for the issuer of this cert. # If yes, try this chain first instead of using the chain supplied from # the server. - if ( issuer in intermediate_cache ) + if ( ssl_cache_intermediate_ca && issuer in intermediate_cache ) { intermediate_chain[0] = c$ssl$cert_chain[0]$x509$handle; for ( i in intermediate_cache[issuer] ) diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log new file mode 100644 index 0000000000..9f33703649 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs-no-cache/ssl.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-09-19-51-25 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer validation_status +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string string +1417039703.224578 CXWv6p3arKYeMETxOg 192.168.4.149 58529 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FghNi02cFL9n6ttuMa (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate +1417039705.820093 CjhGID4nQcgTWjvg4c 192.168.4.149 58530 72.167.102.91 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fz7gr4fSm2T2sEyDl,FhjNBG25vvoBO6CS79,FQFHJA20WL56NP6LXk (empty) CN=valid.sfig2.catest.starfieldtech.com,O=Starfield Technologies\, LLC,L=Scottsdale,ST=Arizona,C=US,serialNumber=R-1724741-6,businessCategory=Private Organization,jurisdictionST=Arizona,jurisdictionC=US CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - ok +1417039710.349578 CCvvfg3TEfuqmmG4bh 192.168.4.149 58532 128.32.169.140 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T FRcFYq3e3hgYkZ8dS1 (empty) CN=www.cviis.org,OU=Domain Control Validated CN=Starfield Secure Certificate Authority - G2,OU=http://certs.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US - - unable to get local issuer certificate +#close 2015-03-09-19-51-25 diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro new file mode 100644 index 0000000000..1bca5b5c50 --- /dev/null +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro @@ -0,0 +1,6 @@ +# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT +# @TEST-EXEC: btest-diff ssl.log + +@load protocols/ssl/validate-certs.bro + +redef SSL::ssl_cache_intermediate_ca = F; From d208c95e9a030142971c1982b101db70677e52f3 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 9 Mar 2015 12:56:55 -0700 Subject: [PATCH 047/121] and still use the hash for notice suppression. --- scripts/policy/protocols/ssl/validate-certs.bro | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.bro index 09000164aa..6e4aba704b 100644 --- a/scripts/policy/protocols/ssl/validate-certs.bro +++ b/scripts/policy/protocols/ssl/validate-certs.bro @@ -131,6 +131,7 @@ event ssl_established(c: connection) &priority=3 local intermediate_chain: vector of opaque of x509 = vector(); local issuer = c$ssl$cert_chain[0]$x509$certificate$issuer; + local hash = c$ssl$cert_chain[0]$sha1; local result: string; # look if we already have a working chain for the issuer of this cert. @@ -168,6 +169,6 @@ event ssl_established(c: connection) &priority=3 local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status); NOTICE([$note=Invalid_Server_Cert, $msg=message, $sub=c$ssl$subject, $conn=c, - $identifier=cat(c$id$resp_h,c$id$resp_p,c$ssl$validation_status)]); + $identifier=cat(c$id$resp_h,c$id$resp_p,hash,c$ssl$validation_status)]); } } From d9b4693240309a496e5e75e6c028605fc76c39ba Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Mon, 9 Mar 2015 16:04:35 -0400 Subject: [PATCH 048/121] Some cleanup and refactoring on SSH main.bro. Specifically, an overhaul of how the algorithm negotiation is calculated, to simplify a lot of the code. --- scripts/base/init-bare.bro | 46 +++--- scripts/base/protocols/ssh/main.bro | 171 +++++++++------------ src/analyzer/protocol/ssh/ssh-analyzer.pac | 40 +++-- src/analyzer/protocol/ssh/types.bif | 1 + 4 files changed, 125 insertions(+), 133 deletions(-) diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index e8e35c2e3b..ac73ba980d 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -2218,37 +2218,31 @@ export { module SSH; export { + ## The client and server each have some preferences for the algorithms used + ## in each direction. + type Algorithm_Prefs: record { + ## The algorithm preferences for client to server communication + client_to_server: vector of string &optional; + ## The algorithm preferences for server to client communication + server_to_client: vector of string &optional; + }; + ## SSH Capability record type Capabilities: record { ## Key exchange algorithms - kex_algorithms : string_vec; + kex_algorithms: string_vec; ## The algorithms supported for the server host key - server_host_key_algorithms : string_vec; - ## Acceptable symmetric encryption algorithms for c->s, - ## in order of preference - encryption_algorithms_client_to_server : string_vec; - ## Acceptable symmetric encryption algorithms for s->c, - ## in order of preference - encryption_algorithms_server_to_client : string_vec; - ## Acceptable MAC algorithms for c->s, - ## in order of preference - mac_algorithms_client_to_server : string_vec; - - ## Acceptable MAC algorithms for s->c, - ## in order of preference - mac_algorithms_server_to_client : string_vec; - ## Acceptable compression algorithms for c->s, - ## in order of preference - compression_algorithms_client_to_server : string_vec; - ## Acceptable compression algorithms for c->s, - ## in order of preference - compression_algorithms_server_to_client : string_vec; - ## Language tags in order of preference for c->s - languages_client_to_server : string_vec &optional; - ## Language tags in order of preference for s->c - languages_server_to_client : string_vec &optional; + server_host_key_algorithms: string_vec; + ## Symmetric encryption algorithm preferences + encryption_algorithms: Algorithm_Prefs; + ## Symmetric MAC algorithm preferences + mac_algorithms: Algorithm_Prefs; + ## Compression algorithm preferences + compression_algorithms: Algorithm_Prefs; + ## Language preferences + languages: Algorithm_Prefs &optional; ## Are these the capabilities of the server? - is_server : bool; + is_server: bool; }; } diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 8db2e4d023..706b687131 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -1,56 +1,51 @@ ##! Implements base functionality for SSH analysis. Generates the ssh.log file. +@load base/utils/directions-and-hosts + module SSH; export { + ## The SSH protocol logging stream identifier. redef enum Log::ID += { LOG }; type Info: record { - ## Timestamp for when the event happened. - ts: time &log; + ## Time when the SSH connection began. + ts: time &log; ## Unique ID for the connection. - uid: string &log; + uid: string &log; ## The connection's 4-tuple of endpoint addresses/ports. - id: conn_id &log; + id: conn_id &log; ## SSH major version (1 or 2) - version: count &log; - ## Auth result - auth_success: bool &log &optional; - - ## Auth details - auth_details: string &log &optional; + version: count &log; + ## Authentication result (T=success, F=failure, unset=unknown) + auth_success: bool &log &optional; ## Direction of the connection. If the client was a local host ## logging into an external host, this would be OUTBOUND. INBOUND ## would be set for the opposite situation. - ## TODO: handle local-local and remote-remote better. - direction: Direction &log &optional; - ## The encryption algorithm in use - cipher_alg: string &log &optional; - ## The signing (MAC) algorithm in use - mac_alg: string &log &optional; - ## The compression algorithm in use - compression_alg: string &log &optional; - ## The key exchange algorithm in use - kex_alg: string &log &optional; - - ## The server host key's algorithm - host_key_alg: string &log &optional; - ## The server's key fingerprint - host_key: string &log &optional; + # TODO - handle local-local and remote-remote better. + direction: Direction &log &optional; ## The client's version string - client: string &log &optional; + client: string &log &optional; ## The server's version string - server: string &log &optional; - - ## This connection has been logged (internal use) - logged: bool &default=F; - ## Number of failures seen (internal use) - num_failures: count &default=0; - ## Store capabilities from the first host for - ## comparison with the second (internal use) - capabilities: Capabilities &optional; + server: string &log &optional; + ## The encryption algorithm in use + cipher_alg: string &log &optional; + ## The signing (MAC) algorithm in use + mac_alg: string &log &optional; + ## The compression algorithm in use + compression_alg: string &log &optional; + ## The key exchange algorithm in use + kex_alg: string &log &optional; + ## The server host key's algorithm + host_key_alg: string &log &optional; + ## The server's key fingerprint + host_key: string &log &optional; }; + ## The set of compression algorithms. We can't accurately determine + ## authentication success or failure when compression is enabled. + const compression_algorithms = set("zlib", "zlib@openssh.com") &redef; + ## If true, we tell the event engine to not look at further data ## packets after the initial SSH handshake. Helps with performance ## (especially with large file transfers) but precludes some @@ -62,6 +57,16 @@ export { global log_ssh: event(rec: Info); } +redef record Info += { + ## This connection has been logged (internal use) + logged: bool &default=F; + ## Number of failures seen (internal use) + num_failures: count &default=0; + ## Store capabilities from the first host for + ## comparison with the second (internal use) + capabilities: Capabilities &optional; +}; + redef record connection += { ssh: Info &optional; }; @@ -72,52 +77,47 @@ event bro_init() &priority=5 } -function init_record(c: connection) +function set_session(c: connection) { - local s: SSH::Info; - s$ts = network_time(); - s$uid = c$uid; - s$id = c$id; - c$ssh = s; + if ( ! c?$ssh ) + { + local info: SSH::Info; + info$ts = network_time(); + info$uid = c$uid; + info$id = c$id; + c$ssh = info; + } } - event ssh_server_version(c: connection, version: string) { - if ( !c?$ssh ) - init_record(c); - + set_session(c); c$ssh$server = version; } event ssh_client_version(c: connection, version: string) { - if ( !c?$ssh ) - init_record(c); - + set_session(c); c$ssh$client = version; - if ( version[4] == "1" ) + if ( ( |version| > 3 ) && ( version[4] == "1" ) ) c$ssh$version = 1; - if ( version[4] == "2" ) + if ( ( |version| > 3 ) && ( version[4] == "2" ) ) c$ssh$version = 2; } event ssh_auth_successful(c: connection, auth_method_none: bool) { + # TODO - what to do here? if ( !c?$ssh || ( c$ssh?$auth_success && c$ssh$auth_success ) ) return; # We can't accurately tell for compressed streams - if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || - c$ssh$compression_alg == "zlib" ) ) + if ( c$ssh?$compression_alg && ( c$ssh$compression_alg in compression_algorithms ) ) return; c$ssh$auth_success = T; - if ( auth_method_none ) - c$ssh$auth_details = "method: none"; - if ( skip_processing_after_detection) { skip_further_processing(c$id); @@ -140,39 +140,30 @@ event ssh_auth_failed(c: connection) return; # We can't accurately tell for compressed streams - if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || - c$ssh$compression_alg == "zlib" ) ) + if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || c$ssh$compression_alg == "zlib" ) ) return; c$ssh$auth_success = F; c$ssh$num_failures += 1; } -function array_to_vec(s: string_array): vector of string - { - local r: vector of string; - - for (i in s) - r[i] = s[i]; - return r; - } - -function find_client_preferred_algorithm(client_algorithms: vector of string, server_algorithms: vector of string): string +# Determine the negotiated algorithm +function find_alg(client_algorithms: vector of string, server_algorithms: vector of string): string { for ( i in client_algorithms ) for ( j in server_algorithms ) if ( client_algorithms[i] == server_algorithms[j] ) return client_algorithms[i]; } - -function find_client_preferred_algorithm_bidirectional(client_algorithms_c_to_s: vector of string, - server_algorithms_c_to_s: vector of string, - client_algorithms_s_to_c: vector of string, - server_algorithms_s_to_c: vector of string): string - { - local c_to_s = find_client_preferred_algorithm(client_algorithms_c_to_s, server_algorithms_c_to_s); - local s_to_c = find_client_preferred_algorithm(client_algorithms_s_to_c, server_algorithms_s_to_c); +# This is a simple wrapper around find_alg for cases where client to server and server to client +# negotiate different algorithms. This is rare, but provided for completeness. +function find_bidirectional_alg(client_prefs: Algorithm_Prefs, server_prefs: Algorithm_Prefs): string + { + local c_to_s = find_alg(client_prefs$client_to_server, server_prefs$client_to_server); + local s_to_c = find_alg(client_prefs$server_to_client, server_prefs$server_to_client); + + # Usually these are the same, but if they're not, return the details return c_to_s == s_to_c ? c_to_s : fmt("To server: %s, to client: %s", c_to_s, s_to_c); } @@ -190,33 +181,21 @@ event ssh_capabilities(c: connection, cookie: string, capabilities: Capabilities local client_caps = capabilities$is_server ? c$ssh$capabilities : capabilities; local server_caps = capabilities$is_server ? capabilities : c$ssh$capabilities; - c$ssh$cipher_alg = find_client_preferred_algorithm_bidirectional(client_caps$encryption_algorithms_client_to_server, - server_caps$encryption_algorithms_client_to_server, - client_caps$encryption_algorithms_server_to_client, - server_caps$encryption_algorithms_server_to_client); - - c$ssh$mac_alg = find_client_preferred_algorithm_bidirectional(client_caps$mac_algorithms_client_to_server, - server_caps$mac_algorithms_client_to_server, - client_caps$mac_algorithms_server_to_client, - server_caps$mac_algorithms_server_to_client); - - c$ssh$compression_alg = find_client_preferred_algorithm_bidirectional(client_caps$compression_algorithms_client_to_server, - server_caps$compression_algorithms_client_to_server, - client_caps$compression_algorithms_server_to_client, - server_caps$compression_algorithms_server_to_client); - - c$ssh$kex_alg = find_client_preferred_algorithm(client_caps$kex_algorithms, server_caps$kex_algorithms); - c$ssh$host_key_alg = find_client_preferred_algorithm(client_caps$server_host_key_algorithms, - server_caps$server_host_key_algorithms); + c$ssh$cipher_alg = find_bidirectional_alg(client_caps$encryption_algorithms, + server_caps$encryption_algorithms); + c$ssh$mac_alg = find_bidirectional_alg(client_caps$mac_algorithms, + server_caps$mac_algorithms); + c$ssh$compression_alg = find_bidirectional_alg(client_caps$compression_algorithms, + server_caps$compression_algorithms); + c$ssh$kex_alg = find_alg(client_caps$kex_algorithms, server_caps$kex_algorithms); + c$ssh$host_key_alg = find_alg(client_caps$server_host_key_algorithms, + server_caps$server_host_key_algorithms); } event connection_state_remove(c: connection) &priority=-5 { if ( c?$ssh && !c$ssh$logged && c$ssh?$client && c$ssh?$server ) { - if ( c$ssh?$auth_success && !c$ssh$auth_success ) - c$ssh$auth_details = fmt("%d failure%s", c$ssh$num_failures, c$ssh$num_failures == 1 ? "" : "s"); - c$ssh$logged = T; Log::write(SSH::LOG, c$ssh); } diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index d448bdae60..71609e7316 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -73,17 +73,35 @@ refine flow SSH_Flow += { RecordVal* result = new RecordVal(BifType::Record::SSH::Capabilities); result->Assign(0, name_list_to_vector(${msg.kex_algorithms.val})); result->Assign(1, name_list_to_vector(${msg.server_host_key_algorithms.val})); - result->Assign(2, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); - result->Assign(3, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); - result->Assign(4, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); - result->Assign(5, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); - result->Assign(6, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); - result->Assign(7, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); - if ( ${msg.languages_client_to_server.len} ) - result->Assign(8, name_list_to_vector(${msg.languages_client_to_server.val})); - if ( ${msg.languages_server_to_client.len} ) - result->Assign(9, name_list_to_vector(${msg.languages_server_to_client.val})); - result->Assign(10, new Val(${msg.is_orig}, TYPE_BOOL)); + + RecordVal* encryption_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + encryption_algs->Assign(0, name_list_to_vector(${msg.encryption_algorithms_client_to_server.val})); + encryption_algs->Assign(1, name_list_to_vector(${msg.encryption_algorithms_server_to_client.val})); + result->Assign(2, encryption_algs); + + RecordVal* mac_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + mac_algs->Assign(0, name_list_to_vector(${msg.mac_algorithms_client_to_server.val})); + mac_algs->Assign(1, name_list_to_vector(${msg.mac_algorithms_server_to_client.val})); + result->Assign(3, mac_algs); + + RecordVal* compression_algs = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + compression_algs->Assign(0, name_list_to_vector(${msg.compression_algorithms_client_to_server.val})); + compression_algs->Assign(1, name_list_to_vector(${msg.compression_algorithms_server_to_client.val})); + result->Assign(4, compression_algs); + + if ( ${msg.languages_client_to_server.len} || ${msg.languages_server_to_client.len} ) + { + RecordVal* languages = new RecordVal(BifType::Record::SSH::Algorithm_Prefs); + if ( ${msg.languages_client_to_server.len} ) + languages->Assign(0, name_list_to_vector(${msg.languages_client_to_server.val})); + if ( ${msg.languages_server_to_client.len} ) + languages->Assign(1, name_list_to_vector(${msg.languages_server_to_client.val})); + + result->Assign(5, languages); + } + + + result->Assign(6, new Val(${msg.is_orig}, TYPE_BOOL)); BifEvent::generate_ssh_capabilities(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${msg.cookie}), diff --git a/src/analyzer/protocol/ssh/types.bif b/src/analyzer/protocol/ssh/types.bif index 38e51600f3..0b2b861723 100644 --- a/src/analyzer/protocol/ssh/types.bif +++ b/src/analyzer/protocol/ssh/types.bif @@ -1,5 +1,6 @@ module SSH; +type Algorithm_Prefs: record; type Capabilities: record; module GLOBAL; \ No newline at end of file From 3ad6b3004b4e4d6946bcfd5de95feb99bbd66eb1 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 10 Mar 2015 11:57:12 -0400 Subject: [PATCH 049/121] SSH: Use the compression_algorithms const in another place. --- scripts/base/protocols/ssh/main.bro | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 706b687131..ea5b60f002 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -140,7 +140,7 @@ event ssh_auth_failed(c: connection) return; # We can't accurately tell for compressed streams - if ( c$ssh?$compression_alg && ( c$ssh$compression_alg == "zlib@openssh.com" || c$ssh$compression_alg == "zlib" ) ) + if ( c$ssh?$compression_alg && ( c$ssh$compression_alg in compression_algorithms ) ) return; c$ssh$auth_success = F; @@ -154,6 +154,7 @@ function find_alg(client_algorithms: vector of string, server_algorithms: vector for ( j in server_algorithms ) if ( client_algorithms[i] == server_algorithms[j] ) return client_algorithms[i]; + return "Algorithm negotiation failed"; } # This is a simple wrapper around find_alg for cases where client to server and server to client From 31795e7600561511add762951eee6292b186f6d3 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 10 Mar 2015 14:29:40 -0700 Subject: [PATCH 050/121] When setting the SSL analyzer to fail, also stop processing data that already has been delivered to the analyzer, not just future data. No testcase because this is hard to reproduce, this was only found due to mistakenly triggering an error in life traffic at a site... --- src/analyzer/protocol/ssl/ssl-protocol.pac | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index cb794bd8a4..0569caf321 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -750,6 +750,12 @@ refine connection SSL_Conn += { function determine_ssl_record_layer(head0 : uint8, head1 : uint8, head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int %{ + // stop processing if we already had a protocol violation or otherwhise + // decided that we do not want to parse anymore. Just setting skip is not + // enough for the data that is already in the pipe. + if ( bro_analyzer()->Skipping() ) + return UNKNOWN_VERSION; + // re-check record layer version to be sure that we still are synchronized with // the data stream if ( record_layer_version_ != UNKNOWN_VERSION && record_layer_version_ != SSLv20 ) From 82c4037929391836820bfb561009693a1fe089c7 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 11 Mar 2015 11:58:31 -0400 Subject: [PATCH 051/121] Refactoring ssh-protocol.pac: - Simplify and unify some types - Fix parsing of the key exchange messages, so we can transition - states properly again. --- src/analyzer/protocol/ssh/events.bif | 2 +- src/analyzer/protocol/ssh/ssh-analyzer.pac | 25 ++-- src/analyzer/protocol/ssh/ssh-protocol.pac | 155 +++++++++------------ 3 files changed, 81 insertions(+), 101 deletions(-) diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index 4a8d959de4..c2b4e95673 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -10,6 +10,6 @@ event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabilities%); -event ssh_server_host_key%(c: connection, key: string%); +event ssh2_server_host_key%(c: connection, key: string%); event ssh1_server_host_key%(c: connection, p: string, e: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index 71609e7316..c62d87f608 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -65,7 +65,7 @@ refine flow SSH_Flow += { return true; %} - function proc_ssh_kexinit(msg: SSH_KEXINIT): bool + function proc_ssh2_kexinit(msg: SSH2_KEXINIT): bool %{ if ( ! ssh_capabilities ) return false; @@ -110,11 +110,11 @@ refine flow SSH_Flow += { return true; %} - function proc_ssh_server_host_key(key: bytestring): bool + function proc_ssh2_server_host_key(key: bytestring): bool %{ - if ( ssh_server_host_key ) + if ( ssh2_server_host_key ) { - BifEvent::generate_ssh_server_host_key(connection()->bro_analyzer(), + BifEvent::generate_ssh2_server_host_key(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(${key})); } @@ -138,15 +138,14 @@ refine flow SSH_Flow += { connection()->bro_analyzer()->ProtocolConfirmation(); return true; %} - }; refine typeattr SSH_Version += &let { proc: bool = $context.flow.proc_ssh_version(this); }; -refine typeattr SSH_KEXINIT += &let { - proc: bool = $context.flow.proc_ssh_kexinit(this); +refine typeattr SSH2_KEXINIT += &let { + proc: bool = $context.flow.proc_ssh2_kexinit(this); }; refine typeattr SSH1_Message += &let { @@ -157,14 +156,14 @@ refine typeattr SSH2_Message += &let { proc_newkeys: bool = $context.flow.proc_newkeys() &if(msg_type == MSG_NEWKEYS); }; -refine typeattr SSH_DH_GEX_REPLY += &let { - proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); +refine typeattr SSH2_DH_GEX_REPLY += &let { + proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val); }; -refine typeattr SSH_ECC_REPLY += &let { - proc: bool = $context.flow.proc_ssh_server_host_key(k_s.val); +refine typeattr SSH2_ECC_REPLY += &let { + proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val); }; refine typeattr SSH1_PUBLIC_KEY += &let { - proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); -}; \ No newline at end of file + proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); +}; diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 6f9b9bf1d8..649db2c613 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -1,15 +1,17 @@ %include consts.pac -## SSH Generic +# Common constructs across SSH1 and SSH2 +######################################## + +# We have 3 basic types of messages: +# +# - SSH_Version messages just have a string with the banner string of the client or server +# - Encrypted messages have no usable data, but those never get passed in by SSH.cc +# - Finally, key exchange messages have a common format. type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { - VERSION_EXCHANGE -> version : SSH_Version(is_orig); - KEX_INIT -> kex : SSH_Key_Exchange(is_orig); - KEX_DH_GEX -> kex_dh_gex : SSH_Key_Exchange_DH_GEX(is_orig); - KEX_DH -> kex_dh : SSH_Key_Exchange_DH(is_orig); - KEX_ECC -> kex_ecc : SSH_Key_Exchange_ECC(is_orig); - KEX_GSS -> kex_gss : SSH_Key_Exchange_GSS(is_orig); - KEX_RSA -> kex_rsa : SSH_Key_Exchange_RSA(is_orig); + VERSION_EXCHANGE -> version : SSH_Version(is_orig); + default -> kex : SSH_Key_Exchange(is_orig); } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { @@ -25,7 +27,8 @@ type SSH_Key_Exchange(is_orig: bool) = case $context.connection.get_version() of SSH2 -> ssh2_msg : SSH2_Key_Exchange(is_orig); }; -## SSH1 +# SSH1 constructs +################# type SSH1_Key_Exchange(is_orig: bool) = record { packet_length : uint32; @@ -70,28 +73,32 @@ type ssh1_mp_int = record { ## SSH2 -type SSH2_Key_Exchange_Header = record { +type SSH2_Header(is_orig: bool) = record { packet_length : uint32; padding_length : uint8; msg_type : uint8; } &let { payload_length : uint32 = packet_length - padding_length - 2; -} &length=6; + detach : bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); +}; type SSH2_Key_Exchange(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; + header : SSH2_Header(is_orig); payload : SSH2_Message(is_orig, header.msg_type, header.payload_length); pad : bytestring &length=header.padding_length; } &length=header.packet_length + 4; -type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - MSG_KEXINIT -> kexinit : SSH_KEXINIT(length, is_orig); - default -> unknown : bytestring &length=length; -} &let { - detach : bool = $context.connection.update_state(ENCRYPTED, is_orig) &if(msg_type == MSG_NEWKEYS); +type SSH2_Message(is_orig: bool, msg_type: uint8, length: uint32) = case $context.connection.get_state(is_orig) of { + KEX_INIT -> kex : SSH2_KEXINIT(length, is_orig); + KEX_DH_GEX -> kex_dh_gex : SSH2_Key_Exchange_DH_GEX_Message(is_orig, msg_type, length); + KEX_DH -> kex_dh : SSH2_Key_Exchange_DH_Message(is_orig, msg_type, length); + KEX_ECC -> kex_ecc : SSH2_Key_Exchange_ECC_Message(is_orig, msg_type, length); + KEX_GSS -> kex_gss : SSH2_Key_Exchange_GSS_Message(is_orig, msg_type, length); + KEX_RSA -> kex_rsa : SSH2_Key_Exchange_RSA_Message(is_orig, msg_type, length); + default -> unknown : bytestring &length=length; }; -type SSH_KEXINIT(length: uint32, is_orig: bool) = record { +type SSH2_KEXINIT(length: uint32, is_orig: bool) = record { cookie : bytestring &length=16; kex_algorithms : ssh_string; server_host_key_algorithms : ssh_string; @@ -111,53 +118,43 @@ type SSH_KEXINIT(length: uint32, is_orig: bool) = record { # KEX_DH exchanges -type SSH_Key_Exchange_DH(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH_Key_Exchange_DH_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - -type SSH_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXDH_INIT -> init : SSH_DH_GEX_INIT(length); - SSH_MSG_KEXDH_REPLY -> reply : SSH_DH_GEX_REPLY(length); +type SSH2_Key_Exchange_DH_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXDH_INIT -> init : SSH2_DH_GEX_INIT(length); + SSH_MSG_KEXDH_REPLY -> reply : SSH2_DH_GEX_REPLY(length); + default -> unknown: bytestring &length=length &transient; }; # KEX_DH_GEX exchanges -type SSH_Key_Exchange_DH_GEX(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH_Key_Exchange_DH_GEX_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - -type SSH_Key_Exchange_DH_GEX_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH_DH_GEX_REQUEST_OLD; - SSH_MSG_KEX_DH_GEX_REQUEST -> request : SSH_DH_GEX_REQUEST; - SSH_MSG_KEX_DH_GEX_GROUP -> group : SSH_DH_GEX_GROUP(length); - SSH_MSG_KEX_DH_GEX_INIT -> init : SSH_DH_GEX_INIT(length); - SSH_MSG_KEX_DH_GEX_REPLY -> reply : SSH_DH_GEX_REPLY(length); +type SSH2_Key_Exchange_DH_GEX_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEX_DH_GEX_REQUEST_OLD -> request_old : SSH2_DH_GEX_REQUEST_OLD; + SSH_MSG_KEX_DH_GEX_REQUEST -> request : SSH2_DH_GEX_REQUEST; + SSH_MSG_KEX_DH_GEX_GROUP -> group : SSH2_DH_GEX_GROUP(length); + SSH_MSG_KEX_DH_GEX_INIT -> init : SSH2_DH_GEX_INIT(length); + SSH_MSG_KEX_DH_GEX_REPLY -> reply : SSH2_DH_GEX_REPLY(length); + default -> unknown : bytestring &length=length &transient; }; -type SSH_DH_GEX_REQUEST = record { +type SSH2_DH_GEX_REQUEST = record { min : uint32; n : uint32; max : uint32; } &length=12; -type SSH_DH_GEX_REQUEST_OLD = record { +type SSH2_DH_GEX_REQUEST_OLD = record { n : uint32; } &length=4; -type SSH_DH_GEX_GROUP(length: uint32) = record { +type SSH2_DH_GEX_GROUP(length: uint32) = record { p : ssh_string; g : ssh_string; } &length=length; -type SSH_DH_GEX_INIT(length: uint32) = record { +type SSH2_DH_GEX_INIT(length: uint32) = record { e : ssh_string; } &length=length; -type SSH_DH_GEX_REPLY(length: uint32) = record { +type SSH2_DH_GEX_REPLY(length: uint32) = record { k_s : ssh_string; f : ssh_string; signature : ssh_string; @@ -165,59 +162,47 @@ type SSH_DH_GEX_REPLY(length: uint32) = record { # KEX_RSA exchanges -type SSH_Key_Exchange_RSA(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH_Key_Exchange_RSA_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - -type SSH_Key_Exchange_RSA_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH_RSA_PUBKEY(length); - SSH_MSG_KEXRSA_SECRET -> secret : SSH_RSA_SECRET(length); - SSH_MSG_KEXRSA_DONE -> done : SSH_RSA_DONE(length); +type SSH2_Key_Exchange_RSA_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXRSA_PUBKEY -> pubkey : SSH2_RSA_PUBKEY(length); + SSH_MSG_KEXRSA_SECRET -> secret : SSH2_RSA_SECRET(length); + SSH_MSG_KEXRSA_DONE -> done : SSH2_RSA_DONE(length); }; -type SSH_RSA_PUBKEY(length: uint32) = record { +type SSH2_RSA_PUBKEY(length: uint32) = record { k_s : ssh_string; k_t : ssh_string; } &length=length; -type SSH_RSA_SECRET(length: uint32) = record { +type SSH2_RSA_SECRET(length: uint32) = record { encrypted_payload : ssh_string; } &length=length; -type SSH_RSA_DONE(length: uint32) = record { +type SSH2_RSA_DONE(length: uint32) = record { signature : ssh_string; } &length=length; # KEX_GSS exchanges -type SSH_Key_Exchange_GSS(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH_Key_Exchange_GSS_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - -type SSH_Key_Exchange_GSS_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEXGSS_INIT -> init : SSH_GSS_INIT(length); - SSH_MSG_KEXGSS_CONTINUE -> cont : SSH_GSS_CONTINUE(length); - SSH_MSG_KEXGSS_COMPLETE -> complete : SSH_GSS_COMPLETE(length); - SSH_MSG_KEXGSS_HOSTKEY -> hostkey : SSH_GSS_HOSTKEY(length); - SSH_MSG_KEXGSS_ERROR -> error : SSH_GSS_ERROR(length); - SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH_DH_GEX_REQUEST; - SSH_MSG_KEXGSS_GROUP -> group : SSH_DH_GEX_GROUP(length); +type SSH2_Key_Exchange_GSS_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEXGSS_INIT -> init : SSH2_GSS_INIT(length); + SSH_MSG_KEXGSS_CONTINUE -> cont : SSH2_GSS_CONTINUE(length); + SSH_MSG_KEXGSS_COMPLETE -> complete : SSH2_GSS_COMPLETE(length); + SSH_MSG_KEXGSS_HOSTKEY -> hostkey : SSH2_GSS_HOSTKEY(length); + SSH_MSG_KEXGSS_ERROR -> error : SSH2_GSS_ERROR(length); + SSH_MSG_KEXGSS_GROUPREQ -> groupreq : SSH2_DH_GEX_REQUEST; + SSH_MSG_KEXGSS_GROUP -> group : SSH2_DH_GEX_GROUP(length); }; -type SSH_GSS_INIT(length: uint32) = record { +type SSH2_GSS_INIT(length: uint32) = record { output_token : ssh_string; e : ssh_string; } &length=length; -type SSH_GSS_CONTINUE(length: uint32) = record { +type SSH2_GSS_CONTINUE(length: uint32) = record { output_token : ssh_string; } &length=length; -type SSH_GSS_COMPLETE(length: uint32) = record { +type SSH2_GSS_COMPLETE(length: uint32) = record { f : ssh_string; per_msg_token : ssh_string; have_token : uint8; @@ -227,11 +212,11 @@ type SSH_GSS_COMPLETE(length: uint32) = record { }; } &length=length; -type SSH_GSS_HOSTKEY(length: uint32) = record { +type SSH2_GSS_HOSTKEY(length: uint32) = record { k_s : ssh_string; } &length=length; -type SSH_GSS_ERROR(length: uint32) = record { +type SSH2_GSS_ERROR(length: uint32) = record { major_status : uint32; minor_status : uint32; message : ssh_string; @@ -240,31 +225,27 @@ type SSH_GSS_ERROR(length: uint32) = record { # KEX_ECDH and KEX_ECMQV exchanges -type SSH_Key_Exchange_ECC(is_orig: bool) = record { - header : SSH2_Key_Exchange_Header; - payload : SSH_Key_Exchange_ECC_Message(is_orig, header.msg_type, header.payload_length); - pad : bytestring &length=header.padding_length; -} &length=header.packet_length + 4; - -type SSH_Key_Exchange_ECC_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { - SSH_MSG_KEX_ECDH_INIT -> init : SSH_ECC_INIT(length); - SSH_MSG_KEX_ECDH_REPLY -> reply : SSH_ECC_REPLY(length); +type SSH2_Key_Exchange_ECC_Message(is_orig: bool, msg_type: uint8, length: uint32) = case msg_type of { + SSH_MSG_KEX_ECDH_INIT -> init : SSH2_ECC_INIT(length); + SSH_MSG_KEX_ECDH_REPLY -> reply : SSH2_ECC_REPLY(length); }; # This deviates from the RFC. SSH_MSG_KEX_ECDH_INIT and # SSH_MSG_KEX_ECMQV_INIT can be parsed the same way. -type SSH_ECC_INIT(length: uint32) = record { +type SSH2_ECC_INIT(length: uint32) = record { q_c : ssh_string; }; # This deviates from the RFC. SSH_MSG_KEX_ECDH_REPLY and # SSH_MSG_KEX_ECMQV_REPLY can be parsed the same way. -type SSH_ECC_REPLY(length: uint32) = record { +type SSH2_ECC_REPLY(length: uint32) = record { k_s : ssh_string; q_s : ssh_string; signature : ssh_string; }; +# Helper types + type ssh_string = record { len : uint32; val : bytestring &length=len; From 038fbf9b9eadb7b9fe79e3af63595002b80b7dc4 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 10 Mar 2015 20:37:33 -0700 Subject: [PATCH 052/121] First step for a DTLS analyzer. This commit mostly does a lot of refactoring of the current SSL analyzer, which is split into several parts. The handshake protocol is completely taken out of the SSL analyzer and was refactored into its own analyzer (called tls-handshake-analyzer). This will also (finally) make it possible to deal with TLS record fragmentation. Apart from that, the parts of the SSL analyzer that are common to DTLS were split into their own pac files. Both the SSL analyzer and the (very basic, mostly nonfunctional) DTLS analyzer use their own pac files and those shared pac files. All SSL tests still pass after refactoring so I hope I did not break anything too badly. At the moment, we have two different modules in one directory and I guess the way I am doing this might be an abuse of the system. It seems to work though... --- scripts/base/protocols/ssl/main.bro | 10 +- src/analyzer/protocol/ssl/CMakeLists.txt | 10 +- src/analyzer/protocol/ssl/DTLS.cc | 32 + src/analyzer/protocol/ssl/DTLS.h | 31 + src/analyzer/protocol/ssl/Plugin_DTLS.cc | 26 + .../protocol/ssl/{Plugin.cc => Plugin_SSL.cc} | 0 src/analyzer/protocol/ssl/SSL.cc | 19 + src/analyzer/protocol/ssl/SSL.h | 8 +- src/analyzer/protocol/ssl/dtls-analyzer.pac | 2 + src/analyzer/protocol/ssl/dtls-protocol.pac | 40 ++ src/analyzer/protocol/ssl/dtls.pac | 30 + .../protocol/ssl/proc-certificate.pac | 30 + .../protocol/ssl/proc-client-hello.pac | 42 ++ .../protocol/ssl/proc-server-hello.pac | 36 + src/analyzer/protocol/ssl/ssl-analyzer.pac | 528 +------------- src/analyzer/protocol/ssl/ssl-defs.pac | 79 +++ .../protocol/ssl/ssl-dtls-analyzer.pac | 106 +++ .../protocol/ssl/ssl-dtls-protocol.pac | 134 ++++ src/analyzer/protocol/ssl/ssl-protocol.pac | 645 +----------------- src/analyzer/protocol/ssl/ssl.pac | 11 +- .../protocol/ssl/tls-handshake-analyzer.pac | 273 ++++++++ .../protocol/ssl/tls-handshake-protocol.pac | 533 +++++++++++++++ src/analyzer/protocol/ssl/tls-handshake.pac | 24 + testing/btest/Traces/tls/dtls-openssl.pcap | Bin 0 -> 3181 bytes 24 files changed, 1487 insertions(+), 1162 deletions(-) create mode 100644 src/analyzer/protocol/ssl/DTLS.cc create mode 100644 src/analyzer/protocol/ssl/DTLS.h create mode 100644 src/analyzer/protocol/ssl/Plugin_DTLS.cc rename src/analyzer/protocol/ssl/{Plugin.cc => Plugin_SSL.cc} (100%) create mode 100644 src/analyzer/protocol/ssl/dtls-analyzer.pac create mode 100644 src/analyzer/protocol/ssl/dtls-protocol.pac create mode 100644 src/analyzer/protocol/ssl/dtls.pac create mode 100644 src/analyzer/protocol/ssl/proc-certificate.pac create mode 100644 src/analyzer/protocol/ssl/proc-client-hello.pac create mode 100644 src/analyzer/protocol/ssl/proc-server-hello.pac create mode 100644 src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac create mode 100644 src/analyzer/protocol/ssl/ssl-dtls-protocol.pac create mode 100644 src/analyzer/protocol/ssl/tls-handshake-analyzer.pac create mode 100644 src/analyzer/protocol/ssl/tls-handshake-protocol.pac create mode 100644 src/analyzer/protocol/ssl/tls-handshake.pac create mode 100644 testing/btest/Traces/tls/dtls-openssl.pcap diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index a1461db82d..d2b0332756 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -92,16 +92,20 @@ redef record Info += { delay_tokens: set[string] &optional; }; -const ports = { +const ssl_ports = { 443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp, 989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp }; -redef likely_server_ports += { ports }; + +const dtls_ports = { 4433/udp }; + +redef likely_server_ports += { ssl_ports, dtls_ports }; event bro_init() &priority=5 { Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl]); - Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ports); + Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ssl_ports); + Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, dtls_ports); } function set_session(c: connection) diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt index 2591c5dfec..fab0d30f07 100644 --- a/src/analyzer/protocol/ssl/CMakeLists.txt +++ b/src/analyzer/protocol/ssl/CMakeLists.txt @@ -4,7 +4,13 @@ include(BroPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) bro_plugin_begin(Bro SSL) -bro_plugin_cc(SSL.cc Plugin.cc) +bro_plugin_cc(SSL.cc Plugin_SSL.cc) bro_plugin_bif(events.bif) -bro_plugin_pac(ssl.pac ssl-analyzer.pac ssl-protocol.pac ssl-defs.pac) +bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac) +bro_plugin_pac(ssl.pac ssl-dtls-analyzer.pac ssl-analyzer.pac ssl-dtls-protocol.pac ssl-protocol.pac ssl-defs.pac) +bro_plugin_end() + +bro_plugin_begin(Bro DTLS) +bro_plugin_cc(DTLS.cc Plugin_DTLS.cc) +bro_plugin_pac(dtls.pac ssl-dtls-analyzer.pac dtls-analyzer.pac ssl-dtls-protocol.pac dtls-protocol.pac ssl-defs.pac) bro_plugin_end() diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc new file mode 100644 index 0000000000..7c49dba439 --- /dev/null +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -0,0 +1,32 @@ + +#include "DTLS.h" +#include "Reporter.h" +#include "util.h" + +#include "events.bif.h" + +using namespace analyzer::dtls; + +DTLS_Analyzer::DTLS_Analyzer(Connection* c) +: analyzer::Analyzer("DTLS", c) + { + interp = new binpac::DTLS::SSL_Conn(this); + fprintf(stderr, "Instantiated :)\n"); + } + +DTLS_Analyzer::~DTLS_Analyzer() + { + delete interp; + } + +void DTLS_Analyzer::Done() + { + Analyzer::Done(); + } + +void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen) + { + Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); + fprintf(stderr, "Delivered packet :)\n"); + interp->NewData(orig, data, data + len); + } diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h new file mode 100644 index 0000000000..c45a311c8c --- /dev/null +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -0,0 +1,31 @@ +#ifndef ANALYZER_PROTOCOL_SSL_DTLS_H +#define ANALYZER_PROTOCOL_SSL_DTLS_H + +#include "events.bif.h" + +#include "analyzer/protocol/udp/UDP.h" +#include "dtls_pac.h" + +namespace analyzer { namespace dtls { + +class DTLS_Analyzer : public analyzer::Analyzer { +public: + DTLS_Analyzer(Connection* conn); + virtual ~DTLS_Analyzer(); + + // Overriden from Analyzer. + virtual void Done(); + virtual void DeliverPacket(int len, const u_char* data, bool orig, + uint64 seq, const IP_Hdr* ip, int caplen); + + + static analyzer::Analyzer* Instantiate(Connection* conn) + { return new DTLS_Analyzer(conn); } + +protected: + binpac::DTLS::SSL_Conn* interp; +}; + +} } // namespace analyzer::* + +#endif diff --git a/src/analyzer/protocol/ssl/Plugin_DTLS.cc b/src/analyzer/protocol/ssl/Plugin_DTLS.cc new file mode 100644 index 0000000000..6820816e31 --- /dev/null +++ b/src/analyzer/protocol/ssl/Plugin_DTLS.cc @@ -0,0 +1,26 @@ +// See the file in the main distribution directory for copyright. + + +#include "plugin/Plugin.h" + +#include "DTLS.h" + +namespace plugin { +namespace Bro_DTLS { + +class Plugin : public plugin::Plugin { +public: + plugin::Configuration Configure() + { + AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); + + plugin::Configuration config; + config.name = "Bro::DTLS"; + config.description = "DTLS analyzer"; + return config; + } +} plugin; + +} +} + diff --git a/src/analyzer/protocol/ssl/Plugin.cc b/src/analyzer/protocol/ssl/Plugin_SSL.cc similarity index 100% rename from src/analyzer/protocol/ssl/Plugin.cc rename to src/analyzer/protocol/ssl/Plugin_SSL.cc diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 5e5d24888a..a26807c14b 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -5,6 +5,8 @@ #include "util.h" #include "events.bif.h" +#include "ssl_pac.h" +#include "tls-handshake_pac.h" using namespace analyzer::ssl; @@ -12,12 +14,14 @@ SSL_Analyzer::SSL_Analyzer(Connection* c) : tcp::TCP_ApplicationAnalyzer("SSL", c) { interp = new binpac::SSL::SSL_Conn(this); + handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this); had_gap = false; } SSL_Analyzer::~SSL_Analyzer() { delete interp; + delete handshake_interp; } void SSL_Analyzer::Done() @@ -57,6 +61,21 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } } +void SSL_Analyzer::SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig) + { + handshake_interp->set_msg_type(msg_type); + handshake_interp->set_msg_length(length); + try + { + handshake_interp->NewData(orig, begin, end); + } + catch ( const binpac::Exception& e ) + { + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + fprintf(stderr, "Handshake exception: %s\n", e.c_msg()); + } + } + void SSL_Analyzer::Undelivered(uint64 seq, int len, bool orig) { tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig); diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index 5ef09aa147..a17611846c 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -4,7 +4,10 @@ #include "events.bif.h" #include "analyzer/protocol/tcp/TCP.h" -#include "ssl_pac.h" + +namespace binpac { namespace SSL { class SSL_Conn; } } + +namespace binpac { namespace TLSHandshake { class Handshake_Conn; } } namespace analyzer { namespace ssl { @@ -18,6 +21,8 @@ public: virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(uint64 seq, int len, bool orig); + void SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig); + // Overriden from tcp::TCP_ApplicationAnalyzer. virtual void EndpointEOF(bool is_orig); @@ -26,6 +31,7 @@ public: protected: binpac::SSL::SSL_Conn* interp; + binpac::TLSHandshake::Handshake_Conn* handshake_interp; bool had_gap; }; diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac new file mode 100644 index 0000000000..139597f9cb --- /dev/null +++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac @@ -0,0 +1,2 @@ + + diff --git a/src/analyzer/protocol/ssl/dtls-protocol.pac b/src/analyzer/protocol/ssl/dtls-protocol.pac new file mode 100644 index 0000000000..94cddf9cbc --- /dev/null +++ b/src/analyzer/protocol/ssl/dtls-protocol.pac @@ -0,0 +1,40 @@ + +###################################################################### +# initial datatype for binpac +###################################################################### + +type DTLSPDU(is_orig: bool) = record { + records: SSLRecord(is_orig)[] &transient; +}; + +type SSLRecord(is_orig: bool) = record { + content_type: uint8; + version: uint16; + epoch: uint16; + sequence_number: uint48; + length: uint16; + rec: PlaintextRecord(this)[] &length=length; +# data: bytestring &restofdata &transient; +} &byteorder = bigendian, + &let { + parse : bool = $context.connection.proc_dtls(this, to_int()(sequence_number)); +}; + +type Handshake(rec: SSLRecord) = record { + msg_type: uint8; + length: uint24; + message_seq: uint16; + fragment_offset: uint24; + fragment_length: uint24; +} + +refine connection SSL_Conn += { + + function proc_dtls(pdu: SSLRecord, sequence: uint64): bool + %{ + fprintf(stderr, "Type: %d, sequence number: %d, epoch: %d\n", ${pdu.content_type}, sequence, ${pdu.epoch}); + + return true; + %} + +}; diff --git a/src/analyzer/protocol/ssl/dtls.pac b/src/analyzer/protocol/ssl/dtls.pac new file mode 100644 index 0000000000..50424f0d8c --- /dev/null +++ b/src/analyzer/protocol/ssl/dtls.pac @@ -0,0 +1,30 @@ +# binpac file for SSL analyzer + +%include binpac.pac +%include bro.pac + +%extern{ +#include "events.bif.h" +%} + +analyzer DTLS withcontext { + connection: SSL_Conn; + flow: DTLS_Flow; +}; + +connection SSL_Conn(bro_analyzer: BroAnalyzer) { + upflow = DTLS_Flow(true); + downflow = DTLS_Flow(false); +}; + +%include ssl-dtls-protocol.pac +%include dtls-protocol.pac + +flow DTLS_Flow(is_orig: bool) { +# flowunit = SSLRecord(is_orig) withcontext(connection, this); + datagram = DTLSPDU(is_orig) withcontext(connection, this); +} + +%include ssl-dtls-analyzer.pac +%include dtls-analyzer.pac +%include ssl-defs.pac diff --git a/src/analyzer/protocol/ssl/proc-certificate.pac b/src/analyzer/protocol/ssl/proc-certificate.pac new file mode 100644 index 0000000000..c2353e3a88 --- /dev/null +++ b/src/analyzer/protocol/ssl/proc-certificate.pac @@ -0,0 +1,30 @@ + function proc_certificate(is_orig: bool, certificates : bytestring[]) : bool + %{ + if ( certificates->size() == 0 ) + return true; + + ODesc common; + common.AddRaw("Analyzer::ANALYZER_SSL"); + common.Add(bro_analyzer()->Conn()->StartTime()); + common.AddRaw(is_orig ? "T" : "F", 1); + bro_analyzer()->Conn()->IDString(&common); + + for ( unsigned int i = 0; i < certificates->size(); ++i ) + { + const bytestring& cert = (*certificates)[i]; + + ODesc file_handle; + file_handle.Add(common.Description()); + file_handle.Add(i); + + string file_id = file_mgr->HashHandle(file_handle.Description()); + + file_mgr->DataIn(reinterpret_cast(cert.data()), + cert.length(), bro_analyzer()->GetAnalyzerTag(), + bro_analyzer()->Conn(), is_orig, file_id); + file_mgr->EndOfFile(file_id); + } + return true; + %} + + diff --git a/src/analyzer/protocol/ssl/proc-client-hello.pac b/src/analyzer/protocol/ssl/proc-client-hello.pac new file mode 100644 index 0000000000..601d0fce94 --- /dev/null +++ b/src/analyzer/protocol/ssl/proc-client-hello.pac @@ -0,0 +1,42 @@ + function proc_client_hello( + version : uint16, ts : double, + client_random : bytestring, + session_id : uint8[], + cipher_suites16 : uint16[], + cipher_suites24 : uint24[]) : bool + %{ + if ( ! version_ok(version) ) + { + bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); + bro_analyzer()->SetSkip(true); + } + else + bro_analyzer()->ProtocolConfirmation(); + + if ( ssl_client_hello ) + { + vector* cipher_suites = new vector(); + if ( cipher_suites16 ) + std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*cipher_suites)); + else + std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*cipher_suites), to_int()); + + VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType()); + for ( unsigned int i = 0; i < cipher_suites->size(); ++i ) + { + Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT); + cipher_vec->Assign(i, ciph); + } + + BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(), + version, ts, new StringVal(client_random.length(), + (const char*) client_random.data()), + to_string_val(session_id), + cipher_vec); + + delete cipher_suites; + } + + return true; + %} + diff --git a/src/analyzer/protocol/ssl/proc-server-hello.pac b/src/analyzer/protocol/ssl/proc-server-hello.pac new file mode 100644 index 0000000000..2dfc940774 --- /dev/null +++ b/src/analyzer/protocol/ssl/proc-server-hello.pac @@ -0,0 +1,36 @@ + function proc_server_hello( + version : uint16, ts : double, + server_random : bytestring, + session_id : uint8[], + cipher_suites16 : uint16[], + cipher_suites24 : uint24[], + comp_method : uint8) : bool + %{ + if ( ! version_ok(version) ) + { + bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); + bro_analyzer()->SetSkip(true); + } + + if ( ssl_server_hello ) + { + vector* ciphers = new vector(); + + if ( cipher_suites16 ) + std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*ciphers)); + else + std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*ciphers), to_int()); + + BifEvent::generate_ssl_server_hello(bro_analyzer(), + bro_analyzer()->Conn(), + version, ts, new StringVal(server_random.length(), + (const char*) server_random.data()), + to_string_val(session_id), + ciphers->size()==0 ? 0 : ciphers->at(0), comp_method); + + delete ciphers; + } + + return true; + %} + diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index c835fd6632..709e8c32b2 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -1,352 +1,19 @@ # Analyzer for SSL (Bro-specific part). -%extern{ -#include -#include -#include -#include - -#include "util.h" - -#include "file_analysis/Manager.h" -%} - - -%header{ - class extract_certs { - public: - bytestring const& operator() (X509Certificate* cert) const - { - return cert->certificate(); - } - }; - - string orig_label(bool is_orig); - string handshake_type_label(int type); - %} - -%code{ -string orig_label(bool is_orig) - { - return string(is_orig ? "originator" :"responder"); - } - - string handshake_type_label(int type) - { - switch ( type ) { - case HELLO_REQUEST: return string("HELLO_REQUEST"); - case CLIENT_HELLO: return string("CLIENT_HELLO"); - case SERVER_HELLO: return string("SERVER_HELLO"); - case SESSION_TICKET: return string("SESSION_TICKET"); - case CERTIFICATE: return string("CERTIFICATE"); - case SERVER_KEY_EXCHANGE: return string("SERVER_KEY_EXCHANGE"); - case CERTIFICATE_REQUEST: return string("CERTIFICATE_REQUEST"); - case SERVER_HELLO_DONE: return string("SERVER_HELLO_DONE"); - case CERTIFICATE_VERIFY: return string("CERTIFICATE_VERIFY"); - case CLIENT_KEY_EXCHANGE: return string("CLIENT_KEY_EXCHANGE"); - case FINISHED: return string("FINISHED"); - case CERTIFICATE_URL: return string("CERTIFICATE_URL"); - case CERTIFICATE_STATUS: return string("CERTIFICATE_STATUS"); - default: return string(fmt("UNKNOWN (%d)", type)); - } - } - -%} - - -function to_string_val(data : uint8[]) : StringVal - %{ - char tmp[32]; - memset(tmp, 0, sizeof(tmp)); - - // Just return an empty string if the string is longer than 32 bytes - if ( data && data->size() <= 32 ) - { - for ( unsigned int i = data->size(); i > 0; --i ) - tmp[i-1] = (*data)[i-1]; - } - - return new StringVal(32, tmp); - %} - -function version_ok(vers : uint16) : bool - %{ - switch ( vers ) { - case SSLv20: - case SSLv30: - case TLSv10: - case TLSv11: - case TLSv12: - return true; - - default: - return false; - } - %} - refine connection SSL_Conn += { - %member{ - int established_; - %} + %include proc-client-hello.pac + %include proc-server-hello.pac + %include proc-certificate.pac - %init{ - established_ = false; - %} - - %cleanup{ - %} - - function proc_alert(rec: SSLRecord, level : int, desc : int) : bool - %{ - BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, level, desc); - return true; - %} - - function proc_client_hello(rec: SSLRecord, - version : uint16, ts : double, - client_random : bytestring, - session_id : uint8[], - cipher_suites16 : uint16[], - cipher_suites24 : uint24[]) : bool - %{ - if ( ! version_ok(version) ) - { - bro_analyzer()->ProtocolViolation(fmt("unsupported client SSL version 0x%04x", version)); - bro_analyzer()->SetSkip(true); - } - else - bro_analyzer()->ProtocolConfirmation(); - - if ( ssl_client_hello ) - { - vector* cipher_suites = new vector(); - if ( cipher_suites16 ) - std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*cipher_suites)); - else - std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*cipher_suites), to_int()); - - VectorVal* cipher_vec = new VectorVal(internal_type("index_vec")->AsVectorType()); - for ( unsigned int i = 0; i < cipher_suites->size(); ++i ) - { - Val* ciph = new Val((*cipher_suites)[i], TYPE_COUNT); - cipher_vec->Assign(i, ciph); - } - - BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(), - version, ts, new StringVal(client_random.length(), - (const char*) client_random.data()), - to_string_val(session_id), - cipher_vec); - - delete cipher_suites; - } - - return true; - %} - - function proc_server_hello(rec: SSLRecord, - version : uint16, ts : double, - server_random : bytestring, - session_id : uint8[], - cipher_suites16 : uint16[], - cipher_suites24 : uint24[], - comp_method : uint8) : bool - %{ - if ( ! version_ok(version) ) - { - bro_analyzer()->ProtocolViolation(fmt("unsupported server SSL version 0x%04x", version)); - bro_analyzer()->SetSkip(true); - } - - if ( ssl_server_hello ) - { - vector* ciphers = new vector(); - - if ( cipher_suites16 ) - std::copy(cipher_suites16->begin(), cipher_suites16->end(), std::back_inserter(*ciphers)); - else - std::transform(cipher_suites24->begin(), cipher_suites24->end(), std::back_inserter(*ciphers), to_int()); - - BifEvent::generate_ssl_server_hello(bro_analyzer(), - bro_analyzer()->Conn(), - version, ts, new StringVal(server_random.length(), - (const char*) server_random.data()), - to_string_val(session_id), - ciphers->size()==0 ? 0 : ciphers->at(0), comp_method); - - delete ciphers; - } - - return true; - %} - - function proc_session_ticket_handshake(rec: SessionTicketHandshake, is_orig: bool): bool - %{ - if ( ssl_session_ticket_handshake ) - { - BifEvent::generate_ssl_session_ticket_handshake(bro_analyzer(), - bro_analyzer()->Conn(), - ${rec.ticket_lifetime_hint}, - new StringVal(${rec.data}.length(), (const char*) ${rec.data}.data())); - } - return true; - %} - - function proc_ssl_extension(rec: SSLRecord, type: int, sourcedata: const_bytestring) : bool - %{ - // We cheat a little bit here. We want to throw this event - // for every extension we encounter, even those that are - // handled by more specialized events later. To access the - // parsed data, we use sourcedata, which contains the whole - // data blob of the extension, including headers. We skip - // over those (4 bytes). - size_t length = sourcedata.length(); - if ( length < 4 ) - { - // This should be impossible due to the binpac parser - // and protocol description - bro_analyzer()->ProtocolViolation(fmt("Impossible extension length: %zu", length)); - bro_analyzer()->SetSkip(true); - return true; - } - - length -= 4; - const unsigned char* data = sourcedata.begin() + 4; - - if ( ssl_extension ) - BifEvent::generate_ssl_extension(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, type, - new StringVal(length, reinterpret_cast(data))); - return true; - %} - - function proc_ec_point_formats(rec: SSLRecord, point_format_list: uint8[]) : bool - %{ - VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); - - if ( point_format_list ) - { - for ( unsigned int i = 0; i < point_format_list->size(); ++i ) - points->Assign(i, new Val((*point_format_list)[i], TYPE_COUNT)); - } - - BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, points); - - return true; - %} - - function proc_elliptic_curves(rec: SSLRecord, list: uint16[]) : bool - %{ - VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); - - if ( list ) - { - for ( unsigned int i = 0; i < list->size(); ++i ) - curves->Assign(i, new Val((*list)[i], TYPE_COUNT)); - } - - BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, curves); - - return true; - %} - - function proc_apnl(rec: SSLRecord, protocols: ProtocolName[]) : bool - %{ - VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); - - if ( protocols ) - { - for ( unsigned int i = 0; i < protocols->size(); ++i ) - plist->Assign(i, new StringVal((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data())); - } - - BifEvent::generate_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, plist); - - return true; - %} - - function proc_server_name(rec: SSLRecord, list: ServerName[]) : bool - %{ - VectorVal* servers = new VectorVal(internal_type("string_vec")->AsVectorType()); - - if ( list ) - { - for ( unsigned int i = 0, j = 0; i < list->size(); ++i ) - { - ServerName* servername = (*list)[i]; - if ( servername->name_type() != 0 ) - { - bro_analyzer()->Weird(fmt("Encountered unknown type in server name ssl extension: %d", servername->name_type())); - continue; - } - - if ( servername->host_name() ) - servers->Assign(j++, new StringVal(servername->host_name()->host_name().length(), (const char*) servername->host_name()->host_name().data())); - else - bro_analyzer()->Weird("Empty server_name extension in ssl connection"); - } - } - - BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), - ${rec.is_orig}, servers); - - return true; - %} - - function proc_certificate(rec: SSLRecord, certificates : bytestring[]) : bool - %{ - if ( certificates->size() == 0 ) - return true; - - ODesc common; - common.AddRaw("Analyzer::ANALYZER_SSL"); - common.Add(bro_analyzer()->Conn()->StartTime()); - common.AddRaw(${rec.is_orig} ? "T" : "F", 1); - bro_analyzer()->Conn()->IDString(&common); - - for ( unsigned int i = 0; i < certificates->size(); ++i ) - { - const bytestring& cert = (*certificates)[i]; - - ODesc file_handle; - file_handle.Add(common.Description()); - file_handle.Add(i); - - string file_id = file_mgr->HashHandle(file_handle.Description()); - - file_mgr->DataIn(reinterpret_cast(cert.data()), - cert.length(), bro_analyzer()->GetAnalyzerTag(), - bro_analyzer()->Conn(), ${rec.is_orig}, file_id); - file_mgr->EndOfFile(file_id); - } - return true; - %} - - function proc_v2_certificate(rec: SSLRecord, cert : bytestring) : bool + function proc_v2_certificate(is_orig: bool, cert : bytestring) : bool %{ vector* cert_list = new vector(1,cert); - bool ret = proc_certificate(rec, cert_list); + bool ret = proc_certificate(is_orig, cert_list); delete cert_list; return ret; %} - function proc_v3_certificate(rec: SSLRecord, cl : X509Certificate[]) : bool - %{ - vector* certs = cl; - vector* cert_list = new vector(); - - std::transform(certs->begin(), certs->end(), - std::back_inserter(*cert_list), extract_certs()); - - bool ret = proc_certificate(rec, cert_list); - delete cert_list; - return ret; - %} function proc_v2_client_master_key(rec: SSLRecord, cipher_kind: int) : bool %{ @@ -356,209 +23,40 @@ refine connection SSL_Conn += { return true; %} - function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool + function proc_handshake(rec: SSLRecord, msg_type: uint8, length: uint24, data: bytestring, is_orig: bool) : bool %{ - bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", - ${hs.msg_type}, orig_label(is_orig).c_str())); + fprintf(stderr, "Forwarding to Handshake analyzer: msg_type: %u, length: %u\n", msg_type, to_int()(length)); + fprintf(stderr, "%u\n", data.end() - data.begin()); + bro_analyzer()->SendHandshake(msg_type, to_int()(length), data.begin(), data.end(), is_orig); return true; %} - - function proc_unknown_record(rec: SSLRecord) : bool - %{ - bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s", - ${rec.content_type}, - orig_label(${rec.is_orig}).c_str())); - return true; - %} - - function proc_ciphertext_record(rec : SSLRecord) : bool - %{ - if ( client_state_ == STATE_ENCRYPTED && - server_state_ == STATE_ENCRYPTED && - established_ == false ) - { - established_ = true; - BifEvent::generate_ssl_established(bro_analyzer(), - bro_analyzer()->Conn()); - } - - BifEvent::generate_ssl_encrypted_data(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.content_type}, ${rec.length}); - - return true; - %} - - function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool - %{ - BifEvent::generate_ssl_heartbeat(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, - new StringVal(data.length(), (const char*) data.data())); - return true; - %} - - function proc_check_v2_server_hello_version(version: uint16) : bool - %{ - if ( version != SSLv20 ) - { - bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL server hello. Version: %d", version)); - bro_analyzer()->SetSkip(true); - return false; - } - - return true; - %} - - function proc_certificate_status(rec : SSLRecord, status_type: uint8, response: bytestring) : bool - %{ - if ( status_type == 1 ) // ocsp - { - BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, - new StringVal(response.length(), - (const char*) response.data())); - } - - return true; - %} - - function proc_ec_server_key_exchange(rec: SSLRecord, curve_type: uint8, curve: uint16) : bool - %{ - if ( curve_type == NAMED_CURVE ) - BifEvent::generate_ssl_server_curve(bro_analyzer(), - bro_analyzer()->Conn(), curve); - - return true; - %} - - function proc_dh_server_key_exchange(rec: SSLRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool - %{ - BifEvent::generate_ssl_dh_server_params(bro_analyzer(), - bro_analyzer()->Conn(), - new StringVal(p.length(), (const char*) p.data()), - new StringVal(g.length(), (const char*) g.data()), - new StringVal(Ys.length(), (const char*) Ys.data()) - ); - - return true; - %} - - function proc_ccs(rec: SSLRecord) : bool - %{ - BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}); - - return true; - %} - - function proc_handshake(rec: SSLRecord, msg_type: uint8, length: uint24) : bool - %{ - BifEvent::generate_ssl_handshake_message(bro_analyzer(), - bro_analyzer()->Conn(), ${rec.is_orig}, msg_type, to_int()(length)); - - return true; - %} - }; -refine typeattr Alert += &let { - proc : bool = $context.connection.proc_alert(rec, level, description); -}; refine typeattr V2Error += &let { proc : bool = $context.connection.proc_alert(rec, -1, error_code); }; -refine typeattr Heartbeat += &let { - proc : bool = $context.connection.proc_heartbeat(rec, type, payload_length, data); -}; - -refine typeattr ClientHello += &let { - proc : bool = $context.connection.proc_client_hello(rec, client_version, - gmt_unix_time, random_bytes, - session_id, csuits, 0); -}; refine typeattr V2ClientHello += &let { - proc : bool = $context.connection.proc_client_hello(rec, client_version, 0, + proc : bool = $context.connection.proc_client_hello(client_version, 0, challenge, session_id, 0, ciphers); }; -refine typeattr ServerHello += &let { - proc : bool = $context.connection.proc_server_hello(rec, server_version, - gmt_unix_time, random_bytes, session_id, cipher_suite, 0, - compression_method); -}; - refine typeattr V2ServerHello += &let { check_v2 : bool = $context.connection.proc_check_v2_server_hello_version(server_version); - proc : bool = $context.connection.proc_server_hello(rec, server_version, 0, + proc : bool = $context.connection.proc_server_hello(server_version, 0, conn_id_data, 0, 0, ciphers, 0) &requires(check_v2) &if(check_v2 == true); - cert : bool = $context.connection.proc_v2_certificate(rec, cert_data) + cert : bool = $context.connection.proc_v2_certificate(rec.is_orig, cert_data) &requires(proc) &requires(check_v2) &if(check_v2 == true); }; -refine typeattr Certificate += &let { - proc : bool = $context.connection.proc_v3_certificate(rec, certificates); -}; - refine typeattr V2ClientMasterKey += &let { proc : bool = $context.connection.proc_v2_client_master_key(rec, cipher_kind); }; -refine typeattr UnknownHandshake += &let { - proc : bool = $context.connection.proc_unknown_handshake(hs, is_orig); -}; - -refine typeattr SessionTicketHandshake += &let { - proc : bool = $context.connection.proc_session_ticket_handshake(this, rec.is_orig); -} - -refine typeattr UnknownRecord += &let { - proc : bool = $context.connection.proc_unknown_record(rec); -}; - -refine typeattr CiphertextRecord += &let { - proc : bool = $context.connection.proc_ciphertext_record(rec); -} - -refine typeattr SSLExtension += &let { - proc : bool = $context.connection.proc_ssl_extension(rec, type, sourcedata); -}; - -refine typeattr EcPointFormats += &let { - proc : bool = $context.connection.proc_ec_point_formats(rec, point_format_list); -}; - -refine typeattr EllipticCurves += &let { - proc : bool = $context.connection.proc_elliptic_curves(rec, elliptic_curve_list); -}; - -refine typeattr ApplicationLayerProtocolNegotiationExtension += &let { - proc : bool = $context.connection.proc_apnl(rec, protocol_name_list); -}; - -refine typeattr ServerNameExt += &let { - proc : bool = $context.connection.proc_server_name(rec, server_names); -}; - -refine typeattr CertificateStatus += &let { - proc : bool = $context.connection.proc_certificate_status(rec, status_type, response); -}; - -refine typeattr EcServerKeyExchange += &let { - proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve); -}; - -refine typeattr DhServerKeyExchange += &let { - proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys); -}; - -refine typeattr ChangeCipherSpec += &let { - proc : bool = $context.connection.proc_ccs(rec); -}; - refine typeattr Handshake += &let { - proc : bool = $context.connection.proc_handshake(rec, msg_type, length); + proc : bool = $context.connection.proc_handshake(rec, msg_type, length, data, rec.is_orig); }; diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac index 29eb1d1fb9..c29bbcbabe 100644 --- a/src/analyzer/protocol/ssl/ssl-defs.pac +++ b/src/analyzer/protocol/ssl/ssl-defs.pac @@ -1,5 +1,84 @@ # Some common definitions for the SSL and SSL record-layer analyzers. +type uint24 = record { + byte1 : uint8; + byte2 : uint8; + byte3 : uint8; +}; + +type uint48 = record { + byte1 : uint8; + byte2 : uint8; + byte3 : uint8; + byte4 : uint8; + byte5 : uint8; + byte6 : uint8; +}; + + +%header{ + string orig_label(bool is_orig); + %} + + +%code{ +string orig_label(bool is_orig) + { + return string(is_orig ? "originator" :"responder"); + } +%} + +%header{ + class to_int { + public: + int operator()(uint24 * num) const + { + return (num->byte1() << 16) | (num->byte2() << 8) | num->byte3(); + } + + uint64 operator()(uint48 * num) const + { + return ((uint64)num->byte1() << 40) | ((uint64)num->byte2() << 32) | ((uint64)num->byte3() << 24) | + ((uint64)num->byte4() << 16) | ((uint64)num->byte5() << 8) | (uint64)num->byte6(); + } + }; + + string state_label(int state_nr); +%} + +extern type to_int; + +function to_string_val(data : uint8[]) : StringVal + %{ + char tmp[32]; + memset(tmp, 0, sizeof(tmp)); + + // Just return an empty string if the string is longer than 32 bytes + if ( data && data->size() <= 32 ) + { + for ( unsigned int i = data->size(); i > 0; --i ) + tmp[i-1] = (*data)[i-1]; + } + + return new StringVal(32, tmp); + %} + +function version_ok(vers : uint16) : bool + %{ + switch ( vers ) { + case SSLv20: + case SSLv30: + case TLSv10: + case TLSv11: + case TLSv12: + return true; + + default: + return false; + } + %} + + %extern{ #include using std::string; diff --git a/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac new file mode 100644 index 0000000000..0e8418644e --- /dev/null +++ b/src/analyzer/protocol/ssl/ssl-dtls-analyzer.pac @@ -0,0 +1,106 @@ + +%extern{ +#include +#include +#include +#include + +#include "util.h" + +#include "file_analysis/Manager.h" +%} + +refine connection SSL_Conn += { + + %member{ + int established_; + %} + + %init{ + established_ = false; + %} + + %cleanup{ + %} + + function proc_alert(rec: SSLRecord, level : int, desc : int) : bool + %{ + BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, level, desc); + return true; + %} + function proc_unknown_record(rec: SSLRecord) : bool + %{ + bro_analyzer()->ProtocolViolation(fmt("unknown SSL record type (%d) from %s", + ${rec.content_type}, + orig_label(${rec.is_orig}).c_str())); + return true; + %} + + function proc_ciphertext_record(rec : SSLRecord) : bool + %{ + if ( client_state_ == STATE_ENCRYPTED && + server_state_ == STATE_ENCRYPTED && + established_ == false ) + { + established_ = true; + BifEvent::generate_ssl_established(bro_analyzer(), + bro_analyzer()->Conn()); + } + + BifEvent::generate_ssl_encrypted_data(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.content_type}, ${rec.length}); + + return true; + %} + + function proc_heartbeat(rec : SSLRecord, type: uint8, payload_length: uint16, data: bytestring) : bool + %{ + BifEvent::generate_ssl_heartbeat(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length}, type, payload_length, + new StringVal(data.length(), (const char*) data.data())); + return true; + %} + + function proc_check_v2_server_hello_version(version: uint16) : bool + %{ + if ( version != SSLv20 ) + { + bro_analyzer()->ProtocolViolation(fmt("Invalid version in SSL server hello. Version: %d", version)); + bro_analyzer()->SetSkip(true); + return false; + } + + return true; + %} + + + function proc_ccs(rec: SSLRecord) : bool + %{ + BifEvent::generate_ssl_change_cipher_spec(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}); + + return true; + %} + +}; + +refine typeattr Alert += &let { + proc : bool = $context.connection.proc_alert(rec, level, description); +}; + +refine typeattr Heartbeat += &let { + proc : bool = $context.connection.proc_heartbeat(rec, type, payload_length, data); +}; + +refine typeattr UnknownRecord += &let { + proc : bool = $context.connection.proc_unknown_record(rec); +}; + +refine typeattr CiphertextRecord += &let { + proc : bool = $context.connection.proc_ciphertext_record(rec); +} + +refine typeattr ChangeCipherSpec += &let { + proc : bool = $context.connection.proc_ccs(rec); +}; diff --git a/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac new file mode 100644 index 0000000000..c3277d150e --- /dev/null +++ b/src/analyzer/protocol/ssl/ssl-dtls-protocol.pac @@ -0,0 +1,134 @@ + +###################################################################### +# General definitions +###################################################################### + +type PlaintextRecord(rec: SSLRecord) = case rec.content_type of { + CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec(rec); + ALERT -> alert : Alert(rec); + HEARTBEAT -> heartbeat: Heartbeat(rec); + APPLICATION_DATA -> app_data : ApplicationData(rec); + default -> unknown_record : UnknownRecord(rec); +}; + + +###################################################################### +# Encryption Tracking +###################################################################### + +enum AnalyzerState { + STATE_CLEAR, + STATE_ENCRYPTED +}; + +%code{ + string state_label(int state_nr) + { + switch ( state_nr ) { + case STATE_CLEAR: + return string("CLEAR"); + + case STATE_ENCRYPTED: + return string("ENCRYPTED"); + + default: + return string(fmt("UNKNOWN (%d)", state_nr)); + } + } +%} + +###################################################################### +# Change Cipher Spec Protocol (7.1.) +###################################################################### + +type ChangeCipherSpec(rec: SSLRecord) = record { + type : uint8; +} &length = 1, &let { + state_changed : bool = + $context.connection.startEncryption(rec.is_orig); +}; + + +###################################################################### +# Alert Protocol (7.2.) +###################################################################### + +type Alert(rec: SSLRecord) = record { + level : uint8; + description: uint8; +}; + + +###################################################################### +# V3 Application Data +###################################################################### + +# Application data should always be encrypted, so we should not +# reach this point. +type ApplicationData(rec: SSLRecord) = record { + data : bytestring &restofdata &transient; +}; + +###################################################################### +# V3 Heartbeat +###################################################################### + +type Heartbeat(rec: SSLRecord) = record { + type : uint8; + payload_length : uint16; + data : bytestring &restofdata; +}; + + + +###################################################################### +# Fragmentation (6.2.1.) +###################################################################### + +type UnknownRecord(rec: SSLRecord) = record { + cont : bytestring &restofdata &transient; +}; + +type CiphertextRecord(rec: SSLRecord) = record { + cont : bytestring &restofdata &transient; +}; + +###################################################################### +# binpac analyzer for SSL including +###################################################################### + +refine connection SSL_Conn += { + + %member{ + int client_state_; + int server_state_; + int record_layer_version_; + %} + + %init{ + server_state_ = STATE_CLEAR; + client_state_ = STATE_CLEAR; + record_layer_version_ = UNKNOWN_VERSION; + %} + + function client_state() : int %{ return client_state_; %} + + function server_state() : int %{ return client_state_; %} + + function state(is_orig: bool) : int + %{ + if ( is_orig ) + return client_state_; + else + return server_state_; + %} + + function startEncryption(is_orig: bool) : bool + %{ + if ( is_orig ) + client_state_ = STATE_ENCRYPTED; + else + server_state_ = STATE_ENCRYPTED; + return true; + %} +}; diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index cb794bd8a4..d5628e9cc7 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -2,30 +2,6 @@ # To be used in conjunction with an SSL record-layer analyzer. # Separation is necessary due to possible fragmentation of SSL records. -###################################################################### -# General definitions -###################################################################### - -type uint24 = record { - byte1 : uint8; - byte2 : uint8; - byte3 : uint8; -}; - -%header{ - class to_int { - public: - int operator()(uint24 * num) const - { - return (num->byte1() << 16) | (num->byte2() << 8) | num->byte3(); - } - }; - - string state_label(int state_nr); -%} - -extern type to_int; - type SSLRecord(is_orig: bool) = record { head0 : uint8; head1 : uint8; @@ -58,161 +34,20 @@ type RecordText(rec: SSLRecord) = case $context.connection.state(rec.is_orig) of -> plaintext : PlaintextRecord(rec); }; -type PlaintextRecord(rec: SSLRecord) = case rec.content_type of { - CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec(rec); - ALERT -> alert : Alert(rec); +refine casetype PlaintextRecord += { HANDSHAKE -> handshake : Handshake(rec); - HEARTBEAT -> heartbeat: Heartbeat(rec); - APPLICATION_DATA -> app_data : ApplicationData(rec); V2_ERROR -> v2_error : V2Error(rec); V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello(rec); V2_CLIENT_MASTER_KEY -> v2_client_master_key : V2ClientMasterKey(rec); V2_SERVER_HELLO -> v2_server_hello : V2ServerHello(rec); - default -> unknown_record : UnknownRecord(rec); }; -###################################################################### -# TLS Extensions -###################################################################### - -type SSLExtension(rec: SSLRecord) = record { - type: uint16; - data_len: uint16; - - # Pretty code ahead. Deal with the fact that perhaps extensions are - # not really present and we do not want to fail because of that. - ext: case type of { - EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == 0 || $element != 0); - EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == 0 || $element != 0); - EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == 0 || $element != 0); -# EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0); - EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0); - default -> data: bytestring &restofdata; - }; -} &length=data_len+4 &exportsourcedata; - -type ServerNameHostName() = record { - length: uint16; - host_name: bytestring &length=length; +type Handshake(rec: SSLRecord) = record { + msg_type: uint8; + length: uint24; + data: bytestring &length=to_int()(length); }; -type ServerName() = record { - name_type: uint8; # has to be 0 for host-name - name: case name_type of { - 0 -> host_name: ServerNameHostName; - default -> data : bytestring &restofdata &transient; # unknown name - }; -}; - -type ServerNameExt(rec: SSLRecord) = record { - length: uint16; - server_names: ServerName[] &until($input.length() == 0); -} &length=length+2; - -# Do not parse for now. Structure is correct, but only contains asn.1 data that we would not use further. -#type OcspStatusRequest(rec: SSLRecord) = record { -# responder_id_list_length: uint16; -# responder_id_list: bytestring &length=responder_id_list_length; -# request_extensions_length: uint16; -# request_extensions: bytestring &length=request_extensions_length; -#}; -# -#type StatusRequest(rec: SSLRecord) = record { -# status_type: uint8; # 1 -> ocsp -# req: case status_type of { -# 1 -> ocsp_status_request: OcspStatusRequest(rec); -# default -> data : bytestring &restofdata &transient; # unknown -# }; -#}; - -type EcPointFormats(rec: SSLRecord) = record { - length: uint8; - point_format_list: uint8[length]; -}; - -type EllipticCurves(rec: SSLRecord) = record { - length: uint16; - elliptic_curve_list: uint16[length/2]; -}; - -type ProtocolName() = record { - length: uint8; - name: bytestring &length=length; -}; - -type ApplicationLayerProtocolNegotiationExtension(rec: SSLRecord) = record { - length: uint16; - protocol_name_list: ProtocolName[] &until($input.length() == 0); -} &length=length+2; - -###################################################################### -# Encryption Tracking -###################################################################### - -enum AnalyzerState { - STATE_CLEAR, - STATE_ENCRYPTED -}; - -%code{ - string state_label(int state_nr) - { - switch ( state_nr ) { - case STATE_CLEAR: - return string("CLEAR"); - - case STATE_ENCRYPTED: - return string("ENCRYPTED"); - - default: - return string(fmt("UNKNOWN (%d)", state_nr)); - } - } -%} - -###################################################################### -# SSLv3 Handshake Protocols (7.) -###################################################################### - -enum HandshakeType { - HELLO_REQUEST = 0, - CLIENT_HELLO = 1, - SERVER_HELLO = 2, - SESSION_TICKET = 4, # RFC 5077 - CERTIFICATE = 11, - SERVER_KEY_EXCHANGE = 12, - CERTIFICATE_REQUEST = 13, - SERVER_HELLO_DONE = 14, - CERTIFICATE_VERIFY = 15, - CLIENT_KEY_EXCHANGE = 16, - FINISHED = 20, - CERTIFICATE_URL = 21, # RFC 3546 - CERTIFICATE_STATUS = 22, # RFC 3546 -}; - - -###################################################################### -# V3 Change Cipher Spec Protocol (7.1.) -###################################################################### - -type ChangeCipherSpec(rec: SSLRecord) = record { - type : uint8; -} &length = 1, &let { - state_changed : bool = - $context.connection.startEncryption(rec.is_orig); -}; - - -###################################################################### -# V3 Alert Protocol (7.2.) -###################################################################### - -type Alert(rec: SSLRecord) = record { - level : uint8; - description: uint8; -}; - - ###################################################################### # V2 Error Records (SSLv2 2.7.) ###################################################################### @@ -224,53 +59,6 @@ type V2Error(rec: SSLRecord) = record { }; -###################################################################### -# V3 Application Data -###################################################################### - -# Application data should always be encrypted, so we should not -# reach this point. -type ApplicationData(rec: SSLRecord) = record { - data : bytestring &restofdata &transient; -}; - -###################################################################### -# V3 Heartbeat -###################################################################### - -type Heartbeat(rec: SSLRecord) = record { - type : uint8; - payload_length : uint16; - data : bytestring &restofdata; -}; - -###################################################################### -# V3 Hello Request (7.4.1.1.) -###################################################################### - -# Hello Request is empty -type HelloRequest(rec: SSLRecord) = empty; - - -###################################################################### -# V3 Client Hello (7.4.1.2.) -###################################################################### - -type ClientHello(rec: SSLRecord) = record { - client_version : uint16; - gmt_unix_time : uint32; - random_bytes : bytestring &length = 28; - session_len : uint8; - session_id : uint8[session_len]; - csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0); - csuits : uint16[csuit_len/2]; - cmeth_len : uint8 &check(cmeth_len > 0); - cmeths : uint8[cmeth_len]; - # This weirdness is to deal with the possible existence or absence - # of the following fields. - ext_len: uint16[] &until($element == 0 || $element != 0); - extensions : SSLExtension(rec)[] &until($input.length() == 0); -}; ###################################################################### # V2 Client Hello (SSLv2 2.5.) @@ -288,26 +76,6 @@ type V2ClientHello(rec: SSLRecord) = record { }; -###################################################################### -# V3 Server Hello (7.4.1.3.) -###################################################################### - -type ServerHello(rec: SSLRecord) = record { - server_version : uint16; - gmt_unix_time : uint32; - random_bytes : bytestring &length = 28; - session_len : uint8; - session_id : uint8[session_len]; - cipher_suite : uint16[1]; - compression_method : uint8; - # This weirdness is to deal with the possible existence or absence - # of the following fields. - ext_len: uint16[] &until($element == 0 || $element != 0); - extensions : SSLExtension(rec)[] &until($input.length() == 0); -} &let { - cipher_set : bool = - $context.connection.set_cipher(cipher_suite[0]); -}; ###################################################################### # V2 Server Hello (SSLv2 2.6.) @@ -329,298 +97,6 @@ type V2ServerHello(rec: SSLRecord) = record { }; -###################################################################### -# V3 Server Certificate (7.4.2.) -###################################################################### - -type X509Certificate = record { - length : uint24; - certificate : bytestring &length = to_int()(length); -}; - -type Certificate(rec: SSLRecord) = record { - length : uint24; - certificates : X509Certificate[] &until($input.length() == 0); -} &length = to_int()(length)+3; - -# OCSP Stapling - -type CertificateStatus(rec: SSLRecord) = record { - status_type: uint8; # 1 = ocsp, everything else is undefined - length : uint24; - response: bytestring &restofdata; -}; - -###################################################################### -# V3 Server Key Exchange Message (7.4.3.) -###################################################################### - -# Usually, the server key exchange does not contain any information -# that we are interested in. -# -# The exception is when we are using an ECDHE, DHE or DH-Anon suite. -# In this case, we can extract information about the chosen cipher from -# here. -type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher() of { - TLS_ECDH_ECDSA_WITH_NULL_SHA, - TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_NULL_SHA, - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_RSA_WITH_NULL_SHA, - TLS_ECDH_RSA_WITH_RC4_128_SHA, - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_NULL_SHA, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_ANON_WITH_NULL_SHA, - TLS_ECDH_ANON_WITH_RC4_128_SHA, - TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, - TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_PSK_WITH_RC4_128_SHA, - TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, - TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, - TLS_ECDHE_PSK_WITH_NULL_SHA, - TLS_ECDHE_PSK_WITH_NULL_SHA256, - TLS_ECDHE_PSK_WITH_NULL_SHA384, - TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, - TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, - TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, - TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, - TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_CCM, - TLS_ECDHE_ECDSA_WITH_AES_256_CCM, - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, - TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - -> ec_server_key_exchange : EcServerKeyExchange(rec); - - # DHE suites - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_DSS_WITH_DES_CBC_SHA, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, - TLS_DHE_RSA_WITH_DES_CBC_SHA, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, - TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS_DHE_DSS_WITH_RC4_128_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD, - TLS_DHE_DSS_WITH_AES_128_CBC_RMD, - TLS_DHE_DSS_WITH_AES_256_CBC_RMD, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD, - TLS_DHE_RSA_WITH_AES_128_CBC_RMD, - TLS_DHE_RSA_WITH_AES_256_CBC_RMD, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_PSK_WITH_RC4_128_SHA, - TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA, - TLS_DHE_DSS_WITH_SEED_CBC_SHA, - TLS_DHE_RSA_WITH_SEED_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, - TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, - TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, - TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, - TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, - TLS_DHE_PSK_WITH_NULL_SHA256, - TLS_DHE_PSK_WITH_NULL_SHA384, - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, - TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, - TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, - TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, - TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, - TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, - TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, - TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, - TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, - TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, - TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, - TLS_DHE_RSA_WITH_AES_128_CCM, - TLS_DHE_RSA_WITH_AES_256_CCM, - TLS_DHE_RSA_WITH_AES_128_CCM_8, - TLS_DHE_RSA_WITH_AES_256_CCM_8, - TLS_DHE_PSK_WITH_AES_128_CCM, - TLS_DHE_PSK_WITH_AES_256_CCM, - TLS_PSK_DHE_WITH_AES_128_CCM_8, - TLS_PSK_DHE_WITH_AES_256_CCM_8, - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - # DH-anon suites - TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, - TLS_DH_ANON_WITH_RC4_128_MD5, - TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, - TLS_DH_ANON_WITH_DES_CBC_SHA, - TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, - TLS_DH_ANON_WITH_AES_128_CBC_SHA, - TLS_DH_ANON_WITH_AES_256_CBC_SHA, - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, - TLS_DH_ANON_WITH_AES_128_CBC_SHA256, - TLS_DH_ANON_WITH_AES_256_CBC_SHA256, - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, - TLS_DH_ANON_WITH_SEED_CBC_SHA, - TLS_DH_ANON_WITH_AES_128_GCM_SHA256, - TLS_DH_ANON_WITH_AES_256_GCM_SHA384, - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256, - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256, - TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256, - TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384, - TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256, - TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384, - TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256, - TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 - # DH non-anon suites do not send a ServerKeyExchange - -> dh_server_key_exchange : DhServerKeyExchange(rec); - - default - -> key : bytestring &restofdata &transient; -}; - -# For the moment, we really only are interested in the curve name. If it -# is not set (if the server sends explicit parameters), we do not bother. -# We also do not parse the actual signature data following the named curve. -type EcServerKeyExchange(rec: SSLRecord) = record { - curve_type: uint8; - curve: uint16; # only if curve_type = 3 (NAMED_CURVE) - data: bytestring &restofdata &transient; -}; - -# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams -# structure. After that, they start to differ, but we do not care about that. -type DhServerKeyExchange(rec: SSLRecord) = record { - dh_p_length: uint16; - dh_p: bytestring &length=dh_p_length; - dh_g_length: uint16; - dh_g: bytestring &length=dh_g_length; - dh_Ys_length: uint16; - dh_Ys: bytestring &length=dh_Ys_length; - data: bytestring &restofdata &transient; -}; - - -###################################################################### -# V3 Certificate Request (7.4.4.) -###################################################################### - -# For now, ignore Certificate Request Details; just eat up message. -type CertificateRequest(rec: SSLRecord) = record { - cont : bytestring &restofdata &transient; -}; - - -###################################################################### -# V3 Server Hello Done (7.4.5.) -###################################################################### - -# Server Hello Done is empty -type ServerHelloDone(rec: SSLRecord) = empty; - - -###################################################################### -# V3 Client Certificate (7.4.6.) -###################################################################### - -# Client Certificate is identical to Server Certificate; -# no further definition here - - -###################################################################### -# V3 Client Key Exchange Message (7.4.7.) -###################################################################### - -# For now ignore details of ClientKeyExchange (most of it is -# encrypted anyway); just eat up message. -type ClientKeyExchange(rec: SSLRecord) = record { - key : bytestring &restofdata &transient; -}; - ###################################################################### # V2 Client Master Key (SSLv2 2.5.) ###################################################################### @@ -641,75 +117,6 @@ type V2ClientMasterKey(rec: SSLRecord) = record { }; -###################################################################### -# V3 Certificate Verify (7.4.8.) -###################################################################### - -# For now, ignore Certificate Verify; just eat up the message. -type CertificateVerify(rec: SSLRecord) = record { - cont : bytestring &restofdata &transient; -}; - - -###################################################################### -# V3 Finished (7.4.9.) -###################################################################### - -# The finished messages are always sent after encryption is in effect, -# so we will not be able to read those messages. -type Finished(rec: SSLRecord) = record { - cont : bytestring &restofdata &transient; -}; - -type SessionTicketHandshake(rec: SSLRecord) = record { - ticket_lifetime_hint: uint32; - data: bytestring &restofdata; -}; - -###################################################################### -# V3 Handshake Protocol (7.) -###################################################################### - -type UnknownHandshake(hs: Handshake, is_orig: bool) = record { - data : bytestring &restofdata &transient; -}; - -type Handshake(rec: SSLRecord) = record { - msg_type : uint8; - length : uint24; - - body : case msg_type of { - HELLO_REQUEST -> hello_request : HelloRequest(rec); - CLIENT_HELLO -> client_hello : ClientHello(rec); - SERVER_HELLO -> server_hello : ServerHello(rec); - SESSION_TICKET -> session_ticket : SessionTicketHandshake(rec); - CERTIFICATE -> certificate : Certificate(rec); - SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); - CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); - SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); - CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); - CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); - FINISHED -> finished : Finished(rec); - CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; - CERTIFICATE_STATUS -> certificate_status : CertificateStatus(rec); - default -> unknown_handshake : UnknownHandshake(this, rec.is_orig); - } &length = to_int()(length); -}; - - -###################################################################### -# Fragmentation (6.2.1.) -###################################################################### - -type UnknownRecord(rec: SSLRecord) = record { - cont : bytestring &restofdata &transient; -}; - -type CiphertextRecord(rec: SSLRecord) = record { - cont : bytestring &restofdata &transient; -}; - - ###################################################################### # initial datatype for binpac ###################################################################### @@ -725,28 +132,6 @@ type SSLPDU(is_orig: bool) = record { refine connection SSL_Conn += { - %member{ - int client_state_; - int server_state_; - int record_layer_version_; - uint32 chosen_cipher_; - %} - - %init{ - server_state_ = STATE_CLEAR; - client_state_ = STATE_CLEAR; - record_layer_version_ = UNKNOWN_VERSION; - chosen_cipher_ = NO_CHOSEN_CIPHER; - %} - - function chosen_cipher() : int %{ return chosen_cipher_; %} - - function set_cipher(cipher: uint32) : bool - %{ - chosen_cipher_ = cipher; - return true; - %} - function determine_ssl_record_layer(head0 : uint8, head1 : uint8, head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int %{ @@ -818,24 +203,4 @@ refine connection SSL_Conn += { return UNKNOWN_VERSION; %} - function client_state() : int %{ return client_state_; %} - - function server_state() : int %{ return client_state_; %} - - function state(is_orig: bool) : int - %{ - if ( is_orig ) - return client_state_; - else - return server_state_; - %} - - function startEncryption(is_orig: bool) : bool - %{ - if ( is_orig ) - client_state_ = STATE_ENCRYPTED; - else - server_state_ = STATE_ENCRYPTED; - return true; - %} }; diff --git a/src/analyzer/protocol/ssl/ssl.pac b/src/analyzer/protocol/ssl/ssl.pac index 4a32227088..f7e7c17e7f 100644 --- a/src/analyzer/protocol/ssl/ssl.pac +++ b/src/analyzer/protocol/ssl/ssl.pac @@ -10,23 +10,32 @@ %extern{ #include "events.bif.h" + +namespace analyzer { namespace ssl { class SSL_Analyzer; } } +typedef analyzer::ssl::SSL_Analyzer* SSLAnalyzer; + +#include "SSL.h" %} +extern type SSLAnalyzer; + analyzer SSL withcontext { connection: SSL_Conn; flow: SSL_Flow; }; -connection SSL_Conn(bro_analyzer: BroAnalyzer) { +connection SSL_Conn(bro_analyzer: SSLAnalyzer) { upflow = SSL_Flow(true); downflow = SSL_Flow(false); }; +%include ssl-dtls-protocol.pac %include ssl-protocol.pac flow SSL_Flow(is_orig: bool) { flowunit = SSLPDU(is_orig) withcontext(connection, this); } +%include ssl-dtls-analyzer.pac %include ssl-analyzer.pac %include ssl-defs.pac diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac new file mode 100644 index 0000000000..fb6ce2e7a4 --- /dev/null +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -0,0 +1,273 @@ +# Analyzer for SSL/TLS Handshake protocol (Bro-specific part). + +%extern{ +#include +#include +#include +#include + +#include "util.h" + +#include "file_analysis/Manager.h" +%} + +%header{ + class extract_certs { + public: + bytestring const& operator() (X509Certificate* cert) const + { + return cert->certificate(); + } + }; + + string orig_label(bool is_orig); + string handshake_type_label(int type); + %} + +refine connection Handshake_Conn += { + + %include proc-client-hello.pac + %include proc-server-hello.pac + %include proc-certificate.pac + + function proc_session_ticket_handshake(rec: SessionTicketHandshake, is_orig: bool): bool + %{ + if ( ssl_session_ticket_handshake ) + { + BifEvent::generate_ssl_session_ticket_handshake(bro_analyzer(), + bro_analyzer()->Conn(), + ${rec.ticket_lifetime_hint}, + new StringVal(${rec.data}.length(), (const char*) ${rec.data}.data())); + } + return true; + %} + + function proc_ssl_extension(rec: Handshake, type: int, sourcedata: const_bytestring) : bool + %{ + // We cheat a little bit here. We want to throw this event + // for every extension we encounter, even those that are + // handled by more specialized events later. To access the + // parsed data, we use sourcedata, which contains the whole + // data blob of the extension, including headers. We skip + // over those (4 bytes). + size_t length = sourcedata.length(); + if ( length < 4 ) + { + // This should be impossible due to the binpac parser + // and protocol description + bro_analyzer()->ProtocolViolation(fmt("Impossible extension length: %zu", length)); + bro_analyzer()->SetSkip(true); + return true; + } + + length -= 4; + const unsigned char* data = sourcedata.begin() + 4; + + if ( ssl_extension ) + BifEvent::generate_ssl_extension(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, type, + new StringVal(length, reinterpret_cast(data))); + return true; + %} + + function proc_ec_point_formats(rec: Handshake, point_format_list: uint8[]) : bool + %{ + VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); + + if ( point_format_list ) + { + for ( unsigned int i = 0; i < point_format_list->size(); ++i ) + points->Assign(i, new Val((*point_format_list)[i], TYPE_COUNT)); + } + + BifEvent::generate_ssl_extension_ec_point_formats(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, points); + + return true; + %} + + function proc_elliptic_curves(rec: Handshake, list: uint16[]) : bool + %{ + VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); + + if ( list ) + { + for ( unsigned int i = 0; i < list->size(); ++i ) + curves->Assign(i, new Val((*list)[i], TYPE_COUNT)); + } + + BifEvent::generate_ssl_extension_elliptic_curves(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, curves); + + return true; + %} + + function proc_apnl(rec: Handshake, protocols: ProtocolName[]) : bool + %{ + VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); + + if ( protocols ) + { + for ( unsigned int i = 0; i < protocols->size(); ++i ) + plist->Assign(i, new StringVal((*protocols)[i]->name().length(), (const char*) (*protocols)[i]->name().data())); + } + + BifEvent::generate_ssl_extension_application_layer_protocol_negotiation(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, plist); + + return true; + %} + + function proc_server_name(rec: Handshake, list: ServerName[]) : bool + %{ + VectorVal* servers = new VectorVal(internal_type("string_vec")->AsVectorType()); + + if ( list ) + { + for ( unsigned int i = 0, j = 0; i < list->size(); ++i ) + { + ServerName* servername = (*list)[i]; + if ( servername->name_type() != 0 ) + { + bro_analyzer()->Weird(fmt("Encountered unknown type in server name ssl extension: %d", servername->name_type())); + continue; + } + + if ( servername->host_name() ) + servers->Assign(j++, new StringVal(servername->host_name()->host_name().length(), (const char*) servername->host_name()->host_name().data())); + else + bro_analyzer()->Weird("Empty server_name extension in ssl connection"); + } + } + + BifEvent::generate_ssl_extension_server_name(bro_analyzer(), bro_analyzer()->Conn(), + ${rec.is_orig}, servers); + + return true; + %} + + function proc_v3_certificate(is_orig: bool, cl : X509Certificate[]) : bool + %{ + vector* certs = cl; + vector* cert_list = new vector(); + + std::transform(certs->begin(), certs->end(), + std::back_inserter(*cert_list), extract_certs()); + + bool ret = proc_certificate(is_orig, cert_list); + delete cert_list; + return ret; + %} + + function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool + %{ + bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", + ${hs.msg_type}, orig_label(is_orig).c_str())); + return true; + %} + + function proc_certificate_status(rec : Handshake, status_type: uint8, response: bytestring) : bool + %{ + if ( status_type == 1 ) // ocsp + { + BifEvent::generate_ssl_stapled_ocsp(bro_analyzer(), + bro_analyzer()->Conn(), ${rec.is_orig}, + new StringVal(response.length(), + (const char*) response.data())); + } + + return true; + %} + + function proc_ec_server_key_exchange(rec: Handshake, curve_type: uint8, curve: uint16) : bool + %{ + if ( curve_type == NAMED_CURVE ) + BifEvent::generate_ssl_server_curve(bro_analyzer(), + bro_analyzer()->Conn(), curve); + + return true; + %} + + function proc_dh_server_key_exchange(rec: Handshake, p: bytestring, g: bytestring, Ys: bytestring) : bool + %{ + BifEvent::generate_ssl_dh_server_params(bro_analyzer(), + bro_analyzer()->Conn(), + new StringVal(p.length(), (const char*) p.data()), + new StringVal(g.length(), (const char*) g.data()), + new StringVal(Ys.length(), (const char*) Ys.data()) + ); + + return true; + %} + + function proc_handshake(is_orig: bool, msg_type: uint8, length: uint32) : bool + %{ + BifEvent::generate_ssl_handshake_message(bro_analyzer(), + bro_analyzer()->Conn(), is_orig, msg_type, length); + + return true; + %} + + +}; + +refine typeattr ClientHello += &let { + proc : bool = $context.connection.proc_client_hello(client_version, + gmt_unix_time, random_bytes, + session_id, csuits, 0); +}; + +refine typeattr ServerHello += &let { + proc : bool = $context.connection.proc_server_hello(server_version, + gmt_unix_time, random_bytes, session_id, cipher_suite, 0, + compression_method); +}; + +refine typeattr Certificate += &let { + proc : bool = $context.connection.proc_v3_certificate(rec.is_orig, certificates); +}; + +refine typeattr UnknownHandshake += &let { + proc : bool = $context.connection.proc_unknown_handshake(hs, is_orig); +}; + +refine typeattr SessionTicketHandshake += &let { + proc : bool = $context.connection.proc_session_ticket_handshake(this, rec.is_orig); +} + +refine typeattr SSLExtension += &let { + proc : bool = $context.connection.proc_ssl_extension(rec, type, sourcedata); +}; + +refine typeattr EcPointFormats += &let { + proc : bool = $context.connection.proc_ec_point_formats(rec, point_format_list); +}; + +refine typeattr EllipticCurves += &let { + proc : bool = $context.connection.proc_elliptic_curves(rec, elliptic_curve_list); +}; + +refine typeattr ApplicationLayerProtocolNegotiationExtension += &let { + proc : bool = $context.connection.proc_apnl(rec, protocol_name_list); +}; + +refine typeattr ServerNameExt += &let { + proc : bool = $context.connection.proc_server_name(rec, server_names); +}; + +refine typeattr CertificateStatus += &let { + proc : bool = $context.connection.proc_certificate_status(rec, status_type, response); +}; + +refine typeattr EcServerKeyExchange += &let { + proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve); +}; + +refine typeattr DhServerKeyExchange += &let { + proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys); +}; + +refine typeattr Handshake += &let { + proc : bool = $context.connection.proc_handshake(is_orig, msg_type, msg_length); +}; + diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac new file mode 100644 index 0000000000..723d95d7a4 --- /dev/null +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -0,0 +1,533 @@ +###################################################################### +# Handshake Protocols (7.) +###################################################################### + +enum HandshakeType { + HELLO_REQUEST = 0, + CLIENT_HELLO = 1, + SERVER_HELLO = 2, + SESSION_TICKET = 4, # RFC 5077 + CERTIFICATE = 11, + SERVER_KEY_EXCHANGE = 12, + CERTIFICATE_REQUEST = 13, + SERVER_HELLO_DONE = 14, + CERTIFICATE_VERIFY = 15, + CLIENT_KEY_EXCHANGE = 16, + FINISHED = 20, + CERTIFICATE_URL = 21, # RFC 3546 + CERTIFICATE_STATUS = 22, # RFC 3546 +}; + + +###################################################################### +# V3 Handshake Protocol (7.) +###################################################################### + +type UnknownHandshake(hs: Handshake, is_orig: bool) = record { + data : bytestring &restofdata &transient; +}; + +type Handshake(is_orig: bool) = record { + body : case msg_type of { + HELLO_REQUEST -> hello_request : HelloRequest(this); + CLIENT_HELLO -> client_hello : ClientHello(this); + SERVER_HELLO -> server_hello : ServerHello(this); + SESSION_TICKET -> session_ticket : SessionTicketHandshake(this); + CERTIFICATE -> certificate : Certificate(this); + SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(this); + CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(this); + SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(this); + CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(this); + CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(this); + FINISHED -> finished : Finished(this); + CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; + CERTIFICATE_STATUS -> certificate_status : CertificateStatus(this); + default -> unknown_handshake : UnknownHandshake(this, is_orig); + } &length = msg_length; +} &byteorder = bigendian, + &let { + msg_type: uint8 = $context.connection.msg_type(); + msg_length: uint32 = $context.connection.msg_length(); +}; + +###################################################################### +# V3 Hello Request (7.4.1.1.) +###################################################################### + +# Hello Request is empty +type HelloRequest(rec: Handshake) = empty; + + +###################################################################### +# V3 Client Hello (7.4.1.2.) +###################################################################### + +type ClientHello(rec: Handshake) = record { + client_version : uint16; + gmt_unix_time : uint32; + random_bytes : bytestring &length = 28; + session_len : uint8; + session_id : uint8[session_len]; + csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0); + csuits : uint16[csuit_len/2]; + cmeth_len : uint8 &check(cmeth_len > 0); + cmeths : uint8[cmeth_len]; + # This weirdness is to deal with the possible existence or absence + # of the following fields. + ext_len: uint16[] &until($element == 0 || $element != 0); + extensions : SSLExtension(rec)[] &until($input.length() == 0); +}; + +###################################################################### +# V3 Server Hello (7.4.1.3.) +###################################################################### + +type ServerHello(rec: Handshake) = record { + server_version : uint16; + gmt_unix_time : uint32; + random_bytes : bytestring &length = 28; + session_len : uint8; + session_id : uint8[session_len]; + cipher_suite : uint16[1]; + compression_method : uint8; + # This weirdness is to deal with the possible existence or absence + # of the following fields. + ext_len: uint16[] &until($element == 0 || $element != 0); + extensions : SSLExtension(rec)[] &until($input.length() == 0); +} &let { + cipher_set : bool = + $context.connection.set_cipher(cipher_suite[0]); +}; + +###################################################################### +# V3 Server Certificate (7.4.2.) +###################################################################### + +type X509Certificate = record { + length : uint24; + certificate : bytestring &length = to_int()(length); +}; + +type Certificate(rec: Handshake) = record { + length : uint24; + certificates : X509Certificate[] &until($input.length() == 0); +} &length = to_int()(length)+3; + +# OCSP Stapling + +type CertificateStatus(rec: Handshake) = record { + status_type: uint8; # 1 = ocsp, everything else is undefined + length : uint24; + response: bytestring &restofdata; +}; + +###################################################################### +# V3 Server Key Exchange Message (7.4.3.) +###################################################################### + +# Usually, the server key exchange does not contain any information +# that we are interested in. +# +# The exception is when we are using an ECDHE, DHE or DH-Anon suite. +# In this case, we can extract information about the chosen cipher from +# here. +type ServerKeyExchange(rec: Handshake) = case $context.connection.chosen_cipher() of { + TLS_ECDH_ECDSA_WITH_NULL_SHA, + TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_NULL_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_NULL_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_NULL_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ANON_WITH_NULL_SHA, + TLS_ECDH_ANON_WITH_RC4_128_SHA, + TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_RC4_128_SHA, + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_PSK_WITH_NULL_SHA, + TLS_ECDHE_PSK_WITH_NULL_SHA256, + TLS_ECDHE_PSK_WITH_NULL_SHA384, + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM, + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + -> ec_server_key_exchange : EcServerKeyExchange(rec); + + # DHE suites + TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_DSS_WITH_DES_CBC_SHA, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + TLS_DHE_RSA_WITH_DES_CBC_SHA, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + TLS_DHE_DSS_WITH_RC4_128_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD, + TLS_DHE_DSS_WITH_AES_128_CBC_RMD, + TLS_DHE_DSS_WITH_AES_256_CBC_RMD, + TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD, + TLS_DHE_RSA_WITH_AES_128_CBC_RMD, + TLS_DHE_RSA_WITH_AES_256_CBC_RMD, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_PSK_WITH_RC4_128_SHA, + TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_SEED_CBC_SHA, + TLS_DHE_RSA_WITH_SEED_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + TLS_DHE_PSK_WITH_NULL_SHA256, + TLS_DHE_PSK_WITH_NULL_SHA384, + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, + TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + TLS_DHE_RSA_WITH_AES_128_CCM, + TLS_DHE_RSA_WITH_AES_256_CCM, + TLS_DHE_RSA_WITH_AES_128_CCM_8, + TLS_DHE_RSA_WITH_AES_256_CCM_8, + TLS_DHE_PSK_WITH_AES_128_CCM, + TLS_DHE_PSK_WITH_AES_256_CCM, + TLS_PSK_DHE_WITH_AES_128_CCM_8, + TLS_PSK_DHE_WITH_AES_256_CCM_8, + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + # DH-anon suites + TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + TLS_DH_ANON_WITH_RC4_128_MD5, + TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + TLS_DH_ANON_WITH_DES_CBC_SHA, + TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_256_CBC_SHA, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, + TLS_DH_ANON_WITH_SEED_CBC_SHA, + TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256, + TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256, + TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384, + TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256, + TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384, + TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256, + TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 + # DH non-anon suites do not send a ServerKeyExchange + -> dh_server_key_exchange : DhServerKeyExchange(rec); + + default + -> key : bytestring &restofdata &transient; +}; + +# For the moment, we really only are interested in the curve name. If it +# is not set (if the server sends explicit parameters), we do not bother. +# We also do not parse the actual signature data following the named curve. +type EcServerKeyExchange(rec: Handshake) = record { + curve_type: uint8; + curve: uint16; # only if curve_type = 3 (NAMED_CURVE) + data: bytestring &restofdata &transient; +}; + +# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams +# structure. After that, they start to differ, but we do not care about that. +type DhServerKeyExchange(rec: Handshake) = record { + dh_p_length: uint16; + dh_p: bytestring &length=dh_p_length; + dh_g_length: uint16; + dh_g: bytestring &length=dh_g_length; + dh_Ys_length: uint16; + dh_Ys: bytestring &length=dh_Ys_length; + data: bytestring &restofdata &transient; +}; + + +###################################################################### +# V3 Certificate Request (7.4.4.) +###################################################################### + +# For now, ignore Certificate Request Details; just eat up message. +type CertificateRequest(rec: Handshake) = record { + cont : bytestring &restofdata &transient; +}; + + +###################################################################### +# V3 Server Hello Done (7.4.5.) +###################################################################### + +# Server Hello Done is empty +type ServerHelloDone(rec: Handshake) = empty; + + +###################################################################### +# V3 Client Certificate (7.4.6.) +###################################################################### + +# Client Certificate is identical to Server Certificate; +# no further definition here + + +###################################################################### +# V3 Client Key Exchange Message (7.4.7.) +###################################################################### + +# For now ignore details of ClientKeyExchange (most of it is +# encrypted anyway); just eat up message. +type ClientKeyExchange(rec: Handshake) = record { + key : bytestring &restofdata &transient; +}; + + +###################################################################### +# V3 Certificate Verify (7.4.8.) +###################################################################### + +# For now, ignore Certificate Verify; just eat up the message. +type CertificateVerify(rec: Handshake) = record { + cont : bytestring &restofdata &transient; +}; + + +###################################################################### +# V3 Finished (7.4.9.) +###################################################################### + +# The finished messages are always sent after encryption is in effect, +# so we will not be able to read those messages. +type Finished(rec: Handshake) = record { + cont : bytestring &restofdata &transient; +}; + +type SessionTicketHandshake(rec: Handshake) = record { + ticket_lifetime_hint: uint32; + data: bytestring &restofdata; +}; + +###################################################################### +# TLS Extensions +###################################################################### + +type SSLExtension(rec: Handshake) = record { + type: uint16; + data_len: uint16; + + # Pretty code ahead. Deal with the fact that perhaps extensions are + # not really present and we do not want to fail because of that. + ext: case type of { + EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == 0 || $element != 0); + EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == 0 || $element != 0); + EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == 0 || $element != 0); +# EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0); + EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0); + default -> data: bytestring &restofdata; + }; +} &length=data_len+4 &exportsourcedata; + +type ServerNameHostName() = record { + length: uint16; + host_name: bytestring &length=length; +}; + +type ServerName() = record { + name_type: uint8; # has to be 0 for host-name + name: case name_type of { + 0 -> host_name: ServerNameHostName; + default -> data : bytestring &restofdata &transient; # unknown name + }; +}; + +type ServerNameExt(rec: Handshake) = record { + length: uint16; + server_names: ServerName[] &until($input.length() == 0); +} &length=length+2; + +# Do not parse for now. Structure is correct, but only contains asn.1 data that we would not use further. +#type OcspStatusRequest(rec: Handshake) = record { +# responder_id_list_length: uint16; +# responder_id_list: bytestring &length=responder_id_list_length; +# request_extensions_length: uint16; +# request_extensions: bytestring &length=request_extensions_length; +#}; +# +#type StatusRequest(rec: Handshake) = record { +# status_type: uint8; # 1 -> ocsp +# req: case status_type of { +# 1 -> ocsp_status_request: OcspStatusRequest(rec); +# default -> data : bytestring &restofdata &transient; # unknown +# }; +#}; + +type EcPointFormats(rec: Handshake) = record { + length: uint8; + point_format_list: uint8[length]; +}; + +type EllipticCurves(rec: Handshake) = record { + length: uint16; + elliptic_curve_list: uint16[length/2]; +}; + +type ProtocolName() = record { + length: uint8; + name: bytestring &length=length; +}; + +type ApplicationLayerProtocolNegotiationExtension(rec: Handshake) = record { + length: uint16; + protocol_name_list: ProtocolName[] &until($input.length() == 0); +} &length=length+2; + +refine connection Handshake_Conn += { + + %member{ + uint32 chosen_cipher_; + uint8 msg_type_; + uint32 msg_length_; + %} + + %init{ + chosen_cipher_ = NO_CHOSEN_CIPHER; + msg_type_ = 0; + msg_length_ = 0; + %} + + function chosen_cipher() : int %{ return chosen_cipher_; %} + + function msg_type() : uint8 %{ return msg_type_; %} + + function msg_length() : uint32 %{ return msg_length_; %} + + function set_msg_type(type: uint8) : bool + %{ + msg_type_ = type; + return true; + %} + + function set_msg_length(len: uint32) : bool + %{ + msg_length_ = len; + return true; + %} + + function set_cipher(cipher: uint32) : bool + %{ + chosen_cipher_ = cipher; + return true; + %} +}; + + diff --git a/src/analyzer/protocol/ssl/tls-handshake.pac b/src/analyzer/protocol/ssl/tls-handshake.pac new file mode 100644 index 0000000000..a1bd2e3954 --- /dev/null +++ b/src/analyzer/protocol/ssl/tls-handshake.pac @@ -0,0 +1,24 @@ +# Binpac analyzer just for the TLS handshake protocol and nothing else + +%include binpac.pac +%include bro.pac + +analyzer TLSHandshake withcontext { + connection: Handshake_Conn; + flow: Handshake_Flow; +}; + +connection Handshake_Conn(bro_analyzer: BroAnalyzer) { + upflow = Handshake_Flow(true); + downflow = Handshake_Flow(false); +}; + +flow Handshake_Flow(is_orig: bool) { + datagram = Handshake(is_orig) withcontext(connection, this); +} + +%include tls-handshake-protocol.pac +%include tls-handshake-analyzer.pac + +%include ssl-defs.pac + diff --git a/testing/btest/Traces/tls/dtls-openssl.pcap b/testing/btest/Traces/tls/dtls-openssl.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b07e6921a10c25dcfdf1d87bae393b596f360900 GIT binary patch literal 3181 zcmd5;dpwj|7hdl>Gt9{S5{0Sg)1eMCluIFnToXbr2c<;0lViHLgqR4a2;E%1oXW(( zDdETn6}st&qnpyjC7IHR>SX5ZHELAj792 z5CC9k@`69^ZNG|5*%krMXm?4l*DKVq7sU2}D2+q(K5ifd;Z51>!Ibs2~Ia6yGZJn@j=>N2?YiTyYSC z8K8uoih?32pdBJG6M2*WutON_m;1oZJ;aVTikPsk*#U?9Dg-;ts#Dl8>W-ac2ZJ9z zvC{^iL8tRB%Ug!X{*x042l#TLcC=QlU145Co)@ z!HP%uhv;FB+0_kia^*_k&TtOse z`(#RDL#fV_NH`F(|NWti0R9)*zZ=T`VJQ&oyhH3nAQB1tMt0u>^w>mdR{a!q9CGU? z*&%`9Cw7qRjPF&~e=CJYt7$-{zz6%f6v(3!r4Uf?Whsz*J(4Cvz+gEJ=YS*ueZvs~qbpiCUpdFuTa?%}6qD%w) zEg+xp;d>PDSB!X^$B4(e@<}*`<22}hoNgYdeZZR`CPdRnvP>Ei!!Qa37~)J(hKLZ! znM@KT`Gkis=<;IBMGPH=fi{E5Wa_x1sV$1u2U z(Qh*^<#$hZVb<+h5$@8HdMR%o1>vXl4eGq#r@Nn&F}|W%btC=MLtjzdr-g&3p0ci_ z7z8_R3iCRzaKTnyM=e^fi(8V&I-$V1z4mF#{C$z;>P^Gpa(f?$*x&5F=bv7=h9yMS za7^niT}Kr@tY@a+y+wEUcD2rm`{CwwE=`Tl;fZb}_S-&TD(m`3XO}+%!{GOhQFXy&@x0y1GZr zIO|Z3*C=G%`orW}ltqAwLX7OlmiwIYAnCMUJ6u*M8(43p4_sJrKKxmo6Xk)PXscc% zPC}{`*)!}I%7|rUaq@JsENzL=&fnc4k`=N>lwxLRhRPfcJjj?u{H;n>U`&tu{sK{A zfee|#AYqu`OU{vuh;s~nX(}?vZo0SrwOI`NO!tfCH%(HR8ap%f%~W?!OIf9*FqlIv zX^D1pWBOfc^bua;a4~U-ul_N5t@j^2TQBrBS}i%)Gi{srQHx3|wYYvC<@xH(-p#C5 zIn@@Wg508?;zu~$+nzt3G1#M9fxTBdepAw#cT{||ojM$~(AsYii|695WZnipiQ`RqI{5?g?f& z8TgL4#OLYRDDSS`!&5YCFv&V?y3-|E!`U);p~dM|SD%3T?JEnjs_#36nQ|NwEAn2w zKD1w8%8~9=4Du@}67Z5*C*KGXwptW03)IKaz${20zl?0?Wn)e~XTnQqT;--!lRVwb z{aIcGo|NT8FV?I&6ybUD&UoF8ncD{|E^8O-RE;b3vV8YDcbzM^yo*#{tzX5%K;Gq; z`fT4L z_^^NMlWTg-vE@;^sjoP!tzm96{RUsM#Y;E|!b4knH?2ODbAY7;YJ=+}mCI@xay=S< zG;p;h@!~sVB9vbQl~O&Mb8KSUp8vTv%=?^OZDgOB(7DuM)z!u|EBGEuX}S%JUZ1;7 zY5KI+z0|P0(87}n+yVaD-v;(^ob4?IfeUU#wQ7uW8w2l~YUnpmGS1c=uDD__$uAj1 z#R+OZUR#K^oZ&@-2j~%D-?ZhM8q${|x~nxtn7Y4zKJOyEmNdZFw%m*EvV2 zBcS0m<}a^aI&<*)tU-6*;yildkZa;2Esfg>J|V{+%l042OkreaOZ#6;zHAk8E#p#n zSlm$tZwL9eoIJtYtWu8x5msK^{+3N|yZ2S!dFPeF@7SWquO4HvAKeHJY)xP$&aH26 z6?QJLTEK5f2|fM9pA$MWA-Xkw4%hhENwHk%rM@$EO>!#qHK&UtqteJS&8w$vC}^e* zr|a9z&WSM3joR5b*YM3Uzwu!AS0%U379H$c+!Ar*5M#dU0?r~ubXGZzLw!~|jA)R3F`HO&=L4?;>;MM>qqSaWHO=9%!<2=-Ju?KAAxQi9url%d97N(tr> z_ou*)1vOF(>T0iR)yAk*`mz7cJhuLdcYSyW`QU;C4G9a`fyg>wcw0-QTldX-?h}+W zieNh(#XrM-n{7Qh@lB*2t540A<|+3%TO1fAas3aq_q<#-9^>=yNUAUQhv%`zSMAT% dNQVH&hCtjar4{~22S Date: Tue, 10 Mar 2015 14:29:40 -0700 Subject: [PATCH 053/121] When setting the SSL analyzer to fail, also stop processing data that already has been delivered to the analyzer, not just future data. No testcase because this is hard to reproduce, this was only found due to mistakenly triggering an error in life traffic at a site... --- src/analyzer/protocol/ssl/ssl-protocol.pac | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index d5628e9cc7..b0f51cd54a 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -135,6 +135,12 @@ refine connection SSL_Conn += { function determine_ssl_record_layer(head0 : uint8, head1 : uint8, head2 : uint8, head3: uint8, head4: uint8, is_orig: bool) : int %{ + // stop processing if we already had a protocol violation or otherwhise + // decided that we do not want to parse anymore. Just setting skip is not + // enough for the data that is already in the pipe. + if ( bro_analyzer()->Skipping() ) + return UNKNOWN_VERSION; + // re-check record layer version to be sure that we still are synchronized with // the data stream if ( record_layer_version_ != UNKNOWN_VERSION && record_layer_version_ != SSLv20 ) From 47de9066126b5f7d33d59b4ac0198b880e464fbc Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 11 Mar 2015 15:53:32 -0700 Subject: [PATCH 054/121] Make handshake analyzer flow-based. This means we can feed data to it in chunks, which makes dealing with fragmentation a little bit more convenient. --- src/analyzer/protocol/ssl/SSL.cc | 5 +- .../protocol/ssl/tls-handshake-analyzer.pac | 20 ++-- .../protocol/ssl/tls-handshake-protocol.pac | 97 ++++++++++--------- src/analyzer/protocol/ssl/tls-handshake.pac | 7 +- 4 files changed, 67 insertions(+), 62 deletions(-) diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index a26807c14b..17df73bd6e 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -63,10 +63,11 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) void SSL_Analyzer::SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig) { - handshake_interp->set_msg_type(msg_type); - handshake_interp->set_msg_length(length); try { + handshake_interp->NewData(orig, (const unsigned char*) &msg_type, (const unsigned char*) &msg_type + 1); + uint32 host_length = htonl(length); + handshake_interp->NewData(orig, (const unsigned char*) &host_length, (const unsigned char*) &host_length + sizeof(host_length)); handshake_interp->NewData(orig, begin, end); } catch ( const binpac::Exception& e ) diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index fb6ce2e7a4..a52381189b 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -42,7 +42,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_ssl_extension(rec: Handshake, type: int, sourcedata: const_bytestring) : bool + function proc_ssl_extension(rec: HandshakeRecord, type: int, sourcedata: const_bytestring) : bool %{ // We cheat a little bit here. We want to throw this event // for every extension we encounter, even those that are @@ -70,7 +70,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_ec_point_formats(rec: Handshake, point_format_list: uint8[]) : bool + function proc_ec_point_formats(rec: HandshakeRecord, point_format_list: uint8[]) : bool %{ VectorVal* points = new VectorVal(internal_type("index_vec")->AsVectorType()); @@ -86,7 +86,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_elliptic_curves(rec: Handshake, list: uint16[]) : bool + function proc_elliptic_curves(rec: HandshakeRecord, list: uint16[]) : bool %{ VectorVal* curves = new VectorVal(internal_type("index_vec")->AsVectorType()); @@ -102,7 +102,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_apnl(rec: Handshake, protocols: ProtocolName[]) : bool + function proc_apnl(rec: HandshakeRecord, protocols: ProtocolName[]) : bool %{ VectorVal* plist = new VectorVal(internal_type("string_vec")->AsVectorType()); @@ -118,7 +118,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_server_name(rec: Handshake, list: ServerName[]) : bool + function proc_server_name(rec: HandshakeRecord, list: ServerName[]) : bool %{ VectorVal* servers = new VectorVal(internal_type("string_vec")->AsVectorType()); @@ -159,14 +159,14 @@ refine connection Handshake_Conn += { return ret; %} - function proc_unknown_handshake(hs: Handshake, is_orig: bool) : bool + function proc_unknown_handshake(hs: HandshakeRecord, is_orig: bool) : bool %{ bro_analyzer()->ProtocolViolation(fmt("unknown handshake message (%d) from %s", ${hs.msg_type}, orig_label(is_orig).c_str())); return true; %} - function proc_certificate_status(rec : Handshake, status_type: uint8, response: bytestring) : bool + function proc_certificate_status(rec : HandshakeRecord, status_type: uint8, response: bytestring) : bool %{ if ( status_type == 1 ) // ocsp { @@ -179,7 +179,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_ec_server_key_exchange(rec: Handshake, curve_type: uint8, curve: uint16) : bool + function proc_ec_server_key_exchange(rec: HandshakeRecord, curve_type: uint8, curve: uint16) : bool %{ if ( curve_type == NAMED_CURVE ) BifEvent::generate_ssl_server_curve(bro_analyzer(), @@ -188,7 +188,7 @@ refine connection Handshake_Conn += { return true; %} - function proc_dh_server_key_exchange(rec: Handshake, p: bytestring, g: bytestring, Ys: bytestring) : bool + function proc_dh_server_key_exchange(rec: HandshakeRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool %{ BifEvent::generate_ssl_dh_server_params(bro_analyzer(), bro_analyzer()->Conn(), @@ -268,6 +268,6 @@ refine typeattr DhServerKeyExchange += &let { }; refine typeattr Handshake += &let { - proc : bool = $context.connection.proc_handshake(is_orig, msg_type, msg_length); + proc : bool = $context.connection.proc_handshake(rec.is_orig, rec.msg_type, rec.msg_length); }; diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index 723d95d7a4..25f890d089 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -23,31 +23,36 @@ enum HandshakeType { # V3 Handshake Protocol (7.) ###################################################################### -type UnknownHandshake(hs: Handshake, is_orig: bool) = record { - data : bytestring &restofdata &transient; -}; +type HandshakeRecord(is_orig: bool) = record { + msg_type: uint8; + msg_length: uint32; + rec: Handshake(this); +# rec: bytestring &length=10 &transient; +} &length=(msg_length + 5); -type Handshake(is_orig: bool) = record { - body : case msg_type of { - HELLO_REQUEST -> hello_request : HelloRequest(this); - CLIENT_HELLO -> client_hello : ClientHello(this); - SERVER_HELLO -> server_hello : ServerHello(this); - SESSION_TICKET -> session_ticket : SessionTicketHandshake(this); - CERTIFICATE -> certificate : Certificate(this); - SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(this); - CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(this); - SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(this); - CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(this); - CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(this); - FINISHED -> finished : Finished(this); - CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; - CERTIFICATE_STATUS -> certificate_status : CertificateStatus(this); - default -> unknown_handshake : UnknownHandshake(this, is_orig); - } &length = msg_length; -} &byteorder = bigendian, - &let { - msg_type: uint8 = $context.connection.msg_type(); - msg_length: uint32 = $context.connection.msg_length(); +type Handshake(rec: HandshakeRecord) = case rec.msg_type of { + HELLO_REQUEST -> hello_request : HelloRequest(rec); + CLIENT_HELLO -> client_hello : ClientHello(rec); + SERVER_HELLO -> server_hello : ServerHello(rec); + SESSION_TICKET -> session_ticket : SessionTicketHandshake(rec); + CERTIFICATE -> certificate : Certificate(rec); + SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); + CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); + SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); + CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); + CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); + FINISHED -> finished : Finished(rec); + CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; + CERTIFICATE_STATUS -> certificate_status : CertificateStatus(rec); + default -> unknown_handshake : UnknownHandshake(rec, rec.is_orig); +} + +type HandshakePDU(is_orig: bool) = record { + records: HandshakeRecord(is_orig)[] &transient; +} &byteorder = bigendian; + +type UnknownHandshake(hs: HandshakeRecord, is_orig: bool) = record { + data : bytestring &restofdata &transient; }; ###################################################################### @@ -55,14 +60,14 @@ type Handshake(is_orig: bool) = record { ###################################################################### # Hello Request is empty -type HelloRequest(rec: Handshake) = empty; +type HelloRequest(rec: HandshakeRecord) = empty; ###################################################################### # V3 Client Hello (7.4.1.2.) ###################################################################### -type ClientHello(rec: Handshake) = record { +type ClientHello(rec: HandshakeRecord) = record { client_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28; @@ -82,7 +87,7 @@ type ClientHello(rec: Handshake) = record { # V3 Server Hello (7.4.1.3.) ###################################################################### -type ServerHello(rec: Handshake) = record { +type ServerHello(rec: HandshakeRecord) = record { server_version : uint16; gmt_unix_time : uint32; random_bytes : bytestring &length = 28; @@ -108,14 +113,14 @@ type X509Certificate = record { certificate : bytestring &length = to_int()(length); }; -type Certificate(rec: Handshake) = record { +type Certificate(rec: HandshakeRecord) = record { length : uint24; certificates : X509Certificate[] &until($input.length() == 0); } &length = to_int()(length)+3; # OCSP Stapling -type CertificateStatus(rec: Handshake) = record { +type CertificateStatus(rec: HandshakeRecord) = record { status_type: uint8; # 1 = ocsp, everything else is undefined length : uint24; response: bytestring &restofdata; @@ -131,7 +136,7 @@ type CertificateStatus(rec: Handshake) = record { # The exception is when we are using an ECDHE, DHE or DH-Anon suite. # In this case, we can extract information about the chosen cipher from # here. -type ServerKeyExchange(rec: Handshake) = case $context.connection.chosen_cipher() of { +type ServerKeyExchange(rec: HandshakeRecord) = case $context.connection.chosen_cipher() of { TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, @@ -336,7 +341,7 @@ type ServerKeyExchange(rec: Handshake) = case $context.connection.chosen_cipher( # For the moment, we really only are interested in the curve name. If it # is not set (if the server sends explicit parameters), we do not bother. # We also do not parse the actual signature data following the named curve. -type EcServerKeyExchange(rec: Handshake) = record { +type EcServerKeyExchange(rec: HandshakeRecord) = record { curve_type: uint8; curve: uint16; # only if curve_type = 3 (NAMED_CURVE) data: bytestring &restofdata &transient; @@ -344,7 +349,7 @@ type EcServerKeyExchange(rec: Handshake) = record { # For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams # structure. After that, they start to differ, but we do not care about that. -type DhServerKeyExchange(rec: Handshake) = record { +type DhServerKeyExchange(rec: HandshakeRecord) = record { dh_p_length: uint16; dh_p: bytestring &length=dh_p_length; dh_g_length: uint16; @@ -360,7 +365,7 @@ type DhServerKeyExchange(rec: Handshake) = record { ###################################################################### # For now, ignore Certificate Request Details; just eat up message. -type CertificateRequest(rec: Handshake) = record { +type CertificateRequest(rec: HandshakeRecord) = record { cont : bytestring &restofdata &transient; }; @@ -370,7 +375,7 @@ type CertificateRequest(rec: Handshake) = record { ###################################################################### # Server Hello Done is empty -type ServerHelloDone(rec: Handshake) = empty; +type ServerHelloDone(rec: HandshakeRecord) = empty; ###################################################################### @@ -387,7 +392,7 @@ type ServerHelloDone(rec: Handshake) = empty; # For now ignore details of ClientKeyExchange (most of it is # encrypted anyway); just eat up message. -type ClientKeyExchange(rec: Handshake) = record { +type ClientKeyExchange(rec: HandshakeRecord) = record { key : bytestring &restofdata &transient; }; @@ -397,7 +402,7 @@ type ClientKeyExchange(rec: Handshake) = record { ###################################################################### # For now, ignore Certificate Verify; just eat up the message. -type CertificateVerify(rec: Handshake) = record { +type CertificateVerify(rec: HandshakeRecord) = record { cont : bytestring &restofdata &transient; }; @@ -408,11 +413,11 @@ type CertificateVerify(rec: Handshake) = record { # The finished messages are always sent after encryption is in effect, # so we will not be able to read those messages. -type Finished(rec: Handshake) = record { +type Finished(rec: HandshakeRecord) = record { cont : bytestring &restofdata &transient; }; -type SessionTicketHandshake(rec: Handshake) = record { +type SessionTicketHandshake(rec: HandshakeRecord) = record { ticket_lifetime_hint: uint32; data: bytestring &restofdata; }; @@ -421,7 +426,7 @@ type SessionTicketHandshake(rec: Handshake) = record { # TLS Extensions ###################################################################### -type SSLExtension(rec: Handshake) = record { +type SSLExtension(rec: HandshakeRecord) = record { type: uint16; data_len: uint16; @@ -450,20 +455,20 @@ type ServerName() = record { }; }; -type ServerNameExt(rec: Handshake) = record { +type ServerNameExt(rec: HandshakeRecord) = record { length: uint16; server_names: ServerName[] &until($input.length() == 0); } &length=length+2; # Do not parse for now. Structure is correct, but only contains asn.1 data that we would not use further. -#type OcspStatusRequest(rec: Handshake) = record { +#type OcspStatusRequest(rec: HandshakeRecord) = record { # responder_id_list_length: uint16; # responder_id_list: bytestring &length=responder_id_list_length; # request_extensions_length: uint16; # request_extensions: bytestring &length=request_extensions_length; #}; # -#type StatusRequest(rec: Handshake) = record { +#type StatusRequest(rec: HandshakeRecord) = record { # status_type: uint8; # 1 -> ocsp # req: case status_type of { # 1 -> ocsp_status_request: OcspStatusRequest(rec); @@ -471,12 +476,12 @@ type ServerNameExt(rec: Handshake) = record { # }; #}; -type EcPointFormats(rec: Handshake) = record { +type EcPointFormats(rec: HandshakeRecord) = record { length: uint8; point_format_list: uint8[length]; }; -type EllipticCurves(rec: Handshake) = record { +type EllipticCurves(rec: HandshakeRecord) = record { length: uint16; elliptic_curve_list: uint16[length/2]; }; @@ -486,7 +491,7 @@ type ProtocolName() = record { name: bytestring &length=length; }; -type ApplicationLayerProtocolNegotiationExtension(rec: Handshake) = record { +type ApplicationLayerProtocolNegotiationExtension(rec: HandshakeRecord) = record { length: uint16; protocol_name_list: ProtocolName[] &until($input.length() == 0); } &length=length+2; @@ -509,7 +514,7 @@ refine connection Handshake_Conn += { function msg_type() : uint8 %{ return msg_type_; %} - function msg_length() : uint32 %{ return msg_length_; %} + function msg_length() : uint32 %{ fprintf(stderr, "Got length %d\n", msg_length_); return msg_length_; %} function set_msg_type(type: uint8) : bool %{ diff --git a/src/analyzer/protocol/ssl/tls-handshake.pac b/src/analyzer/protocol/ssl/tls-handshake.pac index a1bd2e3954..36d6999557 100644 --- a/src/analyzer/protocol/ssl/tls-handshake.pac +++ b/src/analyzer/protocol/ssl/tls-handshake.pac @@ -13,12 +13,11 @@ connection Handshake_Conn(bro_analyzer: BroAnalyzer) { downflow = Handshake_Flow(false); }; +%include tls-handshake-protocol.pac + flow Handshake_Flow(is_orig: bool) { - datagram = Handshake(is_orig) withcontext(connection, this); + flowunit = HandshakePDU(is_orig) withcontext(connection, this); } -%include tls-handshake-protocol.pac %include tls-handshake-analyzer.pac - %include ssl-defs.pac - From ba27bb54d48e13b0b972596c0ef51330689b862b Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 11 Mar 2015 18:23:08 -0700 Subject: [PATCH 055/121] Implement correct parsing of TLS record fragmentation. Finally. Our test-case is a >400kb certificate with 10,000 alternative names. :) --- src/analyzer/protocol/ssl/SSL.cc | 6 +---- src/analyzer/protocol/ssl/SSL.h | 2 +- src/analyzer/protocol/ssl/ssl-analyzer.pac | 8 +++--- src/analyzer/protocol/ssl/ssl-protocol.pac | 7 ++--- .../protocol/ssl/tls-handshake-analyzer.pac | 4 +-- .../protocol/ssl/tls-handshake-protocol.pac | 25 ++---------------- src/analyzer/protocol/ssl/tls-handshake.pac | 2 +- .../.stdout | 1 + .../ssl.log | 10 +++++++ .../tls/tls-fragmented-handshake.pcap.gz | Bin 0 -> 37320 bytes .../scripts/base/protocols/ssl/fragment.test | 12 +++++++++ 11 files changed, 37 insertions(+), 40 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log create mode 100644 testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz create mode 100644 testing/btest/scripts/base/protocols/ssl/fragment.test diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 17df73bd6e..71b7511716 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -61,19 +61,15 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) } } -void SSL_Analyzer::SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig) +void SSL_Analyzer::SendHandshake(const u_char* begin, const u_char* end, bool orig) { try { - handshake_interp->NewData(orig, (const unsigned char*) &msg_type, (const unsigned char*) &msg_type + 1); - uint32 host_length = htonl(length); - handshake_interp->NewData(orig, (const unsigned char*) &host_length, (const unsigned char*) &host_length + sizeof(host_length)); handshake_interp->NewData(orig, begin, end); } catch ( const binpac::Exception& e ) { ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); - fprintf(stderr, "Handshake exception: %s\n", e.c_msg()); } } diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index a17611846c..3294aa9db5 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -21,7 +21,7 @@ public: virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void Undelivered(uint64 seq, int len, bool orig); - void SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig); + void SendHandshake(const u_char* begin, const u_char* end, bool orig); // Overriden from tcp::TCP_ApplicationAnalyzer. virtual void EndpointEOF(bool is_orig); diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac index 709e8c32b2..3d61b215a2 100644 --- a/src/analyzer/protocol/ssl/ssl-analyzer.pac +++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac @@ -23,11 +23,9 @@ refine connection SSL_Conn += { return true; %} - function proc_handshake(rec: SSLRecord, msg_type: uint8, length: uint24, data: bytestring, is_orig: bool) : bool + function proc_handshake(rec: SSLRecord, data: bytestring, is_orig: bool) : bool %{ - fprintf(stderr, "Forwarding to Handshake analyzer: msg_type: %u, length: %u\n", msg_type, to_int()(length)); - fprintf(stderr, "%u\n", data.end() - data.begin()); - bro_analyzer()->SendHandshake(msg_type, to_int()(length), data.begin(), data.end(), is_orig); + bro_analyzer()->SendHandshake(data.begin(), data.end(), is_orig); return true; %} }; @@ -58,5 +56,5 @@ refine typeattr V2ClientMasterKey += &let { }; refine typeattr Handshake += &let { - proc : bool = $context.connection.proc_handshake(rec, msg_type, length, data, rec.is_orig); + proc : bool = $context.connection.proc_handshake(rec, data, rec.is_orig); }; diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index b0f51cd54a..a90bd03868 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -43,9 +43,10 @@ refine casetype PlaintextRecord += { }; type Handshake(rec: SSLRecord) = record { - msg_type: uint8; - length: uint24; - data: bytestring &length=to_int()(length); +# msg_type: uint8; +# length: uint24; +# data: bytestring &length=to_int()(length); + data: bytestring &restofdata; }; ###################################################################### diff --git a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac index a52381189b..17432fa5cb 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-analyzer.pac @@ -200,10 +200,10 @@ refine connection Handshake_Conn += { return true; %} - function proc_handshake(is_orig: bool, msg_type: uint8, length: uint32) : bool + function proc_handshake(is_orig: bool, msg_type: uint8, length: uint24) : bool %{ BifEvent::generate_ssl_handshake_message(bro_analyzer(), - bro_analyzer()->Conn(), is_orig, msg_type, length); + bro_analyzer()->Conn(), is_orig, msg_type, to_int()(length)); return true; %} diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index 25f890d089..296df5fb9d 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -25,10 +25,9 @@ enum HandshakeType { type HandshakeRecord(is_orig: bool) = record { msg_type: uint8; - msg_length: uint32; + msg_length: uint24; rec: Handshake(this); -# rec: bytestring &length=10 &transient; -} &length=(msg_length + 5); +} &length=(to_int()(msg_length) + 4); type Handshake(rec: HandshakeRecord) = case rec.msg_type of { HELLO_REQUEST -> hello_request : HelloRequest(rec); @@ -500,34 +499,14 @@ refine connection Handshake_Conn += { %member{ uint32 chosen_cipher_; - uint8 msg_type_; - uint32 msg_length_; %} %init{ chosen_cipher_ = NO_CHOSEN_CIPHER; - msg_type_ = 0; - msg_length_ = 0; %} function chosen_cipher() : int %{ return chosen_cipher_; %} - function msg_type() : uint8 %{ return msg_type_; %} - - function msg_length() : uint32 %{ fprintf(stderr, "Got length %d\n", msg_length_); return msg_length_; %} - - function set_msg_type(type: uint8) : bool - %{ - msg_type_ = type; - return true; - %} - - function set_msg_length(len: uint32) : bool - %{ - msg_length_ = len; - return true; - %} - function set_cipher(cipher: uint32) : bool %{ chosen_cipher_ = cipher; diff --git a/src/analyzer/protocol/ssl/tls-handshake.pac b/src/analyzer/protocol/ssl/tls-handshake.pac index 36d6999557..a3c45fa492 100644 --- a/src/analyzer/protocol/ssl/tls-handshake.pac +++ b/src/analyzer/protocol/ssl/tls-handshake.pac @@ -13,6 +13,7 @@ connection Handshake_Conn(bro_analyzer: BroAnalyzer) { downflow = Handshake_Flow(false); }; +%include ssl-defs.pac %include tls-handshake-protocol.pac flow Handshake_Flow(is_orig: bool) { @@ -20,4 +21,3 @@ flow Handshake_Flow(is_orig: bool) { } %include tls-handshake-analyzer.pac -%include ssl-defs.pac diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout new file mode 100644 index 0000000000..5caff40c4a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/.stdout @@ -0,0 +1 @@ +10000 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log new file mode 100644 index 0000000000..c8278858e5 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.fragment/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-12-01-22-34 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1426117218.083491 CXWv6p3arKYeMETxOg 192.168.6.86 61454 104.236.167.107 4433 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 secp256r1 104.236.167.107 F - - F FsQdqWuF9t3e4W0d (empty) - - - - +#close 2015-03-12-01-22-34 diff --git a/testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz b/testing/btest/Traces/tls/tls-fragmented-handshake.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..6642502fa068a4c7c98ca20d145b6ae997adce6b GIT binary patch literal 37320 zcmb@Pd0bQ1*7u+1u`N|^r4GowMWIy@5rrxW3M8o`B9c_8AY-a15z&Ns45UsMg<=XQ z2!X^pkSan%P-dbiB0`7~B?2LV010z|03jsgygSq(AfVXykDkx@tYXg2$v%6p@A|E^ zj!x9qUk3>PXaE1r@;mOk*4^hI=EM=K-;u*>j~>Jx_C0#g^N69B+d;4Yxi~tTgJt7Q z6+FGu3(hauwnrm-yUqFA!E4_SBBI-%lr7@Suq$!Ge*N7ZrR(r_oW z4EfmMV$F)GP0yg3{(+CB@ydV11l&BJ$I7?mKr$}U9d zEE4^UgNJqhHX43^#73Q$IY z={*r5*HKPc4=4EbjjH;T2h8xIoJ2da9lrHdz;Tz{(9F3xPJQ(l_%X*m+Q@waS8w4# zv<0D<-zovay5H~v-2)mW@NKhB5};3aw5*qvyUD$R0k27WkF1_Okxv(4jQ(Pi? z@?U0byRV(=PfyRhbl;HfAJ;HDK3(hh((KNJ0GAMUc)>ibnOEm;4LODFJ!q))zG2oq z|D&7CbTn*Xt6v8EvMK+>(ro{}^r#aq2RkF3?CbJdYQhU>u*02=>8Iy$ydPW`4Onsq z3YSqKNmf_^>l;E$&y(U-riEu+j;6fARTj`AMTI_mL2StLk4tlvV;s7wnqq9VS&{7F z=%r3P3op+>N|C)qZ!*&&)UoenE=@xR--|D;5YeF;mjHxY8LhgAz0p-sJ#?3zUn-*v zc@l=Z)G33vLg}I>P*~k^Ea3^RSkB5JuwN1JY%S3erny)xBD_tlOffKI8Z2yi=HY`^ zt$Q|kc|v8~oBTW_5Oif!JIAf8=F1#BXAtU2H&rOi5xrN@#WfpCzJWTs=y0)Uh`^7| z2u_o$q3TECWQ8&^qKHKqmC*^Ey}sz-$Gl*ks7N*>DPU|XW1z(a^iUEs!i#F?UY`^6 zvY=Q>p>}VQjU=e&2 zdNll5grYo$NS8;=GjCI97Izt8g9d%W2TCw7c_W55S}Y9f`U)2=PDdidv4O$;XL)oM z3nAwdLb&xt-d*O*VX>yOOoaApYZiHf=TZ?$E9$ipa)$hAvaW^;1tXUTk|Cn(9(0cS zNdlZj5tisffdLWdq2ER?aLq_INX+_(+I}U?^N1B_WCgma0&Q4<&Zt0R zE6_a^XzeI;@v%+cq1A^&9O`S{8mf`cIJ6bej(A(dicBt#r$+!)VFQp*ZGlvMxDJC%NrLj&WK)P$ zaZ5_e^^cRla9p`{;NuG$x^_MK`{38LtL(zx2a6X=rT#7K81N;RO226_{e$;Y_^fd! z@!|r|L#4-q(slbc?aD6)nMJM+ZlVlEH!JY?Bv^3yAN>)X!% z>;38PA}^KJlw1!-FknZ7OpP8 zwIVI{_U^m-<*6%3vBxKz6vTGzzH3mPv0~hb&#Ll2S46}v*{yoAZX*;k)AD8wCS?UGg!r;T>{y)z=ja-cniWt>kI@% zmoQp7xJD{LTxQ0$lb&NMBKO+;e)rHtjcd36eWY}i!A^&D&;B;8*}d;>RIJOzuB(SN zbqiM2?kG3h9kBN^Or>EJ*kcNoCZ^mMy`B+E49EM%%Lg^7S?9#q;?35IVUwt=mM_yB ze2S!Nq$IrzOgRQR0=KT=oe6Ln`Mnx*5q@ppKR1}G!gjVB@22d1W2%D3-M)OdbcMl6 zhjrzVR(5;t9*WiYEK|Lc_b~;L=k5_-DA>M{JJfwAQX*t_(IQ&$1%h^dFDK#95G9l%|w_KDKvX zD%+#<6>7s;Qz!~dvXo#keXz@4Odnbqs(*;)bPRW$xgu<3yRj9;YGh9}CKetykT_-n zLnt@23b49s9qSU?6?-^gMZt<%T@};a!wI?tYif^_8(IfA+^vXpiSL@qWRcMDQl3-P z9lNY&DBo(nrg@m{d=Wg@tYNtFEGcqRn0KidYmz?Pd+k2jTUdi}EzaWy6YgwEaV<qaDav(GMkH;%b{zHjJO4k^; zJFKgSbg-+udnjHb>-Oc(Gl`9EZ`ueEj7%YGI|k$_7V!KZ=SwA_ZG}>azjb%?K;jMN znlSfvV{3}TNM$u99-gH%-Hv-U^#FpM3^L%~xd&Y0FZy@ZgUeq&S@Wa&$#rvoclfpP z|J)Y8H7!1w`StHReqHl_Zu9>g_29q-*Dx%5R>C6h2bWgv;E0E9b|ib(w8Rn%4-uF3 zth)zg^F5*r$OB}LQZcu1G}1f=?vuvQ2(&orZC2#BF(qRo1&K+%M@B+kRd}=grPY30 z*k6W(KW+Mx=8iZ7()qX|0j#a( zg2jZE>;7WIAROGqFzfl*=dSGdV(qe{^S4BO?YRBS$BQw~E)fhA+%{$=yZSF|wu_69bPL zaJa!-9cI^_wVSekoB5jG4$DZ)8~ zFz^RtT!a{@+GxVl85K9NnDsqohs2{VE-ki~Q&C8R;@-0)gK)v`?a?m_2%)~EG;g-9wi&(rzC( zQo7o}&LQ*jOf@zJNCrW^O%rTV_6#UZEI3JEllukf6ea;5MAL>=`5zn&RuU$}_A3 zT<&(px+HYvA7<+o7}olanW(>g@KKX|`lp!^?vHf6jxbF54^KSGO6*hMURxL|Iu5e* z2edMBgq6c&TNw>ri}x;7(=ksUF7m`>1aW5<*yCFaDg=?1u;U)3JVc;l9~H%Q?kkAc zBdjyp3>-mw3pa0WQOHJ7h8ZQ02RjTCk?{}6!GZmLju}@5w?E5rA$Rv5Prwvd)VJ0e zG6RC|S13(p_FdJO1bD$f?G2`3SU`K0HN|D*b4@5j#H^~^9`SKpJr_%FYWJop2zz*`%E6Bt9Ps9fe_$dk%v)-IV9tAE zGP7Ue^ZJiR|6O9za_5JLZ#Ex)dT`r3txq*wUUGlr`-IlCMbsZn&Sd`Zd$i5(HVmi< zV_1a9uhgPSEOSD6z!Ri!!a~XhZ!<-~1V8%CQG0^gFh5cc8qDVBVX(J@MrX}S=I%K;x|aFRm|wb_g{pH~h$YuxFO>Hxo{l8%I}eSkHR8 zXZ*=JR?$zJH$v**DaF|{2;kPC`GcJTIxE4QL11?Gl)LQa+;}|xQ0ejv-*0TpsN7)8 zs@(JLWUler%IqImC40u7tY+=m5vC6Wps(aIbpGIt5UxXC;Xcj_O%(R%;dK zr>3vwnEsr5vgDgZ*ehPMR7^jtvz_{rKkfPmN!v?#(`M_);h~!A=i-o@UmjmVk(~Q` zB|Uo|kFp~-d3%=%m);u*eTKWQbZWH2MGOt}KyqpOKww(C-&v_&e!oX&`#^O)lgip^ z_)E~0l35zsfA#)!R&BM#&rK)isE;>oaNj-M?U;VhJ3}@Y27&uUOUZvN#~s)RwF()8 z!Dg`j_G}Rg&^+UQ`%B}dE=PBc>Au{UlITU)>t4&xY6bJZYk#qe2tKF!T8wt|z|rfL z%V9G!RauyAgiPZ}P;{CAahxl+biRXCn7RgX<@LO{g6&N^$6ryOvrEO)a^Ca$;Ied0 zkD^_jI~8-y!SFgVo6<-5j1qc zqm+s`>RZ}b6cn=DzeMM__(ErT6sz3^{9<|F7vn~OIc}tL7h?um%Z0F{winxpD?>KS$W-^_8dzAt)p>=-6ctq@#F7H60>$y? z%0nCCN^BNkuX-&!OIpR*uDssf-1Fm2idBVE=W%}TC}}W*U{)j$oU%UY}czQCRRvdO+~hA>frkH1dpOUoktvv z#+wRJoxuI9aZ2FoGz@mIWY?m20piiUFx<$0Zt_B(lO>kw+!SCOSRkY!xhCpYuoF*~+ztu@g*|NoUWjS#kJ>ALh<>*!6Vl*2N3%{_)3*Ocgt3 zgT3tpulV}82ww2M$H5UNR`czINW^mgPA70WJIX-ONkbaI`%Fj%+JVnnVx24w`<9v- zp{RkkQ&~5_29s-B!_wy*gr^L}%%!X-$@{kIte4>#-yf3aHaUMS+`36q)kJieyVvnt z_124vuV#OHVZbv)XG1j!tE2d2v%p7gv=E2tshn zfJ4(=kuMdAyOb`KUf}tXwTrNSdd)rSw2HH}Y4Mz#pL5Tum`dE(yNPxo+11xBX{Qey zydH$hre|P;FuRV-eZ)&4 zw_m#5&^8!6aI4XaE4=n8SKUjD z4mtkP?V7gM;OoE2cEU_LGT)i%iw8h-g9Usg7}!pZa^;fEJ`HjiBA6@J%mcrV_KAU` z*DSSQb!{(p5=}y~UtEh;F+CB#*x9+!k@g}ay2dlx_1fTf>FlFLGct8+);Nv2gi;&; z8Nc+j5fR~pG_Z|;VT{Brwp4V0wTXCHxi-NmE{=U2!aW9DxdX`n-q_XdEMsTf&*Mue zF3Cs&Jqej`8AVk~E+Qj&1r@G_wf2Vi*j1dJO(t`4_U1;HoLGdt=B0JEUe#owGws)# zvNDz0dsO} zRZPL~y7m`HVn9eX>spF-_rOuAr8#V7CQ-NY=_=sJMNS(bBfx^!mjhpfhyXll@(BY- zs`V&BcKSQgSRpAjo!PF`L9=xBj7*XZ8=-6PoY!&@dLvW{m|PE&PJ(m{O>yB|;Eccm zIx=mEDIr}i-Kg5;gRgIvA>WxS7+uOMewA)|v}jA`H;%aHA*XA!vbk42-E=>P+aY2r zIMwA3g%?Q3c?y09Nl#60>AI91&aL_26tgyC_&1b|fkHIb#2(*eRbXGpxFLq<2I1`) ztVmRD<&Z%Sr%rmAp+OMMjS^$o$GA&3Q38oD55S(i4~qm1JK_XcR>tZ{!OtsCyK8R{ zUrAJBSR55>Q86|Cr{{{7+FA2eoGnfB<^=wn+kCaeC2T__+|cdL;hyh()e_C0a<&NO ztq=So?{wwTsZ9aKfyWdDAke60#~?f?lv4bL^QFzv0tOAN178cbY*H@?{}tyOXL>jL12IQZFD2T!J0^N4PfXnFE_=A8Mo&1wq^2YWxYs3mj60dz+(t`0%-SsB{v68K_Q4tLDe|$Kw`jS_)SlBBUlV3;ioav*Oi|PYg5q4BUf!8 z1-c^+99J0IG3Xm{3eBRx204`r~I{5J#TK;MueR1zXEuJuNRf5D_FO~>HxjHcSV~|HF+c0C;l0vqV zSBXvS@ujm_S~qcsgTAF&3NLT7Fs~#eQ`(L)NnG@6<*zl{gKVP9efcNf_FBY?Qj40IXA32^<+ zBtVn-O7|#wIyQRBs+mLe8`@c zZdbJz4qpDNY&&da$2wJ0P*UR5NHWRACNVK?n{I?W5YA?sgX*@h${%6~1aV8_AdXbE zOws)xuz(AJUOY-C+1)Mx>o@x(i}F7Z2TUFdz9m=;27FnOOqjnijuJNH34-RrlG5Nn z!7=XWQMicf-x$IjWs-&}3-tDgv9jyZJBp(%QH`Ytq{6fVP^xrA* z?>&f32Z?jQ@;w*a%;jkUsHsrOlZ*hZV;DrLDdVq}nrO^O_7Lnb#w2ZKRVKPuZSYmX z)8FK>r^$Ve>3Eo#)FikE2&d()sNyMSkHGyMm*sr0Ul;HM@|9Jt}nrSD)|z?Nq;ENeT3v_`mHL1T;v33MHVylrrzRYzhrYu74D_03m(e zb>9s5lF~1E<|8KffU5)GXA>L5!h5(4I7P$Q3OSy?RLKg!RuH^yhBWj6MxAg3D>Rzk z5k435L`ZitGY)U7H)Z}#_j>4;F*@Ybwb?kl|D}QzX^M94`%MdJz%|BY3=g_deY@!} ztZyk5Y`HzYsTyc;B}0Sm&jtVJnR4@e_-e7RfeNOzIhfYzVlb@>C8EI#o}#g3GTI%x z!S`CC7K3wCu+!KyDepz)dlUFlst7d+RejWCQv%$Tm!4}(ASzg;cwknEY}pLDKRa05 zOy=m0zux#EG)s?uKygze)+E%W&nY%iK2RmC0z~L5xsXYM)Jz>rp?ep=a%I$GWgM84 z$Er+m@7dr>O*Ch4JOs$`CZ?tN3?XSET@9j@+pZ?q^f6%5M~emYUJejb1+k%{=1?)v zC$3IprSbSA#%E9b$WLLo_mEXlLrQ{5JlCWwah5Fr>truJ?RVqFrxB?L>Xo#a4$L+5^8@e}mN3%wXeQ)jc#InPJS7q$R_3$g>Nv8K` z&_@vI9mz}uQn_FIQU!Dccwn*M#{~{J|44(J9?ApZrcN-mrUt07k*HgJGOSHHlK&Ne znWa~@MxSp-H`C{@rr*1HZd>uD(IxC=0*1Iu;iGheM+srx@%ZqK)(T&^^*kw`OwSoS zBzCwfEBL-tO&`9iZ%d^5KKvj2(~ESj4}V`8v5I_QacLlWe$b8PsgClZyV88ERql2aPUb$C%Tt!DLa9%4#2{CWTdQ?(-m1QbJHC9 z)1_T4p_ZL0YPDmPvGG4!1yBOm;(WPsdovJ(G8(NZl=`E3_B9)BR37|$_6gq~;&^X) z>>Y-woahh!`>(Q}U|)5t`_q3Jwix2J>|CSU2X$Wi!5O+dJ zMPQc8z$~8*_O5tsb4#6qBR{GZMk@uY=Bt)e0ioPS40Ya;(%0b>o!XgL1&w})Mi8PK zjQi{_1@CCmxMaV<^+oWPA0kXYe#7U;PO6~8sZja^Ba5v?L~>vb08UGzB9O9}Z@CAA z!Rgk=ixC|;&W?RY(lnrhBn_Nb&A`qMSIv6ozW6djB-IEAt!yEy{VPm5m8D1ck%UCm z8fwC=rXww&p^qFnxL`^$Fn@}+?B#!{fV=Yglr zH^(su7YG10W%eu zK2WFFtAM+-lb(0|oR&q{zU?FZsmsDU@09D7xq92q2YT!9kQ2(FSdmmu%k}My7XheA zmw=Es+R27W14|Na>3uSi%EN)Y$*6XD*biW;Uk_SYYOGJT>e~~E*=G^QPh7-QHE9>j zOdp%52OcR0nhPCFHm1u)C_%`8%tb&Z+n51VPYTbt*Ipxd2VW!6ev#`NpTG-D!1pj> z5wLb@IqB0xCxJ2^c1+@QTtTBHLDs;-V$B9&6$uewOE)af`Xf}NU9i}Z_B`ZljX}2S zpM!JK?T;31?bMi&$yOX8TU&%M>mq>UnX(jRMm17z5AOOCBM=QEDBS>ri*sKLD#cDN zpr6PHl59&g-PhhgGElTBfKaXlHWnJ#SR~tOSnUhTnAC++C}i($Te^jJ`sXQR@1?aI zG04S0xL_3o5Y5*FsSTnW5X~R=p+0B#L`obpk#qlare!q+FK`ce9;O0gMwGfii#(2aHYiI>MbiewcRlrWA$S#+0f=6jjCx zgQZ}-1jo%_zU#m||0U=~iGhae&EDN-?N=A>Yq~UtrfT|_usFHs^nt2&6c7*&#>gEWxZ zN+||Xlq^>nKAcSSdWUCE7P4m~)qMb`s3J~Hg)|e;s(d72Z;k#&%3mN{plWN=c z2;z~An>B9(T+hzshhvZi3Z6YSW4KL6$+D!UJ3^?c0}>&KgfG46W1)%Kd5tKM>P-c`SEZ=7DWbbI^vGcjd; zqukbp9s?BMZlgN*R1-}wLJW_Fce75|}vK~UV1GC`S>vEczzfUWfP3#M2>5UN&FRRvX;(SJ{?{rt4++?15Zacfh4Fi96lDOY}IL z`tIa>;!5|V%N~bP$Dh2Vrg!)>cJdCNG&8~EMhEjjUCwEpjUW%RInb1+18Y82)?+ac z=L8i1r>UX_I8FJveB%s@^x^h;5c(-`3#1J{6^SmV4}+4Aq3bs^0vkL*&8s>$yfnp0 zQ{E?tM2(68sHXr>e~IT7^}Ze~ENIsgh_PrZaqSws$y^Gf1e4WUdmC?JKw&(?WcAnH zmXEsrt&olJ+lLC7((<7~rnJ0K$ljpY*4#AaZm?d8znKM0d^pi%v^z`)5@z;Ok%+QEhTiej{9HYw z^q{H^u@!kBw%eYQH^}Hbo-r&TWNu0+&PhT-78E4S%paEG>OD+u_j~qCH&nQlt(Fge zK6o-i-7oA)=PVbUwvnI4nYJDLY}oqd4W$Ky`VD$4qk?GJmq1u}3<|^o*51ys zG(=49%o7Y%N$>g~UmK*ZL016lJ_MVL2~H8149YJ9@j*3mqt|~g^4GPO5B~dR*)G`5 zj&=KpF(JRdbbD_iyYKweJjY29#^Xgu8p17yBZolsXBODwx#05O0*@$PZ&FoERVe%a zz)eGU!76~WI0AMS6q8)_J6&Nq@S^8@@J&)gxPOiGg9H|yWvO}Nn3uQd;__yJ?DT-3?_(QLRVr;=% zg-m85?pPi$KSd!m( z{+h%Ts?^9J+3&hLIH7c_`R3Z$H_s85ZXPY{Zs&pYV>L~CIok!KhXjo((?iTg{{sS^ zLy5pEw*={{0=!vR*V942kQzM!%Y)=Rykfp2F_-x`Y-NwJH|4x+4+q1CFH|uF|3P|_ zaVY-Ybn5iUNir(mnFQejz|RS9JtRhhTc!>|*0vZx?{oD;9ttXo5Po{h*;LJcoFEyh z`>3XCPMfbc1z^Q@!$8{cBd{Bmfko(fp%g*r&zI8tu|fC`=0{Z8;q!rFoeD%6Sjbq?e>VZ_E9v%Ys|qL?f(A9AxW^NdE^J7L!zqCX zRKBm#Fwm-1vkWIB9x|26+*BAgUcZ~-uWItZR)`>EN)ZKs9E`!T#)t!%W9L1YV>&TV z6(?MBeEOq>&RczOiqD^*B2MyG;PQf3AnQL%9T_?NEX`EIThYWqxfFGUk|Ku_N;Po9 zTA)fIZ%FwFhSUPhO3p9^!MmjZjEMk@6-}M(evhI=iAd(<@c5_mda`uw+~!f2x8S|2^%QL zsJvdQt0h_*+`oEvo;6)vxVI^K4(^wrYbvJk>7F}hoUF*p0kL98;3L+#0~W4IP+z|^ z0)!NT=@xGhdHNJd{#ZWbP&X`pfY|5x7&Pg-T7+d#el2X3vZ-+f(cr3 zBaIRRe!5v8x6KozwuXYTJsnvaKnZ1f)JIq=(^GHQ>_hIG&V>6Gf4WiY3*Ps`Up+Kk z`~YORbaM+q*pp3J4{ARz`I>Tdy0H)_@wCO|fY8u7khNV-Lm4Q_20`F+_zd_T3on3p z^!zXD*Vdh(9Z#+|%@HLM$mS@Q-_KxQcJwFF6tdQcEZO4Q(*jOq^}ifce>G9f3N zFkqnLn5>&{fDuclFk>HyipjcxhRV8nP%}Z!6`g-~NR*NDMBpF|)&KucWu`1Q^Se=Y zQ;Hk<^M*q|_tl!sCrA!H!wsM@LPSG=i8Xn1`mns!!RPt0_(BZaI>Wm$B;H~)5h#sv zfbUw8B5$6#q{vtGKrr(EJI_&>)%b?l-knrWQ9(ATnDm;e6p5OA#AuK>Ap-Dz4^77^ zDtgk-{T&&b7TgvX-zg zJ@%lc&0BGovBbv=6mwvtBcFVM?| z7d%Y(x_Eo9?kS`B`16g{q(%5&vy&t{_?o{LJB;w9lXlC5&l_JWH`P`D{wq*Yb)*(NiTJ1oMCGd{fw!p^=%K>WX ze#4k@UDp^DMV_)^b>YuVXXhCG67*-uTn*Qt*UnQg-{OxJcfI+CUCJ^P(Lik}C`f%J z$0eIWMOY9e$w9b-{PVH3WAVhwE>&7=IzN+wvPlP9UH?+f9O;T(=IUK{{hW(V-7k;B zm?`1wyUc{5y^l#XkwIL-nyT0entQpHAgiTV2wL)_hxbYT7alqyj+7hbiZ=LukUROt zo)l!M(ChHQ1 z`C!kEC#A`Di!YyYCnfBgN9Giz=vVfiFIA$>8lSvp=@pD^hF8< z?6;KXdR$=u1Z5mp5Be8^RrF;d(7J|{LD(rv%*KYow0!?X-<96Y$TW0QDgmue(5@RH zPavodF9%uOzlAbL6lLKUC3FA-s$Cn7oS%C{B|R*C**j3u_6Sf>tfnKE_qx`EzY0AG zk`_bpp&)|;rfmYG?M6#bmZME*8PHohPdW^oVH}!{2!Z&K%>3?bJ_3Ehw^WY;EM~eSP?M+Q;xVXbn+JY4vhU-8g*KYS?!c)D z1WrxSVee8}I$YNLq8>j~CT1pacZET5B!l9?P_Pdl1N-nTsb7e~0qnySMb39Gf?rKp z>-HYLKHxE;%SZ0mHtlrFiffZsqbX4>zY%OJyiAVV9;7390J*3gWK0pt9)aLHC>_@K zO87t3gHOV;K>hx5;)IqUla->`R1QD}T~*E4wG|;Jaoa7bdafNj?|?k2ze9bZT83J`o=$O1?M-( z9P(X*hw5Zf#X|y97{c{$h~nL&Gw*Q+-G?@0Q4?W|E)RE+(2) zG6;37Wj!IA3}t6hqhTkyJls%Pp>?nSHf2#$VBK9F7?gQvT`jAM959rvG%f9F{}rVc zYWAA-kUVe5?+*2@Yf3EC$#Vz^ANVgURcNUb{!AdgX3BFP`TZr`^`2DT)+jQB$JBY= z8kRSk7!-HMwx55Qpg5StFT&mzR{Q0Tf*vnDplqu!xW;WzzK1w2Vk}Y&Uf?PR?|5%#4ciU7KvW$;|kZCQ1Q41*~ zf1SQ|pj_O-Yk&psR#o9984K39nV6n4Qg^Ar^~sY3_?X71FVHK7mp#;+UA(Jz$0?)n zruT$49@@IK@oBh_h8TGP?>|tvE~{!dot~3tthiQ0T|0nq&bw!m+putv zVNp52w!uMZVSUF29%*V^8k5NkttRKNDL`rx0WHZAC|Y(ROB}9g7!%hI-R^ros9LOwm{NW@ZbJ^3YgKTC3#52 zHXRF;VkvmG-W1MFQpz@F%3Hyht{=%HElNHxnWlru)ozLg3)8JK6q9I3?*j`HYRTp> zNtqfY7c5L|PHXnd>qSTnrde33%zr-6m5)Bq;bLB(}dy3 z@?1UC`RVvE@6mgB{geh9lkiZ05Ufj-zBud1ppkHp(>}@tno3DioHaMNBz_qjG`+|J z8MV5ybocT!A;|fU01+^;Hk_i%4$-gx^)GLV*Cq!d$+ZvEwMhiG=}Z;G!A-i5XF?nS z0#nNrrJ%WjWs_cu(c9700~W52VCRemFiArWmzw5_a-oqP)L>Um=&_K}6$1Z$LO3zF zp9UVQtJC)w@j?9KingBP%5^&=?S{~js^}V!w^gXu;=>09O;PlMz9-vEC}0<1^4H|a zK-~5i+`8DeEhJt(dJ@EKqwF90Qa>_2lEVz!k9+{D7YavG*02goBefuJ87QaAre^bi512$A&;NTwS=xnF0?kE$&U({FGb_z_^=fvbik2e`w zX+30rUA(h*<0;zwxA}z=I82#xIF+ebtJkKSz?>CN))}QI>|qkg!==$eOY>^Nh+mgA z<=&vYEmnV&8i`p8f^O;5$T9>zi~kMX1Quh~{S8Tj9{hmsw>z!fZwPPJ(CZ0Y{cBm^ z$E*u$GCw~>BH|lZs@j2_xhgjv(u&Vk>r2(Gqsl4v<%AjwX$~a|sc06Np%e|k4}N^l zbE-ZnV?}-$E;H<%GC}dmYtK&)yV<#smb~GHV?Oj`1Tf;MylccZ~Ys^yB$m5>(?W#6H`p|vsGdPcSz%Dzjz1WTWiz($rgWhk^8 zefo*ur#w!U%Utdu753btWVtnPoHmm83HALa9E!zbl=cS6PLHFs>Y26TC^-ct66B+F zn=VyQg_g|VN5E|w%}6S?X<=v3!3t2VKkCwV(GsZvN#hGLa>MG^i8!}|hED>_fAGpL z1hn8NWdWtxEEGiBi6dL5?;Qdpu|uf#>03-rDiEsTT%|>RT@l!jjc$WQQ&7&6@al?m zz*DFM;E(h!IohTF(H55sRC5gjrVCEtvHgTy3OIo=*dQ^>2~O&ms~ z1m-{T^3|Wh<92fSq0$_L+pXa;#B2Z3?)rH}W;~QYBWIul*BBMk@Lxch@eJf zb?r^oXaxG)wOLJC7ric=@m-O;ylKg7;jT@VC7Tyi#k@1+J&it$UE#YtQLCJ@OR#gj zX>49h<;+X~7-(unD-WjkLz4OEh}B9Pu|tHJyLI*4Nz25J*RGyqWV{em(9E9g9y6| z5!Bv>;=tPrwEHSSJY|b1i4kj$(t!8}!T)sy?=q;v$6N3dI~{ypV1!wR`}X&8^rvV| z`3BggXpO0w_cyHu7AOMDVB~-VFL#NBO2sXNffM)PIN7t{ejF&_-adU-62UUl&*}H5 z+9^nKeXL*du&*jar8m~xYB;!U! zIe`b(Y_L+7k?$ZC;tT+8OC@{cH&q&CHR|u3m|loAp8Gi^Vk!xdmuxz1%AtgcawrN! zQkpEJL|$l$ysYRrz`5OdH3YoUh@@Sxd} z6g`BJi&U~HRWCk98`wDpGi>WIu^-5*1_#`3MZE>SowXJ19HuT6BkSea&-W(m;f*Z9 z-W&Azvw}@oJdy}}kRtzEK~!r~18utGLZo^=YpIC=JS3BklM`?9=@uX`nROxT;SecY zTq9$yE_S~)e7!W17dG@u-x*PNK7Z(hjN_igFO67>e2#Xsc`jt?wPjs!K|SZ?_2Eys zc6JS8sngYrtuFLwcAT^o^z}EJf|gjLJ!pER`mk40KqGwWo87$%4Bv ze?*@-zT)umAGBuI?s~d&>-Wi7ksTN;8lzQ`*#Si3^c84f;AVpt1rYH_@Mw^1}50Pz!7uv%OJ@ssr^MHUYPmxMJb3I^R9MPBfcCXxmW)f&2)_k3i9 zgheP}rDLx(lXyYe-7bBx5xN87ab1DPf^!h}KJYPdHB2J+?t#7@%H`FmVp9Wh;PAlq z4q0IB?VtzEAW`A8J*(Xmpk?7Bkf`v8O+x7no)xVa-yd^~>)x7r8teXXCgJO7OMA)% znD;uVx{EFZ!qoJ}4*!0{@CB!Gf?}ZP47*qvnwyZpI9}p!lnCK~u{ zmg?Nyt-vtjpgYlR;3vr&j;VEEPJD3NOb=A>~SWG4OF-19KU88(2xV3&t3 zg;EMH%Olcbp>`lvJ!jXH6P}v7mqTnN7Jo#m%k_?)T24wB$Q@ahpyTr7N$ejnXMSIC zc*PIPXaC3Q>8`Ci7pzw`1=>8-2i{GxoOnPNvI5V4OR|4IW#ISVex_1T*}Z)4cjv2j zUEFzf!-5+ztD?7itWYueSbaCCGBt@L|t4Sl?8a$4BaO zz|)u+9zJjuF?AdYoW&U8g8mIJCSv5?Z%bhbc^-GXw|-|rxp zhN=+Xk|u4(|AE#u^7NuZ=^$_AG8G%5oU!azto9v>WU5wg+x0)TH?@_n){ z!k3GrAn;0l0 z#Vl7@7pih~G4|FlA81bvm|H>hmR(Ak!|2>~=p$i_stU@|1q};9EgfCbFcM{L**);P zrw}PFvU)2#WsGOAHx+iRPwuJqyPPz+aq@mA%0fH;K+x)YW92~E_r2~@m-#*)x`N)xO0XT6;Z3*PK3wY_8AU)weU!bYEc%KY9`FdeHJxEme~zd#30%k@-&S02?pl*ps)Zh+k9>fc?9DGXqrzN@OWy+LGm3I+* zPA7dC76wob4Yn2<(CaP-_d}0$!Rk&_19@0wV_wO$v35 zqN8<(|L>vZ*Tp~eetF91Tl~q!xnH2apWdXJVVCeQXJlzXRJ@5AEmV@ddHAWCiK&_z zXo`?px_qQY&^Wh~@$g8L20C*DS%T8O@6ZPiwJA6ku>_Vj{NJ00LPUH&v+#{6+As=I zLJ)?SHS`Zl{Tv5x-1Qx6R2sNo3RUUp4y-C;O^!AbNo@RIi^*`>a7;pll5A`03l+@1>tOO9BFjsih5C2D{5mcV?cdcoLxC{h{MB#D!E!3+4xAr4q&pMX^s zj#8kZIy0#x1gLF+O5#&_?U-tD+8dNCiT=kmYW>^500=Nf z@oJd9N&`%l{wXSbG-lj6Ulq7Kit9wpvlnC&24t^?%w^UXbbR{8q>Z&>khAeXg|@^L3{whU}(IT zhp*SGQsBU3OR(5^$jz9#9h`n)j)@xD5jPKBc%V;9CuKFfIh~||l2s3Mcbe`dX;efk zmgo{)x~;Lrosso94ZXo64Vv^hzc94s7#HRT7a?WUA>0PY;s3REtualVVR#8K#F@d2 zasEKsEsGMzLZi+Vx%9*=3-J;gBid|08%0EeP!ze@o>Luji?G2aLENC!OSGb5C2kzB z?Kz^uS_G;AL|kuDptev-X=yp_x$J}N2RNt8w!dG#oaE$u=Y8MjeV*@qyrpR0L5#cD zJ|BIps*io1K7T2Fc=tN=bX!eV)4se_1+hP+>5W@P=a&8%Aj>_`2D&pg@rr6@5D>Qy zk_geU(FDSfkPFI}c&g}m5Y(gdk>39f{?ZQu)=YR+3&IU86gI*;gplBf2ka3GgCc~xMlW8!J+ka%h`TCaFXc+N9q92-2;JH_6;F^;^u7S zTtDHp4gvPvt@BOZ7LZtfYX!G(muPYE7Wy9eoExtVL;D&?u~8-`SJ3TAMD1K6e3dJ~ zEV`RBC0hu${&XaJ%`L5YzGZW}o;J;j=Q4LJ&0e`~%}{3|AcmU++Z48-(+)D?7!R$?UK2eu4-uh!Xx1Q3SzqY=k1a8d?hMuZrC26$9tmAvZqhpU>~KjzeT^_a;Tr-ZCNrd7|97!Rm&CD?(gHi`*}<4PZ%Q860#hc^PmRyWd_=%=){0B(;_c`NwIuJ^J{o;^Cb@8(o58*a~K zX0BW_5c*76p`sSvuVNb+J&OOXHXxlc4NVLX4`SS&6Hwb^BrB9AG4GesXCxDCy7OFf zi!Ll+^j8P4i3(x<7&qO0K`jlM@lY)!85E6sQ9g;LS!PyL>T#O%(nMpecKU$;Cak!| zv4;!$PAScfp=yX3kHK7@TQFB43wEv<*}#<=$|6atj909Rj)w2Th&@ZB8IH})pd-WC z9#5^=8YO0Yx;#&rC1E7UFYU!m8*#tgk9j%LP?vxSQW!E4iycPQP{8_G&y1JPVmk$S z(hisNd+exMB@FhmHA4mH?RJKxgG0aN2+4{V#G6qi?Rp1e&UraTjB3?kE~DD~{GMHy z@9AbAq0XOe6z!vZXi_CHFNM#(ByXtW^yT??5dSb-shU8vsBuiOEMpaAMaJ=-J;fT zwVthFzc@vd|7;U#85@DTS67G-j~wz1pt9$c>z@^w>LyBd^j2tW%eSTm`wlOw5n=$cexC Date: Thu, 12 Mar 2015 15:46:17 -0700 Subject: [PATCH 056/121] DTLS working. The only thing that is missing is a signature to detect the protocol (it has no well-known port). Reassembly is kind of fidgety - at the moment we only support re-assembling one simultaneous message per direction (which looking at our test-traffic might not be a problem). And I am not quite sure if I got all cases correct... But - it works :) --- scripts/base/protocols/ssl/consts.bro | 7 + src/analyzer/protocol/ssl/CMakeLists.txt | 2 +- src/analyzer/protocol/ssl/DTLS.cc | 39 ++++- src/analyzer/protocol/ssl/DTLS.h | 9 +- src/analyzer/protocol/ssl/SSL.cc | 3 + src/analyzer/protocol/ssl/dtls-analyzer.pac | 148 ++++++++++++++++++ src/analyzer/protocol/ssl/dtls-protocol.pac | 40 +++-- src/analyzer/protocol/ssl/dtls.pac | 10 +- src/analyzer/protocol/ssl/ssl-defs.pac | 11 +- src/analyzer/protocol/ssl/ssl-protocol.pac | 4 +- .../protocol/ssl/tls-handshake-protocol.pac | 49 ++++-- .../scripts.base.protocols.ssl.dtls/ssl.log | 10 ++ .../scripts.base.protocols.ssl.dtls/x509.log | 10 ++ .../scripts/base/protocols/ssl/dtls.test | 5 + 14 files changed, 312 insertions(+), 35 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log create mode 100644 testing/btest/scripts/base/protocols/ssl/dtls.test diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 3d115419d4..05559ee5d0 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -6,6 +6,11 @@ export { const TLSv10 = 0x0301; const TLSv11 = 0x0302; const TLSv12 = 0x0303; + + const DTLSv10 = 0xFEFF; + # DTLSv11 does not exist + const DTLSv12 = 0xFEFD; + ## Mapping between the constants and string values for SSL/TLS versions. const version_strings: table[count] of string = { [SSLv2] = "SSLv2", @@ -13,6 +18,8 @@ export { [TLSv10] = "TLSv10", [TLSv11] = "TLSv11", [TLSv12] = "TLSv12", + [DTLSv10] = "DTLSv10", + [DTLSv12] = "DTLSv12" } &default=function(i: count):string { return fmt("unknown-%d", i); }; ## TLS content types: diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt index fab0d30f07..f69b7354e3 100644 --- a/src/analyzer/protocol/ssl/CMakeLists.txt +++ b/src/analyzer/protocol/ssl/CMakeLists.txt @@ -6,7 +6,7 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI bro_plugin_begin(Bro SSL) bro_plugin_cc(SSL.cc Plugin_SSL.cc) bro_plugin_bif(events.bif) -bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac) +bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac ssl-defs.pac) bro_plugin_pac(ssl.pac ssl-dtls-analyzer.pac ssl-analyzer.pac ssl-dtls-protocol.pac ssl-protocol.pac ssl-defs.pac) bro_plugin_end() diff --git a/src/analyzer/protocol/ssl/DTLS.cc b/src/analyzer/protocol/ssl/DTLS.cc index 7c49dba439..c90e414031 100644 --- a/src/analyzer/protocol/ssl/DTLS.cc +++ b/src/analyzer/protocol/ssl/DTLS.cc @@ -5,28 +5,61 @@ #include "events.bif.h" +#include "dtls_pac.h" +#include "tls-handshake_pac.h" + using namespace analyzer::dtls; DTLS_Analyzer::DTLS_Analyzer(Connection* c) : analyzer::Analyzer("DTLS", c) { interp = new binpac::DTLS::SSL_Conn(this); - fprintf(stderr, "Instantiated :)\n"); + handshake_interp = new binpac::TLSHandshake::Handshake_Conn(this); } DTLS_Analyzer::~DTLS_Analyzer() { delete interp; + delete handshake_interp; } void DTLS_Analyzer::Done() { - Analyzer::Done(); + Analyzer::Done(); + interp->FlowEOF(true); + interp->FlowEOF(false); + handshake_interp->FlowEOF(true); + handshake_interp->FlowEOF(false); } void DTLS_Analyzer::DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, orig, seq, ip, caplen); - fprintf(stderr, "Delivered packet :)\n"); interp->NewData(orig, data, data + len); } + +void DTLS_Analyzer::EndOfData(bool is_orig) + { + Analyzer::EndOfData(is_orig); + interp->FlowEOF(is_orig); + handshake_interp->FlowEOF(is_orig); + } + + +void DTLS_Analyzer::SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig) + { + try + { + handshake_interp->NewData(orig, (const unsigned char*) &msg_type, (const unsigned char*) &msg_type + 1); + uint32 host_length = htonl(length); + // the parser inspects a uint24 - since it is big-endian, it should be ok to just skip + // the first byte of the uint32. Since we get the data from an uint24 from the dtls-parser, this should + // always yield the correct result. + handshake_interp->NewData(orig, (const unsigned char*) &host_length + 1, (const unsigned char*) &host_length + sizeof(host_length)); + handshake_interp->NewData(orig, begin, end); + } + catch ( const binpac::Exception& e ) + { + ProtocolViolation(fmt("Binpac exception: %s", e.c_msg())); + } + } diff --git a/src/analyzer/protocol/ssl/DTLS.h b/src/analyzer/protocol/ssl/DTLS.h index c45a311c8c..6611a6974e 100644 --- a/src/analyzer/protocol/ssl/DTLS.h +++ b/src/analyzer/protocol/ssl/DTLS.h @@ -4,7 +4,10 @@ #include "events.bif.h" #include "analyzer/protocol/udp/UDP.h" -#include "dtls_pac.h" + +namespace binpac { namespace DTLS { class SSL_Conn; } } + +namespace binpac { namespace TLSHandshake { class Handshake_Conn; } } namespace analyzer { namespace dtls { @@ -17,6 +20,9 @@ public: virtual void Done(); virtual void DeliverPacket(int len, const u_char* data, bool orig, uint64 seq, const IP_Hdr* ip, int caplen); + virtual void EndOfData(bool is_orig); + + void SendHandshake(uint8 msg_type, uint32 length, const u_char* begin, const u_char* end, bool orig); static analyzer::Analyzer* Instantiate(Connection* conn) @@ -24,6 +30,7 @@ public: protected: binpac::DTLS::SSL_Conn* interp; + binpac::TLSHandshake::Handshake_Conn* handshake_interp; }; } } // namespace analyzer::* diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index 71b7511716..d571439f19 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -30,12 +30,15 @@ void SSL_Analyzer::Done() interp->FlowEOF(true); interp->FlowEOF(false); + handshake_interp->FlowEOF(true); + handshake_interp->FlowEOF(false); } void SSL_Analyzer::EndpointEOF(bool is_orig) { tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); interp->FlowEOF(is_orig); + handshake_interp->FlowEOF(is_orig); } void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac index 139597f9cb..f4c2df9e3f 100644 --- a/src/analyzer/protocol/ssl/dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac @@ -1,2 +1,150 @@ +refine connection SSL_Conn += { + + %member{ + + struct message_info { + uint64 message_first_sequence; // the minumum dtls sequence number for this handshake fragment + bool first_sequence_seen; // did we actually see the fragment with the smallest number + uint64 message_last_sequence; // the mazimum dtls sequence number for this handshake fragment + uint16 message_handshake_sequence; // the handshake sequence number of this handshake (to identify) + uint32 message_length; // data length of this handshake (data in buffer) + uint32 message_sequence_seen; // a bitfield that shows which sequence numbers we already saw, offset from first_seq. + u_char* buffer; + } server, client; + %} + + %init{ + memset(&server, 0, sizeof(server)); + memset(&client, 0, sizeof(client)); + %} + + %cleanup{ + delete [] server.buffer; + delete [] client.buffer; + %} + + function proc_dtls(pdu: SSLRecord, sequence: uint64): bool + %{ + //fprintf(stderr, "Type: %d, sequence number: %d, epoch: %d\n", ${pdu.content_type}, sequence, ${pdu.epoch}); + + return true; + %} + + function proc_handshake(pdu: SSLRecord, rec: Handshake): bool + %{ + uint32 foffset = to_int()(${rec.fragment_offset}); + uint32 flength = to_int()(${rec.fragment_length}); + uint32 length = to_int()(${rec.length}); + uint64 sequence_number = to_int()(${pdu.sequence_number}); + //fprintf(stderr, "Handshake type: %d, length: %u, seq: %u, foffset: %u, flength: %u\n", ${rec.msg_type}, to_int()(${rec.length}), ${rec.message_seq}, to_int()(${rec.fragment_offset}), to_int()(${rec.fragment_length})); + + if ( foffset == 0 && length == flength ) + { + //fprintf(stderr, "Complete fragment, forwarding...\n"); + bro_analyzer()->SendHandshake(${rec.msg_type}, length, ${rec.data}.begin(), ${rec.data}.end(), ${pdu.is_orig}); + return true; + } + + // if we fall through here, the message has to be reassembled. Let's first get the right info record... + message_info* i; + if ( ${pdu.is_orig} ) + i = &client; + else + i = &server; + + if ( length > MAX_DTLS_HANDSHAKE_RECORD ) + { + bro_analyzer()->ProtocolViolation(fmt("DTLS record length %u larger than allowed maximum.", length)); + return true; + } + + if ( i->message_handshake_sequence != ${rec.message_seq} || i->message_length != length || i->buffer == 0 ) + { + // cannot resume reassembling. Let's abandon the current data and try anew... + delete [] i->buffer; + memset(i, 0, sizeof(message_info)); + i->message_handshake_sequence = ${rec.message_seq}; + i->message_length = length; + i->buffer = new u_char[length]; + // does not have to be the first sequence number - we cannot figure that out at this point. If it is not, + // we will fix that later... + i->message_first_sequence = sequence_number; + } + + // if we arrive here, we are actually ready to resume. + if ( i->message_first_sequence > sequence_number ) + { + if ( i->first_sequence_seen ) + { + bro_analyzer()->ProtocolViolation("Saw second and different first message fragment for handshake."); + return true; + } + // first sequence number was incorrect, let's fix that. + uint64 diff = i->message_first_sequence - sequence_number; + i->message_sequence_seen = i->message_sequence_seen << diff; + i->message_first_sequence = sequence_number; + } + + // if we have offset 0, we know the smallest number... + if ( foffset == 0 ) + i->first_sequence_seen = true; + + // check if we already saw the message + if ( ( i->message_sequence_seen & ( 1 << (sequence_number - i->message_first_sequence) ) ) != 0 ) + return true; // do not handle same message fragment twice + + // copy data from fragment to buffer + if ( ${rec.data}.length() != flength ) + { + bro_analyzer()->ProtocolViolation(fmt("DTLS handshake record length does not match packet length")); + return true; + } + + if ( foffset + flength > length ) + { + bro_analyzer()->ProtocolViolation(fmt("DTLS handshake fragment trying to write past end of buffer")); + return true; + } + + // store that we handled fragment + i->message_sequence_seen |= 1 << (sequence_number - i->message_first_sequence); + memcpy(i->buffer + foffset, ${rec.data}.data(), ${rec.data}.length()); + + //fprintf(stderr, "Copied to buffer offset %u length %u\n", foffset, ${rec.data}.length()); + + // store last fragment information if this is the last fragment... + + // check if we saw all fragments so far. If yes, forward... + if ( foffset + flength == length ) + i->message_last_sequence = sequence_number; + + if ( i->message_last_sequence != 0 && i->first_sequence_seen ) + { + uint64 total_length = i->message_last_sequence - i->message_first_sequence; + if ( total_length > 32 ) + { + bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 32 pieces. Cannot reassemble.")); + return true; + } + + if ( ( ~(i->message_sequence_seen) & ( ( 1<<(total_length+1) ) -1 ) ) == 0 ) + { + //fprintf(stderr, "ALl fragments here. Total length %u\n", length); + bro_analyzer()->SendHandshake(${rec.msg_type}, length, i->buffer, i->buffer + length, ${pdu.is_orig}); + } + } + + + return true; + %} +}; + +refine typeattr SSLRecord += &let { + proc: bool = $context.connection.proc_dtls(this, to_int()(sequence_number)); +}; + +refine typeattr Handshake += &let { + proc: bool = $context.connection.proc_handshake(rec, this); +}; diff --git a/src/analyzer/protocol/ssl/dtls-protocol.pac b/src/analyzer/protocol/ssl/dtls-protocol.pac index 94cddf9cbc..6faa191d18 100644 --- a/src/analyzer/protocol/ssl/dtls-protocol.pac +++ b/src/analyzer/protocol/ssl/dtls-protocol.pac @@ -10,14 +10,27 @@ type DTLSPDU(is_orig: bool) = record { type SSLRecord(is_orig: bool) = record { content_type: uint8; version: uint16; +# the epoch signalizes that a changecipherspec message has been received. Hence, everything with +# an epoch > 0 should be encrypted epoch: uint16; sequence_number: uint48; length: uint16; - rec: PlaintextRecord(this)[] &length=length; -# data: bytestring &restofdata &transient; -} &byteorder = bigendian, - &let { - parse : bool = $context.connection.proc_dtls(this, to_int()(sequence_number)); + cont: case valid of { + true -> rec: RecordText(this)[] &length=length; + false -> swallow: bytestring &restofdata; + }; +} &byteorder = bigendian, &let { +# Do not parse body if packet version invalid + valid: bool = $context.connection.dtls_version_ok(version); +}; + +type RecordText(rec: SSLRecord) = case rec.epoch of { + 0 -> plaintext : PlaintextRecord(rec); + default -> ciphertext : CiphertextRecord(rec); +}; + +refine casetype PlaintextRecord += { + HANDSHAKE -> handshake : Handshake(rec); }; type Handshake(rec: SSLRecord) = record { @@ -26,15 +39,22 @@ type Handshake(rec: SSLRecord) = record { message_seq: uint16; fragment_offset: uint24; fragment_length: uint24; + data: bytestring &restofdata; } refine connection SSL_Conn += { - function proc_dtls(pdu: SSLRecord, sequence: uint64): bool - %{ - fprintf(stderr, "Type: %d, sequence number: %d, epoch: %d\n", ${pdu.content_type}, sequence, ${pdu.epoch}); + function dtls_version_ok(version: uint16): uint16 + %{ + switch ( version ) { + case DTLSv10: + case DTLSv12: + return true; - return true; - %} + default: + bro_analyzer()->ProtocolViolation(fmt("Invalid version in DTLS connection. Packet reported version: %d", version)); + return false; + } + %} }; diff --git a/src/analyzer/protocol/ssl/dtls.pac b/src/analyzer/protocol/ssl/dtls.pac index 50424f0d8c..b08dd61f8f 100644 --- a/src/analyzer/protocol/ssl/dtls.pac +++ b/src/analyzer/protocol/ssl/dtls.pac @@ -5,14 +5,21 @@ %extern{ #include "events.bif.h" + +namespace analyzer { namespace dtls { class DTLS_Analyzer; } } +typedef analyzer::dtls::DTLS_Analyzer* DTLSAnalyzer; + +#include "DTLS.h" %} +extern type DTLSAnalyzer; + analyzer DTLS withcontext { connection: SSL_Conn; flow: DTLS_Flow; }; -connection SSL_Conn(bro_analyzer: BroAnalyzer) { +connection SSL_Conn(bro_analyzer: DTLSAnalyzer) { upflow = DTLS_Flow(true); downflow = DTLS_Flow(false); }; @@ -21,7 +28,6 @@ connection SSL_Conn(bro_analyzer: BroAnalyzer) { %include dtls-protocol.pac flow DTLS_Flow(is_orig: bool) { -# flowunit = SSLRecord(is_orig) withcontext(connection, this); datagram = DTLSPDU(is_orig) withcontext(connection, this); } diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac index c29bbcbabe..aefc69a81c 100644 --- a/src/analyzer/protocol/ssl/ssl-defs.pac +++ b/src/analyzer/protocol/ssl/ssl-defs.pac @@ -71,6 +71,8 @@ function version_ok(vers : uint16) : bool case TLSv10: case TLSv11: case TLSv12: + case DTLSv10: + case DTLSv12: return true; default: @@ -86,6 +88,9 @@ using std::string; #include "events.bif.h" %} +# a maximum of 100k for one record seems safe +let MAX_DTLS_HANDSHAKE_RECORD: uint32 = 100000; + enum ContentType { CHANGE_CIPHER_SPEC = 20, ALERT = 21, @@ -106,7 +111,11 @@ enum SSLVersions { SSLv30 = 0x0300, TLSv10 = 0x0301, TLSv11 = 0x0302, - TLSv12 = 0x0303 + TLSv12 = 0x0303, + + DTLSv10 = 0xFEFF, +# DTLSv11 does not exist. + DTLSv12 = 0xFEFD }; enum SSLExtensions { diff --git a/src/analyzer/protocol/ssl/ssl-protocol.pac b/src/analyzer/protocol/ssl/ssl-protocol.pac index a90bd03868..7f9799e0bc 100644 --- a/src/analyzer/protocol/ssl/ssl-protocol.pac +++ b/src/analyzer/protocol/ssl/ssl-protocol.pac @@ -42,10 +42,8 @@ refine casetype PlaintextRecord += { V2_SERVER_HELLO -> v2_server_hello : V2ServerHello(rec); }; +# Handshakes are parsed by the handshake analyzer. type Handshake(rec: SSLRecord) = record { -# msg_type: uint8; -# length: uint24; -# data: bytestring &length=to_int()(length); data: bytestring &restofdata; }; diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac index 296df5fb9d..b24352d099 100644 --- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac +++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac @@ -6,6 +6,7 @@ enum HandshakeType { HELLO_REQUEST = 0, CLIENT_HELLO = 1, SERVER_HELLO = 2, + HELLO_VERIFY_REQUEST = 3, # DTLS SESSION_TICKET = 4, # RFC 5077 CERTIFICATE = 11, SERVER_KEY_EXCHANGE = 12, @@ -30,20 +31,21 @@ type HandshakeRecord(is_orig: bool) = record { } &length=(to_int()(msg_length) + 4); type Handshake(rec: HandshakeRecord) = case rec.msg_type of { - HELLO_REQUEST -> hello_request : HelloRequest(rec); - CLIENT_HELLO -> client_hello : ClientHello(rec); - SERVER_HELLO -> server_hello : ServerHello(rec); - SESSION_TICKET -> session_ticket : SessionTicketHandshake(rec); - CERTIFICATE -> certificate : Certificate(rec); - SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); - CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); - SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); - CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); - CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); - FINISHED -> finished : Finished(rec); - CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; - CERTIFICATE_STATUS -> certificate_status : CertificateStatus(rec); - default -> unknown_handshake : UnknownHandshake(rec, rec.is_orig); + HELLO_REQUEST -> hello_request : HelloRequest(rec); + CLIENT_HELLO -> client_hello : ClientHello(rec); + SERVER_HELLO -> server_hello : ServerHello(rec); + HELLO_VERIFY_REQUEST -> hello_verify_request : HelloVerifyRequest(rec); + SESSION_TICKET -> session_ticket : SessionTicketHandshake(rec); + CERTIFICATE -> certificate : Certificate(rec); + SERVER_KEY_EXCHANGE -> server_key_exchange : ServerKeyExchange(rec); + CERTIFICATE_REQUEST -> certificate_request : CertificateRequest(rec); + SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); + CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); + CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); + FINISHED -> finished : Finished(rec); + CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient; + CERTIFICATE_STATUS -> certificate_status : CertificateStatus(rec); + default -> unknown_handshake : UnknownHandshake(rec, rec.is_orig); } type HandshakePDU(is_orig: bool) = record { @@ -72,6 +74,10 @@ type ClientHello(rec: HandshakeRecord) = record { random_bytes : bytestring &length = 28; session_len : uint8; session_id : uint8[session_len]; + dtls_cookie: case client_version of { + DTLSv10 -> cookie: ClientHelloCookie(rec); + default -> nothing: bytestring &length=0; + }; csuit_len : uint16 &check(csuit_len > 1 && csuit_len % 2 == 0); csuits : uint16[csuit_len/2]; cmeth_len : uint8 &check(cmeth_len > 0); @@ -82,6 +88,11 @@ type ClientHello(rec: HandshakeRecord) = record { extensions : SSLExtension(rec)[] &until($input.length() == 0); }; +type ClientHelloCookie(rec: HandshakeRecord) = record { + cookie_len : uint8; + cookie : bytestring &length = cookie_len; +}; + ###################################################################### # V3 Server Hello (7.4.1.3.) ###################################################################### @@ -103,6 +114,16 @@ type ServerHello(rec: HandshakeRecord) = record { $context.connection.set_cipher(cipher_suite[0]); }; +###################################################################### +# DTLS Hello Verify Request +###################################################################### + +type HelloVerifyRequest(rec: HandshakeRecord) = record { + version: uint16; + cookie_length: uint8; + cookie: bytestring &length=cookie_length; +}; + ###################################################################### # V3 Server Certificate (7.4.2.) ###################################################################### diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log new file mode 100644 index 0000000000..cd9d04e020 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/ssl.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssl +#open 2015-03-12-22-40-14 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer +#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string +1425932016.520157 CXWv6p3arKYeMETxOg 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T FZi2Ct2AcCswhiIjKe (empty) CN=bro CN=bro - - +#close 2015-03-12-22-40-14 diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log new file mode 100644 index 0000000000..290c5bfb49 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssl.dtls/x509.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path x509 +#open 2015-03-12-22-40-14 +#fields ts id certificate.version certificate.serial certificate.subject certificate.issuer certificate.not_valid_before certificate.not_valid_after certificate.key_alg certificate.sig_alg certificate.key_type certificate.key_length certificate.exponent certificate.curve san.dns san.uri san.email san.ip basic_constraints.ca basic_constraints.path_len +#types time string count string string string time time string string string count string string vector[string] vector[string] vector[string] vector[addr] bool count +1425932016.611299 FZi2Ct2AcCswhiIjKe 3 E8E48E456C32945F CN=bro CN=bro 1425931873.000000 1457467873.000000 rsaEncryption sha1WithRSAEncryption rsa 2048 65537 - - - - - T - +#close 2015-03-12-22-40-14 diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test new file mode 100644 index 0000000000..46b74d2b78 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssl/dtls.test @@ -0,0 +1,5 @@ +# This tests a normal SSL connection and the log it outputs. + +# @TEST-EXEC: bro -r $TRACES/tls/dtls-openssl.pcap %INPUT +# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: btest-diff x509.log From 88beb3127099f24ca0023d437581f25deaac56fb Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 12 Mar 2015 16:09:10 -0700 Subject: [PATCH 057/121] Only force logging of SSL if it actually was the SSL analyzer that failed. --- scripts/base/protocols/ssl/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index d2b0332756..2b448fec6c 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -282,6 +282,6 @@ event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &pr event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string) &priority=5 { - if ( c?$ssl ) + if ( c?$ssl && atype == Analyzer::ANALYZER_SSL ) finish(c, T); } From 51010eccd4d2746571ae95979a6058d8ee29b3da Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 13:00:29 -0500 Subject: [PATCH 058/121] Add Connection class getter methods for flow labels. BIT-1309 #close --- src/Conn.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Conn.h b/src/Conn.h index 966c77a9f8..20e60d2617 100644 --- a/src/Conn.h +++ b/src/Conn.h @@ -263,6 +263,9 @@ public: void CheckFlowLabel(bool is_orig, uint32 flow_label); + uint32 GetOrigFlowLabel() { return orig_flow_label; } + uint32 GetRespFlowLabel() { return resp_flow_label; } + protected: Connection() { persistent = 0; } From 6fbceb6a987ebbee0321712217f7c4e4d5e52a48 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 13:01:57 -0500 Subject: [PATCH 059/121] Identify GRE tunnels as Tunnel::GRE, not Tunnel::IP. BIT-1311 #close --- NEWS | 3 +++ src/Sessions.cc | 6 +++++- src/TunnelEncapsulation.h | 9 ++++++--- src/types.bif | 1 + .../btest/Baseline/core.tunnels.gre-in-gre/tunnel.log | 4 ++-- testing/btest/Baseline/core.tunnels.gre/tunnel.log | 2 +- 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 50e5ddd265..981af20370 100644 --- a/NEWS +++ b/NEWS @@ -94,6 +94,9 @@ Changed Functionality - conn.log gained a new field local_resp that works like local_orig, just for the responder address of the connection. +- GRE tunnels are now identified as ``Tunnel::GRE`` instead of + ``Tunnel::IP``. + - [TODO] Add changed BroControl features. Deprecated Functionality diff --git a/src/Sessions.cc b/src/Sessions.cc index ffc2baf944..086216e93d 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -466,6 +466,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, id.src_addr = ip_hdr->SrcAddr(); id.dst_addr = ip_hdr->DstAddr(); Dictionary* d = 0; + BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP; switch ( proto ) { case IPPROTO_TCP: @@ -606,6 +607,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, // Treat GRE tunnel like IP tunnels, fallthrough to logic below now // that GRE header is stripped and only payload packet remains. + // The only thing different is the tunnel type enum value to use. + tunnel_type = BifEnum::Tunnel::GRE; } case IPPROTO_IPV4: @@ -653,7 +656,8 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, if ( it == ip_tunnels.end() ) { - EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr()); + EncapsulatingConn ec(ip_hdr->SrcAddr(), ip_hdr->DstAddr(), + tunnel_type); ip_tunnels[tunnel_idx] = TunnelActivity(ec, network_time); timer_mgr->Add(new IPTunnelTimer(network_time, tunnel_idx)); } diff --git a/src/TunnelEncapsulation.h b/src/TunnelEncapsulation.h index 23f8966ee7..419a3000b4 100644 --- a/src/TunnelEncapsulation.h +++ b/src/TunnelEncapsulation.h @@ -37,10 +37,12 @@ public: * * @param s The tunnel source address, likely taken from an IP header. * @param d The tunnel destination address, likely taken from an IP header. + * @param t The type of IP tunnel. */ - EncapsulatingConn(const IPAddr& s, const IPAddr& d) + EncapsulatingConn(const IPAddr& s, const IPAddr& d, + BifEnum::Tunnel::Type t = BifEnum::Tunnel::IP) : src_addr(s), dst_addr(d), src_port(0), dst_port(0), - proto(TRANSPORT_UNKNOWN), type(BifEnum::Tunnel::IP), + proto(TRANSPORT_UNKNOWN), type(t), uid(Bro::UID(bits_per_uid)) { } @@ -85,7 +87,8 @@ public: if ( ec1.type != ec2.type ) return false; - if ( ec1.type == BifEnum::Tunnel::IP ) + if ( ec1.type == BifEnum::Tunnel::IP || + ec1.type == BifEnum::Tunnel::GRE ) // Reversing endpoints is still same tunnel. return ec1.uid == ec2.uid && ec1.proto == ec2.proto && ((ec1.src_addr == ec2.src_addr && ec1.dst_addr == ec2.dst_addr) || diff --git a/src/types.bif b/src/types.bif index 99df67c9d5..73443a3fd7 100644 --- a/src/types.bif +++ b/src/types.bif @@ -172,6 +172,7 @@ enum Type %{ SOCKS, GTPv1, HTTP, + GRE, %} type EncapsulatingConn: record; diff --git a/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log b/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log index 277d1df679..ad7154d756 100644 --- a/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log @@ -6,6 +6,6 @@ #open 2014-01-16-21-51-36 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum -1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::IP Tunnel::DISCOVER -1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::IP Tunnel::DISCOVER +1341436424.204043 CXWv6p3arKYeMETxOg 72.205.54.70 0 86.106.164.150 0 Tunnel::GRE Tunnel::DISCOVER +1341436424.204043 CjhGID4nQcgTWjvg4c 10.10.11.2 0 10.10.13.2 0 Tunnel::GRE Tunnel::DISCOVER #close 2014-01-16-21-51-36 diff --git a/testing/btest/Baseline/core.tunnels.gre/tunnel.log b/testing/btest/Baseline/core.tunnels.gre/tunnel.log index f0d87f4964..066e1fe151 100644 --- a/testing/btest/Baseline/core.tunnels.gre/tunnel.log +++ b/testing/btest/Baseline/core.tunnels.gre/tunnel.log @@ -6,5 +6,5 @@ #open 2014-01-16-21-51-12 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p tunnel_type action #types time string addr port addr port enum enum -1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::IP Tunnel::DISCOVER +1055289968.793044 CXWv6p3arKYeMETxOg 172.27.1.66 0 66.59.109.137 0 Tunnel::GRE Tunnel::DISCOVER #close 2014-01-16-21-51-12 From 0b957cbe752df7773dad0d5549e9654f92e18cf9 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 14:16:04 -0500 Subject: [PATCH 060/121] Include timestamp in default extracted file names. And add a policy script to extract all files. BIT-1335 #close --- CHANGES | 11 +++++++++ NEWS | 3 +++ VERSION | 2 +- scripts/base/files/extract/main.bro | 3 ++- .../frameworks/files/extract-all-files.bro | 8 +++++++ scripts/test-all-policy.bro | 1 + testing/btest/Baseline/plugins.hooks/output | 24 +++++++++---------- .../policy/frameworks/files/extract-all.bro | 2 ++ 8 files changed, 40 insertions(+), 14 deletions(-) create mode 100644 scripts/policy/frameworks/files/extract-all-files.bro create mode 100644 testing/btest/scripts/policy/frameworks/files/extract-all.bro diff --git a/CHANGES b/CHANGES index 926b30c9c0..84f64034ea 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,15 @@ +2.3-539 | 2015-03-13 14:19:27 -0500 + + * BIT-1335: Include timestamp in default extracted file names. + And add a policy script to extract all files. (Jon Siwek) + + * BIT-1311: Identify GRE tunnels as Tunnel::GRE, not Tunnel::IP. + (Jon Siwek) + + * BIT-1309: Add Connection class getter methods for flow labels. + (Jon Siwek) + 2.3-536 | 2015-03-12 16:16:24 -0500 * Fix Broker leak tests. (Jon Siwek) diff --git a/NEWS b/NEWS index 981af20370..4d1539b33c 100644 --- a/NEWS +++ b/NEWS @@ -97,6 +97,9 @@ Changed Functionality - GRE tunnels are now identified as ``Tunnel::GRE`` instead of ``Tunnel::IP``. +- The default name for extracted files changed from extract-protocol-id + to extract-timestamp-protocol-id. + - [TODO] Add changed BroControl features. Deprecated Functionality diff --git a/VERSION b/VERSION index c168eac2bd..64cd9fa66f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-536 +2.3-539 diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.bro index 765263a4d8..7f68a8bcce 100644 --- a/scripts/base/files/extract/main.bro +++ b/scripts/base/files/extract/main.bro @@ -53,7 +53,8 @@ function set_limit(f: fa_file, args: Files::AnalyzerArgs, n: count): bool function on_add(f: fa_file, args: Files::AnalyzerArgs) { if ( ! args?$extract_filename ) - args$extract_filename = cat("extract-", f$source, "-", f$id); + args$extract_filename = cat("extract-", f$last_active, "-", f$source, + "-", f$id); f$info$extracted = args$extract_filename; args$extract_filename = build_path_compressed(prefix, args$extract_filename); diff --git a/scripts/policy/frameworks/files/extract-all-files.bro b/scripts/policy/frameworks/files/extract-all-files.bro new file mode 100644 index 0000000000..7bd7b300e9 --- /dev/null +++ b/scripts/policy/frameworks/files/extract-all-files.bro @@ -0,0 +1,8 @@ +##! Extract all files to disk. + +@load base/files/extract + +event file_new(f: fa_file) + { + Files::add_analyzer(f, Files::ANALYZER_EXTRACT); + } diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 0fb74f91cf..dc85986172 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -28,6 +28,7 @@ @load frameworks/intel/seen/where-locations.bro @load frameworks/intel/seen/x509.bro @load frameworks/files/detect-MHR.bro +#@load frameworks/files/extract-all-files.bro @load frameworks/files/hash-all-files.bro @load frameworks/packet-filter/shunt.bro @load frameworks/software/version-changes.bro diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 6956f013bc..63f0a87742 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -124,7 +124,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> 0.000000 MetaHookPost CallFunction(Cluster::is_enabled, , ()) -> -0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> +0.000000 MetaHookPost CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) -> @@ -192,7 +192,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -286,8 +286,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -669,7 +669,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) 0.000000 MetaHookPre CallFunction(Cluster::is_enabled, , ()) -0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) +0.000000 MetaHookPre CallFunction(Files::register_analyzer_add_callback, , (Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)})) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}])) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}])) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) @@ -737,7 +737,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -831,8 +831,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -1213,7 +1213,7 @@ 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) 0.000000 | HookCallFunction Cluster::is_enabled() -0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}) +0.000000 | HookCallFunction Files::register_analyzer_add_callback(Files::ANALYZER_EXTRACT, FileExtract::on_add{ if (!FileExtract::args?$extract_filename) FileExtract::args$extract_filename = cat(extract-, FileExtract::f$last_active, -, FileExtract::f$source, -, FileExtract::f$id)FileExtract::f$info$extracted = FileExtract::args$extract_filenameFileExtract::args$extract_filename = build_path_compressed(FileExtract::prefix, FileExtract::args$extract_filename)mkdir(FileExtract::prefix)}) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_FTP_DATA, [get_file_handle=FTP::get_file_handle{ if (!FTP::c$id$resp_h, FTP::c$id$resp_p in FTP::ftp_data_expected) return ()return (cat(Analyzer::ANALYZER_FTP_DATA, FTP::c$start_time, FTP::c$id, FTP::is_orig))}, describe=FTP::describe_file{ FTP::cid{ if (FTP::f$source != FTP) return ()for ([FTP::cid] in FTP::f$conns) { if (FTP::f$conns[FTP::cid]?$ftp) return (FTP::describe(FTP::f$conns[FTP::cid]$ftp))}return ()}}]) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_HTTP, [get_file_handle=HTTP::get_file_handle{ if (!HTTP::c?$http) return ()if (HTTP::c$http$range_request && !HTTP::is_orig) { return (cat(Analyzer::ANALYZER_HTTP, HTTP::is_orig, HTTP::c$id$orig_h, HTTP::build_url(HTTP::c$http)))}else{ HTTP::mime_depth = HTTP::is_orig ? HTTP::c$http$orig_mime_depth : HTTP::c$http$resp_mime_depthreturn (cat(Analyzer::ANALYZER_HTTP, HTTP::c$start_time, HTTP::is_orig, HTTP::c$http$trans_depth, HTTP::mime_depth, id_string(HTTP::c$id)))}}, describe=HTTP::describe_file{ HTTP::cid{ if (HTTP::f$source != HTTP) return ()for ([HTTP::cid] in HTTP::f$conns) { if (HTTP::f$conns[HTTP::cid]?$http) return (HTTP::build_url_http(HTTP::f$conns[HTTP::cid]$http))}return ()}}]) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}]) @@ -1281,7 +1281,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1375,8 +1375,8 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1425596289.27327, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) diff --git a/testing/btest/scripts/policy/frameworks/files/extract-all.bro b/testing/btest/scripts/policy/frameworks/files/extract-all.bro new file mode 100644 index 0000000000..f54b2e299d --- /dev/null +++ b/testing/btest/scripts/policy/frameworks/files/extract-all.bro @@ -0,0 +1,2 @@ +# @TEST-EXEC: bro -r $TRACES/http/get.trace frameworks/files/extract-all-files +# @TEST-EXEC: grep -q EXTRACT files.log From 46f7d238889af63dedf86f6db45caabb1396386f Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 14:53:11 -0500 Subject: [PATCH 061/121] Fix Broxygen coverage. --- scripts/broxygen/__load__.bro | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro index 8db4a7c1b8..3b78ba8619 100644 --- a/scripts/broxygen/__load__.bro +++ b/scripts/broxygen/__load__.bro @@ -5,6 +5,7 @@ @load frameworks/communication/listen.bro @load frameworks/control/controllee.bro @load frameworks/control/controller.bro +@load frameworks/files/extract-all-files.bro @load policy/misc/dump-events.bro @load ./example.bro From 778b37b5d0cf3612ebbedeb3cb90e9d18fa4adc9 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 14:54:46 -0500 Subject: [PATCH 062/121] Deprecate &rotate_interval, &rotate_size, &encrypt, &mergeable. Addresses BIT-1305. --- doc/script-reference/attributes.rst | 7 ------ src/scan.l | 35 ++++++++++++++++++++++++----- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/doc/script-reference/attributes.rst b/doc/script-reference/attributes.rst index ef6c6a54a1..40646f64f4 100644 --- a/doc/script-reference/attributes.rst +++ b/doc/script-reference/attributes.rst @@ -43,8 +43,6 @@ The Bro scripting language supports the following attributes. +-----------------------------+-----------------------------------------------+ | :bro:attr:`&mergeable` |Prefer set union for synchronized state. | +-----------------------------+-----------------------------------------------+ -| :bro:attr:`&group` |Group event handlers to activate/deactivate. | -+-----------------------------+-----------------------------------------------+ | :bro:attr:`&error_handler` |Used internally for reporter framework events. | +-----------------------------+-----------------------------------------------+ | :bro:attr:`&type_column` |Used by input framework for "port" type. | @@ -198,11 +196,6 @@ Here is a more detailed explanation of each attribute: inconsistencies and can be avoided by unifying the two sets, rather than merely overwriting the old value. -.. bro:attr:: &group - - Groups event handlers such that those in the same group can be - jointly activated or deactivated. - .. bro:attr:: &error_handler Internally set on the events that are associated with the reporter diff --git a/src/scan.l b/src/scan.l index b13215e4b8..896264581b 100644 --- a/src/scan.l +++ b/src/scan.l @@ -56,6 +56,11 @@ char last_tok[128]; if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \ reporter->Error("read failed with \"%s\"", strerror(errno)); +static void deprecated_attr(const char* attr) + { + reporter->Warning("Use of deprecated attribute: %s", attr); + } + static string find_relative_file(const string& filename, const string& ext) { if ( filename.empty() ) @@ -263,20 +268,38 @@ when return TOK_WHEN; &delete_func return TOK_ATTR_DEL_FUNC; &deprecated return TOK_ATTR_DEPRECATED; &raw_output return TOK_ATTR_RAW_OUTPUT; -&encrypt return TOK_ATTR_ENCRYPT; +&encrypt { + deprecated_attr(yytext); + return TOK_ATTR_ENCRYPT; + } &error_handler return TOK_ATTR_ERROR_HANDLER; &expire_func return TOK_ATTR_EXPIRE_FUNC; &log return TOK_ATTR_LOG; -&mergeable return TOK_ATTR_MERGEABLE; +&mergeable { + deprecated_attr(yytext); + return TOK_ATTR_MERGEABLE; + } &optional return TOK_ATTR_OPTIONAL; -&persistent return TOK_ATTR_PERSISTENT; +&persistent { + //deprecated_attr(yytext); + return TOK_ATTR_PERSISTENT; + } &priority return TOK_ATTR_PRIORITY; &type_column return TOK_ATTR_TYPE_COLUMN; &read_expire return TOK_ATTR_EXPIRE_READ; &redef return TOK_ATTR_REDEF; -&rotate_interval return TOK_ATTR_ROTATE_INTERVAL; -&rotate_size return TOK_ATTR_ROTATE_SIZE; -&synchronized return TOK_ATTR_SYNCHRONIZED; +&rotate_interval { + deprecated_attr(yytext); + return TOK_ATTR_ROTATE_INTERVAL; + } +&rotate_size { + deprecated_attr(yytext); + return TOK_ATTR_ROTATE_SIZE; + } +&synchronized { + //deprecated_attr(yytext); + return TOK_ATTR_SYNCHRONIZED; + } &write_expire return TOK_ATTR_EXPIRE_WRITE; @DEBUG return TOK_DEBUG; // marks input for debugger From 5e2defebe5da4ba98b0dce5a1aa3460a999f4c0f Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 13 Mar 2015 15:44:08 -0500 Subject: [PATCH 063/121] Make INSTALL a symlink to doc/install/install.rst BIT-1275 #close --- CHANGES | 6 ++++++ INSTALL | 4 +--- VERSION | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) mode change 100644 => 120000 INSTALL diff --git a/CHANGES b/CHANGES index 84f64034ea..d491a666e8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.3-541 | 2015-03-13 15:44:08 -0500 + + * Make INSTALL a symlink to doc/install/install.rst (Jon siwek) + + * Fix Broxygen coverage. (Jon Siwek) + 2.3-539 | 2015-03-13 14:19:27 -0500 * BIT-1335: Include timestamp in default extracted file names. diff --git a/INSTALL b/INSTALL deleted file mode 100644 index 385dac93df..0000000000 --- a/INSTALL +++ /dev/null @@ -1,3 +0,0 @@ - -See doc/install/install.rst for installation instructions. - diff --git a/INSTALL b/INSTALL new file mode 120000 index 0000000000..95fcc60eda --- /dev/null +++ b/INSTALL @@ -0,0 +1 @@ +doc/install/install.rst \ No newline at end of file diff --git a/VERSION b/VERSION index 64cd9fa66f..711f7a5631 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-539 +2.3-541 From 3ef2cd70a445cc34c0e4e24ee535739b9dd5fd80 Mon Sep 17 00:00:00 2001 From: Pete Nelson Date: Sat, 14 Mar 2015 16:56:35 -0400 Subject: [PATCH 064/121] Add defensive check for localtime_r() call --- src/util.cc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/util.cc b/src/util.cc index ac2a942ed3..0ae397e5b7 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1356,9 +1356,13 @@ double calc_next_rotate(double current, double interval, double base) time_t teatime = time_t(current); struct tm t; - t = *localtime_r(&teatime, &t); - t.tm_hour = t.tm_min = t.tm_sec = 0; - double startofday = mktime(&t); + if ( ! localtime_r(&teatime, &t) ) + { + reporter->Error("calc_next_rotate(): can't parse current time"); + + // fall back to the method used if no base time is given + base = -1; + } if ( base < 0 ) // No base time given. To get nice timestamps, we round @@ -1367,6 +1371,8 @@ double calc_next_rotate(double current, double interval, double base) + interval - current; // current < startofday + base + i * interval <= current + interval + t.tm_hour = t.tm_min = t.tm_sec = 0; + double startofday = mktime(&t); return startofday + base + ceil((current - startofday - base) / interval) * interval - current; From 370f4f2179845324b5669b6444088ca6d775285d Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Mon, 16 Mar 2015 13:32:13 -0400 Subject: [PATCH 065/121] SSH: Add documentation --- scripts/base/init-bare.bro | 6 +- src/analyzer/protocol/ssh/events.bif | 124 ++++++++++++++++++++++++++- 2 files changed, 126 insertions(+), 4 deletions(-) diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index ac73ba980d..e3b6a2ebd5 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -2227,7 +2227,11 @@ export { server_to_client: vector of string &optional; }; - ## SSH Capability record + ## This record lists the preferences of an SSH endpoint for + ## algorithm selection. During the initial :abbr:`SSH (Secure Shell)` + ## key exchange, each endpoint lists the algorithms + ## that it supports, in order of preference. See + ## :rfc:`4253#section-7.1` for details. type Capabilities: record { ## Key exchange algorithms kex_algorithms: string_vec; diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index c2b4e95673..d60e06f458 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -1,15 +1,133 @@ +## An :abbr:`SSH (Secure Shell)` Protocol Version Exchange message +## from the server. This contains an identification string that's used +## for version identification. See :rfc:`4253#section-4.2` for +## details. +## +## c: The connection over which the message was sent. +## +## version: The identification string +## +## .. bro:see:: ssh_client_version ssh_auth_successful ssh_auth_failed +## ssh_capabilities ssh2_server_host_key ssh1_server_host_key +## ssh_encrypted_packet event ssh_server_version%(c: connection, version: string%); +## An :abbr:`SSH (Secure Shell)` Protocol Version Exchange message +## from the client. This contains an identification string that's used +## for version identification. See :rfc:`4253#section-4.2` for +## details. +## +## c: The connection over which the message was sent. +## +## version: The identification string +## +## .. bro:see:: ssh_server_version ssh_auth_successful ssh_auth_failed +## ssh_capabilities ssh2_server_host_key ssh1_server_host_key +## ssh_encrypted_packet event ssh_client_version%(c: connection, version: string%); +## This event is generated when an :abbr:`SSH (Secure Shell)` +## connection was determined to have had a successful +## authentication. This determination is based on packet size +## analysis, and errs on the side of caution - that is, if there's any +## doubt about the authentication success, this event is *not* raised. +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## auth_method_none: This is true if the analyzer detected a +## successful connection before any authentication challenge. The +## :abbr:`SSH (Secure Shell)` protocol provides a mechanism for +## unauthenticated access, which some servers support. +## +## .. bro:see:: ssh_server_version ssh_client_version ssh_auth_failed +## ssh_capabilities ssh2_server_host_key ssh1_server_host_key +## ssh_encrypted_packet event ssh_auth_successful%(c: connection, auth_method_none: bool%); +## This event is generated when an :abbr:`SSH (Secure Shell)` +## connection was determined to have had a failed authentication. This +## determination is based on packet size analysis, and errs on the +## side of caution - that is, if there's any doubt about the +## authentication failure, this event is *not* raised. +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_capabilities ssh2_server_host_key +## ssh1_server_host_key ssh_encrypted_packet event ssh_auth_failed%(c: connection%); -event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); - +## During the initial :abbr:`SSH (Secure Shell)` key exchange, each +## endpoint lists the algorithms that it supports, in order of +## preference. This event is generated for each endpoint, when the +## SSH_MSG_KEXINIT message is seen. See :rfc:`4253#section-7.1` for +## details. +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## cookie: The SSH_MSG_KEXINIT cookie - a random value generated by +## the sender. +## +## capabilities: The list of algorithms and languages that the sender +## advertises support for, in order of preference. +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh2_server_host_key +## ssh1_server_host_key ssh_encrypted_packet event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabilities%); +## During the :abbr:`SSH (Secure Shell)` key exchange, the server +## supplies its public host key. This event is generated when the +## appropriate key exchange message is seen for SSH2. +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## key: The server's public host key. Note that this is the public key +## itself, and not just the fingerprint or hash. +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh_capabilities +## ssh1_server_host_key ssh_encrypted_packet event ssh2_server_host_key%(c: connection, key: string%); -event ssh1_server_host_key%(c: connection, p: string, e: string%); \ No newline at end of file +## During the :abbr:`SSH (Secure Shell)` key exchange, the server +## supplies its public host key. This event is generated when the +## appropriate key exchange message is seen for SSH1. +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## p: The prime for the server's public host key. +## +## e: The exponent for the serer's public host key. +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh_capabilities +## ssh2_server_host_key ssh_encrypted_packet +event ssh1_server_host_key%(c: connection, p: string, e: string%); + +## This event is generated when an :abbr:`SSH (Secure Shell)` +## encrypted packet is seen. This event is not handled by default, but +## is provided for heuristic analysis scripts. Note that there *is* a +## performance penalty for enabling this event. If you would like to +## use this event, also see +## :bro:id:`SSH::skip_processing_after_detection` +## +## c: The connection over which the :abbr:`SSH (Secure Shell)` +## connection took place. +## +## orig: Whether the packet was sent by the originator of the TCP +## connection. +## +## len: The length of the :abbr:`SSH (Secure Shell)` payload, in +## bytes. Note that this ignores reassembly, as this is unknown. +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh_capabilities +## ssh2_server_host_key ssh1_server_host_key +event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); + From 8218461d3515294de4f3d5697310c06432e1a623 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Mon, 16 Mar 2015 13:50:43 -0400 Subject: [PATCH 066/121] Update SSH policy scripts with new events. --- scripts/base/protocols/ssh/main.bro | 8 ++++---- scripts/policy/protocols/ssh/detect-bruteforcing.bro | 4 ++-- scripts/policy/protocols/ssh/geo-data.bro | 4 ++-- scripts/policy/protocols/ssh/interesting-hostnames.bro | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index ea5b60f002..7b38cdd406 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -58,12 +58,12 @@ export { } redef record Info += { - ## This connection has been logged (internal use) + # This connection has been logged (internal use) logged: bool &default=F; - ## Number of failures seen (internal use) + # Number of failures seen (internal use) num_failures: count &default=0; - ## Store capabilities from the first host for - ## comparison with the second (internal use) + # Store capabilities from the first host for + # comparison with the second (internal use) capabilities: Capabilities &optional; }; diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index ba889cbf3c..81631e6c4d 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -70,7 +70,7 @@ event bro_init() }]); } -event SSH::heuristic_successful_login(c: connection) +event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) { local id = c$id; @@ -79,7 +79,7 @@ event SSH::heuristic_successful_login(c: connection) $where=SSH::SUCCESSFUL_LOGIN]); } -event SSH::heuristic_failed_login(c: connection) +event SSH::ssh_auth_failed(c: connection) { local id = c$id; diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro index a5fed986ef..00b52058a1 100644 --- a/scripts/policy/protocols/ssh/geo-data.bro +++ b/scripts/policy/protocols/ssh/geo-data.bro @@ -30,7 +30,7 @@ function get_location(c: connection): geo_location return lookup_location(lookup_ip); } -event SSH::heuristic_successful_login(c: connection) &priority=5 +event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); @@ -45,7 +45,7 @@ event SSH::heuristic_successful_login(c: connection) &priority=5 } } -event SSH::heuristic_failed_login(c: connection) &priority=5 +event SSH::ssh_auth_failed(c: connection) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro index f9b3636e62..e43349c030 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.bro +++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro @@ -27,7 +27,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::heuristic_successful_login(c: connection) +event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { From 65d982acc14192737c365284e34778878412d497 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Mon, 16 Mar 2015 16:12:18 -0400 Subject: [PATCH 067/121] Update baselines for new SSH analyzer. --- .../Baseline/core.print-bpf-filters/output2 | 9 +++--- .../btest/Baseline/core.tunnels.gre/ssh.log | 10 +++---- .../canonified_loaded_scripts.log | 5 ++-- .../canonified_loaded_scripts.log | 5 ++-- testing/btest/Baseline/plugins.hooks/output | 29 +++++++------------ 5 files changed, 26 insertions(+), 32 deletions(-) diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2 index f843da2909..742ca5d1f2 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/output2 +++ b/testing/btest/Baseline/core.print-bpf-filters/output2 @@ -8,7 +8,6 @@ 1 21 1 2123 1 2152 -1 22 1 25 1 2811 1 3128 @@ -44,8 +43,8 @@ 1 992 1 993 1 995 -49 and -48 or -49 port -34 tcp +48 and +47 or +48 port +33 tcp 15 udp diff --git a/testing/btest/Baseline/core.tunnels.gre/ssh.log b/testing/btest/Baseline/core.tunnels.gre/ssh.log index 5b05545bd0..6550c463de 100644 --- a/testing/btest/Baseline/core.tunnels.gre/ssh.log +++ b/testing/btest/Baseline/core.tunnels.gre/ssh.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path ssh -#open 2014-01-16-21-51-12 -#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p status direction client server -#types time string addr port addr port string enum string string -1055289978.855137 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 failure INBOUND SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 -#close 2014-01-16-21-51-12 +#open 2015-03-16-19-39-16 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key +#types time string addr port addr port count bool enum string string string string string string string string +1055289978.855543 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 2 - - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa - +#close 2015-03-16-19-39-16 diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index b94df659b4..b32d0fee7a 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2014-10-31-20-38-14 +#open 2015-03-16-19-43-09 #fields name #types string scripts/base/init-bare.bro @@ -88,6 +88,7 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro + build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro @@ -115,4 +116,4 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro scripts/policy/misc/loaded-scripts.bro scripts/base/utils/paths.bro -#close 2014-10-31-20-38-14 +#close 2015-03-16-19-43-09 diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index 67de0fc1dc..d822ca8d65 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path loaded_scripts -#open 2014-10-31-20-38-48 +#open 2015-03-16-19-44-07 #fields name #types string scripts/base/init-bare.bro @@ -88,6 +88,7 @@ scripts/base/init-bare.bro build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro + build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro @@ -247,4 +248,4 @@ scripts/base/init-default.bro scripts/base/misc/find-checksum-offloading.bro scripts/base/misc/find-filtered-trace.bro scripts/policy/misc/loaded-scripts.bro -#close 2014-10-31-20-38-48 +#close 2015-03-16-19-44-07 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 927a64692f..55382364e2 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -37,7 +37,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) -> @@ -90,7 +89,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) -> @@ -118,7 +116,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSH, {22/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> @@ -191,7 +188,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, (PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, (Conn::LOG)) -> @@ -285,8 +282,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, (PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) -> @@ -381,6 +378,7 @@ 0.000000 MetaHookPost LoadFile(./Bro_SQLiteReader.sqlite.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_SQLiteWriter.sqlite.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_SSH.events.bif.bro) -> -1 +0.000000 MetaHookPost LoadFile(./Bro_SSH.types.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_SSL.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_SteppingStone.events.bif.bro) -> -1 0.000000 MetaHookPost LoadFile(./Bro_Syslog.events.bif.bro) -> -1 @@ -576,7 +574,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) @@ -629,7 +626,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 161/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SNMP, 162/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSH, 22/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 443/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 5223/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, (Analyzer::ANALYZER_SSL, 563/tcp)) @@ -657,7 +653,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSH, {22/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_SYSLOG, {514/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, (Analyzer::ANALYZER_TEREDO, {3544/udp})) @@ -730,7 +725,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, (PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, (Conn::LOG)) @@ -824,8 +819,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::default_path_func, (PacketFilter::LOG, , [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, (PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, (ip or not ip, and, )) @@ -920,6 +915,7 @@ 0.000000 MetaHookPre LoadFile(./Bro_SQLiteReader.sqlite.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_SQLiteWriter.sqlite.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_SSH.events.bif.bro) +0.000000 MetaHookPre LoadFile(./Bro_SSH.types.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_SSL.events.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_SteppingStone.events.bif.bro) 0.000000 MetaHookPre LoadFile(./Bro_Syslog.events.bif.bro) @@ -1115,7 +1111,6 @@ 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) -0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) @@ -1168,7 +1163,6 @@ 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 161/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SNMP, 162/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SOCKS, 1080/tcp) -0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 22/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 443/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 5223/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_SSL, 563/tcp) @@ -1196,7 +1190,6 @@ 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp}) -0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {5223<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp}) @@ -1269,7 +1262,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1363,8 +1356,8 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1421870896.278622, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426535272.39213, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) From c09411bc8b191574ee7e0f2910ea486586b55455 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 16 Mar 2015 15:12:48 -0500 Subject: [PATCH 068/121] BIT-1077: fix HTTP::log_server_header_names. Before, it just re-logged fields from the client side. --- .../policy/protocols/http/header-names.bro | 27 +++++++++++-------- .../http.log | 23 ++++++++++++++++ .../policy/protocols/http/header-names.bro | 5 ++++ 3 files changed, 44 insertions(+), 11 deletions(-) create mode 100644 testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log create mode 100644 testing/btest/scripts/policy/protocols/http/header-names.bro diff --git a/scripts/policy/protocols/http/header-names.bro b/scripts/policy/protocols/http/header-names.bro index 5aefdad538..ed3f9380a7 100644 --- a/scripts/policy/protocols/http/header-names.bro +++ b/scripts/policy/protocols/http/header-names.bro @@ -26,20 +26,25 @@ export { event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3 { - if ( ! is_orig || ! c?$http ) + if ( ! c?$http ) return; - - if ( log_client_header_names ) + + if ( is_orig ) { - if ( ! c$http?$client_header_names ) - c$http$client_header_names = vector(); - c$http$client_header_names[|c$http$client_header_names|] = name; + if ( log_client_header_names ) + { + if ( ! c$http?$client_header_names ) + c$http$client_header_names = vector(); + c$http$client_header_names[|c$http$client_header_names|] = name; + } } - - if ( log_server_header_names ) + else { - if ( ! c$http?$server_header_names ) - c$http$server_header_names = vector(); - c$http$server_header_names[|c$http$server_header_names|] = name; + if ( log_server_header_names ) + { + if ( ! c$http?$server_header_names ) + c$http$server_header_names = vector(); + c$http$server_header_names[|c$http$server_header_names|] = name; + } } } diff --git a/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log new file mode 100644 index 0000000000..ca510300c2 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.http.header-names/http.log @@ -0,0 +1,23 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2015-03-16-20-10-52 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied orig_fuids orig_mime_types resp_fuids resp_mime_types client_header_names server_header_names +#types time string addr port addr port count string string string string string count count count string count string string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +1300475168.784020 CRJuHdVW0XPVINV8a 141.142.220.118 48649 208.80.152.118 80 1 GET bits.wikimedia.org /skins-1.5/monobook/main.css http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,VIA,X-VARNISH,LAST-MODIFIED,ETAG,VARY,CONNECTION +1300475168.916018 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/6/63/Wikipedia-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.916183 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/b/bb/Wikipedia_wordmark.svg/174px-Wikipedia_wordmark.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.918358 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/b/bd/Bookshelf-40x201_6.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952307 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/8/8a/Wikinews-logo.png/35px-Wikinews-logo.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.952296 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/4/4a/Wiktionary-logo-en-35px.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.954820 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 1 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.962687 Cn78a440HlxuyZKs6f 141.142.220.118 35642 208.80.152.2 80 1 GET meta.wikimedia.org /images/wikimedia-button.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,EXPIRES,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.975934 CJ3xTn1c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.976436 C7XEbhP654jzLoe3a 141.142.220.118 49996 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475168.979264 C3SfNE4BWaU4aSuwkc 141.142.220.118 49998 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014619 CyAhVIzHqb7t7kv28 141.142.220.118 50000 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/4/4a/Commons-logo.svg/35px-Commons-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014593 CzA03V1VcgagLjnO92 141.142.220.118 49999 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/9/91/Wikiversity-logo.svg/35px-Wikiversity-logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +1300475169.014927 CkDsfG2YIeWJmXWNWj 141.142.220.118 50001 208.80.152.3 80 2 GET upload.wikimedia.org /wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png http://www.wikipedia.org/ Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110303 Ubuntu/10.04 (lucid) Firefox/3.6.15 0 0 304 Not Modified - - - (empty) - - - - - - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,IF-MODIFIED-SINCE,IF-NONE-MATCH,CACHE-CONTROL DATE,CONTENT-TYPE,LAST-MODIFIED,ETAG,AGE,X-CACHE,X-CACHE-LOOKUP,X-CACHE,X-CACHE-LOOKUP,CONNECTION +#close 2015-03-16-20-10-52 diff --git a/testing/btest/scripts/policy/protocols/http/header-names.bro b/testing/btest/scripts/policy/protocols/http/header-names.bro new file mode 100644 index 0000000000..30b1de7fdb --- /dev/null +++ b/testing/btest/scripts/policy/protocols/http/header-names.bro @@ -0,0 +1,5 @@ +# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT +# @TEST-EXEC: btest-diff http.log + +@load protocols/http/header-names +redef HTTP::log_server_header_names=T; From 1d40d5c6e93132657c0aaabdfd395cba3846e080 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Mar 2015 09:02:12 -0700 Subject: [PATCH 069/121] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 1a2ab9ee7c..694af9d9ed 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 1a2ab9ee7c80ca905e86a2a11283e7c0477341a9 +Subproject commit 694af9d9edd188a461cc762bfdb7b61688b93ada From 62a3a23a2bbacad4bc3043bf71c0e95f3f106ea0 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Mar 2015 09:02:46 -0700 Subject: [PATCH 070/121] Updating submodule(s). [nomail] --- aux/broker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broker b/aux/broker index 694af9d9ed..1a2ab9ee7c 160000 --- a/aux/broker +++ b/aux/broker @@ -1 +1 @@ -Subproject commit 694af9d9edd188a461cc762bfdb7b61688b93ada +Subproject commit 1a2ab9ee7c80ca905e86a2a11283e7c0477341a9 From 0cffee7694af9f2c0decc6bba7728349259b2c00 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 17 Mar 2015 12:33:09 -0400 Subject: [PATCH 071/121] SSH: Intel framework integration (PUBKEY_HASH) --- scripts/base/frameworks/intel/main.bro | 2 ++ scripts/base/protocols/ssh/main.bro | 10 +++++++--- .../policy/frameworks/intel/seen/pubkey-hashes.bro | 11 +++++++++++ .../policy/frameworks/intel/seen/where-locations.bro | 1 + 4 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 scripts/policy/frameworks/intel/seen/pubkey-hashes.bro diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro index 4866766df4..e0ba69659f 100644 --- a/scripts/base/frameworks/intel/main.bro +++ b/scripts/base/frameworks/intel/main.bro @@ -32,6 +32,8 @@ export { FILE_NAME, ## Certificate SHA-1 hash. CERT_HASH, + ## Public key MD5 hash. (SSH server host keys are a good example.) + PUBKEY_HASH, }; ## Data about an :bro:type:`Intel::Item`. diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 7b38cdd406..0e6110440f 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -55,6 +55,11 @@ export { ## Event that can be handled to access the SSH record as it is sent on ## to the logging framework. global log_ssh: event(rec: Info); + + ## Event that can be handled when the analyzer sees an SSH server host + ## key. This abstracts :bro:id:`SSH::ssh1_server_host_key` and + ## :bro:id:`SSH::ssh2_server_host_key`. + global ssh_server_host_key: event(c: connection, hash string); } redef record Info += { @@ -212,13 +217,12 @@ function generate_fingerprint(c: connection, key: string) c$ssh$host_key = sub(join_string_vec(lx, ":"), /:/, ""); } -event ssh1_server_host_key(c: connection, p: string, e: string) +event ssh1_server_host_key(c: connection, p: string, e: string) &priority=5 { generate_fingerprint(c, e + p); } -event ssh_server_host_key(c: connection, key: string) +event ssh2_server_host_key(c: connection, key: string) &priority=5 { generate_fingerprint(c, key); } - diff --git a/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro b/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro new file mode 100644 index 0000000000..5301ffb079 --- /dev/null +++ b/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro @@ -0,0 +1,11 @@ +@load base/frameworks/intel +@load ./where-locations + +event ssh_server_host_key(c: connection, hash: string) + { + local seen = Intel::Seen($indicator=hash, + $indicator_type=Intel::PUBKEY_HASH, + $conn=c, + $where=SSH::IN_SERVER_HOST_KEY); + Intel::seen(seen); + } diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.bro index b9b4325bc1..f286cc2ff7 100644 --- a/scripts/policy/frameworks/intel/seen/where-locations.bro +++ b/scripts/policy/frameworks/intel/seen/where-locations.bro @@ -21,6 +21,7 @@ export { SMTP::IN_REPLY_TO, SMTP::IN_X_ORIGINATING_IP_HEADER, SMTP::IN_MESSAGE, + SSH::IN_SERVER_HOST_KEY, SSL::IN_SERVER_NAME, SMTP::IN_HEADER, X509::IN_CERT, From e291ccc14a17a2c14afc9ab07d05576d2de95f5f Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 17 Mar 2015 12:51:57 -0700 Subject: [PATCH 072/121] add x509 canonifiers to test to not make it fail on differing openssl versions. --- .../scripts/policy/protocols/ssl/validate-certs-no-cache.bro | 2 +- testing/btest/scripts/policy/protocols/ssl/validate-certs.bro | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro index 1bca5b5c50..343b2fb196 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro @@ -1,5 +1,5 @@ # @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT -# @TEST-EXEC: btest-diff ssl.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log @load protocols/ssl/validate-certs.bro diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro index 19fca8cb89..40e5e09361 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro @@ -2,6 +2,6 @@ # @TEST-EXEC: cat ssl.log > ssl-all.log # @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT # @TEST-EXEC: cat ssl.log >> ssl-all.log -# @TEST-EXEC: btest-diff ssl-all.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log @load protocols/ssl/validate-certs.bro From d2366438948049e4fad46300fbac805f0b45dcae Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Tue, 17 Mar 2015 13:45:00 -0700 Subject: [PATCH 073/121] Make error message when encountering not existing enums better. Example: internal error: Value not 'NoSuch::Notice' for stream 'ignored_notices' is not a valid enum. Abort trap: 6 Addresses BIT-1199 --- src/input/Manager.cc | 82 ++++++++++++++++++++------------------ src/input/Manager.h | 8 ++-- src/input/ReaderBackend.cc | 2 +- 3 files changed, 49 insertions(+), 43 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 044f9fcae3..ac79257ad9 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -971,7 +971,7 @@ Val* Manager::RecordValToIndexVal(RecordVal *r) } -Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Value* const *vals) +Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals) { Val* idxval; int position = 0; @@ -979,7 +979,7 @@ Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Valu if ( num_fields == 1 && type->FieldType(0)->Tag() != TYPE_RECORD ) { - idxval = ValueToVal(vals[0], type->FieldType(0)); + idxval = ValueToVal(i, vals[0], type->FieldType(0)); position = 1; } else @@ -988,11 +988,11 @@ Val* Manager::ValueToIndexVal(int num_fields, const RecordType *type, const Valu for ( int j = 0 ; j < type->NumFields(); j++ ) { if ( type->FieldType(j)->Tag() == TYPE_RECORD ) - l->Append(ValueToRecordVal(vals, + l->Append(ValueToRecordVal(i, vals, type->FieldType(j)->AsRecordType(), &position)); else { - l->Append(ValueToVal(vals[position], type->FieldType(j))); + l->Append(ValueToVal(i, vals[position], type->FieldType(j))); position++; } } @@ -1107,10 +1107,10 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) valval = 0; else if ( stream->num_val_fields == 1 && !stream->want_record ) - valval = ValueToVal(vals[position], stream->rtype->FieldType(0)); + valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0)); else - valval = ValueToRecordVal(vals, stream->rtype, &position); + valval = ValueToRecordVal(i, vals, stream->rtype, &position); // call stream first to determine if we really add / change the entry @@ -1118,7 +1118,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - predidx = ValueToRecordVal(vals, stream->itype, &startpos); + predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); if ( updated ) ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); @@ -1168,7 +1168,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) // I think there is an unref missing here. But if I insert is, it crashes :) } else - idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals); + idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); Val* oldval = 0; if ( updated == true ) @@ -1203,7 +1203,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); if ( updated ) { // in case of update send back the old value. @@ -1427,7 +1427,7 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * if ( stream->want_record ) { - RecordVal * r = ValueToRecordVal(vals, stream->fields, &position); + RecordVal * r = ValueToRecordVal(i, vals, stream->fields, &position); out_vals.push_back(r); } @@ -1438,13 +1438,13 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * Val* val = 0; if ( stream->fields->FieldType(j)->Tag() == TYPE_RECORD ) - val = ValueToRecordVal(vals, + val = ValueToRecordVal(i, vals, stream->fields->FieldType(j)->AsRecordType(), &position); else { - val = ValueToVal(vals[position], stream->fields->FieldType(j)); + val = ValueToVal(i, vals[position], stream->fields->FieldType(j)); position++; } @@ -1464,7 +1464,7 @@ int Manager::PutTable(Stream* i, const Value* const *vals) assert(i->stream_type == TABLE_STREAM); TableStream* stream = (TableStream*) i; - Val* idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals); + Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); Val* valval; int position = stream->num_idx_fields; @@ -1473,9 +1473,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals) valval = 0; else if ( stream->num_val_fields == 1 && stream->want_record == 0 ) - valval = ValueToVal(vals[position], stream->rtype->FieldType(0)); + valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0)); else - valval = ValueToRecordVal(vals, stream->rtype, &position); + valval = ValueToRecordVal(i, vals, stream->rtype, &position); // if we have a subscribed event, we need to figure out, if this is an update or not // same for predicates @@ -1503,7 +1503,7 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); if ( updated ) ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, @@ -1538,7 +1538,7 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); if ( updated ) { @@ -1612,7 +1612,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) if ( i->stream_type == TABLE_STREAM ) { TableStream* stream = (TableStream*) i; - Val* idxval = ValueToIndexVal(stream->num_idx_fields, stream->itype, vals); + Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); assert(idxval != 0); readVals = stream->num_idx_fields + stream->num_val_fields; bool streamresult = true; @@ -1626,7 +1626,7 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) Ref(val); EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); int startpos = 0; - Val* predidx = ValueToRecordVal(vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); streamresult = CallPred(stream->pred, 3, ev, predidx, val); @@ -1708,8 +1708,15 @@ bool Manager::CallPred(Func* pred_func, const int numvals, ...) return result; } -bool Manager::SendEvent(const string& name, const int num_vals, Value* *vals) +bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, Value* *vals) { + Stream *i = FindStream(reader); + if ( i == 0 ) + { + reporter->InternalWarning("Unknown reader %s in SendEvent for event %s", reader->Name(), name.c_str()); + return false; + } + EventHandler* handler = event_registry->Lookup(name.c_str()); if ( handler == 0 ) { @@ -1733,8 +1740,8 @@ bool Manager::SendEvent(const string& name, const int num_vals, Value* *vals) } val_list* vl = new val_list; - for ( int i = 0; i < num_vals; i++) - vl->append(ValueToVal(vals[i], type->FieldType(i))); + for ( int j = 0; j < num_vals; j++) + vl->append(ValueToVal(i, vals[j], type->FieldType(j))); mgr.QueueEvent(handler, vl, SOURCE_LOCAL); @@ -1809,7 +1816,7 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type, } // Convert a threading value to a record value -RecordVal* Manager::ValueToRecordVal(const Value* const *vals, +RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *vals, RecordType *request_type, int* position) { assert(position != 0); // we need the pointer to point to data. @@ -1819,7 +1826,7 @@ RecordVal* Manager::ValueToRecordVal(const Value* const *vals, { Val* fieldVal = 0; if ( request_type->FieldType(i)->Tag() == TYPE_RECORD ) - fieldVal = ValueToRecordVal(vals, request_type->FieldType(i)->AsRecordType(), position); + fieldVal = ValueToRecordVal(stream, vals, request_type->FieldType(i)->AsRecordType(), position); else if ( request_type->FieldType(i)->Tag() == TYPE_FILE || request_type->FieldType(i)->Tag() == TYPE_FUNC ) { @@ -1834,7 +1841,7 @@ RecordVal* Manager::ValueToRecordVal(const Value* const *vals, } else { - fieldVal = ValueToVal(vals[*position], request_type->FieldType(i)); + fieldVal = ValueToVal(stream, vals[*position], request_type->FieldType(i)); (*position)++; } @@ -2103,12 +2110,12 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals) } // convert threading value to Bro value -Val* Manager::ValueToVal(const Value* val, BroType* request_type) +Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type) { if ( request_type->Tag() != TYPE_ANY && request_type->Tag() != val->type ) { - reporter->InternalError("Typetags don't match: %d vs %d", request_type->Tag(), val->type); + reporter->InternalError("Typetags don't match: %d vs %d in stream %s", request_type->Tag(), val->type, i->name.c_str()); return 0; } @@ -2189,9 +2196,9 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) set_index->Append(type->Ref()); SetType* s = new SetType(set_index, 0); TableVal* t = new TableVal(s); - for ( int i = 0; i < val->val.set_val.size; i++ ) + for ( int j = 0; j < val->val.set_val.size; j++ ) { - Val* assignval = ValueToVal( val->val.set_val.vals[i], type ); + Val* assignval = ValueToVal(i, val->val.set_val.vals[j], type); t->Assign(assignval, 0); Unref(assignval); // idex is not consumed by assign. } @@ -2206,8 +2213,8 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) BroType* type = request_type->AsVectorType()->YieldType(); VectorType* vt = new VectorType(type->Ref()); VectorVal* v = new VectorVal(vt); - for ( int i = 0; i < val->val.vector_val.size; i++ ) - v->Assign(i, ValueToVal( val->val.set_val.vals[i], type )); + for ( int j = 0; j < val->val.vector_val.size; j++ ) + v->Assign(j, ValueToVal(i, val->val.set_val.vals[j], type)); Unref(vt); return v; @@ -2216,25 +2223,24 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) case TYPE_ENUM: { // Convert to string first to not have to deal with missing // \0's... - string module_string(val->val.string_val.data, val->val.string_val.length); - string var_string(val->val.string_val.data, val->val.string_val.length); + string enum_string(val->val.string_val.data, val->val.string_val.length); - string module = extract_module_name(module_string.c_str()); - string var = extract_var_name(var_string.c_str()); + string module = extract_module_name(enum_string.c_str()); + string var = extract_var_name(enum_string.c_str()); // Well, this is kind of stupid, because EnumType just // mangles the module name and the var name together again... // but well. bro_int_t index = request_type->AsEnumType()->Lookup(module, var.c_str()); if ( index == -1 ) - reporter->InternalError("Value not found in enum mappimg. Module: %s, var: %s, var size: %zu", - module.c_str(), var.c_str(), var.size()); + reporter->InternalError("Value not '%s' for stream '%s' is not a valid enum.", + enum_string.c_str(), i->name.c_str()); return new EnumVal(index, request_type->Ref()->AsEnumType()); } default: - reporter->InternalError("unsupported type for input_read"); + reporter->InternalError("Unsupported type for input_read in stream %s", i->name.c_str()); } assert(false); diff --git a/src/input/Manager.h b/src/input/Manager.h index cfac803129..551eeaecf3 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -129,7 +129,7 @@ protected: // Allows readers to directly send Bro events. The num_vals and vals // must be the same the named event expects. Takes ownership of // threading::Value fields. - bool SendEvent(const string& name, const int num_vals, threading::Value* *vals); + bool SendEvent(ReaderFrontend* reader, const string& name, const int num_vals, threading::Value* *vals); // Instantiates a new ReaderBackend of the given type (note that // doing so creates a new thread!). @@ -205,14 +205,14 @@ private: // Convert Threading::Value to an internal Bro Type (works also with // Records). - Val* ValueToVal(const threading::Value* val, BroType* request_type); + Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type); // Convert Threading::Value to an internal Bro List type. - Val* ValueToIndexVal(int num_fields, const RecordType* type, const threading::Value* const *vals); + Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals); // Converts a threading::value to a record type. Mostly used by // ValueToVal. - RecordVal* ValueToRecordVal(const threading::Value* const *vals, RecordType *request_type, int* position); + RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position); Val* RecordValToIndexVal(RecordVal *r); diff --git a/src/input/ReaderBackend.cc b/src/input/ReaderBackend.cc index 72043c5932..685ada56aa 100644 --- a/src/input/ReaderBackend.cc +++ b/src/input/ReaderBackend.cc @@ -64,7 +64,7 @@ public: virtual bool Process() { - bool success = input_mgr->SendEvent(name, num_vals, val); + bool success = input_mgr->SendEvent(Object(), name, num_vals, val); if ( ! success ) reporter->Error("SendEvent for event %s failed", name); From 468e7bbce253428bc2a39dcef36c85fee4e3c2a7 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Mar 2015 15:40:39 -0700 Subject: [PATCH 074/121] Increasing a test timeout to not fail on slower machines. --- CHANGES | 2 +- VERSION | 2 +- .../scripts/policy/protocols/ssl/validate-certs-cluster.bro | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 529e06c643..865052fa1c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.3-553 | 2015-03-17 14:33:23 -0700 +2.3-554 | 2015-03-17 15:40:39 -0700 * Deprecate &rotate_interval, &rotate_size, &encrypt. Addresses BIT-1305. (Jon Siwek) diff --git a/VERSION b/VERSION index 78bd132a6d..1b240f1fbf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-553 +2.3-554 diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro index db9c6cd9da..795aa78c40 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro @@ -7,7 +7,7 @@ # @TEST-EXEC: sleep 1 # @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT" # @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT" -# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: cat manager-1/ssl*.log > ssl.log # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log # From d3afe97f83a10f2395621de8b4c0966ad426e904 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Tue, 17 Mar 2015 15:52:17 -0700 Subject: [PATCH 075/121] Splitting test-all target into Bro tests and test-aux. Also making failure of one sub-suite non-fatal. --- CHANGES | 5 +++++ Makefile | 14 ++++++++------ VERSION | 2 +- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 865052fa1c..ecc7ae90d6 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-555 | 2015-03-17 15:57:13 -0700 + + * Splitting test-all Makefile target into Bro tests and test-aux. + (Robin Sommer) + 2.3-554 | 2015-03-17 15:40:39 -0700 * Deprecate &rotate_interval, &rotate_size, &encrypt. Addresses diff --git a/Makefile b/Makefile index 207ce72780..3efddc4dbc 100644 --- a/Makefile +++ b/Makefile @@ -51,13 +51,15 @@ distclean: $(MAKE) -C testing $@ test: - @( cd testing && make ) + -@( cd testing && make ) -test-all: test - test -d aux/broctl && ( cd aux/broctl && make test-all ) - test -d aux/btest && ( cd aux/btest && make test ) - test -d aux/bro-aux && ( cd aux/bro-aux && make test ) - test -d aux/plugins && ( cd aux/plugins && make test-all ) +test-aux: + -test -d aux/broctl && ( cd aux/broctl && make test-all ) + -test -d aux/btest && ( cd aux/btest && make test ) + -test -d aux/bro-aux && ( cd aux/bro-aux && make test ) + -test -d aux/plugins && ( cd aux/plugins && make test-all ) + +test-all: test test-aux configured: @test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 ) diff --git a/VERSION b/VERSION index 1b240f1fbf..5195f911b3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-554 +2.3-555 From 567073ac09fcf2d5fa6fa6bd83f24549a467c1bc Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 18 Mar 2015 08:46:56 -0700 Subject: [PATCH 076/121] Updating submodule(s). [nomail] --- aux/plugins | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/plugins b/aux/plugins index 71d820e9d8..172e0559ec 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 71d820e9d8ca753fea8fb34ea3987993b28d79e4 +Subproject commit 172e0559ec508c86abb81b371ee28e79130faec6 From 61c94d1809a613cb291b582c092b3ffcb8a61de1 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 18 Mar 2015 12:52:46 -0400 Subject: [PATCH 077/121] SSH: Added some more events for SSH2 --- scripts/base/protocols/ssh/main.bro | 2 +- src/analyzer/protocol/ssh/events.bif | 78 +++++++++++++++++++--- src/analyzer/protocol/ssh/ssh-analyzer.pac | 54 ++++++++++++++- 3 files changed, 124 insertions(+), 10 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 0e6110440f..08f5eef38e 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -59,7 +59,7 @@ export { ## Event that can be handled when the analyzer sees an SSH server host ## key. This abstracts :bro:id:`SSH::ssh1_server_host_key` and ## :bro:id:`SSH::ssh2_server_host_key`. - global ssh_server_host_key: event(c: connection, hash string); + global ssh_server_host_key: event(c: connection, hash: string); } redef record Info += { diff --git a/src/analyzer/protocol/ssh/events.bif b/src/analyzer/protocol/ssh/events.bif index d60e06f458..02ac4cd0f1 100644 --- a/src/analyzer/protocol/ssh/events.bif +++ b/src/analyzer/protocol/ssh/events.bif @@ -9,7 +9,8 @@ ## ## .. bro:see:: ssh_client_version ssh_auth_successful ssh_auth_failed ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key -## ssh_encrypted_packet +## ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_server_version%(c: connection, version: string%); ## An :abbr:`SSH (Secure Shell)` Protocol Version Exchange message @@ -23,7 +24,8 @@ event ssh_server_version%(c: connection, version: string%); ## ## .. bro:see:: ssh_server_version ssh_auth_successful ssh_auth_failed ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key -## ssh_encrypted_packet +## ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_client_version%(c: connection, version: string%); ## This event is generated when an :abbr:`SSH (Secure Shell)` @@ -42,7 +44,8 @@ event ssh_client_version%(c: connection, version: string%); ## ## .. bro:see:: ssh_server_version ssh_client_version ssh_auth_failed ## ssh_capabilities ssh2_server_host_key ssh1_server_host_key -## ssh_encrypted_packet +## ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_auth_successful%(c: connection, auth_method_none: bool%); ## This event is generated when an :abbr:`SSH (Secure Shell)` @@ -56,7 +59,8 @@ event ssh_auth_successful%(c: connection, auth_method_none: bool%); ## ## .. bro:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_capabilities ssh2_server_host_key -## ssh1_server_host_key ssh_encrypted_packet +## ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_auth_failed%(c: connection%); ## During the initial :abbr:`SSH (Secure Shell)` key exchange, each @@ -76,7 +80,8 @@ event ssh_auth_failed%(c: connection%); ## ## .. bro:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh2_server_host_key -## ssh1_server_host_key ssh_encrypted_packet +## ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabilities%); ## During the :abbr:`SSH (Secure Shell)` key exchange, the server @@ -91,7 +96,8 @@ event ssh_capabilities%(c: connection, cookie: string, capabilities: SSH::Capabi ## ## .. bro:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_capabilities -## ssh1_server_host_key ssh_encrypted_packet +## ssh1_server_host_key ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh2_server_host_key%(c: connection, key: string%); ## During the :abbr:`SSH (Secure Shell)` key exchange, the server @@ -107,7 +113,8 @@ event ssh2_server_host_key%(c: connection, key: string%); ## ## .. bro:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_capabilities -## ssh2_server_host_key ssh_encrypted_packet +## ssh2_server_host_key ssh_encrypted_packet ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh1_server_host_key%(c: connection, p: string, e: string%); ## This event is generated when an :abbr:`SSH (Secure Shell)` @@ -128,6 +135,61 @@ event ssh1_server_host_key%(c: connection, p: string, e: string%); ## ## .. bro:see:: ssh_server_version ssh_client_version ## ssh_auth_successful ssh_auth_failed ssh_capabilities -## ssh2_server_host_key ssh1_server_host_key +## ssh2_server_host_key ssh1_server_host_key ssh2_dh_server_params +## ssh2_gss_error ssh2_ecc_key event ssh_encrypted_packet%(c: connection, orig: bool, len: count%); +## Generated if the connection uses a Diffie-Hellman Group Exchange +## key exchange method. This event contains the server DH parameters, +## which are sent in the SSH_MSG_KEY_DH_GEX_GROUP message as defined in +## :rfc:`4419#section-3`. +## +## c: The connection. +## +## p: The DH prime modulus. +## +## q: The DH generator. +## +## .. bro:see:: ssl_dh_server_params ssh_server_version +## ssh_client_version ssh_auth_successful ssh_auth_failed +## ssh_capabilities ssh2_server_host_key ssh1_server_host_key +## ssh_encrypted_packet ssh2_gss_error ssh2_ecc_key +event ssh2_dh_server_params%(c: connection, p: string, q: string%); + +## In the event of a GSS-API error on the server, the server MAY send +## send an error message with some additional details. This event is +## generated when such an error message is seen. For more information, +## see :rfc:`4462#section-2.1`. +## +## c: The connection. +## +## major_status: GSS-API major status code. +## +## minor_status: GSS-API minor status code. +## +## err_msg: Detailed human-readable error message +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh_capabilities +## ssh2_server_host_key ssh1_server_host_key ssh_encrypted_packet +## ssh2_dh_server_params ssh2_ecc_key +event ssh2_gss_error%(c: connection, major_status: count, minor_status: count, err_msg: string%); + +## The :abbr:`ECDH (Elliptic Curve Diffie-Hellman)` and +## :abbr:`ECMQV (Elliptic Curve Menezes-Qu-Vanstone)` key exchange +## algorithms use two ephemeral key pairs to generate a shared +## secret. This event is generated when either the client's or +## server's ephemeral public key is seen. For more information, see: +## :rfc:`5656#section-4`. +## +## c: The connection +## +## is_orig: Did this message come from the originator? +## +## q: The ephemeral public key +## +## .. bro:see:: ssh_server_version ssh_client_version +## ssh_auth_successful ssh_auth_failed ssh_capabilities +## ssh2_server_host_key ssh1_server_host_key ssh_encrypted_packet +## ssh2_dh_server_params ssh2_gss_error +event ssh2_ecc_key%(c: connection, is_orig: bool, q: string%); \ No newline at end of file diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac index c62d87f608..529a1ae86a 100644 --- a/src/analyzer/protocol/ssh/ssh-analyzer.pac +++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac @@ -110,6 +110,41 @@ refine flow SSH_Flow += { return true; %} + + function proc_ssh2_dh_gex_group(msg: SSH2_DH_GEX_GROUP): bool + %{ + if ( ssh2_dh_server_params ) + { + BifEvent::generate_ssh2_dh_server_params(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${msg.p.val}), bytestring_to_val(${msg.g.val})); + } + return true; + %} + + function proc_ssh2_ecc_key(q: bytestring, is_orig: bool): bool + %{ + if ( ssh2_ecc_key ) + { + BifEvent::generate_ssh2_ecc_key(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + is_orig, bytestring_to_val(q)); + } + return true; + %} + + function proc_ssh2_gss_error(msg: SSH2_GSS_ERROR): bool + %{ + if ( ssh2_gss_error ) + { + BifEvent::generate_ssh2_gss_error(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${msg.major_status}, ${msg.minor_status}, + bytestring_to_val(${msg.message.val})); + } + return true; + %} + function proc_ssh2_server_host_key(key: bytestring): bool %{ if ( ssh2_server_host_key ) @@ -160,10 +195,27 @@ refine typeattr SSH2_DH_GEX_REPLY += &let { proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val); }; -refine typeattr SSH2_ECC_REPLY += &let { +refine typeattr SSH2_GSS_HOSTKEY += &let { proc: bool = $context.flow.proc_ssh2_server_host_key(k_s.val); }; +refine typeattr SSH2_GSS_ERROR += &let { + proc: bool = $context.flow.proc_ssh2_gss_error(this); +}; + +refine typeattr SSH2_DH_GEX_GROUP += &let { + proc: bool = $context.flow.proc_ssh2_dh_gex_group(this); +}; + +refine typeattr SSH2_ECC_REPLY += &let { + proc_k: bool = $context.flow.proc_ssh2_server_host_key(k_s.val); + proc_q: bool = $context.flow.proc_ssh2_ecc_key(q_s.val, false); +}; + +refine typeattr SSH2_ECC_INIT += &let { + proc: bool = $context.flow.proc_ssh2_ecc_key(q_c.val, true); +}; + refine typeattr SSH1_PUBLIC_KEY += &let { proc: bool = $context.flow.proc_ssh1_server_host_key(host_key_p.val, host_key_e.val); }; From be6188bf008d15a20f6455cdfa8d9eecd2f8fc34 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 18 Mar 2015 13:02:33 -0400 Subject: [PATCH 078/121] SSH: Update baselines --- scripts/test-all-policy.bro | 1 + testing/btest/Baseline/bifs.count_to_addr/out | 4 +++ .../btest/Baseline/core.tunnels.gre/ssh.log | 6 ++-- testing/btest/Baseline/plugins.hooks/output | 24 +++++--------- .../scripts.base.protocols.ssh.basic/ssh.log | 31 ++++++++++++++++++ .../Traces/{ => ssh}/ssh-on-port-80.trace | Bin testing/btest/Traces/ssh/ssh.trace | Bin 0 -> 1320211 bytes .../frameworks/analyzer/register-for-port.bro | 4 +-- .../scripts/base/protocols/ssh/basic.test | 4 +++ 9 files changed, 54 insertions(+), 20 deletions(-) create mode 100644 testing/btest/Baseline/bifs.count_to_addr/out create mode 100644 testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log rename testing/btest/Traces/{ => ssh}/ssh-on-port-80.trace (100%) create mode 100644 testing/btest/Traces/ssh/ssh.trace create mode 100644 testing/btest/scripts/base/protocols/ssh/basic.test diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index dc85986172..a64c725e04 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -22,6 +22,7 @@ @load frameworks/intel/seen/file-names.bro @load frameworks/intel/seen/http-headers.bro @load frameworks/intel/seen/http-url.bro +@load frameworks/intel/seen/pubkey-hashes.bro @load frameworks/intel/seen/smtp-url-extraction.bro @load frameworks/intel/seen/smtp.bro @load frameworks/intel/seen/ssl.bro diff --git a/testing/btest/Baseline/bifs.count_to_addr/out b/testing/btest/Baseline/bifs.count_to_addr/out new file mode 100644 index 0000000000..1254fd94f1 --- /dev/null +++ b/testing/btest/Baseline/bifs.count_to_addr/out @@ -0,0 +1,4 @@ +0.0.0.1 +48.21.133.122 +255.255.255.255 +0.0.0.0 diff --git a/testing/btest/Baseline/core.tunnels.gre/ssh.log b/testing/btest/Baseline/core.tunnels.gre/ssh.log index 6550c463de..51dac36891 100644 --- a/testing/btest/Baseline/core.tunnels.gre/ssh.log +++ b/testing/btest/Baseline/core.tunnels.gre/ssh.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path ssh -#open 2015-03-16-19-39-16 +#open 2015-03-17-17-42-58 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key #types time string addr port addr port count bool enum string string string string string string string string -1055289978.855543 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 2 - - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa - -#close 2015-03-16-19-39-16 +1055289978.855543 CsRx2w45OKnoww6xl4 66.59.111.190 40264 172.28.2.3 22 2 - - SSH-2.0-OpenSSH_3.6.1p1 SSH-1.99-OpenSSH_3.1p1 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07 +#close 2015-03-17-17-42-59 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 7bf6065de7..9402d1e503 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -37,7 +37,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> @@ -90,7 +89,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) -> @@ -118,7 +116,6 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> -0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> @@ -192,7 +189,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -286,8 +283,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -583,7 +580,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) @@ -636,7 +632,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 161/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SNMP, 162/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SOCKS, 1080/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSH, 22/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 443/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 5223/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_SSL, 563/tcp)) @@ -664,7 +659,6 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SNMP, {162<...>/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSH, {22/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_SYSLOG, {514/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_TEREDO, {3544/udp})) @@ -738,7 +732,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -832,8 +826,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -1280,7 +1274,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1374,8 +1368,8 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426614229.640036, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log new file mode 100644 index 0000000000..58e8a2f742 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/ssh.log @@ -0,0 +1,31 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path ssh +#open 2015-03-17-17-44-34 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version auth_success direction client server cipher_alg mac_alg compression_alg kex_alg host_key_alg host_key +#types time string addr port addr port count bool enum string string string string string string string string +1324071333.793037 CXWv6p3arKYeMETxOg 192.168.1.79 51880 131.159.21.1 22 2 F - SSH-2.0-OpenSSH_5.9 SSH-2.0-OpenSSH_5.8 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa a7:26:62:3f:75:1f:33:8a:f3:32:90:8b:73:fd:2c:83 +1409516196.413240 CjhGID4nQcgTWjvg4c 10.0.0.18 40184 128.2.6.88 41644 2 T - SSH-2.0-OpenSSH_6.6 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 aes128-ctr hmac-md5 none ecdh-sha2-nistp256 ssh-rsa 8a:8d:55:28:1e:71:04:99:94:43:22:89:e5:ff:e9:03 +1419870189.491788 CCvvfg3TEfuqmmG4bh 192.168.2.1 57189 192.168.2.158 22 2 T - SSH-2.0-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 aes128-ctr hmac-md5-etm@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3 +1419870206.112061 CsRx2w45OKnoww6xl4 192.168.2.1 57191 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1419996264.344957 CRJuHdVW0XPVINV8a 192.168.2.1 55179 192.168.2.158 2200 2 T - SSH-2.0-OpenSSH_6.2 SSH-2.0-paramiko_1.15.2 aes128-ctr hmac-sha1 none diffie-hellman-group14-sha1 ssh-rsa 60:73:38:44:cb:51:86:65:7f:de:da:a2:2b:5a:57:d5 +1420588548.729724 CPbrpk1qSsw6ESzHV4 192.168.2.1 56594 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_5.3 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420590124.886029 C6pKV8GSxOnSLghOa 192.168.2.1 56821 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420590308.781417 CIPOse170MGiRM1Qf4 192.168.2.1 56837 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420590322.682734 C7XEbhP654jzLoe3a 192.168.2.1 56845 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420590636.482870 CJ3xTn1c4Zw9TmAE05 192.168.2.1 56875 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420590659.429753 CMXxB5GvmoxJFXdTa 192.168.2.1 56878 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420591379.658841 Caby8b1slFea8xwSmb 192.168.2.1 56940 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420599430.828624 Che1bq3i2rO3KD1Syg 192.168.2.1 57831 192.168.2.158 22 1 - - SSH-1.5-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 - - - - - a1:73:d1:e1:25:72:79:71:56:56:65:ed:81:bf:67:98 +1420851448.317515 C3SfNE4BWaU4aSuwkc 192.168.2.1 59246 192.168.2.158 22 2 T - SSH-2.0-OpenSSH_6.2 SSH-1.99-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 arcfour256 hmac-md5-etm@openssh.com none diffie-hellman-group-exchange-sha256 ssh-rsa 28:78:65:c1:c3:26:f7:1b:65:6a:44:14:d0:04:8f:b3 +1420860283.083659 CEle3f3zno26fFZkrh 192.168.1.32 41164 128.2.10.238 22 2 T - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee +1420860616.459806 CwSkQu4eWZCH7OONC1 192.168.1.32 33910 128.2.13.133 22 2 T - SSH-2.0-OpenSSH_6.6p1-hpn14v4 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 93:d8:4c:0d:b2:c3:2e:da:b9:c0:67:db:e4:8f:95:04 +1420868281.691929 CfTOmO0HKorjr8Zp7 192.168.1.32 41268 128.2.10.238 22 2 F - SSH-2.0-OpenSSH_6.6 SSH-1.99-OpenSSH_3.4+p1+gssapi+OpenSSH_3.7.1buf_fix+2006100301 aes128-cbc hmac-md5 none diffie-hellman-group-exchange-sha1 ssh-rsa 7f:e5:81:92:26:77:05:44:c4:60:fb:cd:89:c8:81:ee +1420917487.230379 Cab0vO1xNYSS2hJkle 192.168.1.31 52294 192.168.1.32 22 2 T - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519 e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1 +1421006072.225176 Cx2FqO23omNawSNrxj 192.168.1.31 51489 192.168.1.32 22 2 T - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_6.7 chacha20-poly1305@openssh.com hmac-sha2-512-etm@openssh.com none curve25519-sha256@libssh.org ssh-ed25519 e4:b1:8e:ca:6e:0e:e5:3c:7e:a4:0e:70:34:9d:b2:b1 +1421041177.043845 CkDsfG2YIeWJmXWNWj 192.168.1.32 58641 131.103.20.168 22 2 F - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 +1421041299.824707 CUKS0W3HFYOnBqSE5e 192.168.1.32 58646 131.103.20.168 22 2 T - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 +1421041526.397714 CRrfvP2lalMAYOCLhj 192.168.1.32 58649 131.103.20.168 22 2 T - SSH-2.0-OpenSSH_6.7 SSH-2.0-OpenSSH_5.3 aes128-ctr hmac-md5 none diffie-hellman-group-exchange-sha256 ssh-rsa 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 +#close 2015-03-17-17-44-34 diff --git a/testing/btest/Traces/ssh-on-port-80.trace b/testing/btest/Traces/ssh/ssh-on-port-80.trace similarity index 100% rename from testing/btest/Traces/ssh-on-port-80.trace rename to testing/btest/Traces/ssh/ssh-on-port-80.trace diff --git a/testing/btest/Traces/ssh/ssh.trace b/testing/btest/Traces/ssh/ssh.trace new file mode 100644 index 0000000000000000000000000000000000000000..54980005e29087c38073754e7ecffa960615ebcc GIT binary patch literal 1320211 zcmeFa2RxSV-#32QTlUIMD4E%0MY1!q_slALWy_2TNhl;lc2p``c6KP65K3lbJ;!+! z-(1vv|L^;L?*DT?&(G_7_+GA)_woL`KjS#g^ZcAwJ+;MY$S_pc-q-Ff42A@Lc>Hos zdHMzhOc}g}Mn9M7#ro2^GbkcG;_6QUV|;S^ zCn7*=AzV@8R#(5s&cngQu5#7F0lYTi;}FEdhNiIr)BKtETOx=!71a^M`yt{Et^35A zps66lw%>>!l0wc$A3`*HbtEFi?rt{vLBzwvg?pIexjTeCY`oA9tZ*f_gf<>BK$gYec_L0-hS_;|R_ znA=!d+E}n#TiDszn>esrIXSvsWw-D!vo>+CvVbE3sDJa9j>h5Ug#i9=41NfhCk%Kx zn;hiMZf4=+!tTb!E#U}a%h}nQ!_3hhVt?QlfkpqmUj%j@{fhvZ-3eeGIURJ++}Zih z2Y>rZt^-67{_@~KL@R!|3emDd)W3cwuVi=x%8PtcHFtGjVo-1B2Ilz&~HY zfuWZ_(at#8TyZcrv9N>wOv297*~G=siNnsumBZQMe*(cQYkLzjc6)QaGw>JifOUo5 z;^#f!)V-rT?2wcPeqtB;{S7{Dp5G3GpY{(s*<7`-H|OT(`gwf+$0O(A-v2Ye4ZH?g z{tu!`{|_epf9qtVP=cO8%v}&Pe>`wRrmBHV{qy#ZT>;wj6ptO;^MnrY z8^&@$+dqq<{XLH^*zYr6kFQ^u zM=4c|AeJaV*(~uTwM?hGc-}4b>tYsJfzOGz`0MY;ouHanIZBLUpM|a6=(J#|8 zl0<-WOf_6M6Hok)qtTKmELKaaH)z7*f!k&RRB0qp3#64rgoOOmcQ+aX9))u< z!@`A_CLh19+o#b^{V=}or=Ib+OSP0oM2bDUavbbNdqyZ3f zF#bST4jiIazx7t?!oa3&j{6f$YZAUBd3!$oF|ScG4A)S)?L2v~XNEDrCh3Pl3~u@$ zt9Tqs;&R_koSf}EA#swzs{=dLKG}8v$n(z^E;i)PUtf?XY=9^J9M6NyP^_S$AB>f- zQ~ZW;)=)f~7VO1}Mi__{(JX+7@&N;;24;Z9q3Dw)^Mw$b9vq1XqE9_&4^hV(LIfZO zI72f8J;2`Qj2JyI-qScx^bj&0jGj2_4Cyc-C}Z?7_oBx%i*QB98$zrEh)!TCXdL2f zzTyONo(o6dECg2paPFJjIGx7(R8!X?8KGqV+7;W!QHp%5TbcICxmF*b|fOmG3Ap75qXv~#(PS<(TvQ4}ZCxF49V@p;ZQuW?Af~qz^)q7BE>3Z#}S^?Pw zA-?Iwg#`jzp>fDhE+aM&A}r`gMBpdN2L}<~ZQ)Xt?)W)GK7BV}h?^bfJSpiw=!+zx zh1Jg^hD)-9%{Je)zKbdB_KsGjd^k@~R{>ut%Uv+lxJxaRGsOH=HejR=q~EjgkjlJ7 z43NsFa1m6#2V(IFP2ai#gH|~AGwTKCxkyEAmaf=(HPEJ!&8{O-Q zz2%WOly`NK)`V6JA12-m|Iq`ZCY6bOw#{M6Bw`loQ_}0c!_F9V?TOIBlxJ^5CLxQ~ z=S7rrGfL5H+fgj{SI3|8^~~X@Zm^KtzUUhMjy^cd=3UlksKD6%Ch59h#?2ddo;p61mRGxf zxrRE9fK+6=nOlEE0h7=@yoJ`3m1pXX&=Q+r#iRQqX2LI4B6HMo0yob-bCKt4IZ1S~ zze88f)1bfO|+;?kh$u#{VF`qr8S9tHpqc$Y3ScyDeO28S($Y*24YOA=^ z>U3q(?zHnOYoD(PW}zX923S_AOTG8z1C66g-(VJV40pdXl*#XJLyDmmMAr&z64i z;?-#x^zVWnDV*}&-JMd`gg znICQw1gql<+mBUPLRoUfwPevAe)^n{x9A$(S}k*KlB-wo6!C*>{kRxc+s7()G`Drb ze4=9K(3LNj?*!jxn=px<_c`_2o^{AfN|%=|4!>RXw9A(8 zN|?EHR;tvO{^F16Y8S2VLd55DO5@#Zjp+IW?p>vGQmhkvi*B}peyyE#hEn)f8NR-@M!i?N6f*i&aR3&qNT6Ea zYr=CmI{N#A7jeQ*Lo4V(PpG%zhxSsD|egqy@8f} zgj&a`XS-;mVx>Pc36|DMDC(~9VB+1{`D%4F{+o+1)kDpIv#ghR8181C@N-;$DjNCP z5~YxF(W@B0(QSqmXE3Vxl4IfQnHLMO$dtYvZxZ?WPb(LXYGroLx0LHDYv600e1*!B zLMxa+F2{=3Gh;pqQ(v!Y?GSfI5-}DKMAP7R+0mHV#EfubWJz!mk{#xbRE z6n?k|F|-5>|C|RT98lD@>>P~R2uhF#@V%xg<9^h3fIPSjA-)EPYRF)(2?k;wAWNs8 zh7d)Tjzk1`VC}e%*a;z;AVpz);ph)5!@5@7sL9Y#Hc}I_O=xo6URE&rok;6vMQ0s% z;=$yCilnx2!LJV*#(Rq&&8rvLWJc6nV`P)Z{fJ`Z$I?(L(<#CfEWE{Asq-eC`okywgjI@;q`^NYle2s`Bc4Lg}eQJ?ksnz<5wlcVyB$1-wAzOeuc3(w9tNd zcAoM_<`*6ptI4NdaCJ*O7u)z&j56X*l-}yJoG;6IAb+ZFn+i|#6|tZ7xZ78~9^-@# zRHv)ix>qT)?B~v54#pd=#buB5)#4BO1W|NmGIcSmiVPW!74Ut%#Jn~*u0QANk$Ss0 zinHg8REUQ8<*f-ON@mwm0%(!ENeLuvTo{s@wpy-PJ_*`ZUdszaEjaP^ zov*1vH^qwJMp7b=eEsRT6#V6wSZO>Rj;F-rKW-v5$#eP*e!FAooB3qiz2kU~S?0K= zcc`%!rqR^13V|7^VatLa{U)Vk&w9(f9IU$G$xPM5W@)I;xmR9>;zJR3WftczSygrh%BtW(gscMR z8d1=hs);S@epZ!%Jnj6#gEqg6ZH;>_mj4-!adq6s8|{&>PyMWoDXe+fvc1_>HN3mW z+p@^Vk&-dD{l`z{IS6y2;K#~e)EN-e^=kV>+{i@~kTvB*eDj$6DYfw-h+zU?_~)!T zZ3X2(Y5l<*hyrJD_g+A&i}J6tA;J|y3y=e45aJp@Ob0t`Xdq@4EN<-#g!uX4k%%Cx zus-i))lbCN1oCp(#rSawcioaIX9M(9C6%nc5yYP6`Kb3H+q5o%U%jJZfRlz6$@n>9 zgcy6X;qRXp9IAaT_moIOHWK{CzKdgml2d5PdM?@z}aKyiL)=q~Nin zz2O3#QiHcWHP!m+1%V$CAN%nhpc1~=iBp@qQ%a@pl`NC!gS_T_1Pp+{ugA&*q*m zTBBWQ(9w8s%TUrGqCP5xaG`g$m2bs`YMWWeyxejXQvyt2K3;1zH^F!3VfXQ};b zZI-p1%@*wt;xs_~bN2a=K!|29jzk20KJ{qN&p#0thjtkV&6T5+m|xauE-CWrZ{K@4 z@F=kF8EXJiOHK8sh>&TA0yHPG5t-wu22Ng?WS%(Z2p@~mm5~nh>h@Hu6?Z%c=6qX+ zu2@o&{&KxnFpddD3EQ)$))qyw+plEzcrIY9%l5Y`n3)$KFU28bU*g3K>6_5?7!yg` zeJ`yLu2|MWh{R`+{*uq70uW+I=|R8$LIi$K1T+4;8e#!Q%*UapTzVAJDO-G>qPSz4 zrtS8ZE!T%?ae_H+!xM}j(w!`1sBh#5*bCLjNsTh2Bj?d3>vku<=VtSuiOMzh!VpfKTB-xdBsWt_<03FTrTFGZ8c0Q_V7%aK-uu#L?w9#6vZQw?qW8 z`phB%M`2)fIApaL*B(cko1D#-!5M)l8uTa8_B%?Xc^W&{p2L`Ef_*)Ic9f)YL5SG& z*f1E8KQg*@@_PDH`P%z$!9oN}MHa%OUjC<}1j$8s4SFByD1neUpZ$aU6Z0oNK&FR* z>xdGtv*^#cAXErF{b}<0hYb#FfZmWwBzS9-{U2nD#&<>#`W~_bK;HBHA038R!x3etqPZa>-4+t6J`k)kTzgOiDqFgEuTm`}-5h-BKfl3Dv5nDd^Ir#Cg zp=sJLqVE$wBnj`R9VE&776eIffFy%}xYLEzpVI)+HV}CTQBWBj2J#g?4j~$h+QSjk zjzpw@IbF^;h=@p>k3;AxH@&olsSW7X;Bz%~b#QUz=HUKmj69h7FJ3qc*X$&MW`n>B zypR_zH0*1(0~rJvgJX&gn?-}c2cj3y22*(bAflF z=N;-CyJIYt%cp@>J!Y;>ZWcUzeB466dQK$3?P730lf%);3bAbky8jODVEo?i@_%Y` zi`B1Nvj4#*63}6C)J@!@(GYLy{MWR{SeXCx%73gy=C}Tt|Jp8?U$lPfg!%lR>x8i~ zvp>+T0MMXD7sR(gUljO{hl~BHqn#)BSuQ@rKicb=`QO`B^Z$~uNO$&bx3gQg9CXrN z7Y_HKBfmO$j(#8V(Vw8;?LB`v3ib0G`M3M``Hwyf^%a3Go}&-`?C|;HvHf-;?lVVq zCc)nWHXR7XJ!ufzmG--n_W2&smjG3MQc(HjkwIT87>Jc0Su~Xos{EM84_5xvVE9@B z*58^Z2P^-66W<=M!|hG~^7DVYpZ^_Rfl(dV5(4iL0SouvkAh!7_<|xU>^(Y+3Kje< z7>FArRNPSqXoJ+Xh_FH8g>SjQ2I=YO{szejY`JzoCsz*^$*X~=SNBsqb2OCRoHWQ( zJpqva)yV}~LjTqL`Pc5$|3Mv<|AVOhv03bo2N0?R^dnR$UVr`Pdh zYgfXSqDT^trkCo)V+&7iXZBLwQu8fKC^Yfa=S~GsKW%1*0zXnPA; zu#83KCbh8Nn4P*!wj*?GEVWxj-r*wKXEUs8!?rlqRe4U1QMAlwyGB{3(qrnA^E>8` z-BlJrw$nom^V5p$3>%Wrt394nf?>R~ynPX~FvE&9AFA-D%p8xxR|aegd<%$+9k;;4IG_(=|@| z3>B27rFQ25Yzb`uC%uew2lW`W+#fq4@Th21(rlyK0p|kpKJY;e-$Yl?Z6x?X2p*WBl!LxW|8&0{%0cN=0r*u4geyDg;3@@gGKla* z_VJ$)4x$?a&DxIImDX`>c%`&Hw59Cfr$;!Z$q;{ zobLieDBYoPh_iXBAiQpTL#P|`dz@cH?{mh7P&WlOWOw}v+=gzToXHAKMX6WKuI|jT z9yjKCN%p8hiI9Sv;SK4QxbV3(6Lr+Awnm77!nuF0TpnQ)=)VIOs_GBh^oSa=NucH@ z12B6cun8YRj0K2$HXTAVA9aQ!#vO?WD$S1<2N7LozLaNvaDD_higJv}gj(trsfXal$ zQu42edF2ya?DFd$nG)$-Zgk)a325$g%W?fql7>57BZ2(`r zJGK9IEF&)63!CzZ8WTbXd0w87cCJMu+}Ud@4M;|kPW_pq`GM}n9~(yQKCqJi#@SY?<44f^LJ4+Unp{#3h7-jh{3(0_e7k5l&DuF7QY`h$Eq#+<+*QY{s&aQPVKe8 zg{He1ky2c@MjSd<-?4IrKcnX|@gHB7Xc-=}tb7~>TT1bLy2DTB8B`W!+HUerY+`yz z#?sm^X00C0c!HdzJaL69=abOW@|)b#th^5|&=k|Wi%aKl2`1*C<65;?Wz@_MygF9& zZty}`MZH3O;?nr4&vmUOan9Fz2CuVxPq`|u=xyB@TsI+<#?+6x1bI-&85hgXJ<$)L?v*xlSKdDffvyH=Pj~pW_l4{Q_@?&l) zPGb}2l$oxP-d*LnC9`6~M@Bw31@lr#TsarUSk`VRw*@|?CQ>Ry_9=(WGkx9~FqVLe1uo&IY|ti^;v>F`*}L={}Ld zjF&VPKFf;-tb9NGhhMq8tqx}0k>nt7OQ@tNLCLGmu{bpo;&3Ov*<|u7#`9sa9*?5> zT!qF~ruU9pLIEVS99|8?vOLiP*5w)@35B% zk=G?mm2P-b`BrCsz+%36LV2-%?2}v2h8kX7Wi~PD+`}A#6IW%P_eVX1JW>~i4XXir zA!s1x6!NoF_&pkol!G~y(fVP7Ule#GJM^CwhYI9W-p5lr7$ci&0ry6ESs!ZZD{pb` z^d*b5XP<7AC8FT`qJ+n;X?D^%bjH1g$E=*U8fT^7??->`h{q#|D*vKvnP8!MJmMMB z1sE}BkWIL};C2oN$l6XZOdQXN}DPFW-I{RJdk9t$1f+M;nU-|>abribLr@;-^gQgu49TsGBczF3x-D08{1 z&%dv&IuD;omHb|OiIj=4hyvzKT1xleUG_7}?@2Ba^NF3qr>JF_SHpR`qo}#7o*y00 z5;Y4`6+#ny-h*bwljSJrCc9ZMh&O&Ox6*Xg|8s8~Wm#aJ*;UU5TJoV}`Nqhsgbr_X zTMUzigj+1DPts??{T_W(S+_0ha~tUn41VdMY*)n4H&b0kP`$kRa0$Jty*(R6;77~W z_d=EKJ0cvapP8w>8!ONG-xPipnHo_h=WSoVwbgTdU`m=XoAUJcDE>B$T5kS_T!|f+ zUFYBSgx$)2YaHy(MtMxMP7UT`?0WNwtsy}%mgfk*$Nd@%U9}-k9@>dnbPd7MY4zA+ zW#@0~DpI4%gkXfRE`56R?U81bK(j=A+So*=4m%P<3Rz`AR$>~L*An|yw|j$Sh+`Tn zFE&;b**PK9lDIGCVo-*+AKv7(G?Y=`!(hTs4-Lq zh9v~Vyo)aq!o^?Sm6P$MyxX`!WJP)Z!&?RIfZ63(XhxzFIDcEK;dk+|1`p;?mLkX@ zXl2Y6DA-?@Xh9CWVBjwqoPRobQ9e+7>?MjRPWR$_Rdy|h1{0)8h3k2B&oD2%t`pN0 zQ2as=NE=OLmARvP>loi-ts2d|2EP^xQ!R+mS>=CvDGq7CJL(SCpz2_q<<|!qKxc;) z+zk5~v;qxi9|Od9LqB(T(5~nZqWP!?95LodM4+mb)E;6xHiVc^H{Rj?vSWHUTfYPU zW4DA)L>HQjjN1g9jfZ{L6Xk0k<~?DF zHk(4jw_leeD{UPNBCl?kjZM%@b}*fMF1rzM$1B5C+>Dt@>pNaU>e@EJ^Q>yG#TvQ+ z^e7*Fg@Pnetr1v@Tq(u_w)6*68pgNK=f}mxiWN!(N}k*=O^|WGV;8MMKJ{RXDSrJ2 zV;-UId%i%JM}qp;I9mKkrmyX1tTYSBhDA-z?k>=Uow8)~v~Uig&`+o`AfEHQ$d!v% zqlGj0?ouB|+6zIK{$$g3SDaL9Vi5`Q^<@#$^ro-Qd5~ z6oSl#`jj6NcJWzGVA@&Fi#MYb;lJlH!N4j~&u{X_&St%>mhOO=`3C9P*;DI@SyIF- z_0co$o@VyW7MyZ?b`A0{mfJsF5{F`pchnOeV-*N77A0T%1lq^IFwsIuelr)V|>P^!;m}T^1?>;cB|HI&5Z1GGI5*u3m0lewd^84LKZ0aBEc9@VDN!x z0Sd{eH)KKgAc6&8#{@J17A#aBw4jHkv2)8RXnHnQhTO?>KF9mjR_pntq}nOej&XNq zv`VwEpa3Hd^A>azy=@c&kI>EWqHOH)lYQ<_#gqq5URN-^i%Mt58MEqE(~BS1#E~Xa z8+P9-Y7_JRuo_veaNADiLqeo13Avseidegerqsq<6=_b@k*5vz{Jv9kCp!cx$X8(= z1Th=m?%lw?`9h$TlJcI9zuh!zW-<5s>d{v%J`XpnrKaO2ZTzJzIxxs=!(%W>&VT;e@!Q{bxU&_i-&f5WAzoWWlaNF zrW^k^;kQ*|XPY#&RK8Rw$Z^+Qa{o&ECEG4F>*1AiC5)8(=C?P(c4biWe) zjz%$2z2Wl8HdcT5-W-2f!q_pvURPYvcCN44pA1@J-WnW|o}?L=@C9-bBr2EB-HG*U2eopQZtR>>X1)ZW^bCP z#c>|-DT<*k>G%(iobfcxJo#DL;Cj>r^2~bzNtkpJ^;f&FmB?N8SWIl6t>VWG6Ly@x!bNh{Bp6R$1B{WWlBd< zI-8W=)tpdDeG#eM&7b8bEs+uZ5f5fK`R%pO*w)Y)-`xJ^uVINh?h~XKVnb^b9NVY3 zSFeRE;tW88Ry$npV;9}4yzLSg-Hr8V2Lc^3Qv87fiV*FsI)ZJ~^@0vQ9A z8~8w6Ct$p(V$eE)jeT&PcmmFxg`l>TO1583CZK{yL3s}$s;QyC7{RIo4a6KoA{q68 za4u5S_a;?^ZhDVL!Wpl$wq5xK@I;h*{J}EJDP$P86T6`b#XmYW*(NvvrCh+a4S60 z-7I?i&aZ#cwdB6&dDksx)zRk~=a`@3>k_BDS}W#>zn@UCp=5-HyGx`c$#9eL%a7#Z zh|@^a&jWSmcXU08+!zP~l?4rVG;e0~Yn#MHUbOsV;ZqPy8Mco5%>E;jJzK8gHyN2! z>zm9)yO*Bck~ubqkzIjJ)r?JZ5ht5i-!UslF$17jIuHvQh>F4D zMz6!`uI@p_gkSF|=InP+F(j!^pdva0l3R=?OX-AU#SbaCH%Sv&U zUhVcGU3zt*jV*iLAnpbiu4#VxMxMKa&DvJv71nRQfo9gc?=z4)CKo8(yCU$JIShk* zNC>9tG5A&_XViV04rPLQssxk?Sp7#LQo!C}|GGy25Z^$E`44#Tx<3zE z#4c*zC6RcOznd1>^TbUf@0=q#kx2~0Dhq8Y&iU(vY()>J3n?xYJ%<Ao7|{0YGtht- zTpht@UhkI3ft{iMR7Wfk9Q1W#SJGPN!|_)M_6g*f3avgbS?Im>Z)G#`8p$Sp>5sPe zcV}=WS3Iw2?;K;SLJ%p8Dj$xvK>mCkPgF;lPAlLpBbvt0RhJ5Ff3{wWPvNgQM!r%P zd_Wu0dhW*IpZI-Mc4F*>b>?x^yUT1vD;&KQap?tzp41kF zpWVJfRMkA1JX<8+FJY439I4qyTtfQjT}A9ip>Go8S^}ri-(2QA1}U-$6!}Y>Ny6(R z20~PTvlUTM5NAUy!ao%OYSdaZcBnvzs?BKoXIzKkOe0ka9%oZWB2vJH+R6_i-pg_g zr_T`UtoKVR8=C93pQ)vcx)YDZH;t}gdZjJ89hz|t%oqq93XMZEx}=_m&sdKzqaEA^ zFk`#H!5OvH9I0;12a%DDqxxnmA*Eg`#i^f)8|Ut1{1MZ5>(sN$Xc7Wc{oH-?Q?IC9 zEv{}@z9#Ln$(NIjOGMl1znIkkF=A`^tE$p)RZ$TbJ%uwOgbgtd9ApF`rfQ<^e>U5p z$dwokfagxm!N?UAg(9~Q?1nKx&+4z-F@$`DgoFmVRi8WsBM(9^`#X9d9R0}==yq^) z>c6AU0rb5XJH(xLGzgCV>Z$8W^pQvW6i???zVO|LS7BzQoQZs5X+vxPsW0aJtn z@}v+VZUDwV9mRFYp5|kT7ZNYeo(k1Q}x+gt6bDj2JO!gCn63VtWRH zG5mY-NGcpK2J8mV?XXFr+}~#0HJOZy@VS!8yT+dm0`&jV4rLhUubzOtPTHgTjp4_B zb=(3e{$FZ7{eQ~Xe|2E~pV)!CH&!7`@x{9xt({gX!j>pQCdJ)O3H?2h~60buu`FG!gLpv<3FSprK)nGA=+tL#Lk zKf$q4T8hJ~Y)-^)t1QCq32ksJ3qouQ{uAOOpM6A1Xx#>@EH65V)Jf_!@w>#M3`)N7 zyI*U{`Ir;lh#N`sQa0ghpzgi-m4)czL zLl*YRAKXVwWF`^KfM=JH2$=Ks_Yo1`1e+24K@CaY!>ocX)^ExsZdJ&EWjh zi~#o8@_=R$0D}ab5nLkyFQ7pW2J{8ZL~siO_5r+x#-Tk>>qrE|y{G61?kD^ykO;8Q z4{`?>ahP=AdjM>J<$4awM`CJ}BFr8tw`U(B-p#k>J9kY+eaXqf!CH8Tx`~X}&R>5# z`l255j|volaVee(6=fT~i`>Z4u`XvfsV-|%8Z?Lm=Pd*Z$ey|2a@}(f`^@@dpP7&S zE0*cULR6=VUN99;-t!708+eT&S>qWaR^FXA*Xpq~mF1L>6A4HlA%k!5FUV2`VClY> z5OyFi-fRoVQd~y_O;0?Io)iOnnoV-TeNCyr4kQ9XoWAq7$Zq)rAP+3KTg&1$At7bx@2WGUBi?2bF?f`UYjS<$>j9r`;5DwhCRPQ zdv@DLTVHr9RU)(fGl4zQK_+>XwG|5)K&=HGM-l4+7dZXOFHGD68N(F|$zR$4M z!1pisP%GFzk*-EhOZGui5?7OUL-!h`GqLjNSFR_N8)stoHPcJPfDwWF>d-)p4iwap zNXWu2kAu-MDF!0D1Vjf5?}`2Bhy;;M1+J~V#$*8RfvY4(K1}~|B3cHAVy zg`aHN^l6AOU7lQiwzcEYX+y$yQ&Tu7DSpO)`3gl*8^P!(&5cvZ)|r<6$H?>?>&H>b z?i$F~QdLPQr3qwNBxxxQIf}?irs(l6>)t_U?)g%g!oZ_^FaO`r+fbX>1o)zkceUT@I1D@VvE7 zLJ*g}Un=b)W1wru5`S#sV{xW8vlM4?Tx)8-TucuPwnppZ`L1n1<970cp2$!w2eQ?P z&^agMP>S;f!+m@jeKuK~6~H}+k0PjrWzZ<5DT&77d+YIyisue=J@x3eNa@nbC`48Z zCG1Jlu*Y${QrIAwt<^M+HGhorn?twLYyF`zayh>&)~yi@30vaRPw2e7hox1WX0{U- z<5{{U>h#KbB;DiBxADG4;gM9YvJ;zAqj6p$yO3G@wkB*vztd&?IMJmQmFw!FlZm)5 zn_DB0ZliYHjyE!nV?He`{BU&0QOaHE+((l3%z*Z1s)LMttM4D2@C~D2<5iyUyKR8mCwXg`!#?XRFy~wQRCr1Pd6N@{nGTWA;dV$BN0JW!E)S3q=66t?L(Y@aR2sn z!{PNR3Ywu;_Fz^|cN$p;ZLV zwQv;x=gRl{oTVUCfI&Yo(&f)^liJ~YCam9|K^bZ0{LI7WY_t#cIqSv*)6^!YQsxP{ zA6+|16{s7dk`+-0vG4*c_I+{KuA6YXE*xRkceq{n2ker95N*%?W)~u&^++@vk?=@F zQ2%^44kE(s3g;3l`VtqjL)#w1=zilvPOvIUI_2r}Z$6uS?-&r{V|4yp)hGDai6z-% zf`IEGKE&cWV6ku4p_R*(6k;J>iJM(99qmDM~dCjvX&pcOv2CciF1B5{UY1y zS-gg{?+QW75Y81OqSYET0v5;9-!ysFGCMytmUKX@(A$5r6H#s6kr=qz(g=fzEV({z;YI9tx5xZp#+#uM|(&u)dz<;JquL6u5JRd0v+K{es48@=%t$oXq;! zXu4F#&13wVoHV9z)a>uNeq2?=Ou5pPQDB^Pc`fe!c`vU;u@WKrGbhke$~N&usuZx6 zDb&)o%V?M`TLQ>$zMdQaaisQKu0Z+J`PtD(3!RbccTBMUc&jkZ3f` z7o7aX1YbId((>ftHngOg>h&o_boo#-Lh3pcIHIN#iSIe|1xi+@8X(rW0 zY0+5dqinwU)NngNg*LV6)WpJNvj_Jef;&rk)RxIt=*o}5xZ3ck|ntxC8l+-;=D)sxWYZABi|G0 zR89>Ej9K6%CRn1Z#lJrDBd9n7>0DQ^MX?nTL)Go|wuD$Jvz4SD!k`fNN>Z#!*YkYji<8pZDqN;CP91hTb_X2SZXMBNs2O z=8m%6%)#Qv*@5wOnGhzMZXG zHvYUNH@%G$f@G9{Gky>2mSlAdTZL3bqF>Ni*-H14xY~HZV9^fY%_{<*t|p4q7(8JO z^Q)Wpu~foiw6D_AVZ_tOezMViy7{a}y^z``UZ?Ge^v%gRU9$->WN&@}ulq^e~leW@uL_6|b0zf6V1Ek-92@nw^ebn`(M_Z2IL}l)QBg{%cLDCs3kD zIyTUv=^_-y%$nlNi=X zxsyiT;`*$efTBvB=;lk^f_$wji%d^sM_Cq$b>1^QeAtCOL)TlDPQ~H7bjCQu^T%h> z;&-*Dm-@fzf1)YE_7rGUQb}XtI<8da$$&?vJu&k3(3OQ4pB;Ie91 zx5Q>de_fmUqq}TpyF=QaIO_WHoA zOIBi2OkKlKp6$?4a-pOqIg%R%MG2P-->5Gy|l>{~fh`Ky%JCsO?zzg^Jv3KD`f9p*b)r2WlYZ2%~BHc(mjzG-`hF>?IhP`+{{O+K~qc7b}rrrz0UW~^#l`=Qa)z@~7nV|FrzBK!e? zJ;W$14+P^c1TkGAQJvy*L{ZYR!u8d@*PKCyp7=OQ29x8xDD`_wX)2y6w5hLx9L#RK zmX~7KIgl~VSD~?QD{<`#=T5y>(xfS)vVV!`$abJsHAjeXd2&0hfTc_KV?sM$NRhCX`~agCTeDpT%}sDhvZlh zkqOA1@}PnJ{LPd%Gj`^w11T8HKF*Ia>*{!UJOf+`?zTQMZzPNkK*vdZYho)ikyro4 z==|lja~VoQRw(&IReXUW-w7A)8##tpt(tj>?IxyYZsDNVbyeKxi-I{lPsjBLQAm5K z3;x{(q5+=h%4_l%wv&v}wp&*MooxJ2%?%UXtjMTaiLPN+VpEqBRcbknx87rCCT*NH zB4@S8q zc3OvbkhkGGNGXK%(>M#gG=0P;uhvqc_M2 zsKjJ)I4|nv-6S{oesvir9N-7PfG8Gei%!9@X_I*UuTGA8V-?Z!=~-2 z;h)oL&aFUl*(&XK_E2*nR?)KV^gDI6!RYeqtXC>3EWDvFwSpv^7$O_u)5!ZVLp$DZ z3r|J;#GCIzLy6;8FaOw*)y8cQ{M^wp zpV@{kv@35bJ$_UC;m1V@+Q1V<-n^~l9X?;DNR1-}QY@4h@7`y9r0U3Z?ve^$xKd=X zJ$FrtbA2Jf749aEE8VXzH2XctUVPP3Ta$mULEjl~_qOIh^-@-UiM_LOxg0*f1d&aI zk(%)INz3z?UhYviiZ`fLN==GlCR~K{Y6RY;t!9c+s@$eovzoad|F-^leq2P3AQTr@ zX8#(Uaq#HGL5R+rB%)>LdhnH&YX_neT#JCwC*B!u!5vDdPgFH=u~Cfi_XVapm+yB{v+v|h4j9+>%)zI zaIk3?5$L=PdNeAb$mjTKDX#4zdh#8@kHr-;C7-@&xbf3flHTp3FidRZ&r;W@k&B}* zKY?_NN0u$#x@Pw2ddRqiFHO)W%R;!@?k9n?E`zQm7u)yp1F2()@@hn1j)!@;O|SMh zZ$5f5-q-z%uYJMA+qPV!tjE3dhTgLYvIl!$VwSM9GE2_2MxsQwJ`0Gc)0h# zKb-q}N5eGeXjpy@yca;Qy5~KNr?N?p!S!hvfsvKX4X(``Vy~dWdu+$=;TSNSbhXv_ zC`_zvj!m7gr2@_B3ugVZx8%j3S+Cqh(DwP`=ow_lTVH?m;DQ;iAtPfvg%Gbt;QZx! z(il7nyP+ujtw(hECnE3`lgqxhoFPPD2fd_FD!noO1#%?uW5YbRsIH5D$+xiebim|4 zf%WZ0NMMum#9~{?x#BvA`vMaTZKDuX~SlQbM=X+Tu zE$nG4se-KtagEQbg*Cl929!RuqE2{yBPmG3QmoA3&N~nbeZb<+{_<>uScpI?(C_Nb z0e^uW%40iU!0myb*OMM+0CmeD#5sV7j|_IDU?5}{0W!>*8A6orIua51D?a)lBKS$d z&rBV|m{}j?YyS^=SDC|+3sbGn)7^?SIhHkLA>yLsOi|v)oS@4oV{KLCt7~S(CU%+U zia5PlZG=vS;0a>NYZK>u7nZb${bsj#m9^3n1UT+|6Vxgf;7Rkc;;B>>e;cxngyr7d zto_{g%+1#@5vqAMhB8$Oi5liwhqd8uadO+2Uz%49oK9IXUF1&s=(#pxEJS4BJV`D5 zT2a2m|FI&PzzfsG?~$*Cs&{v_#(Yc)?wc@uqxSP$=1Y1gbL|1$u60_ZkOx%(BdnzD zBlm{f-8aHJE-^xH&aTF3+#<=Y_B(ee^u_b>wF`W5<($W{!xZ$K((O`ou>)dahFzZB zwG!L?P?d9$+ma^fYGLNBRQ}%J1hXQlg%SPNKgdUcU%19p6;v3wv&J@ZnK77S6jua7 zN$=@1a5TIr$d45Z_j+?It!k`VsP9rUX4#e}S7APnD5XYuAbLT^6N9?M^tDnb-lBKk zTnrva-Ldp4c$R?2ttMI;&rV>M+un8GG*jI&nTT#O##W2y4iO*Qv8!i0O_HGK5WD7YFSBkbeX)-nu}D{WoY&`CI<2Le(uDw z3nK&jE@&X?frL47AFhWcf*$E`g@GP+%m?&%3^1y`YFlf6rFnzuszb1l;^ECY{2(={ zLZrRV!%98NTxnCcEW#c&!Vn4REehYI47KT!?T0>0Yd>~$Uj}sq1goaRv8%Z=mT-?o z#0l5bX$;)%kP?iIQ(K>^eM!*d6e70q=G7w!OgYU!%@aN1-syTgJh-RC@EmX}6(-$Q zNSxSsC4-54DC)O^KSU43sL?g5wQN0Mi`?+HYv7@Jw0Hx?hVtQhB?h;xo@g%2d{f|g z)>R(MG+)j8k|a;7>$jIbEH!moA~l*>p<=g`7)+CoB*jB2r2v)wtUHe*q*5TH5`ylZ zq3f_4v%mK8AY%4)k2{VBy9?xk2BPk;u#qIV?mY)}{|wGIKx6~mMSj&i;Kc?A6<|o5 zb>6!1rBY7wa&pSm59W5;(+s$`^m6XYu~;YzM6N&6E=G%F)FT&aiuZj$dH1nt_GTyn zYrtj9$<%zwS5IDIE3dpsLLJJD&Yl>TJa3;|c^$I57_j`a-6-&D21VFM*xd~5-u}F{ zA8)-7(-nY-H-z-hKI7mW2?Ch*eL=`>D(fQ=LA@s}*+a~!gb;z<1Wu&^mkcH&*H0El z8)U^9JvB1!34hHvG7*Senv(bXo9r(9V4@ZI}wTu*dP&@pIT=4|7^zd65|B#BA>z2UL~Wn_}zu+QCS z8YK}{Nr;69VDV=)#U>#ZuA>OHe|#MMc?ViOC*1aJuR=z~LV*ywCx27(V0{E?j-)_{ zz2ILd_Yjlo9v8*!vTxocivM zAHSL>4bo&N5)u^=3XMVoN=1=MqERD~l4cr|6jG>=C__?7DjA|OH6cQ!lp&Oosp+@( zxwkxDAXcq8YhM z-rh(kzG!oYJyImy{Amk!T&qT1xa3!>bI~t+dMA0d_32G%{OtL8aeIoPH8DdqjQf40 z#4|dWr-<)O-Aw!R7B{V~pnEN5D7e>7bz`K$4a(RN@t@t&JUROY`o~H7l zdhxX~#C=FF3R#E5xdy`$p%?AC$xK8)niBN$6ThAA`Bp1vq(#ZeURn|uBfX$2Iij_l zT`4?94E>k_t?q|^887l$jpF@z2e$fKV9u3*;U=Q6^ou|kw4`ka_S?^Q29Fc8VTO1U8!iO;8zvhm6Z z;h#FV>gc$~oQ-H>2P2UjFJ%hR^Rr1k|ECUNqY&7*k*?ewTF(#tKB|o=gpD%8+Bg<$ zyiK=}9Y(Y}Xk#)Xafpq#+L73eGZMobN7xAUD#3v!GrEoUz()3dAofJD{CmTanMk2% zIt?IEubfV_r-<#?^bz*U)c5r^RgvGzaGuX|AHw(bQZi^tR3);q3g1QIyBwBL zUVH0Yjl{c_4ADYc523B_o_6yBnBS@6wD3K&^MCx>8#c|EJDM{s^RVfP)5ACeA0QJF zN!d+z2DWU%_mEfw#Ptveyhy_Ug`)e*1&Kw*!xANgL|R~|rEUVN2qM*)1q`q7&Ev&Z zmP0j=9t7r22tnvvLr8`XGSW7@DA^5=OcUQd%pBZmg3To$St=483t1>XVVR2;X_BF^ zeC#wt;_b>|i4cUJ(Xz*cD5!jPg{rI=eQ#$RJ2WV zc7=Vi(B(6m_k`@|+`YKeF)ivq`})YIWv=qYQEgYBgx01yWZit*u|uiWqEct#L4ijx z3RmtpUCUMO?lNP09J{aTYSH19~z`OQlR-XT3Ac3i>*aYpedftgvSp z2Nz6Q;@hspH7#V@uh56CQ&Vo#8w%3%t{ENR zIJ3TLg4ye*yEP7S{Y^>{Q|T}^OFMbXzuHfUuUg5-?a8#oVYm1pDC*qdiZ8qT4dejXJtrFwO0eq#KW zQi-rD8ZQ^kkG2YInvk)3)B2wi_O9Vn`tq88#pa$S_P$JuqUR@f{Mo8-5syjHd3A_2mja1^{6&S1;eC59v3t_jfin! zH*+s;+P-7cCp-+UZRbv^+Mx7(7#Grj%<<>ZjpcmaKBti`3G|V(W7~M78x}Cf^3x{B z4sXnkQ-j+wAg5ysNVEjv$fKps7bLpN&lMT{A9}Z~o7=&c+?*#;9Dr>6LyV;>}!-59a43 z`i+&zCzR5_h1^URU zecg=o(j6opQ$e*DP>mzzBi%9q7k``o+}}BFt1=r$$^Ri_AW`04hK*ON^o8`vy!`D4Ir#x}S z_|v(5pKiRXKY`wcuH*fuA33L$J57k_1dyT=vt!d|Tmf_?o6w`P0;1!CMBNbH(c*1N z5HTVQYl7OI$=$zuPvcry@PgxzV$AfrFIvX?KPEc&%?+FR4aoSRdtKKN31))mjCwxoJ|r zEGg>% z+pBrm(y@ode@JJy{+cA5qq0!t&}ZJmOZFG*wk3=EKGkrq+23^kXV}V*?DD9FVDX6g z0L9uHny5xEz9h^r#(iG(b8oXbZm13^(xaCT`LGI!pPdY*l^DG$00A@syC`ND!joJHx|eKK69dGP0MrTPmv8W zml8$mdRtOL>#nJuoZy01ux}snrXBdDd>5?Eus<4CIK=TQuUo(`GZrB7 zUlAB-jufKkzQ2#eiqFFmp|F6ZYbvoZ8HwN*@4Z8UjVTKJZ)1zHo)1J_S&psrd@|uya^0eX53{8v zh5xOR_R3em*2HuFeR`HOR)b3S8nCsF_avV-L-a3T^usRDeM(_v6+3{$jX`L8(nbhj;F8ph+H6Sv}7a>v2k7s z5`(bl#b~1oVI$@%$wr6mXH6a7u#XgX3Psbm6^SZMG-7Qe_wh>hMZK6LS6K%JHu_Tw zG*FZwj%!*yR@xkYhvgrn7Xlq7Wa1+AW(xI#vYMR#j%(sRUK^Pi6EY22=)>}lIP_*b z3<{5HVzayGg>)?cAh`m_BhTZX_|fi14@h?R0ew2m;0QbyWbkWu@F`6B!ILe>pKpbKJlt1Z|KBKiBhbTm z@Q^-R4xQ?Wy?dxXX<}BdWLMXRTa-dqp~8%-UYIHU&`Tu7uHvBlg`E^$F&4je>^eOrsM{{S*dVS;IJ0Ncu?gS;JQI1Da*yatN zy>_+VhF@nN;dCY9R{&@D%Agr-VBHCyBBc(!w$#7UK9jv=yW4I%M>sIa7S14|{VR;e z5iySG^pBZBEB}8)&!&H)nA$Jk>&*W;2zu1J<{)CknSF$aACAJgu3yHshxDlGdYe;`wWvq_G zE&G`J;~-H&h|7bYnFx$w4<*5tUK?_Zawy3hqCyhV!kopSKcQc2fd_qr6b+fOcqg>< zf8tP*6=O8O6c!HnAL0*s+6tbI93|&a)Km|v8N_~VFiKl8WA;ZwlvtB)Fl&m$P?OO{ zO-cn4v#}aJlqey@`u+i(xC`SBhSCltDck$ytD0KLgZKs6s>|hb?Cl~8V%Dbb?yOw? zbxq8zvXFi;HJ`44_p_VU+fQ}+C_BwaNqWT>rkvH*Vc>isN*ywX5A z3KzrB!y*Ge2U2Pdt^dpwn&vz`YU$*{DAVKTj!o-YE^|x0usSa8fZbCaiPuxcWS_P< z_IsPm<4YzHGVSZPFAtV-_qyXIzPi03TxXs6swal5}{Hf0`t+4HJ+_oL*w zax!~-g<>*7xAPcz?mEab{%Okh>NnAIA}`pToLj#qq(wbpXR~F7WuWV_zXGyn4e4S56=7Q9n@6`@BMYD!vUG^?LXg|Zy z?5I_Q#+y}PEj#@U{4MrPm2Mv?e^ z-Hms4#Xc4Sa|Zul&i{an7`Yd{`iVJT_m-6NotZIVYoOZo<0RA?aUO+ih{CKu;`1C1 ziZQf+7dgi$I&+9BU8pm2j)kqE+~WNA=>xLOTR$bD&5ua4lm;tA&I%t! zi^-+ioXuu;>ClSZ+bb6R`Lpu0uEfih{{1gp6P+h7kkD`IpDU!j&BBnq<)mTI{Mk?Z z-B+nPwdRZ8LkkXq1@t%!U4s!dxKO-1!?0osL!agmKAmCmDI1APZ!`ErCT^Xx34IFH z9hL~=lf+=f0{sD%vU78O)Y$BJQLKFMOxKpa+?TIoPYaFPRk(OuPucn)p^n=+nlmqG zv?aAlX3tz$;9Ru|Em#8<(0wASsw~5W794)UoCzB9KvkGk1pAMjU{)20CU-a~L68!7 z4Vn9QrV@9ig_aFVggCW|GZRZYnGbeR;WBo>CvZV6~{6 zmh?Rt;qhVWT$9G{&tMI+I$b%@By)whP`-fE*ZQpjPtYQRdz|#oDGbR)(>a!e%4Q^$ zVHVKv#95$gaGs;7eErIVV;8GdZ%$t#z4?cn$cCLKpICEGnCh2p!KpnbvxsQX3R)al z)w$=f#SjIO2A-fQJ^(s!OqH%d4z`Lu)Rc^->gy6DzNA0&NS*yPs6a#g? z6_3^_@yhjlcznwJ^MP%fqVM{(M{7U&b5i6G`-`^9_1C6n8k>Gb3q-+!kyREaMzK@3 zNGe|gm5EpXjy`181c}~2WMv&(FEIB8A(kK7LFkiv(6B^M`G+^1n2T}yviVnuxlT=m zOr_E+jx(~Qv(jzZ{JNIP{o-$xT5p^9Q&mOK>Dnq;^iKPwlP7pBs|}znA~G@nXISPmyzp{(ZrZQ?K^MEVLMZ^VElBiORkYogz!q zN|I{z7Asu0IV-VUQ|hpRaMLFJfYqESZF%h%c8R1WsK=e}5s@JVi_i(J4v=%q7oPfZ+HK8wdZW*`e z!LKp8TKZagSI=gc?^+aWa6rr>;r;^l-|tT8e!L-gk5_Apif?85wN)GVxTekuk$Ur^ z^7qXRooA*?GRNRUgkx@44*kMg% z`8v|rQD4cfg=2@>t2skS5qEXP^IsXHr3?&KkLm@!O=Z z#aw7{gsg`9hzDA*MfnEi9Mr;|jxP-i#0@@00`mcpgGh9LJgN_y2_H;JKJ?Rk_$$xs zL$Sch0|m)ZhxR7d+-%9LXY;>ZUv}7Ka^BZT_k(1nTMJ@~`=G^O;5` z;X^6CA6=)7e~E3Jlvo%u@ES6Phs?1de4s!6OdV~)rD#6f{XqBOFer0fXpR5=pMf8n z57{i-ZFs!>qv*%K#dA%kAB&W}HADHA_K%K7WBab%;y%1XlQn%;iN+zB`N1!h7G0_r zFwy;`%kAN*E+y?Xjzh)u)r||`7j(W!qt6$?!jXM8U`GobZx7?MEBM?O=T7&z2z)+_ z#H25r|30=zULB;)*+TeCf7xTuXIGlfX1nP=$AZsA#SaU+3-;}>+#oY^fM2wOO*P1D z!lh*wUh(vQ=$bs{(}~jU2QtS`mPoqObgAf^Lg1;*YLj*Ha(QPfb*x~wAD{Pkh1u7; zfyrB)n7KsjDN6iCULKA7`Tn?xA$BW;YHBs$YyF|xqv!Uy; zbu6>?UqAAxB<1~L;j;9`iMnOwoLM>Z^vPM%Jv*(EWVy$>z)1`9{_`SESE@FUw$pCc484`MTi`YiWt)R}fG z;j<>Q&k>5WJovMT+2;tCWQUVBg|EAI@h*S6<=+iu~U}T>h6wrcI@x%CJ1wQr1?ql}J2{S{6!6(v8OWC@e6^XjB z!xCYpW$ULAHvHSiV^=e;2LbS5(W=sxKJ&vbPffW%_Jqd9TaTixb|nWTp#`ef84g1j>XRMe6CSL=utSMJpQ_QP z6P|RR(pQh2H4cg29eGFb>8djl+2u$+RnvT0cb)E25crfHc&;%vY`plcz6Q2nf9Xi0 zW!87cUd$-^WW&{Dv|n6z=?oj&QznHeYm|0gs9>LKZ~!f6bz*p`YN${4gikI*ebUCA zq*`Jg-KYEDQxFnE@A8e}Q*bmAl{lGw(uSQRHBOW_be~>Wt=Lw#}}eA+&Y zPq>p*OPoOW={5ND3W?t4{G<4Elh{fAT}1L}9?d6_#WbI0Yk*I$6UJL+0% z?#<8Wj{M%X!KxK4Isg`pJPzj9phbT>NGd}OHX;ef!3aktmAjGXXvsg?-jwKHp?V}A zlL*zo$GIn&eblcr@!x#)drF_IOpk5*w#BDhccm&R+2~IAy|;B!d6z1-xEER+*@ps2 z^x;q1Fh1M@9|j^;(tXf`Od)(QwHnoj?L?eNRg8#RG#{jnG5Mfr6UsK%Dp8|-Wz5S- zRibk{du$_S^AvxG)jMqwAv$5&T=ZcZv^cU4rNr#<_0BLp;JRWULUyPRd5k`g=Ofd& zdFX?*=deVWkDS7oiFV1y^TlM3F?`33GwbS<3*Y*kGCPAlR6vVC zu)@KMR3{Ol?2PWl7N;K~wHO4sRFCznrXS2L-dxe|%ah{!%A0TNW4S$UrJYLS=JcJ? zd}6IMQQGOz<(FlvX7*7o=X^9AzdX{nbE~J``*XEid#o2_Nk!dwQ5lzm7G1R-P1Q+p zXwh*cl0|n3i{Qz+@cYabA+d&$NbbSPb6kkbAU#eLQ4g7MH$a3%?RY4ahCU{v=8?E}D&N1yW|_M(yc))H42c(U+8}OgF%jWm0EIuyMDpv33l!(`Vk`Hd z6}sI+QakZFwlYDABw0F0rjF0v{i>>U!{Oye8nb;ZOyBuY3AON1Z@S2GjgCwN`4 z$nAEke$Xa(zyY$K`nqEG!zC`RCb6^AJA$m%TYQoG92F3HHc4YzY3n++{KfA-dWv0a z&&do>e!s+ZcH&1_mDxuG+qdpXKKTCi$?}$Z1M`{Pr=@2ORF`cM8nvAg2Nme8!flEDNoM1-FgtRv9V?w_eG^(-<9X>`NwAe ztUThlaYpg$ZTZ!f*_QmTgv{GJQ_Rvbd_8)XbL@Am419lKTl8^BM}>=mIzG)~pY@sS z;XCa2C~kvV$t?rDQXA|8}|>TJSqQ$7Iu|Y1UaX z?mV$gQ<7V!ZwuezX2Kq7E4;J+f`Rsw3W?+y^V^KqfBgBk&GDn-xf3<7;@-{-yv+G~ zVaUgnfy|Y2ON=bkU3e4c2Hx1ag?C~<2e&}@B0JUcD#cWh8jhUUTG315FLfoNC5v-K zZk@~s@9Vyi*}z_IY&GpZyLN_cguF$R#*}lbrTt`npK|QBK{+M~>=nfLWzA!lRLJ9k zW+E{-PY`16#dVfRq3#>;6|>8iscM7LDiA|>frG+v(tKM{O`=CA((eI%gCoBKw{4oA$6mS^->zQ-1jIBWiBqor>;5>>^AB|>(*Q)ecEy#hIrdp@mhYWp?g zo4KaV=7K0}Wnnpk-DFji6Z5f^2@^@GID#rr9HX@TsG_T)4XV6HVoubUf0H+vsF`?^ zAPNji1f3l=(}`=4h&n%M7Uh9xcG&Uqa`CLRI#$gxVsyG*ePVu7-@;z!Hm8})-=T14B zyph;+#DOcz+r@izwV~9Os>B>2@q3b=wu-+&E27R){`o~#O*yfMPz`$>qiTT=hZh)! z25VXzR=A)gNYqTFzHo!7L0TA7D4L142qK=`G?WN&Sfa#C1O~?@)%F38bFB-JZUXd? z<52Vx=|6i&s=a_XL}45%RcUcR)mFIh0dcD-|0pj6XNV(_mtGnk>|sEq>bDl?`( zOh+qhzA$WghQ@(-v|<82TEVDVR8pu1FUFy2IZZXaC91PR^Z0={?J)OfptmzmulgK|P9q zek~H&;zlE02uI==`pH7nI1CcU0`dD$;_7$?;!sWR5DJVVDUbk~^1C7Q6IgQ-+Re4W;_4CD3OVp-@DPqyYy2i-*!{P zoZk6;f@lz1zX4s+)=w+z68?^zl|n(fp9}wgw)N|7t^NBQTKJ4xzuhGaTR)NI-l{;y ztsjz)0eR&3CpMwo<2&i`r`r7)=$)X1DA!=Q2#FLRBT+kqf0V6XaRd^(aT84I0cdL{ z+KOAhlktPm8np9&y!FGT9ii!woq4kgn|^s23#L4ftY;!f z)(?Y5vseUOvON%pYe=*R;~!<~S9}nOU2)7o7$iavgkqVA@DptP&hPzZ^qVIYo>zof z`@dVi|HCKM@MXxPViq_<7SQvGJSZtIc!pWvPa$P*e`{@T1@s3_j%)Pn&4&K42Z{ZW z{G)9B8dQ+@4Br}H>c2s+A9K)nS z9v3u=qlj?<7pn|IX>WzoJO2r|_4__pLx$M-z_!BIEhAf43=MfWi;J~m%$PUjkW+E^IB=aub z|FzI#+wpx52aes^rjD(6%Z~WwGE^&ziMwsx%So!d236pGIHhe|2(=ZkIRsS6MdGUu z4DXi@)%g&iGsCF}IR5rhiJ&vjb~-TziC{N}%G=lP-Dd9RMtVEYN7gyC4(W=2NvbG9 z3m;HtwjP=)*Z9EZ7$o+81bbOvc@7s@XBN!>XC%(Y!{8Wtp+A)fI)B;0OoX4fwia5O zde}{R6jPTy>0a=(CJ%FYfzO#&%aj~0tv<_hY^TMfrSAoAUZKoVW?ka@>*>42D^Dx6 z1)F9)nz%Xh#Q1*agK7g^wP(+LbWxDssrEJG8wczDjw4&&yevHP$Kl42<1f#grG4|9=tZseCt@p9_C>Runwh#nYJS@O(DO&` z?pmDhwdi%ENZ0aHzm3UW>0Y+AHpP^WKK;`j ziX2*7Can}xo85VA*Tj%9SMEJK@UHAga-n(itnp0;D^m@7PCgK!^tuK$vF@q({L*qx z(6!k!%((Z2+F7=&Shfw-{rQO@UgT_0E{-9x0iQQz>~$ZU-UTd%{OS^BWz2?ad`L9v zV2Brq$f8+%7>Pd?4oie{BLvRr_-dyH?| z{au<*cz<#&Jd<%(hx7K!H4%lc*R0Gf3iEKfe@&%s)&A?Hg6sU6AFjSok|SAcr z=yOV}ZN6KbRal65%7w9GpH==z#whUlKq=s9JG_RrxEq`=aXxQ1-BHy6he`Np_q zgwdz33-WC}jPhOkXVSAHR#gjHq)?_GAD?2Dz#U%x{Mv~-I@&Lc_bv=)nN+dw)|vL{ zJOvlOKRs}v`YEgITzPC=4O$;ry-yFZ^?y&nQ#URF>sxF4C*vJxmJ>|A#v)OLOYq-T zh?MOV&Eh!1A7$oj@1IQb=MFePl!Qc<)BNE$c#8w2`#6E~jd*NL!JLX8Z zcYIsr-?RHK$KKc@<5+z-*hfsA`!Y6MiHUu3`3+8P!SeiOd>YMeJ7&}GYCq>h^H$2l%Qh@0A*f11c$k9}gFG>$h~`+V2CG4~}x^lTg5Y$W$?I%vI0bxX6F(Dh7jJB?}n zO>q^y!Hatu{x-hz*)dD9C-cMsfA9PiZ*vbtR?pdzRXr!HZHq2Pa-`#Tt*oD}_nw}f zxI$4v>)@7$K1-y}4QQBu4T-c@jpg;^G&XMV`S9mKLDdAG8xtm(b{gArn>6S?`OLCD z|AFO8d-o>|fnu`n$2c1C7i~l}xN8{nB}Y$LOCHtOahw!A*n#xpX#aQM2|XXyfyQT% zxFLn1kj@-2I1{V*IH51DgBc@+<8MEVzrCBp>H1y;eb<4$3ZGvJ{Oz`m5P#vJA}!YS z*4SVPSKJlJsPxx954^)eURf>PQSr%eXQ=#(OUlku+>g&hEB1jE^t>73SIup-;vM}d z&%tpR{2GwOad-gQ9h`H*z^|)FIZN(@v(Tx8k6x z7PJJFg}Rl;A{^BIO31VZK58i{vdLI_HvD(+))s7S67PtkKc0ytfUSMcWsZKJFtoS~ zM}xnED=BE{2SsGXK_prOk**Tie%<0k!hX{1JFtvqe=l@O>TE@~pC@9r$?350G|J5o zyRHMRX584yj#2GyoQ|zLBk~LLj2a8VZZpDe`p)Q|-BCasc@#^qL*hi^VU#e#r+uV* z=+PyV0Npu+!V1_~wD?-l-u6-Lt+|EtcN`?T6zFV*XJY-m$xKILA|FHK$T}+*pCELe ziQXfXTH_ip1D&Oyh}+9k%%t-VB<3&@hxC}8pOC2WdKeqc@l34YY*ZREs*NWJ8)Zp0 znuCq776Kb@4YhFvBXNk0tV&3{hIKfG)k@%G(2+R7k8I<6@Os;GhTFl+L<&W-jo6)( zFQO6aIVfV?flpl_zC@wf%$QVY*4gKTzr#W^(zAiC4?p8IWG-I{4S>D>&cvdK)pNL& zT{eLh+_2Ex_@1%Q{6|0)=vZh*@?#*6FuuXA-H&)4ZqXT%-EKfPgj+rbl+>*9L652wz4e z!a5iPbjA;y5pj>AJL3+{2qMw(%V>Aa<8C5Rn*Ine6A=o{xsRBM!xfsbl}2cVZZ~r$ zgdmt&5R%bfI2{bHA4nDq3Eu3V!6cbG5>?wrd&bCg6B4cPTaJU>ng{}w2tiPP#Y}{s zpwOJIw%q6CMEPs~Ej0gMKN7tz^+`8ofi7eLJ+H`vlCl8@W`QI9Wzxay4R$NbRKgOM zD=g`VrH0NvdVd(xHQF;qnUj#nev;I~s6;4nosy#yJ+OztPlJVKT5fR-7#_avaiR9S zM$?g=!}GTCmxNKOUS~hvp6mxx=g)!K&t>+{3^!hvRxXp&wymE%+dC=$X0GL-b&VZA zqeGQ;d%l`}&^=h^YGtH)h(PC~z^a}aRkPri?fegKM9q@zOz|rZnWSud$=fVnSl?ql z+wrPPqK=EhIZY(9!%M6ZHlJmm`giii7_RiQ4`28C2^_am{cd(dZ>?-vT=4$MzSqU4 z@2hc5o!@Vr;$ipXQNIXRPS2IhJFf4&>XQSG#QJia__RiAf5ZH@e>tm9jo-3Fx?3$Z z>u}h&?HoI&3^Xshck9htA#NW&)s>e|J-eA4m+5!&&cbgQCjySF*|g2_v;IzNt*+Cc z359KOtcVWA&xbPFvoEHW#JE6z)SfynWGZzBRwTnv+D6$!RU4ERf}zv{$Q%{xb1Wa1 z&%TZH1fY+c9iLw#z5F+GEGv>BJJc{cT+-;V+=(q9@huSPi#Bq;={_();x~NVfnod| zBtmu^>0l;;y#g;4XQ%9mHgh{LrSdaZYAP`%mn1RRJ#@6RB2@8W9@{e2K$UD5E!*~< zp{p_xRN0Ak&(2ZE|`V({*ff>Og-YA zr5@N`F%nj<4eAq6Dz^%L7Uv_t!&9)f-A7$g%er%G^K#+Iho4O8+=Je|FksMYXnZ#l z(b!3fuU>axr3S>e%XhG}Fc^(eB#NzL(2GpGZEAx=>kq>cp_F%HB0Xa;zNM&F&H7Jx|Xk$xMs>(venlrv0KU_ z#-*{X-CPm6#AB9?qvq*WwY#+}!5U*#_ckkVOg83So~wu6%>eI4&aaoV(YrSnn6sf$ z1M=%Ran ze7&QqAp6Q?#{8dmQZFqxZn67;_K(}dKT4t1bPEx0`T+xjqug_dw*`!HT}KAz6lh5n zq5~@~%JdyxrwY5RJR6qCPju)sHOMHP&zBpn@MwouJVho{Y&vh(RX!=!yyy^YT?Seo zSv|hx*m^qs^$cq7th8_|yUGIUQJilv`6`RVDtPgRz6B&_o2IEP;me;M$78&m9@C@K4?Sc)5_=f!Wu85t&{`6K#18tQC4(7HB|^M!HZc<+-W)%4$Hqr~ zm+VKn-l(^MO<@%W+dq7AjZuy9-GNnXsPCS;bTyPg4T9)xFEGl-2TbjeXnlHEBIrAz zf=*OHBG{X=#&D8LOxel;g+ty)3QsDyi}@8vs}=W{U)bKT$*h03n)Ixnwj0LWx|{s` zw&}PDX~%q6c6k(Yr@rlU+2I?uaO$Bs>T35-Pg!K5+-SaIW~v?6L7pRDVp<$h$9=1- zyRb_jd3Ivsn8M$j+?w2$T{l*p-f(Jus(wo7ahFW}YHh=YmVK|YMGCV^m)>bleAqrO zS$)IXEqmU`PRhCC?i%<0u%((p(!ni#))Fu5v$C=ei$@FGo_NECWxDLgMAY{bs4+r5 zK&kDv1*-AGfjJ+l*dQNZv={vA_=6Tbe*wq`6(s6Q3I2ORletGgq1DuZh!{f&i0Bb8 z{zAk+-!I*CeRWiIfC`0H9s8(jTef(0@k;Jpl2KS?aWTDiqT|Hx!4`eNw+E8gmWmv9 z+86J&w>3=Xz=JvY`rc^8cCcb(zq}&R3U$??er551U;U23bibB>Upg&7>}4PEu?Hx$ z8tg=(}i>JPJUk62M=}$FL$@j0QH+Uv9*uT z+Q=$}+{f1D&>!WX_T4IRXc3Mu7aZ6&xRQaE5-B2oCm}IdfI%g){ko=3g#D!1H)}f0 ze&s>kkv3>Q4|}&rK->|jXUTE37gp6~?#EV6K`SHM?fVH^QK1(F8SGXi?B=4!f^K&? z5b3k*kWtK$AnKF$wuBO@IBTiBWhR2|9ABP0a0hp-QAc|x2##j2!F9CP5zFTcJDDmO z&{-7=ty}*v(~2n#+G8(UtzRY&}0k%r`--1hgZHn8vl_B4&;| z{tkE-v>I@{X~nJXwd?DfsDkNa2SCz*pAnbf~%zgv1fC5$`CEI)emijUfpc`dN5j| zoM+L_|8Wr$o7Q7I2Z0;}<#*ZWObz{Q)xjX3Gil(ANYNF#Gkd_9vq<~~#F4k<+C)Xx z({31f((q|n*00RO;fk2pii4ai4cUI!KDwX072LTd?;e>X>XN3c6O%Ge~Xy^*Nd1dydT`hEQo+C z7`by#AQtS2xL~Ia#njII%6+@xM(7Wm1@r|EWWZp5u=n5{6Mp_XmjaU9KMUWZ%7d{`$=ew$-2MJ)n0nBDsyS zTG>|msd)HF_i5JIMrzMG4z2h1b6y}<6!2!^t9N56B){ayc20Twm~te>S}DldXMJjs z>@_<}&C7FsHE_+JXELp(OI5O46B1 z1fAgvw$wZ3qMZ3iM4c-Q0(lBCNFJqexF>8ezL&G|@d zD&wQTWJO#<$_^<>T}Tw&H7pTyer(Q61dzRsM!m8zhoa22O9ffA=U%oQJ>j~>$ba^^ z>0F+h_mxg9j~lDVk#$LZXXDuXT?yJv_Y;$kZk^2c+vQz<7B8=Sml5Ae3!&v>LqGUr z$lqI8wPamV!kS0T2VSl5DCEuCB=yjJ|IUC(GDj)4XuZ~`FS;5K+j0lomNU$DhMo{V zcyW}{RyH`Nq86Zb6%y}OGw4B%Uy8wdB7Pym5+QzC(C3IJ9tMf1hw-FE$-QIF>vDvj za8qzTA0vIYLML!f_|dxt_nt>i+kCos(KV~e8=Dm0T+ksh&A7V9?cqBe%ygO(^lXHUPJQ3=%qUn->e*#2&a}Gn#oKA zhUmn;n(@073TGLHUv(2yUYm2rT(Mg?^;`+spY?)olp>@-3!(l!lKS-!&%-!MMYGV= zzX|b#8)ua1DIH5CeD&CiBHlb{iJ|m#ySqL#6u6mlId7GUeQ zq4kl~Qw+q`_nVM>J?y^S2wqPVV#%LO_w^a5cN2+)uSOjWS_yxenEf&0rTJs1$K=m5 z@Q1@@s)yEt&kZ3+e+cxE?S0md^oHld*eeG1Qu1NGq~3tYq1!88$2Uq5@_jlIE24)b z!gj8SmzfCm#%lY`-fOp2`Pck&Eka3ZXH!jYB)`nMGCw!rOT*#R&r})_SdN` z-BP9!s2kGuP@naF{I=yg_)=Du!0nK<145hASAIR=^RoZ>^=1)H-F;aL^egLk@tRg2 zY6z@quDy*joGh)fEA z6K+Kt=G=@pxKX|QA?o+RbF^Dn1|Nv%d?iH(He2HrVD#uJ^`%Fr1hVZJ5|j6jcB|0f zBSCB&mIy`kh!b?;eI#PMr;2>opL1qk7}86CK61RDA1C6yggH9n6(B#SV!UrGphYJa zdLbvVs-qlWu$Ot414T&r7$k;a(TQPIH%Nqdhet9K(cZd0=O^A-*)|{T-3)ZPz2vb} z+29kQMjJ_ush}^E8$jQMjB4Z(o7ZhO#*9*gH26#qrG_PfzBg&xcTvtVRUJ?Pijb;& z3*tss}k!#d_F88cNjE zWab`y+LUvg&nVz0^5ll)(4JLVNXyt6HMZ+PF|bp`@ek{p^3=UsbhJbl*;#q9H8 z&QlM}YUBQ?$fG~0^Y_X{Im-_}7?^lIY9QT7?CIu{+MOq&?s6=7ynpq~FXuV@owvlP z8qBMoEU?06ykgBcoyALcG$eQApXYzce&?ZEp^K(KVBm6Z)HejwpzBMHp0ZRSs&R~) z6g^eQ2N>-I|K@F_M{f+|Lm3in;ay8FkOeQ&h8v2I25p4C=Scd(_zMvOeGLbRKzjlD zjsb?k%c52`ZOpFmd+Gz=e^pt-Ed|08s8uH<9@B-Um0P}cXnL*Sfd32^`}FN zEViQ+;f!y54)H7L6p&XS!dSXh|0kJ6cYr*czp2v=a0UqA&EkBKfo$ zRKk-_2eNk2RLb8;5#?${qAd{DL$i1diN3DESHgbM?7LQxW`Dx(A@=he)juwJv&YG1 z%C6N9C<@y&v6Y>p+MPp0cYyviT54rwJld^I*ljb^?n^*i1194|TBE=ywwBnN+Tw}J zjQK((LUgqTSMi`Zp#(5E7C!Sd>bd>!B-+c-JetmG#4PLefJEOw*b7C-ER&)3Ml%wb z$3?h#VDOF5`2{IYv_a<$_yyG4o0)Xpi8dxP63O|kY~qhZ8+_}JQ314Z89wbfoQ?AD z8N429V>@9Zt}Pf=)@zr6jj-Pb8)>&sA+u0dv{8eRIK;+22PEcMkZjyY*ogT`(oudN zy!fxeHB#Iu6wT@4NIaB9C(fpbNmw0(Ig45--3xKYZFU4^#7$kY5=dN8BJRK?NG|8b!do6du# zM|Q?Z44c-!MG68sgJ<`MZ0V*u^9Gy|N8&;&u7AT2bE3eBa^9LqTpBPe5elUj<}(wA zE0kg@r=bslI#r<_io`DrBK>O6nJy*4@-m~ zJbKPdgrA^L+S{`@&hqfdMgJ|7{$DSYW;#xJh*=N;SwPP#a`q~hRAXLs;4n-bim9DD z#h~JW9P|fH8`@GsZ}(eTe;C-#HAI~IvcW(-S&5{*;@y+1S{5q^S=9~Me!xy98t zv3vf9U!3WuUs3#Jjx=^Ottfi8&Spx*;w1M!lB@-fH!Ai|9&i8kqK|o=;r&2%zMElx zR{t>zJe;|&w(OmB_O8~zviOKdCqqxJ%0mXr|DFy^mRem~_gMHvXvO6x3&!MaF#qB9 zXBMx!h0l%&CW6c7zu^6PC2Rd235~Vk(YtIjjD7UO^&2n7p8a!~(^*c#_%om7)v7!N zsqC5ae*I4DxSo{h?6NUrlB?^h*}?6LU3q(UASH2a7<`+4-kqM;-RL+JxK39G0=EJ4hWq4#15 z7)l#}%;DQ3usN5)lZ15koug%kZvnBde%;?&e(iI5$OU}PbR0D8L#BG@Zn(<3nb&oWlyngL z)(c3V0Q8Z2;T~?JFL_K-r4n@3LY=J#>8g6(3qWT@B%XM}JxZZeelrro{%y91ejP<6 zg3cw$G@ZQ{A`$GhXY~@^pZcTk?UCpQGd@L5`Mr?){3&ssgqi104CJz1S`)lv!N5Da zx+xcPS1;Rinq%2q`2?x3nU^1&PEp->sc`RPy9cuzcqNyuR_4u>cb_ACo5k0E_WGt@ z^4yn~p1UM{J-#TnX6^KM-|9NhdWokDdXTePxzCDF8_T?m@zav9ie8HGb5&wg+j}7r zUssMAKWl>MFf0+`XJElh#Q2rk2W_6Ma=8%cAAmk`{HBdZdQ1Ux{Gyja{8mH!IIIWr z4dO?rJqL)b6%1QjazAm*t4Ro{brV#!K~%;Wp`QjlppErJAhVn*p9fY##INAMR_|& zs;!1NxMLhFvuLU<^;Xpjm7fR1G#8G4i(qnOHT!IcIM@wKggET%pb^z;kce^k(_m$r z!}DqY>Cb^aavaVOTf(vU%r2v9?huC!7zgc3G}WT7QpD72<^yr#1NMI zZ-u+vvAZ(IHaT8yE9q@UD-287|M^8$O}TFip_&ItwG9x5RE)!_R+?%WcU8d>WmM`1 z!zPqW)a5anStEGDp_W z_hM=P&CGqjgifhXDi`~z!hhLhY_MfD#aR5iXzi(7yFH2F@)qYFAFT^SD-1LkPMjpG zrrbwt-ShA!Fypwi4dU<;@+=oGo^hMfwAvj~s`pXjHBF-$t7nhnEls4~)Y!s8CR6+q5`}m=2ui0&fvG zjz(-di^TG|q&QHCa3bKe)kBFIE)2w>n%W^TkNydd!4-@LX!;6I1e{MR;)&^0s_Lc1 zp^e6jL~@^1?jvq1<^6lgi|X|&@EUJBvQN{e+js=Lu3QGhu^tTPn39Q_(ZA5f=~Z;E z6)9pSosRqv4dNLmK6Ucey-EvzhtD`6eTFCJf3|g3OtQ|lfffXC>&|nNaqDilPgSo< z3%Bk_Rs-_L@lRTUc8evD>=pnze0D=fG~qB!39whpa32y`qd7;}y7v<6w;OoNh1LVm z)-7l&Zrv5>J;2Z(?ff5a-LYwDXnJI44v#};WbO>(Oe8oXl3+u3Mi-p%M`At@M_!EX z4@aWnzxQvcVMTc&@foLj`XZ@{AP%>6$5uoSG1xsM!FwgKl^fSdl0|}Ka36%ye8G=u zH`p8ilIbGxNG#_lTlZcmB<2xQ9I63b27^E)LJ*c6VJ5;)uyv2E8?U%#!!GatZr%T{ zZ{6=3L<(aToQ5nIxj&p*iCG{XMd}YzldN;$l_w$2_;d9Bpoh7IM5AMzqio$d{g8P1 z-yJ(@f1na!)1XCr;8w4SAOe4I>rTrpZpx8&Tz`+&TCciN`{TnYwm+3iV}9%rs~dM) zx9`*HtcVKd<+iIjH|pyKZ4H<=;rnunu-hyz!{giK!sZ0YpR=BGF8ufgo!H8I@saWE zc^k^N3%A{!q5MHM(CyXKhG!Owl@cA*->*CuF%hdz2cVt zk0*=&RMhn^BY`J=ThUTtX-m%z7cxn}1*=1jZn({@pd9Y%e&CEOD;QSGQ?hDn7y zE@<{nCdP#e%;Q3?hDoQBI&R&&2ABAQ;{x1!r*Ld+v`luJ6LFBp4xo>m9e1}Ny%U#= z)TJ;HODA>64g<`NV?OlkSVhZ@b|8*CTJ}UCF(1zc8cKxh2uNopg1rI{Wy`l6_>s4+ zNcisQM30&2Xt&#v(Ut?fQwUYENvartD#p0PI_E`g1#FIl(Q*|M$M=r5#OjqMh-t$T zL1+CPbYeUbQRhD^dv35!vb}@!c|ado=hd=Ex4%qM#Tayk(?EnckG9cONd=qZk*L+j zHOkg~I|~wZ?T00T&O6636Tx14)ftWbdF_&WWZDGIcIp2(R_aB#w-uRuexcJW{{}~+SB4;B$!I7M;oAA_~y*M@@tXeQ%s!sdN=h(L781l8P7 zwFBT4bz|}707cArEfTANSP#wMMY=0Wp;X2b{a#XHSR$x4*O-|IjM(>~LVI($#u$CO zbS-T2L*BTV&KvjFm*@M>WpnGetNYz~r$@C$>lTZ%$@=3?tE;G*9}Eg;NPQHUnN}?F z<#D9t<0t$lEiUkGS^whsuS$3fMi8ZyS(_` zuHBr=RG;nEUo)AjI%c1?bVo8rW{BY4^(Pln_FPGOk@DMQ=gs(wZ}fW1Gtt|Q2!=w% z&|Wf~h|U#Kblgljoui?bbRA=%N5>MPa{!6qsiPHEdS?*C)58+sZvLXd5)?$k3W=Z} zhgYEU-br27ZAiZY^pShX0b;G8Kw4`!M?<`QA>Qo!bLr8^#TJk_z-TXX2EkqMn}of8 z4>QMmkO&+4l1t1)wAX0WrHXmHvE@j2J;z}0P<@GBed7{I4PVeV5%oQqPuJHP)W}6* zOcTc_&+_!nM1AwH0Kqs4QHh|hI{gNmF%(SRfF6{bN%tR1G~P0h?5{3oEm@Z2vh&gQ z_*|u0p8C3$lAgTM#7DiA0bvJ?Y-XibS^(q8{j|9gl2`u~T$_kic}egB3($le*rh-9zqU8$@x z3sGkFmKmXtk&q~a1`=5%*`q{cCabLMjF6cgzMS z&-d{@j`KLjbzIlAd~j;5UWxZY2&sX+=1i84Hy156`Z0u$S}0xoqG9q^W)3C)Uj%+4 zS;}HzC5W$-M<{2=NN{2kIqo)|r-*5CJA#*?oR~q4Ti$=sH7=cfUR60ss`ljuRO1Oy z<1g_5Y68AKhH7-PqIfUnseUf;U%ns=L5$MYuU@iBeE7ti%#iEs?Mes&X8jJ7XaI#Bz;zyPHq=__s zzx4^O9nbEZ7|=CUnO!|-0$E_B{B_m@>^hnQSv(;AgI!jzmd6ilgl*Y15A3p&1BiL= zHY-%%%n2p0feQ+gkfRq7YR`d6S;0%r*u1t8doDplfPvR|x61j}oYATBAX8eK0+|Nb zie=?y&8r@41yw!ORSu+jo_nJ+*9xfj3S|3Pi<)iq)NsYlftElm&&^rmJdRAOD|bTQ z`mhd1Ns3eBr+hMeaT&Je2U`2P_ZJ#qYsGUYD!l?W1;CmZAE_Oiw7^CQE<{WLh&yvj zRQ~d-oJjt@DEtGq`L7G?=N_H4AY#pKMASSk zC^`ob-Tza=y{ReW_!!pm{D~t=)h?^|bL2*Hj6~u17;r3txjT$wKS#mci2FD)g+avo z0w_8bAvwZ$MbVMWJ6*kd9QSX2ML26a zXK+IhqL)nI{*P@4T5t5s6N45y;f7$J)vgV}!$fUj03B`!LgcRi`7b>eoX|Oa8}fF% zfWo^Ipp$@coWlO>RzyL*02v~Z68`I=$Hgj$ShTxl9C9UrT;YZw*2yhz9VTjrJpa2l z1Yy&Bpy|IGLw^7^9r2&g+jIgn1{Ca)klSw!$)MSnz?gQ37!442($L;O0ku32av|bT z_?)E8srzn3upyYMx+4z~@lP9qu$6;EyLj&naNvZ+YS>CKY-M{Y0VNXyl1+jDAMoPY zk*ou9hlq?M|GMaLu?8X*YWxuqIH8#+pop(IbEf|R`Vm-tJ4 z8bLj@UNLO*XRj$Im`V30UM&J8Q{XKTG94 z=s!6V{-V?R;ef{(e6d2c73u~_MFO2Hg>%1e;(w@1_6?H1)-3Xhg8Os0QBr?&v`J_t z_wms;_m^%67pN9Von|IHf)|2&#HVI4->1%lA7f4B1dCNEK@C%$gO3qj_2h-Y-f-rFFFsCNd*IkRhic&W<9q=F z69VJXx+^hMdz9v17dL1f!3lNc&_Fvhu30Xnd|DR0&WVYNw z1kuqmy%QZsM8KEmXK^3HK*6$`{)p}|+l{N%+$aTz< zZAXGi0J9QOAl1U zxJBghqX^zMe3$>W5P|<1arPoYJtml1-TSA+hVcu;Z(f$F+TYovVREJ@92T*O+lMBsD~`<<-2mKPY{R?cupSO z8e|OQ5>vh60Emxih^Xp=j{w6o@<3UHAP}w{c@VL^?T?7yqQ}>#b`UWkA^PdkJ7f7-l23*?jA{(W9~0~T+n+C(>S1;ETg^bo9fw1T1k(SSu5<- zs#F$KPxA+4dqGwffYsma+*i}K8MO^aJ4u0^K6_a~#3}z>h^T%ST>OHJBn%Y4+k;5@ z0xJdFw>BMtjWZyUFd-s(z%ImnzF?n*h<682l=}iW!b$;jYp^Z4K~V`ZXf*D zOVkhusV3yYpnvDCB7MUM$_jLI(YKzdGHz@D9e20 zQ|}?)-M4h^8`etn>;WzK!G%HfpIB7%j%ll8rbe_9y8 zR+L}t;=M1x^Is#K!1SL0hmzgI1(HR>g@M`kJ(96PMCW9Je^d(OXF|l~T?I?K5P=g+ zz}g;}d^erI3SNPQLHxnh8(9mqU>H0A_KDCCXa^8E!wcfg!xMZq1*xr>#T&F(qst|$ zvvro~cvjS8bC!AvcTS%_V;SW3*@-&yB%`*DjqjCFISR~%yboDx_d8P$Ob-vl->bY6 z`#3sN_}-ItBLszI|LKAjjV?Pje8*0inUz=V4kt4xiefzV=ue4X%&F{LDk)SXx9eX~ z4WAe71crm84yoWE+TxOOOZwctBt@GVskO!H2UcKyU?(Xtk>YGHdq$FxVBqHKICEY6 zlSNWUz~rT%&sDZu??c8i>;1kZn!hRhKIO>wP5X;9O)ydIeePEuEVFV1f6r=S)P>({ z%q$60lKp=5$iiP;xAsi%CO-dmCnBvD`B_gkQ7x{GB_StY>KC>wwk z_;^lcdc#`q5i2noZvun$a+r$zT`?Ow1ZU*M8k!-8L!qYzmd4AYlvH{bf7|-&hTj>+ ztZ4foa4J4uzH(5RnFzy#{kslT6GtLz=wPJ;?GmR3!`Z}FKSW;FP8KL#!t3#UXM|@R z^eVr=-y~XOFc&lat$-SfN$&61Xe=K3(Ti>xX*6#$U(oVkqwBVdMGT3g8ZjBosE^-& zM}ZOB8>&Uom^owA5b`o%_&nB--;K6faUUyDS_a0HH6BUnX^j`eJfZQPAi-m(A9@%J z)$YvNHK?HG1*!Zu$h<(gH!s{OsZf~DfeV9gBRjoV6{J!&fQ%{A$RB`Lj5`6*Cjk22 zqeH|LqI=rz_2qmHh>mI)9U7fG(ZLRUsR|J(-~KCGZrzQF;E#wPI()V#te+{6h=4DV zVsCHHa0{6{dcvU;G`@TFuocDKw@5}+MKC`Lsmf6lRjPq1fHz{yxNS$3D?k-?h?pet zucFv|^YgVF^FCQ(EqM;(?Q6${{xCD z)u07%6Gou(fBH-?(AnY+K$L&|uOe|PVxQ@FAfiy!uG{pXdR8hw2Z?y_kBGnzUk~pf zYCuHjhnbYM=Q>g%-;jI(`rrM)n+DN+*-`wk2K>+m{D7%oy`!2SLgbSMM5L|$*UfNe zWFX=Pl>9osi3rYJqb=`61boAd8hi{RXV*rvx>Nn9F=GwxNRG%$iwRm?xiw3@@GT-g zxH7&l2~*?QD{Zr$rQX5VO1`*P=TrKVrDaHU?;4I3eW7ntk+f4SeTZ;>iu=>$D=nvY zoxz!l&tokk#4V!}3P~S2=tx`|Z024ndOOljxblm@zGJeSjew;*VOFi7eU4*6)}LnO z%mV+*Q=z`b-0$l`?uY3SB}YJO$4z&|F{*b2^O2jRtMEqRyL(Arg~9@yrOaObw&NWG z;2lAT=Lqz<jYVo}Al80)x= zr!lokhO!rlaJME)UrrydUGZq=H}95XB$Hqg6y>Fi@hmYpX?;_cV@B@uIDe3ov_GOQ zgFz5C%_2)AIDoFEkmY)!&c})%3UM_Pp~KlE7xY(|B;(bi$u9+OoRvIGB%)>UN?v|U z2sgo|g1Wr*QI*p&A5@yYxl% zp5T*qs0QWE{Tep2=E4iDM6VQh7VzBb9q&1VcrXhDh^{u9_n>eAu0&aufpgdSg-CsO zU40J64X+fW$AG?Q_jf$z4D@vd7~CY@{pSV)FCF-_NK^cj(s{MQjz zgTw^B%a~CPl{Y%nHI0A1uKB$hvUmts?8MDJyPS|qI4N$FsDyTXhv%-(3GLYR3fScg z5i{#>{Uw zz(L-xN$*eUspc0U)f?X%onGI8dIey1GplfVN4*WP&!8o+5Ll_o%9Kjh&r_Xpdfd~I zC=$yP-sO3?(iXPH2U`2PN+B@l5HYp>4Ugh1yCc!1VZY&0z~}gv5h!v zi=cFNX zGyD@_!9Tyx$1l3?gKa2&Zb0E5p9=Bu|M^n~i)$t}#(cuOfBqQBQtU6t(6)bk#bNf$__Ur)ga|8aHuXgyNy!;~yAE3ASy-lhhy#LE9+Yn)JW$pV2+Xd)Y?uj|T~X3{ytAV~ z9vCQ=ShmhGfV^4<(t0BTfn|+H9&miU=p#A1_m`?eEan~DKR~lBM$Qf{Cj3G|d}3Q^ zPYQ5`dC1PejLXEx*c|ybx2=Vv(>0hBQQi^|6-0eYi2u*I?|*B4J-(Gfx3eT939>EB z?EkR^e#gWZX*`f(^s0#?Oi@No4qWh8G5+meVQNCYyOS)rw(=(UKJvTZ&&-VWCP@GR z{|@zSFvNiW_<6an*;%{s3GfQ-37BmPhDKZh#wH-QgI^4-?XH_z0IKkX(N#w$BuVi5 zHp$IjktE@-nJ=g{1n`4!J0Gd~q#X#?bXxLV%M{JW=>|DViQ z5EOqL8-ZUsmA=qe8pC7u3=2=+aKx3u0y1Q_I4jL3802omsu0UYoLwv;dcT0#dc zfdkd6=!${4uqF0gI~H)^r$h?8+5mR8mTD7%^B;6EPWRL6lPkBrO^0XWjk$QWJmnem-i;_nWAP;EV2S zJ@n)gVvob#`Y?=37=GlYoqvxd;wO+yKp(0iP5E7&k*xVF)4_xKog3~C9Y5RMIoM_} zWav{pt9Zz%@uz01Qbx~Bk$A52maW;((b&qKuzry+5h`7H`P%O$)p%MoyYEn|Y}nn@ z+9+y{va;dVZYk<+ZbO3HdD3EjKNcqDmu5H(h{n#;`o5S>|7Lqs^5Os{_bckK!(Oz@ zY(tYR^Tk5TSXB;6t|^vN>OR)^izZ*j_3f1SJ~S^h93PstoH0u-Jm4%od4^CaSh#qk z-9nzcV6?nP*2{S8lCYGHea({))n=1x*(_q!Wu?d8KL1jg71D&rd`+onNN4bdM`-X1 z8hh1!V%xQ%a~p!+jcdv3r2>){RVKfADtkqjt46dzAoWsC5`U4dEh8T`mTvrubapBNX7-8 zWBJwj^-5yF?utP!Z#C*D@J;i_uDkWuTzE<{s7w4t)XZG9!tPinnZCM>utIn-?Zace zfz5G{fQW&Ke?$bmBzLQ95A>2AhzO#V0Fwb3yTP3=Q$k|;=u&UGWWBMzdo$11Vp=Aj zx8UW{5d>qIQe(1$TV%jbw?w`v*RL0c--nx7jB1EPMBZ#+{+dh2%taGaYKkpt0FpPVsZ*7%*)$_rG+SJ<^9BOE1^f4{OF@= zj_6yv%YC7aQs7=5ap65f?Qo@vhRY)IPA3GgpW?;i=&P4c^0MT5X*W#bDUeXfGF%|@ zr!;yls)eUi??xQObGPf13lD7v21Y7&=i+-hRTu4$)|%JE3PW`p4_foTFY4rBq!1^m z$+y#`cSuT)byJ^j& zJ#aofD0Ti!JNAQ`6J4(uKjW)DDlNAq9JC-iaO8WI#hh^eDz&wA;|(Xz+ky%`!~_|| zw^$o~myV8Lx7O(9l+1IAGdr(l9WyycJb;ll(6OMNY}5Rq&33~ega3?P8!un(FXLGG zq%nG>XLReuW+&KRTLg}GQ9`G^a7LB!oh<`=$n%ig^ic4O|CAu?!T%ueuNBErF*4?Iw_;{o5m zJQ!gt^&rA_ZDOggJ39*Xcu}Dd^v&&zd5tj2Kn9k?J__DD1kkXzRs!Hx3{VvWzlo@S z&viihvy6bb@*B37%(D46?|9P1NKRumUp!FyNrvdo;YTvPK{*l~ZE`la?q)2EEnTY* z>}!@^7Ga$fN#-tpX&HT#;Ki)o@37Mmau0OJV;S$YzY<)(a$Q)Jct%ZVXo23egMa1y z*ot=)6?bIxn{^kdQ{pKr7T?rQGHDLZX0NWhHd>Gig=mQ1j*S@6WwE4sQ%};{OXtu2 z*gVP9iO#0e-Kag zYjU>iyLg2`FH_hLXf&i)swX)gFj5)5-F+vDiLJOd|3P%Pz7$q%^Yhl0Xb+NC+437F z*Yxxp1bbHB358|niRG%X8x8f`QXRtR*IyV3^sIcf{DacVxw!VNH=}S^*x;db(%|#h z#SKe0)0+k;-Tbvh?i(L|&*=2=Lx$M|i7kEBCF&e)**dz=jba_Vu;$CR3wsn3I=^>H z_jcV+!aY4)e{sX7UhlIu?x-L;qQt%J)~k$EBOTZ0(FG@(~9X|mCJ?@WUF zaRtfgDQ_|^)k%uRlcYVIgqabaJrk5nB9o0ptiL&+88?(2@$S+RSbvZlpf)Epl;pzx z(`Hmm_^c)0I|ELUhdA zUzhPJXk|xEj5*jFze!uBj`_Kv;LHDrIlTL`j#lKWOX>1YZYZ6Z)LKGFOh^4BXj*)( zH!#s7pjSTsp7r|7azj$<5I|d5%R3xjp zfl>AQyM)aQ1+vo*Fa|cloEK&fMpe)VJWxkfgtVg~%z3Bb4$rP}dJ7SZs@Xz2i1QE; zVxV&7JFx2t=KUudkktd6w0pCvnj6Tf;Nmhgf_mxA765t=;5`pHs{uq?&=frOaW=T) z1UYjFqHvx>ssK2Xb8mCjrGcmbgX%!TMRUv)_o$<^8ueX|abGxSovVIb<}+KZ<>aGG zlwOs2RhMWgRoN1@Uh{8zkhKe(yQ(4J92(jqOatwyo84`XE)7JC#@uBOszL^V$g}kv zzxFEx5W%=}0Gy%PT5AD?bZMYHkL>*CBPxUxRIo;96Alf$uGJR87{I&rH8s~b>VkQChjry6 zRb$YB)1tN$8}?5sd?wpp*Si-#T8Mw(d@(SpW_FL$}fQ5^r6agnL8>EZmG;L;bm~_lwWG+arNJ((&BNkT~p+NwKO#HvttW5 zU80iCjRsd3j`Xu1bD(B7n-|SF3|Ua<{!4BA!%*#%A{1@(f!ggzwSkj1SC6`UAa(~K zq831W1!ffRKvf$p&Q$;+N(lWC5vbigycZF?(i;Dcf20Th2sxjQHqot+nDI31ZkM^= zEt%QImi@OzO1r+RJTzN<74xom;&wuwO!G_hDgA!Yl=;_}Utj3wPm3`OjeHz}7uX)2 z<{Mr`vch~Pu>G2hrBnZr(iLMZUC$csxkvOqT9HlGIJj#}KV(YM-lmKS&*|~g5cWKF zD;~^=w&|ib{YCm~c-+aF{_=}}3y&LFe`V%oXGt`aw-f76%(oojw7pAp&THdV*nHNE zv#rq_PQ~*_W=CT*2Q>z%nA7S!il(d1Ce)lCoA@nqmdcady6;H6MqSm-BI{~hg2G?e zUbOMYO^T$BMtPBI=$4ZHY?`viWu7-SdZ2vr=4k)3k~1~kX&;-Ij%AC7e3Knm>+D^y z{XC|w3TlFmi)I8mQx^575D?_2C~FJ~Rf#I)rCJ`F!NU?p6g)jQ6n=-W@xH5MUQuJj zC081;ancu}1ew-hDr5Q8t8HHh9}rwZXxrtAI-J5NeGI+VsQ=HXMAm9>z;lhe=A3Hn z&W<9rAS&sxSN23DABX@3!)FNP8b%xoA;NH#WD=U^C(_z7zM{SB!yIgMHxG=-y-V8H z&KdYd&Ae4bHk51vxi8QQSo}Q)5J|uoO4_+C<7N&JsjWy>hqWB*MG1RjXc^dLpn!?^ z3h2NCH7XHRwC5pW)Xtp^_8@|&Tsg9hXq*k>9AJ2TDHqhiW$jd^#JFtsmHX5oPa$)& zgz0nak>!jwgQ;sD%2(bP@>!LrvdB@YD*ev1QI_R=d8o}yn1rMMP^tV=n&V1Um#oYi zONK4ao{j7*#~t~|$(?z7HLr;MB~DgP$+-S|=U+pa#LO1w+wR%(_ubE%Kj*c!yq;j6 z9mlu%0)ZOzf}r>6+~bOw31_GulLjmogGDCPT^m> zx9z>gYS}Z!@SHHt4dDz7owghHW%ADmrINUfnu_)2a;6CRVQUiC{x$lO|AwtS+qvcJ zrlz7Gcc{ZP^~M{o9ZgFxbQ-H6;%^7cf84}Y=rlyUrN1|KY#{uI$Ql*SUDf1pL{$gtF3|^IMCC6f+EK9us8|9K>xTb1qP|D^Wfa9Pn~1*oxGJ#NJ7{y36{dv z$3W|U?@eN9uyyyHdfqKRJpeXoz}}RZx~-}SE$~wxM0_xUg;)pq9UdsXi3Dvb!xkc9 z#-R9V6A}2yb*sKp_RJa>5P9Q8w>-|aQqA{j*={ilF?yuf5x&xORFWJ-v zSG)<%Y8Q2pXR9p7S?y}%d*2}EWF6&rz*k_@tCF%c?)Z%kL#N6K<4A9UIa>RlMCnc~ z-^J>B9H%*&W@)Os6W00}f4d*OYsiBp%4JkShHE^#+}s?DuFoI%&VpUwIjec}@9e{8 zVm-f|vtJ4*kY@;SRnZB5aWpT^CB`%00%l6?#pHvd>i6+S>0Z4$i*OmHDax1?=im^K z60Ov@5>s^jx_)4G?|aj7Ov*Ak(^0H5t(ul4p&1Wo)GA9JR@aTcz0Q(x8M|Y4wSKhd zjtfhz;pp5uPVKc3ae{{tN8TN_LDUZ17Y{J-{yHp#T~@FWYT4)b(lcG+TT{XKn0&CM zXexoKQqvUa59^3nw2wil2~S+^DLkH;l3!*2(4yiWfbb3=@^clPX$St`b#7YvX@Z9B zLMBDQZ&$n+N#Ug>k!??JQhC-yj(?(`x{{HL?)E(eahhW(hF44}D z@g`{@FXybUpE1{k?3)4mzw|e7k0e|&s7KnHy}d(R1@yNMpuerY0#&M;SRyN#57n)Njqe5jFa)NB+u4Q^OJbp?-ahbcJ zLu8c`Ly+)y@oILVT}6PTn6l7~dee#9Z4XC`>dy3NK2O)0JY}FLdFyuF3GMOoUG->q zRCT{beYGgf%ss9QNt^zfuvxtEON+=|+P+VA% zb?=~pDs`mo*Igq5=)RN@xud%P(0v#pV&B9?fI$&?pz4nB3M@zJp0ihXjfidC-FI|v zA^^Gz03cEAI}&G1>~hJ&V}kl)Z>$wPy{N)f<~3A)PcE42vK3|!&7+vl6f#%N+_ok% zw7M<2dP(`L@d{zkvnxMM}~C1>ERm6zbEw9Twwo)5IGfrwq-FcEhF4S4K}PLIF} zq;7e8b-U!ety}8(J-X!s43dgNQd}>&58aC{@IH5W&0N0dL(Jr*W7Ez(9rkv^SVfxf zJNPuGgB+Y>91k&5er$R)g7Z_sTbMqK>>SzyfdQM?6a&a?3NZV-truk>GsBxGaRhAz z*HaR&C3o+)^=#X}A~VVkBGU2w5fMbD6gW4yTRmt;+Z4U#@l}{Z+~JiCsP3_u>VEc{HwXY70Kt?f`Bruj!9?eK(+vk918x#f_z)rr zfNQ?d7`)K&e#O-xD6K-(rCggZavK1-1<7uNL?|tiXoI23`L_-o)I*2gnQv zNd!U)A%wL!08t@2f-Ho zIRh2;a6S#tnL*{7qe|YU3IOpdM23h~y$Hlrz#Sg@5Y-AJk%*W6h)9KSq~_m?xWBer z_!=L#`88WUK^H+nJlLR@G}?{{`@|89r-tHaHlm2b48$?;BEfulUVgJdKwk=)0TF9u z(GcE%K0NjzI>yr=5ySq7NQL=wdaFZhBW~VwU{{s50FNN&H9k%=N5`wzEI7BT)&+P( zc=!yRP4!JJTsir9d4>6Sc?Ed+kR}cQLjUkm6jD=AIkCq}2Ea?kNH0n3Xxa`*K@;oc z&~_>wQN4uORrm-Za@YP15pQch1_*{k1SkH|ame$J3$k`ya7biga86_jjfWBZe`&=d z8t~o!Y(@DWY9#+$U5@%iPzCzm_eD?}`sXk1D#iT!7j_l2@2{8N_2J%XcT}=lRjhle zLAT0S_q+$|Sa;Fdt|SE^^k0>t$O_s2`^sYft0wUeHHrUgD+poc?*f_sJUW<9fCDx2 zqe~V>!_3bI9&opNEV+V%9819XTzh2iSh8~!&CZ1a|8*6`UQNKoB>&s}yqCe&WjUKH zwy$mZZ(JwwKYA4fjI2*@|1(S3H*FG(r$tVi8c?Q9##W&^;2yX5s*>S56EPh)uYicT zrDzC45U21!MMPJRr-O(Zul|Tgg|BM%X$MgsB7#{kEiU=3sP}K2oLCvtnTO4MN1wsn zlN0}MFFxD8z>IinI;P#&)t}7no`5 zgBEsbl;O4&!&Z~9B_A1d#7{JE%@H_IV;ik2{s@fiOU!#?JJ1*O7B(*s+poZ$30%>F zR=hxLgH;?_A|5^XH`Fxt`GhGwqa`l>599Nk*$fZt^FqsqeDC6F9gRM98AtKOuY;J! zqdd{3Ozkk{H6;!|S+7oes1?j*&@FM&<2SBMK-jaoQ`vY|%dU=u#Vyf2TMgx{IoRO! zq>Y{MoBwjq0s7?%H%Zai0L`Cf_vJXsEROo+sAnFq4aU-WB#BoSa@;RXVPfI)F<#uG z!I5F>(kv8SE#%MWr0p|vdffV%n3b;l#@L)mgSbG9`O+NR^gQr- zFZ4cm^%$E0dY%{iOk+6Rt2e!QWwl1Y_P0w18$V7*;Gz>;BUAs*E`-d)v$A{aY zkr$}Dv6iS6(H9Q+7V6x5gZsno@)wKOAuV6|vh0E+w1h;oIlcUbd9J06s4$(laRI?*M~1Q=45?dA=iToe);K!hSoebV>bQx<>;3)$As_|npTt0mrQ;p zkQ}5SHnWfwnLnwU^`iR9Q>&8`O&?wncbCr=O?^xvmA^Xc8aTy}RUx~Q=%%lb-8N75 z+_IS&ir(;pEXWu7dFzaM`C2~Vk{F!QN`cWyt%%Y3;{l6=)>yYznh!zNwtQ$B>23at~l6{N(SgzY>)op*Jdu8Ok z*3TsTK010igNHe%-e?=qP2}14^xFk^o3TA6i&W9nVdd?Zr|0(mQoT0Pf3K(Rt!m|q z#|`9D4JY|=x^! z=$HIG;2^`J?k}tQs3$Y3*y9Gq;-i@n$``V~o>xpid9EDiLKoalLHjAGFzFdllpDsp z{=K7`SOkF-u{TW=YgeK~aUt2{N6;prgblPl4BZEEJ( z0ml8MhkTD_`UT{1SpMOPHkQzu3LJHLCMOY_5Q|V zbawshsn3Kx=JrdBoeEIYtc#E?e2g5~K@G_6b&qb9GwD47kac4OK~I3=E$A(ypdYq@ zmiD#qo@CdxAjqBH&32Hxw1V+Rk-fZTZ=bwJ0D3uiNHGx;Z{kj$oQJJI&UFCM0W<}V zeVmO8pCCDd^8|Z1w{3Gaf4swa3~-)bVriu=(7BL1%xS*NC0f$u}_nS@k~ff%uqCuv=KR_^$|`Sh7g{OqhJRJ?cT?hx$Ud283K!Q$5RaZXIO& zYWzRvWA#wQE%d2E*Q~eUi7(8xjr>tIagFb$0($p3BRi zN@gW|CdJFK%r!Z6!b+t4K?_3|cL^i4Yp{XKP|VHxW0HF67-2mJ#O|>F!V`3?rholK zWMS#UP)Jbaz3&p~*72rjmd}|l#FU*87FIUGuN23=x*;MmbBeF_pw}XM-^D&{M!n{M z^97PKOOZKd8Pt3=T6Zy@rKybIw}yu^_wh^Ndq})_GOJCJVt@X859K*7{H~uo=Nl;~ zPJfMM;!W=Ah;l;-mEnCjCr78(B@LS<&r@PyKQqo$&iQd zMj*R*?_*z%XdOcet<;i>i1prKU&E7Z_a*Z)J`s7}J#$#>TySf6`XP5&ylJ8p$^>om zxrj=7qFdLpIfJEJj=JF<8e{shc4e)*=fsRYrXW^9FWy&NKSq7-kFMX?p80Agy=|B= zp;B0g8p+cN$eD==V-K6Su)=rsYR?;tKCus7`93`b5(YZjCs>ta7=n|39WB<7Cc4|2 zN^@3vrJ?mZns1w7K-MeX7@E+d?>0_ZpSgq4qc?DKFpA$s;0gPDyHMosvOph45mCIW zXRfh@*OzyYS(D)3Xw!F+p8m@DT25g!)xh|Mn`tFpI_}S#ksJvf`MI+%`8ZcE=U-gL zuCJeU{$1&L5&!c2V}80cWWNL1SWgELsB1jed-lQK*Js0<5Jz#sc67npwBj3hBJIX! z;X0K=revX)zG{UPF)j!)XqU#%I(C$6Mk+e%zVOkGue%y|S>?6TT1$-F5~0Q|Uyi#` zafMy>0T&-Csk~SAyywQh?Bn#)V({d7ivwSu|B9nBl-8CFU8b%iHsJ3ixT>N{a+7jH zJ>l9h&7aO<`Pf>{N6x%aHtJ`J64WjKkwotp%XRUh%qK6G>1UA~m!E~pB)u(rtdOwq zy?aUQ&S4V_F)w|dQ#C!wwLhEEzva60l--XGCx0wR_XP~-gW{!@0hSZ%>dJxsqpp0^ z=56Lwo^8$qFusy937)dByMcy?FOPna72UfWtW<@))TP4|%qJ0B!BY=lIz z9{GY*p_d@eZ$LFGdqgjr=;FtYyQDwJ7aod~wUs?5e>tTxX{(T%aQxJxZxT`I1Fbr- zWtB(VZCEE8Uj%S}sx@;ha7;5Nk;Ki+nKl)>eQk`v`z|TW{6!%1nLdv!-TMO{Mp^NFg}V~J_%GUw!Z zu^q;r_{s_lvg@0*$9iQx^*>vwYINhR$z1cs;B2@FYyMb3_yf+VMv;42ITw}$2;G?F z9;{TjJs)s=;UARWm%{ckfsZ$*%s=65^v_3zRF7X=n_kOJ`XIp56!rnJ@s=vU!sEGF zXL!a!_H&H|3Gc}Eb~lZLPmYGi@5<^p(zDM*>R-IlfD`R|=j)9Yf#9*{mK&1x#nq%Q zS7fS91MF;ACm!0%cqtiVt&LR}yWeFOR`I$ssla`N-Qu_Z46n+?)?sQq)sb*{ijTd* zeaRV|m-R^0co%Lf3yT|?YW+~Y!WI`K|J?R0a|nBEsNZ19`&7x-$GGB7+}C~d;Fj8G zdYowIpl@1U!?|I5%0~u#r!x|+;ysqjP(E0)DB|E;YW_sTN4$jg2yvmy=WCOAT_^1jQ+|d3c%E9AYd-X%RJCSq0Z9rs|vwUw!G-RkqT(uo3fV-FGFeIgmCrN3rVK zF_tG7g{>zmqeg6R)vR3czGdOw)9FcYVMJU)ZF!8QgFqYITE;E6$*7E1o+#CKmCwfP z@I3`?iVKyCV+?hY`Io^HYdeUj^^$pUf-wqxjv7?IxK}~gf8^Rz{@Y{vEGvzg#}zLp zWo=k~&prPAX2(07t{QVbqEahmWX~8N*>&f|{VNJ)VQWqV z=0j^Tq>~u1ul?Z1{nt#B1&L_#M?@;Jx=ViBGfg%*h)B_SI>J99v948qPGE{FGMWh^ z4vX+s0sV*dQNCj)OUWHYQf#&CHSUb7H%z{tb}BDRZ0gjA7}vgb@BK-69&$55pXvM4 zSRs^m6Mxl6$f40FV2d!%e_?MmBoC#~!PT&YjAsGkGhkW_57g{{5G+hU&NMCdW(U)J zkR4XxOp||fCp!=_4zS5VL{0%*L>Ab4g9j=iT4LdIhzP5bcF$e65JA4t2X(HSE5S)5 zqMuPgXOXYA!F3=1V#@1^9|W)BOHk4*QwuQA^-j{g+;IM-5RaHABmBKVx9=nRHDaKwYBR>~mOmI)V>;iwJflz($>5B0x z$}DqJwFawqg`Hf*g&A>|Y-C?#jDHbWihG42I!k)Suij$V)W-9bXVvMMSH+kKeI?U) zT5riZJC~-=sMfF)>oZ;~Zp`8n-{LCQx#`nu+j@-1k-IO)^|-dtrNCceH+yiUziPFk zljao-he}Kq>)PEY>%g_{HI(?;i6<5n0EF&W!XP;*y*uT86% zswVdR1lzg@%%656ir*We`?C(hGuINx1+phB!4Ia_{>L_Ve?zuwB_`7AS^6fwz zi=AjzZ(9^q`SsfOmh4tjY>%(5^>JI?!H9Y<5>Z~V*m@&+ z%en4{8key;jdGgvpa)OI{4`oM41yM{mcm9K-Vp%1> zjrUW{F(OT|#|nPEZ1ShA-hC?jelXuJAnjqXF`M!UM!Lhsw&5RUhtAsF7BLca?v)#oQHRccx3lou1 z3?8PnJLb&6o^PlQTyxrz@5CGlh~ld~4`l7y!p@&>sMR^xL~*g@vOdcxG4=PevFl=J z*FVLdw4vm!`S?`m=GBv>-!aIAC31dr+Y>jQChp*sw0PP`t5Dh9-GDtm*Qs*QbA0*t zh&b1J)W$_}aY;n=?H3Omw6mec1MC0Pm<_41(O!*1b%4fqpvIK(I~sccjY*U>ioK`% zQ;N@C9h%i!rW23S%ze?AG4Rwn&@4^XSz*x6t@<6cjGn%U7NLx)rfyt@d+>m(;*S_zp za;Kg^#M9d2Nh6s*)0Uzo`j`)2IPzP`_`CY&8QRp2=Vc6)K7kjAj<&_;r`9zE(Dghr zIL&yMcRrj@&DH$YRf77CwzPYNr$4dg4l~|aosFlsmE1I+cq8$dY|b;jiSKID*(CS^ z9)ySEO_r3pT6_B8y7Ck6KI`u?*x{%e-Q~p3Ksf&7Ky&|SOt9h+= zrQx#WJozwP1p9G9jqD3cXId-l%H^Wl{41qh0vspKU3}%l%pThGqeJG+Ny`ecGu+&@ zC7eI5ME6DJ_mR?!Kk&?q?^|^@aenDE1{v1_#{U=(l966E-s=+!DreIBw9v~(@V31? z70);zde8?T7MfxI%gZm3UT*#)BJi@$k8Q;15{TGRE|BG9BmJ6#hi_>}|J7p9nJXSe zb(3srIl(invZsT>9?u16UEiswKVl6&aajDd@EBw1;5f_?CSHGFWs*n;P{6# z;D%f({-O3Z?dUk)ixfvKY_jUR$4Qu(;xA!*xu>J{`ccxV*3>x!EqlBGE8gr2p|~5V zUo=@#(lH4+S8jP@nP}EbtEb^exL<-6k`mz{3_%RTW8eOgdOQcx%kg`?e4iG0`K1>X zt-RdMsDJj74C!>qhF+I{Y>GNw-K#!Vx8T&@2i`T^*-)b69kp>Mxp$sz0=6g$TKtEX zQjlIUMA7sm@RB6-63P6IrXLsw&LV9%PmJ@gUAt5y;?X}M0xu

_udLKHuD^BKx!g zQScGhLV)8W=Z;;d{Z)W znu}Ee+E`8WpGe%Ns$e`PQq@uvRV9I{BVHu5@^h7&jDUSnK-CWraUcP2XTNtJqH#PI z5;63Th`>*8Id%{?AYz6%MgM*CZ!AZ<3BFpZjqn!eyXUhI$#u6^O&NXa$YsT;erDbM zzN_~u2KI4kJjE}Nf%bDeL=%`7!2>1Zk)VAnOoJ-(m7=IT0{mtT$0?78J1RE;yEb}U zC$A#zXB|H5#4dDmzPEHEyP|PkIq~r4&&R1|>4Hr(o?=-As&dh8u%5f%&Aj+p^t-k< z;>)B7eHHu9*e=$XUTv&8dAtv@H7COj&(YYH-{6=xu6yoO8t-99v8Eg>kM68oFM*Ev zsi@y^mr%I+H91UFlX4wZwl<2zTDx=nxV= z++%Io7+X50&L)QQWzYL2kve=ue$#J2K6wa)Q`OEE{` z<4v*X(yj;$C&hC5Mxac(J&Jqkp&V9JoZIxVmuELQR$C}RP?mb zbUTRPAu7{NAsl$kA}L*@SI8u5-drh&XuV2wC@fH31f|gzUATM=H)q zBVFgdpRMc-x;@`G=l{O*kMqBbu^a<+Tx-s2&NWxuYt6~oq2ks89ugL73HE!J|;FveSr<3%wO_2c%h`GcE`)RubN(oT~?Ud-Z)`NCLsUj0}O zYUB-Q^e^!jc!5!!4~>>G7ss)wlRZv^IuL)eF}|OVW8i-G{reyyc?!m#IAVr!bnhZZ z5$ZoV(lbBj2)M7ZIfiF~iP0S=f#Dc>Gq281H1RMWiR`IUM*~p>pUF~QQ}~-Om+I2& zmqY@tyn%Q)@2uUhr3gj6H0N>suOwfU*{3PnsvX2}1=7%Lk4N2im@;*rNfPJ!JUT&) zkU+O!XzCf-UZ{M9I4FSOyJS4CFkUoEwtrNYC<$$7TSIRH9BD16(YrK^KSf&>s7B8& zX>@M&`RsFzyg-d!OMm)Cqw%TUb1?5(=03T$bb{XKc2BFMGW$b@mv|O?%u6x3R~}7% zJ7zB&Ar1R94oa{HNbms+q#z&5dK}1b?0jN%y$QN~r z-|UieZ#GFVu3DLe^VT({wI9t}QZkPhD~W7W+3LMZ@{}$Tg(;V7^}sLy|t7B0R{ATLte|g8g~Qe7uWv1y5!jmM;B}uxkWT zD{9_>`+UrmE*~j)OH;uyQ1hxjdc)(m9}hl6%QdRzN=~2F5dj4EG#0LX_y%b z&`?42)IXzhLeX=6gWd^6r~fm$Yt7$m{1Q3X(z&4MWxt}Ep@Ok!nduz;7AQL?ug%yW z5xJp=rN2eQ0T5}<5t)A?2L1!_SBt^GfIhSe_O{)LF?=j#ANFbmPK02~JT4pGqU@7IDNxYn59--GWE zLF9LSe*G>+n@X*&IN(OvB|0f0O$+GJL~>P7wVk@(h6d zFMbPTe1klJ$_%+Avn7CT0kB|8^5e}pfQStugR(Y1L;AxzM2J3!IKJ^)MBtsn;?Hve zTx$r3_b5$q6q>u(i)A%_ho1SDs^;}SU*06C$63N|E4e;E?!>oW- z&gG#ejuQ$+Ecq=WA&iaMvvb6+AmU{e*cn+d(ZFsvfNuW4y#bVatV>LV0^IvRx##@h zfw|og-#?T!J`o&qqnD48I>U&^E5`=?tK8p~+H;5vFh|(y3e~7TYi<%m=8cq zh4h`vcpHo!AfgI@s0#1_wqInFf|!6Zjsvyl!F~JBUG@(d31Nc9gD%K;8vyz3OHr_= z0mDDa9toAb`8TpZg36w7F1rXII}wO@VuJ!R4t(JQ+hsOjyK$mG#JO9)MI?kt?FUW> zz%yEaTQLw3_$?Z&j|1xkGf06+VQ;gtd_eKoTC=((Yc%z?sdP&!;uBfwd+P-HMzqO~IYs9iw^torT1TVfcD1(blL-Vg z-W|hG%3VXkcR1=XosnnGtA}~b3xc8qx1O&MYYSPO7HmdTcD_uac+Rb=f1d$8_TD}- zRsCQLG0inQffa{4y~I~pADzo`^Ez70$mwcuI!M3+P)?U{D!9P3s zx?;!@t0W$td5SNc=G7BJd4?!&KKPAiYo3%v8iA#2uph_bV0=%CI)JVCKkCzfmd3FC z+joBPQZ|SwbR=Cm3o?H6RYYA6@SRv}#J?;JSeXR0Hi*dQhVpM;h+$w`A!g7O9*{}@ zg5UpzNC*=fUv?1@`0Y6o8Stm4(~&}IhzUYfA>=Nv@<~L(JN5ts=8l=w@M(9!#7;Xz zg4_UZk(1PQdw$1YB(IY=54HxzSgW1`$vb9YQ7I%dDDwwLoU@_dHd7zUq&=gEK!;N% zQb=`K;HLF6DwP|Ly7~ntW8i*2yw1TpbjcJ$-)qDvdZgl1*uH^nQ_CB?S$$GbZQ}lH zhwEIk?oQ|iM)-&dPOS#t`lsJ7aa}q2NL7c`*4cL_DT6Fnmijn7TM&ip{xTDa_#rz^ z;B=jT`!gg3`2ob^U1vHM7pA92@{~QN>StO@o`W04PK#eT_Q~HYX5B{jE6lxl%Z8FAmH0(|YK*M&SeO641&7?Az2f7CJCnz$R|AeZt|w03-k`j@AxN%4QBX%2dO}Qp zJu-YU$~v?)dAFW8hmykg?Cd#Hl!@a@`>KYJ)b8@@4x+C4q8wgNXJgwWfbk3dfEF%8 zMTNmdfPuEl(E$MgCmM_npEoW>2X(z!h{*!5(t4Bq!@_{SSb%;5th8!TZvqy+0>EE- zTMAT%>5dz|t}k3|@u*tjiwXyJ`L+iq6RfoB42kmb?p`K0dX~T-w#~DfArxMbB`O;5 z=)#ix4_+(KslUlEG}`34A^T8kt%}qKe&&O6VFz~KiH$flt#@!~fH?Zequx{w1^N*` zv#ZVW6_F{yaV@7N7#|P#^J4RLhj}T&%JZX5K4!P^l9EXo3+0C2s*Op7Jk=H^p{m9z z!_SU+@6tXPNLI&)bYIk213Bh7EVtDz=g_lN2UPuI96S;X%lBG^)@Hg_8NE2F!%`Su zh%Mvlf8c@$QOqz$z#>~NIM_JqOYp+BvU|4}F-b%b>FbY&R3*OXn7IAmjJO8g?}4>D z)h)hNfEX{BTEeQ8Xs&gAa>%uG{^F_XdcM2rrEzpF zpCUKl*TigC5^*Zk@kZT_R2q5hQ)YM}IS5`B-V*nokoYf2@yXWj-LP#W-)MckFu;V% zXD0WYt?h#>y=4rRmtBYwwG^_j#||p>Ygm&KK1Tk1EDu?^k}_R^Q+&>~RM8LcPs>kT zvijx|M0}L;Vp&i!DN6IJAPcpFFYk4~D9%bS`-HozGyU0Hpz|7q!sAqTNZGvLOAX(u zm)>Lvb`1S}Q}~P;D!KtE4O%g}NB7>|i%(knf^{{I%E^>D|H^lWo2OvUE4*t?UG`li zeY{OGd^_mA#@Q^)C)oqDy1I9AVmwPmP47&L>EkyK@{>3?aA}4eLmsRKVR?~nhNj_> zPd=+lZq~>#`Zz*3cwi>F_Ux?IBRaD$lgVRBU!LlHq-NIho-xA}HD&(dB*XFq%QwRi z=XF7DM7|gC8MxbD^u@J=9+$<~eFy*0@g;q`0X z80}XvF*r}jj1-HjaT^z@;eCr?wsqi|8i$rE>!u-ZU9^PjZX$mrzhk5uWHBM{yq=X# zHq5&$(-=e2*U6)rzO@q2o^%RRJ+K&bABT3l?M()Omqr}YYSLTzBB}1fPMCte0g7%~ z{k5=T3xsEIuhrN3mor+NwW&UW`=nNa)(jGuOTeX{^}5{ zE@h*B$Kf~q-{MGLg$*)0r1G&VEXUr%Bwix)wj(Dre^~usV_z&M6js9&c_&-_^YA5^cYn&vj|BJ#`2H8y zng&Fz{3?op6m&y){nog8_1o63dP$G3SkaN~n>=x2c5h(F5hWR~yLuWz7^QCCFCD3= z3Q9oc_(z>$p*jIKZ~po91k}lt8q^7;@-GR1-n&65Ktw|T@uyC|u=E7y1r#ylw}?Qb z-etRpSi0klRf+<$5)RixiOttV2_Y~b`Y^M)9+a3~3X^DX1TUefNxgLPf=xNPMItl? z8HfU`2d4+@am&N;gSaCQVD4kloo zzv}qKx1%A}P%C6!vcg}8fE9**e3bSJg&68HQA?%m5K%v$*}<+jf?X8qL%%u3 zFZFQt3i4;zDo+Q;(1H?IMC#;7fqFBh>L+=hR4eRRU9zcR=vPt% zRP6Iz>o1(KL2RH_fV;$5J79%5&7ZHQaLkR?mCGRRJE`5NDEw)ZkYm@po7$nIW?ZRP%R2bpbqh-q!#B#cp zHZgjKEIO5$tKn%p<424x_;(2&ldol2@Taix=Sw4b+htnG7vQ@PdpkIq&^XT)%lPtgn4X(}Ic;d0UM%CMX2DrZgA5)ConmWCipxYCJLQMqLkfAeNdLpIX||tcsZ|^obunbSqnFF5DKF zAhe#I44?K5oGzEKYGdLIct$o#23xm|z(1)jbt}G~_8MjX3lqZ|C-^8Y8r~YOl2S6} zzLLgr2%kNY01~W-yxpU9s9G#%bJ%iw8szxCRvQMnRJvtQ#LodyjO)&6X&s^8JGB>G zByccCCJvf6QpGJBkFFC}>JLhgNv`HwcSy;+d;N+{!70KhlEWdylA#%vgAR^rOPgwL zLQD2aI4sAFT*%J)byS*$Fb2^yxz9!^tj}7%&M;5ZY{1^1*;sho_0G=XP?$~ut{|qu zCrKDr+tv1V{L^l!Jc3UvU4X~as{mj0fincK{Ss@x<0OEic<%7hD4v^zSb(v%`(69b zQ7nEP7{#Khl0ulIVsR7KBVy68gu^&a1|_PJH_2V6ZN;MU_rDTK^LC!4Fy-TqOpq}9 zp2`-L?lhF%W!KBfzv|DD$fr6@(HFX2wL`#J=JRl~aTj*)ZlW$F#}WTPk&|eN^n<2= zRE4$Y|idWRjiV-VGpdKvt)dn0;(mgBjzMnaR_XSTG zXRFC9q>xv%eJBY*E?lFYvi|cU-Ut>)b7l#5Lz&)?S9n^_iL4~A4YR+K6bBj6*ZJ!< zkT*!ko z*Z#T@rTe@2P!R{nHU&i5_=`5u$pmba4cdro?A%7efQ=;aGj&~<<)tUgOyIW!@5ofY z>+8*$A`QFYp!K3zU?_SJ>~VM<$Z7_h9DwaI2Z)mpdys=6pr-aePY5is0S;P#$Xbh~ zb{+?101kwo%il%C!GOJ|i_M-MeRzx!Z_k)8j7marCG^`(oe8oeXv~NW7Tb)PD2ZRII`ER_uZuQG+m^+ohX{}MQzg@<9;t~7Z2;b z!GIuV4_TF&V9cbZresQ+T4ATS8ZTHbo4X6IJu@t81RPvE<6ZFJ(wTHl?G5mT9apq`rMjY4c^#ekpHIIGgoVQq zEf8V;HpCM_7+({GTta#x^jsw7mcI`E069WzA$QXUhVbpPeGB)KdpaAU(S2XB(2f~X zZK6$UXKcuOOvdk?-RBPrtn)$83gWC#zn9abdYB#?x$9S3DZXrC`htc%zhwDj_Vsg( zGG1)4*zjW&SAGO{b1?;KZHo#1N^D+#CITOuBz^f9O6}AjyAaE-t!W?Z0|GZXEj<(p zZCFyHRN@u0=jPUS)5za>e3o3ZXWl!)c zF+U=|;(p&#pP>%-4Xs(@1>K9GShNXPO&{Dfbn%nBjg>;hNm+u+;|TZic*2f7WQmGa zozHdzt2slr?t8{~jOPz3eQfoYKn`JnUFi-gZbu91&T0Q<PzpA94O404SG8R7R=+ zyxD22zO9?LgiklW7QRnBw4Pr>?>J@E%YN30^IhP^xE(H!nsWvkQY-dYLe zrphN*%DQL#u$kA8js+%F#dvtUk$#xU82vEl^$J5(1~&?vtD}G0cVE3|RspSA%oUIF z*Mia+C^YR)U=p{pg%;XoWYuffNJIAQ8x2^~dXPT!Z+s~>Q)2TdrxD@g1Sz|Tc zr=>ho+tEn$und&YkZYQOWR@)-L_Mq+T^WR>!9zRvK8En1NG9ak*f6K@2~pQ~MM=h< zmldk;o_>#;7O4;Al`~^h?!|U5MPh5KBydG*Rv*D=EpEIqHEnadL4@8cV@%ncJX$B; zjEjr9cZ_Jf%xX=l*CR`tFQ02 z_ZVTPHkpx&3EpBA`#v?k=im6HTO^{<$_KOjpsIRB3^u~&P-)6?a_Y z{yU1&st*BX#W2r@@@%^%r@+Yn35fg&!0H!lmm@#ibBF_U1)O~`^4mRxMt)%S%LAsU zAA4+Q zJUa9T-pK6tD{l3fTtV4Peag{3^VIGG{d%dez*sx4#*j$oV<(X-g#82?azYfJUD&Dv ztX<{xP&%UsN){U#s;Kap>(!Uea1cN7?+dBsl~@T2-{CghvAhGLKlySSE@_ebqv~!M z`)AUEy7$cwnbHsh1FsEWMi*#rs0J*fnLP={>}SBClb!49X`Hy7~3TDbB}78k4mtRZ^!4{?iA1Ux1^L&XT%N!~RAG@)W|Lt0+D9P>X zAMxToBPDCr)b|Qf(bElv;HW4|3viE0Ay^GcRSN{8FiuJ~_ve0H_<9ZWR2s!U@WDs$N=C_E1 zFmvob&X<4{j}C|^e}{O$@k5BR?Njr`Xa`;L7i0;eaR}0G?k$$sUOR{?cE}kTq|=mr zPT74vGhH_@^l|$hP!v2^GlFT57o7OEGLyI9HheZA)Gy5-*C2z^dMDe&^R5SgXu zjh}1$xIWvyn3@jK12?Ybm9=i{vA3D;zBKPkQixjByR)Qm26vk!k!+_;e&yVLGoY5X zF^7=->S_|;mpR@(g|fbILVqv!_livC2|o7Z^|A=Z9UEv zMxK?zr1uk72@ho7b})`O{){$zy*Fak0gYC`hE&=qil_AcaS;xiI{SXfy*Hd(y;>?7 zRTU#+4DDX(TtU>+6u0i8Bj74IdwpTa`C$HLlt)k(cLGtbNU`%9&6iNuro-wA3@jGL zh+CtQvea1=`dz(?obHF+-~G&)0yRCa>8vnfu@=hLJ!NS#bXuZpd>&I&N^CUGcz7FU zTqn)m`?i}+{uP--J5O=Nr}j0b8B*T|-^|v0G__Vi&s*$0+neHti$Md5#+AU|bcz(W zl)h!$&ssXBgTsOp@GU6C<(}ATv*#zno+CC22)R41RlfhwD_&jklARlvw?dssxzSfr zm~U}7c;Um4!Wjl8PjL;fHHNtFeouMvNU>J<19pof@<+~&tw9ZO0spV*!^BEHh&As> zMV#CjA7RlG7sw3MSADhJWqmoFz*J6nd(!N#y7}E38B)PoaIy93G7j(E5GawonF4s1 z?FfKeo^}b+60w-fMg|mBx<=8K-Pq{MS5oA4r7}E4Ru9X&W_B|Z8zf3a8rk~T!w5L{*#XhOBii0)W^R% zw8$ykAv`T-R|y#zjekHU(~VJtciLMaK1+88VzVzJF0g9t4@WmB&qzqOc8uu~&y8qA zV>43n#ni5@RKDjajF}UCUAYEK#7J5QVi5d-LPNn@* z!fO#ruhm2!IQS~=^i#Jr-;?V1)nJbHtio5IFdX2RNZPt-YiLtE`kn{Aa#yY^!fZxJ zXK&()?iJ?~tvd0(lGoH`^zYX0bP3c^=MDK-j(?PrYaPpF93=YkjAbocT;uFfet%_7 z6ga}~KY=|zv${09L13Oh9HD!=x{I@$1F)~rR{(ZWgEhbxwI8#aJUGg~-5WhFTI49U zu50zeH?jS0XZGbwVmj4xHG5P8R{2Mi zeTQYt*CV4)n-wb^?Phrthm2tkwX6s>NIH>m`9^BF`mGnaofn=by1t%|xr^kg=#H*d zr}D`%{Qe$s^rw?%6H51>BP-w6mQOkTP*krc^Vp3ob}kUsPSqD@sCr3Gtz<9c_pPcF zUwi5Hb;O!z+6eANrCZ`x2cJ%A2$F(w0En43+rb8vKE{{TnwSw!+Nw%4vp zu1`ibYTTTCX<;HNenLdHT%Bv(N&`pW+l+~8#ndT$uSoaft_Gn9W|Du{#<}9WJ=XLc zNxxk5=I%*a<_A2wDs*JpVEm5-;e=u{a$=OO-*8^P-dONTy76RHIgG>|B|u0$e8!eT zVBZM#n0;?L`>gs*U}Ra0E!5JJfF0&^Dm{1iet!LitP*KY^;C|IXTM<;>X(ONVhf+c zL>dm}rf8)&+zfJDl*Ty`@f6T|KU-w4{FpOEBHj_9 zW=~MlZP}+cFZLwh-W61iV&P#%!BMHkzDe)7DjX}gvt$axiEhmx-@7PyhuNQQ(jjhF z$5d=|q?k$UjI9+eQD;A!c(ub?IbtFf^)+v6?U7oRi7ZpfzR>lAn(qZ3*pf>wcU@7h z+)Z#n^i3w%$K+JY!^KUNj#6uBh{Nu@ONP9IVaQBubI0)|a?o;7EQ0vm^{Dc!<`IZW zqXr6o>NgSbLbK+mZ+uunvq|qTL?4m&kXH$m2EVT~ptWiFF8%;*P%mrsp!P<0wlDnh zuCoUXu~V+(33a_0m%8I~(ynNytJ7M8B`i(7o^7PNW+@9Hm1oqS=yLACvol5*@5AFq z*xpV{vp9T96UdPspuyEzW;`a6nS+EsY-0SSe2E!%0joFB&fNDYwr1jlnbT)$`fCE9 z#gVn)VD13118kSaJOU+7Dmdmpw_P0bhVZixCkMdd2TGdfV?G@i^GcoGJH17~X+@r( zm^x~{yRk?h;zn1Lc*idby=Y!=Y=qwK=>6f9w1n0E3O$F1*R=e`Wao*(sAZ}ppWxnh@)=Pi zA0OF^cSL6Okodzjl9=3{G!NfrElJy% z`|ueR9+8ZzcgN;PUPnD7MCR3?lWZ`|3B@A69|8|5&UV7;1^jB%ogHwVI7>EQ)^v)WzJIE=X=oqbe2Nm2 ze{EfNqINje@?h|h&D{d~?qiy$@sV5RV|^{J25`r9#VAL=m(v)Z*}t1&WKJiy3?og$GU*snQi+_BuD z%v*X0X;FfMh#_#y%zCw8s!3+y!_tHB?0F^nxR3`Vy4u)Fc3oIbQ3Qqt()jk?TirShl9h>D5q)^NXv}37W znW_p9i+=gm(~kDo9#)>rs&}QngsWg6sB{Vs{hI5t-h^V)T$TLHvW3PS?~Fb;hhSWF z-@xbj9_|z=r{(Dktp#}7@zn@bZ!xDq69uJ|nUHCjrr@qV;QI1eQxT zDZ&={I}Ts<$?}95%H=)x`*tp<+{UWdca;G@@k-gq zSHG+WvhGbrvBvkBZ>!Tq@JZ*yx4!p$)nmeDsFOAAsKthTI2sZjuw1sTr6o=9ti$}? z>m#hSS0qJ*++XZqtvo&o8R%O4Rv)w3XO+_E87Gi7n& z@#P2#lt<=EAT>+rs`Pv_BL8ZSHQ6-MOv0S^dU?jZxUG251IqE>|B#^rCk?vWy?=2I zG1;DlI8y_aa3OwD=W|FeFo&ox@eOC}=$Jq%B3QVTUR5|OTJaA?4e0e0`UJ*T`nxIL zZ&ULry-9pcJEOmlKb~Xn{iEY-|N5X_#zJdD0Vag9B&cPSAz2uNQp z$lo&Y8h~hS8Pe*SC40uzGiIaWkqkAcwpMDxRw4}rzp?Cp*Nm*{;^bz19iNqUo-A)R zB=@b~Er<7QcKjd7WLKm-7(x(;hH^Li-j-mZAgEce=I-6S)02GEDkqW7gN0VuvTxB( zUt{(p+f#*fX0q;cHrbH^e^p>pinUT~BIaJXII6MZ6t&3mt8cnl=>sv`F2yr#WK(WD z`%hTlR>OxS(>Rk*XZ=i_@A%TduR1iafApGT4R_&rjSYP7@@JNziY6Y}v>75`5%JbE zvY!YaaSv~XG!_=5rWMfO`5?Gy7B;IyD ze9b2`dU-ruVplc!`3)E{DR&^T52UJz)N`h{M#PIvdk`HOQ+==M#Sg#kAY2>kv9)wAK-?6s`HGJRoN6uWJ zoGt%`Gq4gc;j-yDXSx7qV;~}C>fgEcf8opyClkt<^(D>*e{wd5`jayWc7QWo4BeS| zYiklGMGn;p6Tyn0*9CLbst2jzh!O?c5?`;LQIm7gvEMw+m++FzCLhsHVmy!%(?DJn za1W82xsFno4oXA>Nc0E4aE0o)^s9~*c%Y6;@6L5Jgl~{we+MAePQm}_T)+*A2-M5| z=l4#~(*Q(5Si*Zhau@*mwS$O<0=a3KmJM$b{8xFcTHEysVA>EWdVLDS7PTTk9&y>265l1tF71SRo5tGzExViQi z=ULBFgERN|&c%R^$<$dgcYl#W0ehK~4*hkI0b789KUmcrYJ-JKHUMs=TL9mjVQJ^G z&#l@8-|!F_M0^S$dIOw-?H5k%a9%<=wYBGv6(OEb#Ma*;62j8zXkA1sc2RVa=@LwS z6qqZF)aD=bWSNLc-`-0OsZvj+`sK%IPzN;WzghjIM>~iYw8u*~)trH~D4+w-V`%2Z z9_NjQS0fgdyT7@@nG@?_qPJ!{+8i2^4cQh3D%!!Sa^e=?KTw;uQn&7pRb3!{=s-x1 zhIAcmhPa7tCfPOCp%IkG1CU4v&>w8SNW=#5hDtPhiGvELL^y!w0CyaItd7q;hx!e| zA2O!kWJ5hCHSjgKUKv^%=R!?U$op=Ecpx*>*tHW{q zjZC4znGd1^$Z#O?GXVLgr7p1m-1Brc0a>t3za;Zb03Bcf##Z#_Eoo8;Ne~%Cgxo?q zPYCi0qPR2kHIHrZZxMml)!t8j@cIMsazYReMh;9gup7mozXkt=61KD^kdnuAe?mszC7=Dwq<(I$vPepZGePF!&pHx2nKe;ge z$8%wTk^cyY{QsWw#2Nas$U5d?dujt9|EK;rG}#xBCFReR*8khel>fH@UnqHg;TOQ{mw!Ny^I-b> zZQ5mzgJDZ+g)aSpTWn}+U_65%0GIypdN*^m7d#>8vMe*_3-t}a<77a@C_eN*yrzT;dykF2mKh3`L}s8z@9Q|(4p1Te_v5OtqnR_+H)Ft8t;t-zhO^?44} zzfK3VPfaHh(E%Ux{qpzT>k)+p7aoBBqoTSF<>>BS!MbuNxfMN{Q#e-t;p@5;Vx-Mc z$*Hf4sp4O6_RfAA$gekMEE;xYl$rhB^sV9uMb0ZyP`nZ8zQG7(Z2l>nE3W5v*1i!{ zH3A{?+UmKzJCFBlwfnDQJ+{tET{b#>F7ltRCi0UNk?}h zF7uqKD|HWbnjCTZN)g=fW_eS5%mnxdWoN5pUn_3H@nK4&>N%Y`w#0t7fH##>9Xw0o z^e%QCeuD>Nlx%gU7|Z8V(%bl;R(P_qqOi)RlBxWkn<{7Kt~+4)iiCVf(uK7pxt+$b9Ga|y2SMN&d0hM zFxDS|i1}EUf2gRQ)&U|a0pCdf8To!70yTJ>NzM^XKty1!{olQ!I%WV}#EOB^8@d)6 zL2J3B8?vA2suq*YkWgz}(iYS?$KT!;n#g3NVAf_3u4Qvm8C82Axm9~Zz1X)WO6oel za?)x^XSmB91;+riZ?JAm?rk4=$Gh^7`yZ1(r6i=c>Wz>hAHa%#l{`!}DuCpzo9G4k z5Ljr5bV6ez1qwWg%kh4>#y$n})%%H|8Omw->qk@}Z$21k+KI^(yHpE{qzQrJ} zn0YTRVJ>ip?uf_idNS+-Y6`fBr-M$16;5f*2RWpSwP@d*^IlO?S*2Lg;=T$m!m4{Y zj}`NYVobj_pu?=XGM8^9uETRNg)RhL{xN3@aKR?`${V*<#nYBUmHNE;qBQY)R~A3M z;$xCvqGBr@5WlIA6Vjy};5^$Eoyftye)pDeh^5x!Jec8yGs2+zWI`LE8oFGG6zHOH zF;gECg%(x#4rtF>RvqX^t#PFL3uj`=(xcS1{rhgTq_kD+>}K8ReHIhbI;r}ZH1mo| zo4_)^y%Q4|%GdnHwdLA8lIP=}zPs}lSmK-bn5O`)9R{?2WJvKGsY#^COE_LeH*sUd zxSFW?K>=nt1gVG2qa+IPsKV_d+0qRy!4&u@k9O+h=UGO4E4uh82$2r9-VvihRof&v}5+Pmg51T_iscB~;!jl@0 ze1_u|qHGMsFpqpQM@Xf?LKc)N4DDQ-ha*B&%GWi=Y$_v3!PK$XyCd0vAK$)WfL~zLq zwqH(ApEyHbecKvelDY7w%u34VGV1~|hj%?3`hw1va=X@*3fq3hM2m7Nu-ii78GZ*z zfkiUQ!P?j`S*dAa%YnmtEerw2IeSn7CPb`1>C^?)3HXZq&o~3sX&Tgt=EqlLp!Zxr zCtVQH0zmw!(=RMNNqYw(DsTQ45r|wgyyq-I5kGAVgxXSH!Rqefdy-|L8Pj^^k9|cI zRq?qQ{0-e(WcXL};%`c^89Q4W5okUjKn?&UfXBo-|5o-3t9H)Nm+!WZFR=>jfK#r4 zo^UWp6H^jm zY=Lj^tCpwt2s$&oU8Sl$xH#NzVS03zX0ws0^O_pLj2wRtmd(@Ndz2Cp`|Jn(lRI=u zSEfgM*l;=uoNK%2b*VH87$E&M$*+JQ~+j6@Wbu2KZ4?FA)u@+q6> z;u;yTG30$Cgw??Ms+662&j)X0JIG&*<03BiR#!%aeKU?tO8R2!ZEpXTz<=C0-@Ikh zFdIv(%Dg8YauAObwyJWpxF|8|(oZBe%~;%?d@DY3*u|i+#d4xxQ6p@uHhVnc%+gar2-dy}K-I4!c0F{;a&QD?^YoK+iLQV}FNW{v&SS`V1fr_@{1 zs~ZfjvH- zwR;Z;pA|s_;$Lhai%@vMk}e>nWd5_R*9x1`rvDYlN0G4r)b%P790F_G}nkx z_<2^^psrI+^=GXvCX!8x98?T><5RPfO>`~#w%D;x%be2X>UdCtK8=FGpBeU={oAXnDu;1;7#T~&P8~GJGl<3{ zeXDY&g4}T$un*yAdo0l^btgATr%*moW3?b6_J1uUFb(m)fryhP@y5cup;N?~63)PA3n)gca(YTJEX;r4FC^jsI8s4>ZErinuZb0^ zclx2GTUC6_2h58SJ}vdOYcIZ+Da*`aV_^-un5RCI*Kd9EY^D+>tUfSi7y5jo(K~RR^SMIi|&QJ`JS+` zDKA)uM_*{5jg-Z^F(c|@;7d6yqyv*@A2oE-Kdyfw&tcVfy@zPbCQ*H`f;^x>BBu>g zo2D&>Em}IlRB_t6L32MOsy*a;5xLQ8X_G|LY*_Nn5gaW#LE#Msyx7uE)JMZgV2 z{(rB3?rab4UadY{jQmFJ(8v$Wo^~J4XHRJ4_pqOd>OI=3W|xLQwN}*jN=ak(W;jvD->the>%ij(hlsI2MF$@m-UxLbI~(2!z!*@}Zh(+IZp- zp_3dC?7vpdL{;LG+iHZiOWYZ1YbEA1eZPf&Z^P=9u{{kVIzg6^s^Z$HOZkrSgKB9_ zqA?Y<`Td?x4bEHX$U1rIiUVpZIdOyHWh7jix^$(^4$?1Xbf?#2#=UjYF-~))`n0~y z#rq9>y$vj^SNej!(6*z#BI}4YUnmN-7B$ap#7LSs3rk=PLJKxQY z7ghA=DQ88TtLu;nfVY+!r+Bwa8tc0(ADHgGS>E^Ul})9c3)9<_xOL{6#dkut~k89L~azDpU3}>S*iWGu-^sn3FiC58vZ! zIcpKwOgskqD>z)Wb`tts&WagZ7aw$3-rx|Ho+Cu4B${Sd8Km!`zFnkhMg9?w+Xb>* z!RRKsP>gt6>bqng84T@&!&A$|YG6&2FY(vC9Pms1FRM7Vv~K8H`NqYSZHmjyTvMQ= z3SKuMu%`g;=1^#GV}a`;5V1-Y<~&o@FNo1;J*M)x}0`<=`fF0ToL~IbT zS14HPEH8YM;28?D7ixuE46kb^k8LyQt%8KWI7N1e8ik=Sj4h0H`f9ZiEHtc$@K{6N z;7T>M^@&8CPUP?Yqf0F~@ea9*W$DR2Gv9;I1?K%a3~q;aqa<5fc|Pg94N8mx>^Vwd z|E*fNvjZ3%Y^W|q2h&g>I!u6T>*ycn5`eUp01w!_si?*G!&_mk!uYJE#Pw=s;Mh_o z#aKa*afKpMdLAiIT#D30vyq*McW!_8 zrDmbVvLy}c;C6%s)zQ)9Q`D?3GvkV(gqrJU6;`JwD zCt+VYt6;|pHt{jR8l?>s9{+f8^O~?$w->-&Z@-_3{_89=+PaB`mXB5uSG)o zz9=k(E1(>k#*5BGWpS+~x5;XxUL;IMYsl9AwGx$_vtoP%Om(&5T@eo(CWHTry*GiU zvU~T&w~WbH=6Nca$IO)}QzV&-GG``|s3=Kg$UF;`IrBVc$e1Y-Ar+CKL821zuC=ja zlk<6Z{O>CO>3=tt?ORP(@!k<8%5Z2#cK+KxzhV@@?AK6Ai(n2 zz(i)#i{@e-Y2_h>n&Ws}xxTp*2OOV%bdwAQZFMSs|b1ue@IqTaVoodm>fC3}GFw!}D;Zz%a^NA{oYq407 z0yD)Gv6m}8H*y%e<>_X>R$au`NXE`YW{Eo|#!h+NiL`O$W*a9+GN;>}g*NWFgUV|~ z$XbkPUoI_i@tx;Oa}zx@`>Qj(ahF4fY7D@MvST*IU~?b^vxMZ|{v{z{XH@pp^dfxs zX{{LcoKvT}yz*U3KsApf=c8>v`jpqem$MDa)#e|f8v+{j^BvC~A?=2rK#ub>e^bHeHqBCA%O= z#1WM1GypX`ZHT>-m%ET&u0Zp0Eb#JYcv^YR+DbdC;SpKjJoYi8VzyiPj^}POdy; z$SKjQn)$Bx$^|dmAk#Bj)7t4Y7D6>RS~+Ai%I#}kEwjwQ-T^k9JQ0V4WJQwN{`j`z z>h-twGF`;5*Sb1ZVZGPpgkPR8O-iEZefhYt6P(}d{mqWYjf%(CJoIA9{On^GuIKxT zLfxb_hEwLP?YnEf4;OF0477dlAfvO?S4MNh4r*92La>vUpCi3oj^^b>=5%`xcv|^z z_IfT$^BrSgV+q=QqNfOx#P0a9eT=<^-_#e`K9e)uwl7HAg&@Xqx^RA6;yY)JUR~Ji zH|oqdJ?a^gDw!gSHyAp;59%wEuS!yUyAt`N)MVsxxThC>`x~9=V|z!+uEj~nwx;ir zPHoIS2N|~k#yfZ!`AmUx;AWrLd)N#no`GIw_~VoPtcKEjl>o8Fe8*fyK2zYdye%T| zvYQdg%Nh{z{xwoRyx8w6i@sDfo}}Z-SLg2>6bq<$@f1&8wY=)Z5OMBgj_r8h8&T#~ z;)=XX=EtlxEOd17-`VvT554w0ni_FI_QQh^;%9F6HKNo$A4~WCFsFAiMwsy2S=}mU z|5wIG9HN`we0{4`qrt-V;ZsUPaMlOwGF*YyJX=o}6Anvj8wv`B&)HozpG;{dN8h;+ zK@D$CVeRDQZlsqtoD&O2Vu@#%(;bN5nW`+e*S#!D2)wLu6i+#2|FqETuJaR4yJ=eP zJPX6{q!lz4pHnkJ*v&QlUM<)N_-uh zPx)IDWmOJfRc*+zdjsN@UPajbI#O%2nqvoIpmilu>mC$GJ)kwm7xz3ZFBwb(SRg}Q zE67*#+i9}UH+YC+2!v9YEdn7;YTOF6W(3#DJMwqr2w~CvnvM<^wapy)cS}BTPdfJ^ z0D*zPQVOrb91EF`yYr)-j^T$!fLbZ(LYf$%K9n-FLCPxrsy$Yv02x3^2|2Val(Z@( z9&cTWwVqvzysQLZzbb`=?Q4PKBe8O2d1u|50?AczxwE^Vlph9|Xtn+ubdmNDgVqs) zr%Xa!nA#K&6q<)^8UQLHch|~_&GpslaZoXi4cmDYUMKKO1rWIlfq>{7hM1_@^es9_ zA$7nh;a=APLD8llGPQ38NN9xTZC(Lm1XR_#m6#|*hgI(onalXklU}QK*}z+vR}u2Q z^9hZ2BS8OporHwEJ8RXe0MY0eK!%8emoQPa>01z$4KyI)X*i3q(GshOR3zjCV6kb< z0_G5LYi+tHAwCo{4#cb{;TDq!bAg3lX&gU$G?RP|7JdODa`6I^Uo-M5A~`(2rqQv7-n2xbxaz^S8B5<$Z(LR0K|`LZ6a<3-f`oS-Hwp| zcKrPVgA19|q)7*8z;_UIrY=sG%moh}5)kKcwloH%Qqs0oCg7k+UI!--VF+$`=A^k9 z@(UY(-uApn@O^qyOJne#AU}_zgRPr@5dR@*2S@Yu0=s|d3x7^&IwT;-V}8*N9pT^l z!e7rg`s)XP*X9@WfR6u8J{28@9`HP|)u-g(K?#yQ&rhLzYQ65$plD3gDiC^C1251E~O%57$4VPR#?V`*+{ zYiDfFbKc3p#gWJSGH{yxdGoax0D{h=m!Tu8=**p9g}%T>k8G(;|4%w()XCX++aN?n zshP9$-#^^&ms`(Q-SC&2KitM1+o`_gciWZf0|x6ffxrHRDt2>c0YNdI^QN0}fg2ng z2fc#+>m5^&+t|s}!okG}{NehK02)F;3IG2eCilNdS&WdiQ|QoJF>d7Vp~2CbH&p2} z@`$<}KHa8iME$M6mcQHXFuZjNn{xS2(+cC`&pRLv^-f^*Cp)u4TjU`Bz{$$d+|Eou zgn#>wK`$e~BQCQ2hY)m!&sHU)1fad$Rud@e4`FdQMEFnk3hYZ1<1i8BpeKhHddrWI zxq@5;DpuIs@?W?qG6nh)Dv~`<@He;ocE+Z#q5j9u4tA@qU5lyBe*On=@HDIA3J4F^Ad; zf@`0pgPl3=c_*v$4o>FIrY>v4Tmk`cL0$n7F)A^0_1lhr>5KO(g9tlHrJb%Iry z;Qu$gguu^xHfRXmG8Gj%Fc*5bkJEmhWe=l~razvnIV2^H`<+;(Z{e0>PBQq8=GH%x z=4o-^$~&|2>q?E4g^4h}J%;a`S@W$xwW1TZL`n5k=7d7}3Iwlb84Jn=U71$BWHxFe zB1j*8>s4ODz(wM?Vr(cHCsvc2SMMj&86Tq`)?q%}<>vDwU*~PkJ|Xklck$aw zfec4h5ke`ew~UlWG!HvV!VK>_uqpwdOM`3(ft=ZTu@E3Fkk=N@M$Ll|@iV;B-*ETr zEQz!N;LJ~j;#>$(x#jspnQIN11@79X$5@Hfb$iE>ep7R}Q)w1_`Vg@PA7hehQzPyN zH}(9nAShh~NZ+Bw0_&_mA4?z|IajhlpYu?km;IacDTIi|8}!*?AtSDKBqDOpF*FOE zhwa5o^=8Cpk^?;&x4-fgNaJJ0oz*HA@~U|s%DyjAr%EoFIJpUrl5!|9w(h>q&q%sS zC|&r~AAPo1Q+V$#C_Pya&6?mCa!P9uQ_D@qP}Z!3)`W-x!&nF(;2(HxLA-qa7eqV( zpYGo1pH)QQA4$;Oti@CnL>#4XyE?iLm;RvyeRH$=;;W;UZ(WyG@CpIR*ryHZtOn25Dt5!l@p93N5&lv>FbB7c_3JWS$S*eLgUp zt!pOuGhHVqzFN^T*%hmT@r1#&$cD?ZDbGyIzA4Hx=D(Hp8R=bCO*tHL)0I+6(k;8h z?Z*vwT~S6Rin~i%zx$U6h7Drh94)qYks-3IB$n6LB%@?4ijvl0FTUU8tfY(ZVlb@d zzUxLy!d*CrFg6O$z_`1o>WPmB$6&uhq(4?*uT<-^1Ti-sHXTj$!X8CsCMtw0*0R>cwLtR^Ly{|5_ZRdaYR% zf5nZ{AaS1da|Nc^RRI$EF&V|(T@$TG+{WwZE1~zSr$LSY&%p~l8Zj<&fi+k#AH|Fo zjS-rMT_`~`7Ku-6ipJ_8l~<0oIX?qGmHSncxF5o~oh{3fC+OU?pggCnXvp85+H`F4 zjtA5Dk-0k(I;UQ8#D=_^xi)M~_l~`fQDax_iMyJq6TbDL@l$smik>u1tC&B|p!UpN z>Cwt9$__^J&izL%3il^ZTmA@UAoZRXq5i=vE=4eRxAsA(u^oOj)_V+F%*PUm&+;m} z&c8G%DK;z?d8f)~bzJj^lt#|`aj|99Y!>q8R@QohesQC!FPcIc>b?{&?av;JEG;Ca z5R1Hjw_l)Kqv|^k>y*Yd{(Y_Dl8YZ1q}*e_L_A=wnbldb@TdzmHj+4?l3{e{%)y1( z8pD*svu;CL?3#F-nOcviyk|ldnxBlSH6M=qd}jC8K2QE9+D5j#cN((w5-!L~K4e|) zp!bvsKb*jLzo?zDLtxVK^@YcWxxSy{bl@S^Z=&M8jD2q52=ofgmz}aSaRqvX;?U-t za-kHNq8b2MI{)+_DobnEvov!V3sDVPG8{+Hln_w>?rX9kOVLJZ$D>-MGkF|*=K4|IGtv$bZtb0MJCN2CMW|Mc;3>b~z&L}!w2wJ$aC zHVU_QQl=rK#&4<^F-Y*G_FT7Aw~!fdID1_h_l8u(Wahodr!far8ky4Fr5j(H1W!k+ z_*M`xczqA&PUD)^*6utUYxrQQ=dIg*otCj|)0*drDLN_(MdQyZXR0a=5;jH0AM8!M zSXauQ!y)RBt3i57sMlcBGQQyw$5GyOEaBO#_uD8FImnGi_2LQ zv0l*C2=$&;wcq`QICXbfM)FlFI36w-60X z7mZpzjR4GayVsr#L;)F7no{>3j-E)?Flcs3UF__^ow@YJ`*(qb#?Q3c`PUxbI6kU- zC!Gm8{6xa%Xwb{=1Ij0CK3!gPtN!FFa6aUsytwLZ??>b`I;B7IZe%>Yp7+-6$nn7@ zf$Wd+^j+`4Hd7CqRexvI^F4X}FsrBbouSFwAXBn{A8I7C40ar;VrO0OF-v!QA258C zFi#~dH|$mN@a`3b0s|Qzb*Z=$2@mrEsH*Vy2xX2uymLIUn84OXo8hRu!fCPV^3$AF zxF?UC6jZu6k*zj5b0fEG_%#MTuS@}5Gv`51uYiEjvs`s`*d4x12mI)~upGo6OGy8! zq^h*2F}zyHJU&qM`PjZKVvqL}5X&)9yy_G4j$2ii&8ME|fnEk;C-In{exUG1M9ZF8`M(CU*7P`73dU?32 zsOE=a_3?r7Adj-Hr-pI9w+iL%bJg?yn}kW2RknJa5l@=%|_^%fodr^D)IGbVJB@O;VM4xrlU;^IG_vxVGROqNVFL+-U!N zZa(}?PR?>!-WMtQtA0zj_je*M1sHWfDA3#DnXY_{oTcHkuz;H8x!VU$geL5UDi_6h=V3Gj#47DP+Z28fsp$HyDm z&^1KhB{9_c+cgDJc~LP6H@PG3bGkxnV9v@{8O-5jh24zb>7VZKXH`jp2`R{b;y zrMIY{+29PY>IoS8g{bl4HATn(BEGz_I)Ap!92yBmrmhY|Jgc)UBCu*&C(2Jq#66GZ znyd8}4>ZZi`+668X5(bsFeZrZZuZ{&dn|d^Pj>cTruL_!4D~jHYVRV-&ieZwn4tYI z!TW}~rVih77lj+{(l3v;BW)(FW$gI|4wkoXU`=lFnd<3M zJsrpBj5BS7cO73JA0hfYEgviJ3g_9V&zUorI1M7c1JOomM8WT7kK@?fW3OOw676=1 z=xp=vtERtlndd>8>UFP`V&^PAj-rD-VH&9dd!-*fT%LYb=^XAxcggw0GI`N47L7h4 zm)Wa*h>+Za6SKq|aUr+E;`;V!J!Dil9U@@BtzI@XGejdi)<;U@f23=cg8SE#TsfK! zd`Dq}2X3jmP`FSN)cK_qg4ItDP7MDBG6y}5cvN_|4} zuv-s^%mtx(RDQ$ARIIFy8q6aN4Tc!Cvb?as6 zPNl*_(~Sz>#=GAH@GmzWq%O=56y?G&xS{r?Im@W1wJfOq62JeQ_w&@P2buFKH3Q>5 zUT5y8_-GmMj;)D_%;0!n43n{j`Cbk+>L3g9efsRbL{sDW6@CmJa}rgqY>pmF&B15K z`u==Y1na%5iI{_T72l%rin}S-$#*h7v9 z_v1pMjjUwGZAv8_VB|}6EL@wJx?WL(&k#G`T#T6ajr6chLH2u&%qFrMS7dI=em#R* zeBg(bnMN|drH#`bOn&O-$2g~lo+f1tW0mV-1bI!I_?093JJecBadE^cQ-Qtr0mgjs zDITL`ZCHIMhFI|uH7M?Um~qPyV?4*vg_85R@iKP{s76L z=k4kRj~-NBs&Q#}Svg;zDtt%x;(TkDTr_oL2H-%# zB5i!`qPu9nW?-4j)jG){Z(7Et$2Jq4nNv=MNq4oo$tSahGRq-ba=_LeWFEZGV+D-p z`XF0BwEIxn_;t3CYw-+X85t{`tZ^gVls_)banpDVIrmqbDJ%MZ@`kEq*xOgyAAaFT zX-84}&S>O6@;UE21Eo*%{;BIl>)Amzos)&qb>V)ZXt7T#3u6C!-Vs#nJ3|H#v5tQy z!~k}P$nkp{M6lNZ@$cNht%w6VB7Q-Ro|;Z=gV+iXmvghXA{u(&BP@Wu;k89;J--Ub zk?YvDh@j`aN4AdW*#))6EdMyEt}oT3kh|N~NrpLWp^Qg%#$15#!>q1MTR|RHxDi_% zv)G{GBZqo6-j}hY{-^|5M(p#! z+Gkxky~)^a+X_ACKh*;!69aNY&%_Na*u&gO}@A-#ObUTqXJtL*Ckl zhY>zf&{?OaQSN&2HukqHA=VaAh37)WVV88?nzU!nV-Y-dNO?$)`7?isK<6_S`Cavo zLG?A7+|KzdZ>IBqzgK#7{n?^@fo`ks)L?C=#~lM+Xn{}*^yl+e?EvmxK&+2RLkm0~ zMf3U(kty2mFpjb?*S&r{5c&WjN?7iM=)?^X<$rEPq)P#azcO_;A%;Oj1%UYX$RrMj zh^cTjZeu%RVYmk&i49(*I@ zUyyeUCxKKCkP7hHk`IpVx1dxh)6G)dY1gItp-Fwse1!T}Z6Ax)jaB?z&)pf1!LF6{*Q8yw?LEVz<>!etLBmBEE+E@ouoHyDm~cQWC`D zFPp6j5s7X7Aa27ExdP&+ybVXa>!g6=`>h=F?f)Qd@qw_gKji2Y^;eFsQ5=InbS6WN z%>eNPa45XCaFpg6LfR3n;*KsA*ikPR*m3f~CXPXHXJ=?*_&G$Ea@>jUvMxj~ZA0U$ z2W*-OVt?f^8sDEU^0nqbhOP5Ovj74i9dHFAa%8O|wlE_oc$YakHYRHwEu56NRb2NH&1b*dwfgQ`xQF-?Z(usRhY+f-oe zz}ubx@>WKTNYQySmu%tPw2`+vK>v5}2KSvCc;{~9U8=BCHE<{^v5}Zr;SZd?W7$m7UgL9Uns83L$8`hk-Y{VQp%Y>S|o8TNCgd1D=E)ys5eq zVgho+NO|_Jh%%cHb0MPNj)?ixkRvwjUlBz&A(lf#Df^uYe~m05q7L%h28fEFK*n!3 zj9)N%a3WnBvjB}Npyt~a{z5TP4u8aKNkU~#4JgLHV_V{&Fd73E=7Q32AVLg?D*vmP z$3V>b9MzU=6gIL#YV!<;S!?5w+I#@od;@K~)60}qF>Bh0LE`#Oe-O727rs*s5qU46 z5&s6F;sY`&)_V6f;uR3l5+MG)V%f+VB5EUdao=F^RgS>oOMII-f_I=|IdSyl%l679 zX1OPgYWCfV;vi%GsaUpy?FRY_df@Jc^7*Yk6={baxPE@CPq8Us#d5>iyeaUhIE)mC zSax-%iseA$3^p@7^BXx5SZk|6l&m5O_@lyG0wN+1ICFSpR+&Fae}v@b^xrbYU7EXg z259nc`1GG*6L^>SrcxhyV-{PkKrH2lU|mGi%`=j%Vk z$flr#a=j9G`;uJvR0t0&Gyi+3@;}AMpxXJrM=|ohR5}b>{#s8=L9Vm7z@@PVR@p|)+QHZsgm1-*hi|C5T&|AUK>p@&+5hjthf z+CUHKv;Yrn7!zVs$~p2+!@9l>aO((%o}gc@1UpqW|L-|}1q5_PyN@Ry-)A08N1)5o$JygSYi7E+GgEP1Uyh982ikcG|VqAdY zR_{9HGk2;)HnN2bv}(5MBmnmsOc-3dR{_$ifKHNt&p(yO|0R{kY*~+j0!9jpT}%4E z=+U%(G`3@linKc*A3eNs$mv`Us1Dz@2-=(D;s-|dl&ngR3va%>8Z2aIi#i^i#~x6gi6lLr_4WRDuF2+T;lx>@9?eena2omZcmNsaq# z%Nx^#1ol(+D|I@d^v^*04lR~FQlG|c^no*#3D3MY>2n7n5|;kaXUl!Dk&y!uF?w4> z&|VY|Zboc98h482d%&P9{X0rdDZ|V3tRIxW7>zdblvut#K$f#us-MUCYVSKcPa*39 zC_Sj+k3L(hDJ;i!{vft9tuOS0usk#S zp!De1J6Sm!S)Gjs>!3H>g9?C=2(ByA$~RCp34%6(h@@|^5FNn4@Y-VKnzLV_KDuyj zXe%PH@}Xaw5rq$!oD4jbI)ZQ_tGm6j97FdwU|O0jL)UTK!tL=>L+bwiW7a=Y?h(l~ zPSTcqQu>xUW+{K8x|ifbPs~VmZQ1!!ys5LYSQGgl@CCws^zg8sd^Kc$B^ddJr2YB* zT9(#=t~X)B{dst;dLn8q^hD1_(;Srd=UC}t^4M8&iHq4Ya{gAf84-}Vy|QHY3~ER6 zZbxrjKzb_@&0DT=j)Jgys;G?z<*f$LY6N`>OG~9A3bIW)N&8B3n!u=Ut}v`fiAe!( zxR=rE_1+$8@5;RA^nvn$<;&qvdh+|7y!E*NN^ict*|vi0z*~=?x5~j>?%IS{Fz{9b zM3nyk^w|Yge8Gk8tzAaddm!TXrEL*`w-mm0YePv7_u_2~+78OriB)D6CAi|ibY4FyQ=I{3ffd68gW! zGyD|1vqF8Ze1c|rfE1(HE1M#ax^Mq|n}+32!!ao3V~vI^f;-Ji~e4g-6b(3F0tn zlwQRBSl}2r=`JncIC{U}RDMzjzM^24+I;udrLiXq1x7_@;vLi)Z5T&~P0FnrpOB{T zzV(%2DU!X7<~oQ*a!s>dGJE-VRnfbIl<`Dsz%GE zM{tW7&DK13lF@%W0KKoVmZXp}bTTgGWW3f&iy4ZA9 z>`4fJTB2rmQ%Tg(L#4N6uJ$urT~PfP6iSnH!88cJ=W4T@QqRZRm%WU`c;+AE#?8uf z<-H@C{;8pDJ9C69a@Hoy#esDn?a@QDYB9Yp0{tI`%6Z&r>AyuSuHrrX`lpkAXSOie z^uxf|=dSnTlLyrom7EjfKk?=7N|4ZZ&Y%*Ztb(uk1lUCwPURTlB}b zS{g?h?(uV{!ua&=%}M@D!K)vLRjug{B5z1;DHS)nf0ZeDJZy?x-Y;Br;I@_vi)6LL zd2Ywu9%lnbw%-Q_s<3c$h`$>5&ov5FIQT331r^;ZC92ivrw>GzF!kR41ThM)Ev;nfo(_nZhN?_i9XYHaf>tsetWK@9yV(#iRsMv8 zZ^L7-P4(9={&mJi7iVsr?ws_s{h6}Z<`Q(BFW_DMy;A&}v9E3ntLK(>DVhjsE{lCl7?#}YlH^P{@9Om=eVszK(%2A2~ z62{^!Z7JBH!6vGmW(y}?PZzEvWbV~BT* z#sc@W;X5iuHK9=K`_a4uz zxFc8Uqz_g)3Ar#>q$nOC&&DYKHS5vVA5m#(I(k+lq)^70&kFO**uGS08LiaoZLMoMoU<48yc^)%V}7is9CDXHrJ$NkZs1TBc_7KnCZA6-HuOTHUU=kgQ?jNv z9tJPJ?YKLBuOP|#wyA4W`)BVQ&N^$|68q9t6&|-ck6~2%bK(501_*&LGIEAdtrNbv z_1&E+=P1$#THjGjP@u6k$I%X2-)zRaO(!mqF9@>+4`Lk6s*?-6ywB*}cojy~F<*ys zVND7>~H8tVr^L_=2;A{k>bTW9#C_+W}OSg*plwkip9Svodz0*?|C6LAnC zffp{lquSX>Q}tWd!yA|g3$%5PUahYb51P!{eJ#2_SExP*if;hoWxh2EJVgo*r+ zjYRsoIT?#v$e?II0SwL%(V^c_=InwLAR>Jf4#F6q!E1{`nlUmEk?sYWLXXxJA{0iM z=r>e|94JHsk-!TtLo8D#hKJ_Ma+?NTpoA4=k|z|%4Fv9>f@Ze!*EB*)ZkIM#z|m*~(JTRFPK z{n2_W$K`y8SbF1c9KG#OW?lx7*abP>0Ej1mnc=mCqcqVyBuCV0?OG_LgHWgk)h^K! zYdsJ|1EH`Ct6jinb?|eD{__4#d|h=Q`qAP48@?j|aRhR8SUE*_+ite+FJOTR0h}G4)ESwAe0z#eh{)=kwYCFf`uj`kh-B%o?a-*r z;SVjLFdw;M&v0F==QrN{x%m6X4rN=Zv2j%wTqEn==TzvvYn%gDF6hBe2bY?~=fwqh z^L}!t$E)16PbRB|w#W2FR^Ca{V|Drbx%1shpM}lIxt`Ey32`O)U5s_vQIZD2(`s-1 zi8R`}_8vcO6?F`Yb7j7G4mWYalAZEm6V6k=ao2YSl&ZfaG=C|y_Tb6Mhd?b|WN>zP zQpe~b)KUk|fo+%>*xe)NC~5=R=LJKS^+-31P`4&apXcr#OSwG)@VdZNMZ(->{SIEK@u&@Vt2(K-(R%Q1WV8sMz zMY@qqR?I(mw&qD@kyX;AARl+>q7yOi2@ibWQF-vh1n2Sd=mQDeMPD0||Bv_fWdrNi-WI49Vlu!d@=@J<0|J>sDpd!ui{7H{eN~fx{4S5cQ<@>R42C z6%kk!%VaYmdt0*??oEXIK>tcTxdp8ZN7UdcJf~gbAF_w61zSYoaSt+#1~_6>h??=( zA!r#Xh_o-i-%I?imP~X~qH~G-bA`DeMk4`FK=)E5_l!i&J`Hl4PefAmb37QPN14u$ zwO$)YVNjhI#>rXA<+612&i1}D^^Pk!Dl=TV@J!Zcs>bSq^zPWqP~3rG-;n^TphH zC-1yv`u(*x9zVk(@*?ZmJ5?bi=;EZ zTqJlYo=cM{I?Y@--+hwCRR^*U0qo;JPQeQ;uSgI3o-TvSmuHKAri}_(Dx@tY1eURv|rl?}#{T4iWp|+{K3W5{Wnp5PzrM+lp97h>N%fR)pb& zZc&WuMwcO?wh@{|N7pT?sEx8{ENJgr6Q;5KCW3Ig_DID(!7#p3z^h#Q;lV9$E=T@U zu-*C7OO)RzeFIf91sm_W?jt6BdhJD#EEDmm5q>#|8{Rbi*WV)&rz;C5mY43!&xV=H z$By%*@s6hdB9XS>RqXU#Fu__(y?2I=aEU0R^Bi02-uJxMvCK?|+G$Ho#R=^#7L;4a zh3>H&YTk?WY{)u7PD5kyV*vw8=gfjE2_F`L%ge(2({^l#=Qs~31idIa7nntY%o`~Y zMPf@&xCromG+2^nCZxPqSCIBEn${Nj;bB!BbIX@jYjAm3P=v-)E7CIJ1s+{rNs zhXsbF3Ca|QFU1|rAycxCJV zs={d}*i+0LfoQ1DeLyXJKQ?ap$Z2PZT))9CVNSc=kMzq7SBP4VUwL8SrqsVDY{7d0 zMi3DZ?oRRUhKzUh&E6s4TlY>};b!mb64_mN;MK+Mqai(dao70iMn>&Y*rWrD?u|XU zcD`5V8AB5@rQRXo*^^zvMo(DY3Oyys*~cX@D@)dCZYSm1OLP5sR4~SaGqwx^FT2bc zi_S>Dy8fu(Y43|Ao5eiHmJP7|ORq-)?(N)>Y(3D}`mM7)zP5S-VjUSvl?ucd&mGHMyl?F$aEJXM!+XV(6Wud4`y33YUY~^g_yr1;u5lk zwY*{*#1eqGoE)>6;}YPQ{&c73C329nnYj11MFc%F2H`p)gBjGCg(ioj{-}rqo~Pbu zSVNRonXM4R=c94znUn{E!&na6e5My+hEgRkiFWcda&)b84M^S4ix89mPlFRDFi0d( z?XY>Ux;29tGr!D9y6YwF)1Sl$ZwGzzGl+UELL>e3gRV4Dc%XCN#SXT_nH33B(oRcK zGbo)I5B*HW)s}1ZIhHrip&;n^Ug zs}NBeuF`GP2eyJpeaID85g{7T$Mw~>q_or4A72al9rjv$E1Yr4;cZxRV~M}zfy?X; zDNZecTn2X&;t3jLgWTQr;745SU3#*&?>0kutia+e1`F{ZXI!4|OR^dj(s%m<&bHW? zabR(Fp0FI;U-sIe;Pk}?w>Aqgb8SgyA3HxaK890!_sms{v;L}m)c0MaK$4i@SNjQ% zJsyWR=#;SOdkk~DPsM%z%KYqhfOt&v%h3yuD$nuabxe?sfM|y&d8ocY#CXDO5kX{%Cu~Oi5INf& zlk0x5_SF6FdY>lKxl8jn+Xn116YaCQ8_LFt$VAiJp&l|oDwrht%ac4ev7uBU)H6#yrBA*6~(WYNaifMVRZLA%v<`)^W zhIE@^H8G2N7Jjz6d&M8A+&fwP0A^qih{RpucnP_Gp8ZhRKX()U z9zJUWk*leRQOK*dUBw4&AJghnJcn?mpF&iKj-VJLed9{A2cSp6r+B!&tv#~>>co1T z)3_iyK*op2*fhkbSlz-|IE@_1xetwV6hJ2c^Kj0AuU2gg5br=_YJf;~1%cXQehZ>< z8U+%uc3VU$gmWt~3eg`TZu=+&6m#tHA2C}@qMWY<4^a>|MKcKjGzqxbChnA86$3<= zK=SBf4)F>R;zKc)fSC1M-lC0g8YNPjUNmj8fPI*e_HjmO697d)#M|EysNKWS5wVBT zs34*c^1OfzQG!BDe2GE~got3qI1`U7dFs+X~9$G82GfG~2e+igGFv~T(LG6ax+4Rk*b_vzfQ z_4npY%+WsFTy4Mh;g+qvVO6y0|3h1%Z`iwht9Bbc+^pSyU0V)Y{seaPJt9`ye`GH%oUe`SvRu)+EN0MUWr4ngIIs-WW!(T>mOn(y z2Z-xCKBM;~yQI>nVP7JGe4g-6Ut*$-?43Yg+xDk-3Ict}jrHR_P__I2^_#B$6FI0u zS9b8qfACWYFtQqsVIWR{r$ga|KD@$|&)0#mDq^v1tis_Hcmx`*sDP-t3u6_5z$CyY zyG%wP@FHS*Y~JTu&_yQ&CV=em|9L#|uZ$UX7;>zSClJKzqXPK<)qd~(`Y9S0osb7= zz{k>7e?*QH;E(^chj08pPtXc^f&@4P;!n`7KAt8by!DZxf9E+6i2qb!e?5EXuOEOY z-|~VPw$T2kH$ZQ@5yELS$UBSf&36`NhHqTy1we0b*V`U-9}o_+3?kO|{Xs;}S%h%D zF0y}d*_^ZV0@1i;h5(VwyB?LZIUr{PAz~*$JPp{xYYRu!G+HD_xSqb@j&_YB72>Yi z>?V#m0E7&O1?)`$ejorB6S&|DO2QA^g%|*<5%5Cij?tE{2f2$5ZNuFK+|H3vP@%ZL z2HeBJyD&UP@b3*o4=W+7i_^!+1y;QaXUpr8`V)9;)anzk%}ySW{6b;A*jFY_@woYX z369b(^84&k9=UYqLT)^IIrQx6LS)aa=zBHqehE?Me7KN~KbSc!qp}N!zpv@5@vr5^ zmL;4XCW8x{*>{v4F)lYk#a-)-GgIM^7 z=g;3``+lCPmDC`-Ib_BC)33*M<1&gA9R43^jAR{`v%UtGG$+Tg`iq}7m*?ISA^DSk ze|1kd4Lj{c>5rFg*VB&+X%Bc#)f%>#G(EXQHm#rQT6QO<-|_HrRA#jC87EHs>bv1~ zBzkZ6H#rM4J=5rWXLN6c8=t==dD^utk=q8*ahaBq38V3;o+(}s4ljEL|1}MXOFk+0 z>9qnTgpTjqXBY3yd6x3``BU7XUPmxzd_P}j%Q3u@{~6=Ot0;u`cP`3l;7*KP(97@z zJxvBYy~7ro(ld+>?E)i1_xL z{Sw%DifD3K_F1XP%JM{JHAmh=m#$}Va8o%ACu;zAC|EP2AipZWzi zG;Xmk;77ey*EkyWq^7_-{P~&h*j*XiJ=pzs%YR;RezQxRBREs&ly;bT7Y}w!s_9U2 zPV8|yn%_$0IP)^yPZnd@#iQsyeJXS>)gike+fw48<;%KH#8k>$zOm*rd^q;;J)z7_9Jnh_cdvZ@M=xq)uON@@s#fUO<>6@|7-KF!}dsKkGMb zmh?Z8;|ia-w^+QIs-@2mn;xu5(c@$$dht0t?K#HN$1VFOWgjbQ8k#L67ZhJVR5!&C zMCcg9a4%i#LZBvJ6!wE4d7F^(dMu0sET<>?MUU4Z0!gggUJ5v?Uex^I@3@;$@n-%V zpSXhBFq+G%ugbH$BuAWuZXT|kyOVV0RyfxOgP9a%a|_m8qrsY&hk85PkF;R+V?DgT z!uN*yjp1~X=JDO{hrxO#Ij>Nxlw5Vx>#QXmO@WXRibpSi-S#PexViF)|kG{a?WnMCUXx=whwCB}731&R}|yiWOj=44)BdRlYabE4PPImpaR zSLug~-Xo2!tcQCq@4DV&=y)Jhjgm;+yqQc^!~F|RM1oUEpiEr5y-<80y$}`QihIV!}2WXG>C;7_Zb*V z?+?|JeRa?f`R-59L?P@TUX5XWRIkI-g_Vluu`THlQAKG zoYB(w@n~^oRI!YT>j8;7A&;VL1T^;$NLeggOlRlOt?KH_f82t(@4bK-dq<>lL)1|# zVuANw&<9{5bVG1rAQE$V4H8ts+rOCT-W^{)e%M4KFHGza#?15ugP&c|SA(>;b@H3_ z&ao&B3-T_{SjeyJO5qQF;pG3`xOX%+ujy?BTVc6<@a@EnEfXZp!UL4+3+utzBb1kZ|;zWq4x$R-TY|Tn}s@k zeWKVznvb)$fO`?MQisJXfjR!XHa%kr`+&&MKTmO@_W=m`GzMg^f_%OMwi2sz?-tl^ zTv?()3z6w$3Ns(st0cl!0tnh7K^uWy>%S^z?e6_Fa&+aixea2825k^I=(i}Z)~reZ z=pLXAN`#zE0HQSz1+Oif4bm8qoRc^ATNdQ&obTzQIHyC@X!ER7=BY&@R_^*ywO1{? z5I@^HUl1Cau1nATvzbEOj32?II=PqMq7UQ+1LYN4(oJyFa|{ zAj>pPjkjQ^@Zg7|X;89RCN{zySP))YtZ19YgtQ`jB6!0X)#5O)VlDLigec02*-)P& zne?13B)z8d0w?!j`hL<)zUT2+JbX}}JUq+(?EOGV{4tm5l@2GZpAoq8lq|=)2h=#Q z&id7ygG{mwaCWkRA<_nlXf~(?5dz1slv)lb8}tFIW+ywx{1PAi?&|FA+@ffZ^=jtY zxl>uMA64fOMX2X@8U9N6J~1U4$@mgVCNsoAWPs5RywGic5tqh{909?d3^&>UjDT1s zp$+bxMA;x8*q~1~_uaJCd-{^Ai^HUazgw4n;6C>cZx20w+^5m&s%_ERCv7zQzX&ay z5J2dv*?22GIn0wid9&eh)SJEmr7CmZml_3q_;;nl$&})?=Cy2!#=e-4XuB#Ei87Ts zEx6+K-ahNfg(sI~s3WYnaQUWOhRY+GfC_;TO6lQNwHFl8bco7%9DWrBpCgRtOk*|d z_4T@sSyvX+(MX=osKPR(7E}o?Y1fO(>PX^PDd4V*+NE&d>_Tr=5542O9xDrlTSb^% zRCxQ_(-##i=zkAuxyT0HP!8p+jKs=FdUv9ywR_=1wZ=sedd{z(4fuV_)Cl&Rw_>Cl zr#rgD{!@S1?tWuU=?AY1+^0)PEkkeGCg-!1P4~8WcRtXNWf+RNeUXj*{^6)1=~yx~ zS@&tN`5Eakrjl5{Zw&e$<=^xK>tA|{{Zjk)Sry@QnI82(Vc~oT<`?UJeT-T$=mr5W*1Bl|6FfN=gfq%L-wbzvn1x(owE z8n+0PE-FBmGKi?R0dX6StVoW?y)hu_YO8*J7;xMR+NsRTD=3cDfTKz%Kr~a>gIY=5 zf+)rN79!?jp|qwzP$anF$AYE>xkg)Yc*7d)0k$jf_i&9CB4ZE!LEfUh6aoRY-?TuR8I$WcL$czB_?{`eR?~t7LpmB}^=#jt*&h78ktZ;zM zqZc4U#HryuJFL<2jzGk``E3!wyfGf#W<>PGQxRTp4mcDu=171dzQrWMAtuly`qmo) z0-7Wem?RGnC+^t2Dh81L4$R>J5pRYQponilR1PskB5G}m2&N?oB~geg5D}d?a@7}# zi3MVIu=ps_;=9r8lLyFWA}#KPvd>LGegz^{M-c3=>dT9)&dx+uTp}ZRHSSP|1B06p zS66)v=kM-*m{5-Mc4$mh?DuX^jq}f{FFeZaNeGpH*Mv4s>W! z{r_Xm?EYufck{99>&IflRnF~q#rt<3V+~vWX3+BgeT|lP4E7~CE1UZg5`AP}0{U9~ z2%krfn6u)`W{h#4FV>FA*ihBA@ED=-)e{j@$9x`Tj&q183o z$}giC>ZJ5@afDNr(@nN)U`+AP8ZF$2)Z7`l`1>#KN&3$kEjZnNwE+b&^xtre7G~IE zsz1B^Z@F6(<{d}g2jFaOyZ0KuYp1FN_W^h7*6OZ7cHQoExr2a+ro4X;x7@%8hnOR8 zV9syOS*pqex4p&yk*w|)DrXM>)SD2|1t6XVCWhA*j;g#LkoR(*w&e)cX#KfR{R`xH z0Dx?}Mhhh!c}BRy8f}OLH2{Tl7Er8HP=Kww~l ze~>TeX*J;K9qxZ8ka3STOS0GPT|12yh|=(yXjDx3ftWghjGbP>9oA@hCm~|4Gg_3c zB7!wqy2Z_i;N999t#jmao6?2IQE9cv7aWs$Ua~0|6oCf}Ryxi-{OBL>VP8#Q9jV%g zxUjij+=`;NlMs8iCv{SN_D?QN(Z+9aS>(E1120l;Sho4sR{U@zeb9A0qWV7*!{@9`DqDy+qR9BNGc}{)$<$Q z{4Md^Pyd-(z7>x2wG{Cc1p|@bi<%1s)oL<_%rbNQM1QA`%6!VvMznp*&SX<-KTT$p z@I$Z6gWP-SX(O-AZ;uyeW2bz2R_+DArpssd7^3Q_8cU~m@bl8w8~S93kNZP|vG1^@ zRUJ*dNu{r6GUX)3)tJ`mSp4vHIOn0xnTL^@6EQE!3!V z=>EeFZ6E#*U*8y?_tvZ(HEe9#cEiTD)7Z9cqp^*~YHZtToHSNrHEHnP$#Zs})4k8T zKdj&VZPv^+v#yz0YyH=4U3ifuccm}qX<@fY!y5ZyA?VAS0fs`Xy#OlmvtpK_4zY?Y z7KJTe-rx2Px`#z!n?(0fW*xupfNl%!Z1tSM%Gc$C1LXWgb{rysi|&Rel_rfMO(AKj zNdPynK}TC7#k6=Q@o6=6B3-%C0ZzBEewW;!c~5g+VI5}?$XS(JjW!H(FAUv91#Auk zT?_^56|CKE#&S65cU8gGu|?c;)4ZjWDH^E7J6W8Mc4?IAcv}gUf$Epwr+C=t)mg1T z$R3q~<*rz#)?Hrwk2D`LD7bz}EyxoTdE%EG>Kh{blq#A{W}ruWNkm&H4-VZE z$SNlLAth~`+}FgB#>I+w1qj%`pV4MQvq0R+2H&14==F7C?Tlh7Q2$z(UO~BEsBc*L zL_J7V?6^W%2gT7D)J{qfOWG9~GDUKp=B@Bq>4TLQ&PGfJm=`J}?VgSyDp_?0C&_pP zEN9W$$ymx3H+B|SN&tHOV%He&>Y?oeyq3noS#&Ho>rcl0PA92OmYV3rACzCDf_*yj zr*sWe@5jZ4xf;?_A{Y9OZD6%(yltyh(Hq3;2Ke7a_9emfFLfFyc0rKvQ9%)7qHC81 z%I9@A)NrI~YJT#zgNynmdd#wJe)&Tsvi_S@z%3DSn}K6`7LQ{Kb|k}LW?;|9<}bUf zE%#Ce&#CPhuI2HRcx~Eg)56EX|C2)g^Yh0E>T3?L0DLeAc%bZU{G(D4qC0x4R4)I_ z0Vq(L<9H;mr&QHnf9HUhSC#+>`eTL!zzmq>|NUC$|ER7^->NIaKRF1G1i(RN0Pk~Eay)!U_Bd*9s>u}G&lR#nKk(T?KWSW*_$o@`vWJy z=J}f~{I9mObo^yY81U=tuM#f-692O0ALwYtnZHTo{6Em)e`V;0vp*$nBv)@P4?5;# z=jf6FrFW$BV;ZW4fh74^J)r24={G@bewBRpk?J$y>&)Q-!2fbaOZVdq#n(3x{&Uv! zw)>6353on-)$@k2zdfHh?-T|M;SgzTFc!$S6ikH%o|GJ~-ikHlfz1Inf*Ux433<}^{N-`%Rg?PFf5pJ!4Fit9VIT#Fkk=X(osZx*29y9) zGgYSRWL8wkB%Xg*X3W?pH}?5Y*TXsqr250Be9th0{@(tPF0;Hu#prcrj5XkYIisaJ zd8>fl-gAAOefK{Y04g9n$5#xTo_=GH3&4Pqe=2E`uFt8ZoB>m?ci?nXEP(3c1DBDq zG&9p`<$fa8x<`M+MVyB~i(s{tj#&y}4n))-9&|H&mRP`w121`CAF0Z8g%7KG$GNp)nDtvp99#Y>1ds(FQ*=lh6!l&ofO-v(m&Mpc^(to@Pm*f&QAXuL01?kp1%n(|fwslW`7#6Ybtv|1 zNjpc36UgaqPYkf5$toJ(!Xoj&5ES}^wNS{3<1J+)IL{Z1^umG-xKl6*DQ1*}=VKbY zL>Z_V{23DFx`g}BodPaO%D;R)CC0wtsU5#hOfoaim4CJx(Paz%iL@1-_$>B)vB+eB zVsnQaM=psODv6npoe2i6LI1S+yL?CU*^89l%!;W!0>h871FC~Okc!fq$|JA~eGPiH zp>dF`b1%m#@sH`doVa<5#-nJTnI4B)Bwsz3R}2Ca4xpRY@sD-m8E5$xGZ=r18OLll z)J=fru(bc@>;~X9EkMlV4(E@9#tZ{-njZG{2^aL;Vfj?a*)&I?SAFI~%0^-nIP1(` zp0v>3PCK!$RIjvYYZF+wy|i}oG*t6bdKUStVC1_elPBQF|EgIm?SEfG{|7s<(4D@m ztLH!073wA+re6Eg^2Wg5F;)7i-K#`waZsR7Ab@TXF#c{Uh*X@_tF5a4`wqh^>j3)G z|Ja&Z^Lu>+z1kWn%v3yu(Y2L+J~qNjh6%5#Ko+I#mYssE-ND~!nEv75Tw;crzBCXl z#pAMo48P}HB57vBP3=nUIR){D2M=0}2v~i;J#f%0XcKZA zwG^BBz`&=vc75`@>2To~z@MMH;-3cRV|NOv1%LRmYI;>ek>sMh-xBjM6cq1E*UkSW z^`I&<`5AgNc7lt=Bx=G(8`#kAWZM7sOxjlN`}bJjGe=Vf*24lnQ*R5f;;qeOPi$DZ zuH@cYnXV*F(tF|YoD>^iWa$WH^m136G_+v&zL$K*_rpG z`A{t`*ph1#A|{mGw2hxYA0oL6gY4PBM|3I7&E!C0utW^?Xhf_kw|&`)E$*>ZEzlS& zvk6hJX_{~e32Smn7E_o zZ+EZx++2Qm4l42v*=H}0sa}%OTB%}(A_DIxLf3S-^2pa}e^9BpJwbbP{ke{3eP<~o z$7CF8*i4D|5JQWF$-^p(tvs+GAtVaHS_=`g0z#qR4r=Kimo@EW@W zbAZ@wt!Mosc7t9eCMtshwE*Jwb^LubfRxjnze=nM{68gP0JUx<{FYb-SPelE*4d-- z_+ufrN5cD|^jg+VKYkWyC@peC7F#cM%O#CnHN1>1%95ZOe(?D2Q^GH5!sK)R;%$CI zYimtkA#AbVQTDyGac=Y!+GBk5210&o$x^UuEUd}#7t}jT$scsqL`I3g&)$~-kDny_ z`=^<<4?a>aaG1l?X6@3*d4YD&k)e(_CHst(U&1mdD$ zO~fmvwTJ_?t+pD(u!FGzcUA1Ke?_!cY>$ zUdkzjHWI}V4CW_vYh-A|&_^<+O2tKG^s=KOf^;KnXR z3T}qHhFPs~EtyFCZFcBEvm4x;I|4D%~=0F5ciV0AEy9yM)v%ujVZxe+}K?azq zs7(LokzYK%^h~r98&M`}uI|&H5InF}(WKW5!GzNGkaQuzi(f=>MJRK}k*Gm%`CUbPc1f(uuQ0V-7?027M)oJy#X+BAb}pChy8{Qk%k3iz1-b zZ7p$lYEU2Nx`u(S#WA_76$X-NGmvHxW(~RTU47(sU@al5WJ=gZK-1b^3-VlsjHN@& z{R}MR9Q*Rl>1*{U9}?w)Rzs}QicMb#5A0=zdZ(7s+_Rk4bPe6yQCG0KPaBW|1Q3)B zHC|7-4U9~_oUxMB!ED?}DT2MAFfq)7&sQiZr_EXMsX?vhhwkv6E#sj5nQ;i_vfVJ$0T~CkpyD?RcLP|stP^*H)vZ0_QY`ux z+k@P|C-kMO0HC6c0xuCr8zoPdYphXz10KMa0Z%2;m5g;lYveFT(#D*u-Y5HgbAlz- z>L9e>rCC7PUtcu?X8;2t0tR{;f6ouVC~-EgnyGpHsTm>8Uz!R0w<>+p>{F4{lihiv zVdTz{gCv-)=F~dl>eO>R*2sEG7k-c@{LP{EF!_7gc=)Ll;6ds*Lyy2=mmguOP0 z(*mmI+8Ts|lYd0ke5!(A9osXUkdZO3#*dM*}++djWkH^BC7o{s?IG22vnPt)m zDa-UM>}r|sLh^W1Li(YxN<0fvk!Hpqs=0NCdy~B-)=N{+XCwl(Y6y&d`38C=)L9it z&h2OD#eR+jHoYQ-1VHRxc<$nj=YIXkN*L;!+#MinD!-4xzvK;PEdXlxqKuj^5YkxK33aq;eBb9kMz@CSh@az%=uj*l~NV zTwBSFn9yHC>0E{3H-6M=Bp+%V_^T*yV$+i%>1X# zL?{58V_#Q9QqXUk4*@n;w~3Oios>?+jo#vKuU1tST7`b5;&${-{;194Tz80;y?Tt< zh0Act@j5fhI2aIMbLwsU4FgD^NV>NdZED_LA$gtsKXp4s?B+NT_bUdmfd29AW-%E_ z9l(Ewi9b%bze^HKKXG>`93U^8FQ_N=Y+I><^Ep5JOdWWL@2)axil_y<9abfRP+GRL zKV4Hrc1dh=a<8t*pq|PJkX9zG{kL^bW`$py})Q zM_f3@*}q|g^*4;T0T{jB0>v$&`3s|P1OP^L?(>`$Zv7wuuD!?ct67pb@;16L#2|xs zeBQIE->_R0Muy?x`wp7UKy)aRjG$eMy~}q(_;M6}P#fMiVVO9%zG@@`&}amp%XKXg(Q`tT*ivr4@bA4#A#VAwQEkZlrv zAQD?lk7Ltw;Qf?&cT2q9ct-~Mjn>Ib7hyOtd*u^Hpr@aM+wDfh*Z18}(s~>emW%SW zDqR~soU^iH_x*cH)?pSbp2-K0(8)i&K4Ssfv7n5#-(v?J0g>ro|8Oa~FDQlV2=?Ge zRVdjwZc=Z1wQTOo-(UIrkA45S4Ibz4hPC?Nu=dP$!?XjeYJ#f&i3)&K1^}$zc%oYx z0_XvN)9d($_kP4VzDiWf`9CFM01EAgXRmA(>Gm4=_kJnwrQvQe*8av*DKV-_Wa0M<=-4q{oE&x--q>Ps- zQY}6U*7MdWj{%S{2Y~Q8{(*#MoYNb&^nW5j%<_gU0Er^cKap_O%uqOKaBz&TM)-9T z8b>%Q73Tsxm(N^OjV;9JV>$r=I#c5Du9W80tLuQ7|36#}3B*Eo^A@jXf5t1O-R3y4 zCcvx975}}Z*AMV))T=}vV~GDBgF*rr^!80+!~ZD}18BM3;P(o6llYt_)CC@#g(6d? zm%f4F(=cf1*$g}no75W+)$Vj;nZHiKz){K#OuNPuTr80>0)I=eyCsy2xAv-u!q5NO z_77B9;+)@5RrwpLngCP*ZzBT{R5JcXwHXj!{jU0 z6;HamH&p-o<;2@w3T6qwPk{hlS$^O18`V*OpN8z}2tEwn zGxcRp#?LK8!80?)KPEe z&(T*~wBrPuX*<(W)C3!6M=ml~1Oz|-x%@DCxBR`raM66ugT1zW2PmO-z;U|GG4q43 zs^#JSw#ltvsXhjq>)LQaJEs{pZ*%`a$0?FruL36bsu`1}TSNw!)7VLq_ZW)72fSCy z<#!>0r~sAW>-f7*fN|)4zWL;DXNH&;o8u%j0Lu^Wm4EwW65x|7gyfl$+#*FbJQGRo z@8pw(_h`n|9{Ef9{`%kGit}<%knek$5D}sJM81Tw7}PcJfUq>*7I!|P+XcDK*NnQePZ=R?^hNN0E0>TlyB-2#`k}zrCI01CZQ(G_ zvXC}^{P_uI8r0>W9in(A8Zv=oPWwOm;1Lb45^=5ucr$?7yxcJL@^16; z@kI0Nix-QvAKFiB{eSX0J;v*JBSYPJ=<$UMrCM^)yg%AL-9E*cYj%!G;|phsXJ)1*x>1}vv+I3d<*4_wgXfAHHuwX8Wq1?Ot;G$@c^Al*a3)Sl_Db zCOZIk0Q=Q1`!;A3 zZ@7Mw52w`vYTX%*U&#fIXkh6;9)OQ)HYeE^nP3-38D7s>JF0P;n{xqt>jEU9@m_k| zASDGM0Uj<(`z|v=yVNCZZ25C{^mqq!|BuE27)k}%47%j0E1#AZ)vHj}xxjM$rAMix ziP&Apl_#JiPS-0E7e7lcVNj%&z)G44l<=4Bo%LYFRCf@?LB%|nMT-ng=?_Zdtd8Hh zlBp#mbJ3IEJ1z8ywdG&B3gGk(IY;<&JIdC1Lwua}Psn-N#7;*1d>7w5Him5+pA*{$ zfzBxnv6<}Wq=7}o5=odNL&V+?GiM7Ts~!JgFMjt@V-An73$Z8C*0@a3s~eXvX5}l^ zhsM3TEc$4bQ^u^xqU%G-nUU-bg%8?KPqsLVc=lfujEAMOZ1)wvwO==t0{!&sT#VLC zSNo)-n05$a!PQI7&DzIhK@n;xc(w0pAFCSGs(0{}wPdN&L8y?pG$8zTITCS9JcKg= zHNME99(+}H9Mqf*>@iWbr0wuwOjRB?vIiW+KLdv4_FZm-)Job(Mp;B-c4XaQwc;Xf zY&Oczno|=6Y&eDxt1v1}XH`ZL`7Ec!5HHJE^3K2nca(Nsfg$yF$irjsV;ZF*7A3(n z8y(WU*~dC?CjE2CN<>maR&i}@AZm+9dPpTcD@Uu{Rk1zZ>@zhc9w9W16WgwTdMZ?Cg|Sc< zDv@R)GKk66d#-|Wblry?-i^D6%h;l>`VLY<%gyiuukUW(a88yQPb$4CZz5>&4ybiiSCY8z_t~A!v z(~9G>MVcN4jdvjJ&>ms~lOEB4Kfq(k{QOkYp$DY|#V@m&L4JK})^{pf(Xb8H zRv|4mWo#RW$l2+{&SM*zKyGN6)IhVu-4m259-ubJ?SEGP9%YR2wQ#6yOcOo#Td>qi8AJwg58s-3{sDo8a62ButS@Ey%L_tzCSd_BTr zX=(Vn++k18 z{sFJVV$D(ktZVbji43x;oluhOcsPw@$C!>EAh?&6s4_^HJ55*6DoWaV8y{W+*_lpR$tJZrNI+Z8 zk0@(!mYQP8`sg^)7_d!V*Cm(x4=Bk=R&iVnIQZjUBvGkMYkHvIVR}K z*q=Nzc^~?Sz+>~FEK>W}e`!vrm=ilmVuj_4KhpeO=F0K}txoxIcpj17NDO5)>;v?=-UfPAx* zqV25V)0YT=)b>Mzhvl5l8{wqbn_bK+Z8`|!nBpi$&db;a=d80($iOxzdu)BUTRrU@ z-VXIGM5LTrF&tiE7bv?7bNKM#iqKpy1 zrALUm&*NSq&L)ZkOL_?ESh%Ii>TT>o(=UCtg9AtM5Dcj554^lU0|N@ldU_RV3NRSl zQVp=a&|m`$b$--9970X3mrAVPzjdhW)j@K@=^Q^6p(h;GsM4#1Kue>xrDp|=Jv`1b zIpRoYnY1g13pKEfATk<`=a8wU$d8tsCMWR1ox`%I z4)ZD~>WD+YTV6h7)BK{$y)-nj$e)eB=&hUKxv9U)*a|2!hm6bRky5mH53PZw2fYRY zDoE3cE|g>$5wO_#%KQNU=Kq(yi~G0!>-f)|2CSvcae7a{tJ7#%)4%(#t$C-2hF6J^ z|DH=c-*QRupSgq{u*dbETtZ6qXD)GWN9XHeV*fOfSMhZp74K*o_qxpQM~eDp%%VpA z(6?$h$W(}%{X??M%A4?RX8x3oX$smMA4=jW34v1L>eAY1mOZB&ok0GEZC^%aU0*zD zT?+DOl29X{(DF=AQOU`H{W7$s$DiLF207dlr>i_fEE}7mepnQolVbWPnZoxdj`kMX zM-}XYAs3A`zB?BEWZw(k4ll;p2diwGwZX7h6iDwIoAu4Td4wP!MI}KC=Kj&looNd4EypeEC@@k zxOe<;z$jpbvVktI&sAql@xJ?pqbk`8{U_dI&-s9L8q z7aDF&A*sgm`E$*!W?^X!)`n1Vt1-+TB<%JnRlRqg?!lqQ`>!F(C0W zI8R~mAVMRiIfN#Zy}_xJ^fEjMHLRN;G{GgZ-Ii}$v7y5&6%$q;4BU>O40Iiwhx*T% z30xqg{gdoFoc8&JHL;WR*ioW8-qEzhtEQDRDdJ+(xI)rHScVyGM}?=m=tAyvJ(Yi; z?lnx7-aFHeZAaE+;!VeTatEYJ50#cH3)8gJ@Amij^bVQLW#T3ZGU=~4#UC`{s4iUc`QyOqTSv7Qr5qXH?_Xn2YYNx6{C=L@*+etHPkDAp81*HjiDk+&o6-sGt`3Lgfi)9YANTheFT?QZpBp6D@x^RqM~ zNQbUlp_-_Pe#8Fkn$N7^K@)OKGVaI_7O8T{=3160edXd!1?}ZdCKeFah+c?Bnl)xZWw~{Ch zuoz~JT7#jp>)+~=N%w4TCDT<=%YwuoIH!$rwIumGE>3^Y{e_?fP;60WEr_V2g~j6a zfK(@+2>DWEUb7tc8yD);aHPoTlY}^wRVXskKyPLmEg>+Ks`T9kMukI`5bkHda+Hx~7V9?K zj8`gc!3^mp*J(LdQTffSGq3=|?Q~qf||H zL0lm0AvpBQRiKtj%tnUf4yKI%tUzSJgWxN)8$kh@0Uhh8-qRigTUn~VT>oo&tL`FE zEUMV7UGnAQr}j>@^RSPVeJ=GM2Amy6q~pKceKU+<3t)`rWf}?Wm5y26KU$?y?T~M5 z7zit~lZ*6SF2+qWPLR%a(*E3P2G`Y@i9c2BF~Z;*{NqQiNHN9Dm1po&Q);i0fu^v5 z0_!02u+PN9Gl9FrAsMR3NYQ0ba>^4i`mPUeca}JDW7)H=g3wNg^L6-a!2?a&rxs

zXt(NgiRJE4y#KPWOLf}4Z_Pi42%3;esW}G&i(O?tG`Izr zk79G$oFDuF^;HHL)M~Eza;qU5ic$5Ogb2F(Dfu2Dkx1}+4k?kw_$E9 zzpMfq_jwB{QAcQMP;~@=%ObnZ(49TrfoIhR`MbPJxprI*qz-#=%`p~3)yp>KB~Igk zx7lbhEF!{U<+V2i0 zY?AhqL7(by2td_vLdCGYUr|qqTil2r2;p5rUY@pT8g`p^&!*`(QcUzt8GcczA}0JL zp7bd#;OTr!SBMjo-?p3ZU99pLySSZR6WOggQ`q|P475u8q)4QkamOWcrBv{^&{gpX+{ea%EDcre<2f5*YK|UzFU?4>}5K8 z*T{VugW;O&BfmoHm~U!-*%Lwa41;Qk##sJ~{TgV_^@h#pWq}`({+4+41-B3sn15VS zpxFB*-A+|0^J5TqB8I)JYJ{DJlB3im(ii`^lc9nwQF?arOePjCYLzNXX9TwTKb*M z+mG{^uq|6-?F~MQ71gDn^K!eK(0$3TU7?1#*9&YgZ&-12Uqlqq)@VWTLifZv2NFaW zNQ*emJbRZ=*LD0!{-W*XV7a92#-QY)($)AtDRqU?*DlMjX1vg|z6`PSVfo36VsVh! z7ZwSj^2VR9WKdhbj#l@ArWCy9W2HH(u?g5}JEjT4M2qI7u?s6-3r6GWXyN<$#R1T-A4zJY!zW1WMaA{OhlcPIZ&Qcy8hPN_#+By__{ue~J`)c+Tp9Lzg4Ffw%6)&c5>n}lFK!EiIbUs?@#O`CpE*

8XduZne*|aSrm1K)A!896lVqa(c05*Q7Ui>@3!$>k8V_gjX|4x$9=4S z38aE$bX$U)5wC?B3^yVwzTCiD@W+AvdD%)}T?*Ek<4^vurW3lzzn8UN7q?QlXadEE zxStSDjad2YsINGG5m9=7w#)a(v^yP!XB(~mT?Ys`mlC`6xvNJ0TLD5iyfxSlj>~!# znZ_CZn&%Z4GvSe56F^d5NOtn6V9<$c;mdbznUCb#LR}eZk;Q+R-N;r;Cy1Jio`KOm zp_~Eb$xETWZxGWqub4G2Pq+Fcm8t&aU2vh|%&_S-?d^IN0;I%)Qbnu&N>xYFm&+&6 z-VmV?wmGo|Nuoo6du?8sD?K%)h>5MoF#)MlNtCa1f*EE~w~?pA-`>{~Q*)$ZcDY|q z_K~ZH1Zo>MWF&@10L~i&%~>Slnne;gKXV5KC|G)lph^vk zv^rWC-s8yhruJG?(p~A@^@)9db2K!6GUepe<~upS{HS=Wyz`DAH(!b zP^ln>!IDgtyK6$`!`VhFnxFX9DrN-le8JS?cTo@0j0)Rb%0u?$i@4ma`)C+RikRcV z{=>|vQ*D6@b*G3(ytOAa^zqSx0|A2QF@z<~pzj99kR{c(6yL-2!1Jz9iy8v>=k{?G z8uf%z%c!;8jnx~lEggjss=Y;o%}gtr$Bt_A;xs;yihZ{+_EpG_`O*{}dn#^x6HrL7 zF({R^1eWKiD5poR#J=DCxq8>XxO2&QBlht~S9tOFq1l^#ARf({fP~Jn>wUl&CYK@F zpS^>0z~t2+B!HAw2**ix*y65j66PG<_d7&uO9me$U_BC@ce2#Gga1Gu6t`nYC;%5* z)$l{408AHvvGIKq{o|1^dZS+=b9hEbKSXr9iQJW7|IniFguW@DLA9=sp>f*zom zu(u1I>Q+fZlMXvflY%Y2zjuyiq4Xe5TcBzZQ@Y--ot-|fYZ#LG1+q_E+^R*I%NsFf z^wAlbeJpyV9*(!BuPbXN{i{9qMR85$SYjd(hFID?G3AYi2o-F%POo_&L{o(}ZvdVv zbKEt7%+$3Fhh5@#*qNsjv4T$#i5HNfA>o*Q2I1cfPv+UIxrf3|lEViU=iFO(@BsS_Z=y9T>HScd3_dH~By{ z>YXMWuL#znyZBfh$fa{S7N%*f3x90U)eAwq*!U>*@R|I|z}{bOV-e^zQN0Jvi;gEj zjRZT7GEZ<>8u&F@PSeUC@Z{*;J~;*U74bUg2UlJ#o(8XKAutjABe&w1fUF2{DQ9`n zU5C>mifXID!aB|ORGiMvC~>J6S-FB8#%A+;l2-W{ah;U)>rgq~%^%%imXV=?8#p#v z1yeODu7&2)66xGzGD+@!d3unR<|n1*x&aXP7`Nf|+3ju=tL~RSIq1ILz}ho<1 zsx-x}X^2JV@BV6!MiNnwN(|BJwJ#BcB=t7+gWNxC7%2*aj>y!;XKM?h<3Qr1;9>(tI9XN18me=A9n^&RcE=ruP zu{3=Nm!;g6c$|Qg+)p=sZUQY!6!sz1(YQ<&0m~7|m;%mEc{(`$&CNikE(o#OJ5DJV zaLgS>v96GEw0@-^Yll0%de_VP6IsYeb|c9}EGdpWjgKPla**L4t-oXY>2h00Lb@B! zkgE~N>}^cMIamQBNyu!WCJE@cP}6);VTA%mHtSUZ(g}hVQ2+HA%W2M`vnF(^PGwZw zc?FOXEnORr@X;}Au)YN!j&rO517rEFI&VN5sCyYC6QdkhjT%KeSW!{0<*qR+i8SJ* zUlRhY?cU|Dn6V$DK+l{Gz8d@+UAi=E>F z7mZ1&4s5=7MoC{zS4mY2)?`*>^^z}-rFhU(DOZb~O(m{+rguhMVCYfP9Dr{D?~zTNu2--EbD%COdW|A@Mw-(v z1J$X3maZ(Oo-y+xy7-1h@`MU%$ptcyLH_cG7#^Ct4p4{m_IS_y${36PUVZ+0t3D6^ zS$zrt-W>pz4D0)6^;x?7uR9sOZ`EhPpVg<3(q9}D{@DI;{rEc9zj2*21 zN^MzZK5t1cd~**umH8_e!9%CSja>{h&O!oMm}s+!&j}@ z;}BG;w=wRg8OFdE22nQjqe}e6#g()Dc!v8)B0(Zg0qQ38#rvCUF3~0jlspI^Hf|j( z0nIx(YC|F2eBMqs?_e`d2$iML!-sA%5J*xr=vlRZl|7D z2xK*Z+Q=0~7N(=j(V9{|5G{Urf8t#RXXOQCaLga}u8r?1ZG9zh7?N{J(2SA&v4rnx+djDs0N@9HB`5s2&g z^TMe0N+X$wn%O7BNa_}*h>k?yvWhZ9`T17wSGW$azdm9Nt+JDnk zY^Lr%zC9&Wtk46W;o1^)3$w+@Mrnpd^ZfMVxMaiD$^X}yf zrALwo@?JtOg-v5?Fyt;f|CBMS=BRXl43iM;5wgOK6a_uB!?00vCT5{acIPGpSb_bDWj zaswf94IyT%846poyZ+RfxGEsWG?N%$ni`Uzt?#D>k}Iq_}z(78(=>^nHKWIJ}(4j+ONfTU}L*CuHc?;G~<(PrXQMu*UIP ztxoAXg$!eE*=uZ{1m-z2;O99K6CR~<+~zpY*HOJcYUa9KI`@BgYC6U+5pdV47`&5>e6_JA1f_(M8LORSCg7IY)gOyrsc{`@@wB zDQPOOxSxShMl^#xDg#j%BgW%94aF$^Uc#!6N_DxO2ehrIR1V>vDMwbhzueSlohmOEBywVK5#fj zL>jNs;!DXl2`|1Z)^3!-=Fkssi{-2fN0mAGM>(JelR<%zc`5k$dC5Y+;jnRxN!>k# zRYsxTJCRvc5sz7WUk!#5%iY%1H1w)gBZLk{;-sF7rePHLvX$NV7<%^E<{^}0Xppr!>NjIImmpJZ|<#3?=vu88sgCIMs-3qzeM3vK+!~fH<}LY12pdr z4w~U}8#zDhM4t|j1lx2j>(wo>FSwi!r^lO2luh>TF_1r)iK8XpFp%My%U`~$dCw4i ztr~)vPwuPEYRWL@(!Sj`eI$l1*kMeZhM8Zkw@o! zr#loB#;OF)yCp1)z1nfojA-N{aZm%q)fn>81VQ=Ao6v@*jitc%P3)kb5uXP|DkC{R|f6!!nY(U{j=Vv|<0)qjv($H<=Ec z5Vaqk0>5>bA>-!Cp3pceNu(4Ai9`%k#%>PCg#QX2n~5mMO<(t?ifC!d3~9a z@3uR09NH=;<4%TR2Og&ONkgfdvCcRS?G9Rge=Y_w)vo)3FiR5^Zg{Mv`^ac6j=bkE zU-fb%;YBrpiW=UGP(`(}%lzfoAVsVUxpf5ADJjDEL_yhieb*v0(VFnG0xh1iqfJoi zOw{9)q++^JmevB^#Rl)EdH=7L?jmUA{8TE=?>f+uuKa5A%Z=IrylSjGa0)s)h7fxp z^jU{n?KsKEyWuIX&UuRl1^tepViLZnUMIZ z>35r*-ScK;I z1&hZ?@Uhg5pg*Q7<;)sg>JxYAUij%xv6VuG+fhzU@(X9PSZ2CS#97r}tD$0vSVPrF zSsU83d><+LsQ7m($1I(D#;}O+t1J@XBEE9CJ3WqFp--WS!Ub(=E7cAWM%)G-^?hp9_f{Gs|3&FP>uV=bjMxVcGKW zGv4!|#^sn_F0P{DXYmD}<3zSDn%Ahu@VZfsZh0)t5(#IBO7&?k*CxNkM!(D^nNqd5 z)f%-C)|csa8#1t`S#B@uPib)yj%~zvR5S!rLBqp4$NO3t^=4!cy9jR3WiH2vGsqQx z_`1KTO&Ve$KPUOC3IzEkC(O&5#s?o=rUNb93XA*5ff?{wwv#!imQ=tKHHB%>M;1q^ zm(K;C*OTrYK%SSLUMw%swoGBAC-?$`rwJe8Sk0wV)m)~p87=Sp&*BFrFb(D)O)v%I zw#pHWHDx36o%t?M6}LyhQGcq=wIyE$HXZk0-G-b^K=9yNK?Di!Y1ay0eSOfoWkl6lgr0EzY9_yE+mMk=3e#8 zYdE<*k)oxiYNFid0Q@k=knmh0zw{X?oJx_e(I{B#ZXTwdsb)$v`YYGd_|KemPFQQX z_xHRp?6U%DXev>aJ7LF-!---dr!n_n9iw8|oQ;VdP!^0-zBYrG_BHkjh@Nq$obp`p zgOMUkC4Cd!ORYpOAPXQymG7wweo;K+g@izHWYx(J{Rg|9G>Q6zf$a9e?Mz zC%J|+8f70hf4)U1XF>hS{G$No|Cc@N$G0xx;GbQDY{6?6;qCB87t#1C@e=R?`w`%U zwAb`~IE798*HR!>&unk%(ftiVvtFho!_4p*2L>C@4pf@B3}8Z+@*`J-qW9 zBbO)E6?W9RAoGPHO^~+LNB1x9aFsQC#oZdzGs5=#MN{%m-v z+`i$*_YjGqDj&{IE-avP{p$IRfai-p6f zBoxpI*eeRB=0=}_uPjt@nH&U6QNfPx(4|-YoJngUDpV#Mv7Kxhx<(W5swYU}e~@|J zr!?Hgi57%`a?4qavRVejr#N9ZfB{IKDS-#=aE$X7H=; z)pi~}IOe*hYDGiSfebUfENEUn74G^rf;zZiyd&2K1?CAfJo2xF{eOJ@Q<$aewl#=G zM22nKwr$(CZAWC-wr$(C?F`#CE9X3C|MjfeRqJBheplmZdV6nu>dJp;fDN$1CII`9 zNg@92VW%P!nxuHZ2F}px`|_`<%Czwn+RJ0eK+Y+(1iA0W^o?MU*i0S7dwOqub~ah% zrKmXuAjEny!Msam(`2dWtP|JA@(Vh>&k&dNtW&q+#-h|@i~AK~rY+{T-tX>|^Ex6y zaU(DTo=374KI_8S?xBlw+PY6Wc`JcBN#ylNs_3Gn#?1W zPH>9)3p-1uKXrbmE8bZ~hIK@3Mb2K{vnjcBsM$85kezMWyg;M9?I63U|7-nrcJ^yH zTzgBMfB+^p7VoItYlYsicakLCzt2e+D|TT?j<5&7a&~d^^TOfacu)^GPOt^LAN%Y{ zpWMH0NFAz5R}@Dxp;3*;s@ndC?q0b+2Qm|P$pY*Tz5~KMwT(Yo>=8b*7ruu!sq1L4 z^ga@dVq|fvmL6VsF0y1MrCp4;mIe*kM^QRhzB=_+ajweFTU}SMm{cTO#GCf`oV8|y zDPRy6E0dl$gLAwS_^&%UGQ6X|N88ertSO%_S_7W;^tU~n?WjDgLml_7-NNGd6r_}z z$>p+IW6 z-K-+Wwe6<)W))(Fr22SZHF{_S{!8|4eP$=?`jeot7I?|{PF1YTmM zJe#k)&^orWMF}+=FQLQ`ibQ>>KMs3nSspUCA#{%`oMI3qnP@v(oqfb zJFD!51RL6ps^5*}#j){Sq9!r0B(aB*a3tEAU$7&s={9LsgQEkO(@*vDy6!jp^JCYs z(AvtfGKPjwfZYhS&Mzt8RMtPR{y~1Gt^bPrf&U_Z{(mCB%HO`I|KB7G+CMF)|J=cK ziTu|^IB6|Y29vQ*`)RF8OPajcMz)LTN*+tD(^nudOyZf~+F$|quV9;G+dzzDvGSXl zanuIuv{pF>yrl>p@*f9Rt8=J!kU#aFY|wUvF8)5MV5=MlYF8D2XGZF1(j9} zJ@le?&#_Q3iQ9~U&>|>%leOkpHx|#PcEZKXR5RFeUBC4!*p6u9iY`(Rr2x0rZ*+2! zV;%bNNXzStIiOa-ix}^;JZ1JX^0o@4$|^W15Mu0Mkd%#NWM^?;A753J85qE6edB(H zUIGBT*!AswJ^%ZMy_ND&DkG)Wr8|z_Vttn}Mpxj$Yo6I6QSZ)Y8U!~a`hmQ1dU-Vq zqQC#%i%8*sjAxJkz?tZqY8i&>V&}ZpDJ9-6fKP_i0>7GOQM)TfLqXd|qij+C6ZEVK z=!JJTrUD9xljOG2T?l0Kz-&BY-C=kic8o@`?EWWy%accLk*&E!XEOATa&53P=Wbmw zLY$bDnU+1Dq~{8_WY>CZ3MiCB1#u7bz2p0CBf zE0%f6AUJe>(@_b4L+M6k#RFsJHYYTQ0|F@P;e( z-Byhgh)SX>k9!(-NG($k-fF zdlJq6o?|oZt?=8WmWxC`Mu*^=eVJuQGSg?`;>AuO_gT}EOyZq(^M&w!j5%#JdEans>B5B_G;YZhK+nInCP|5IKP0-qR) zxXnN7uVVQ3j#9a{*_V4ZrdGxZh(_LzWeieqd{&8j!H zGaXsz_-l}d|Ms#$DI-Z=qqVfC2{mRqRRe}F!!DHSHtfqFEj&$va4jEako|YRgZC`y zZo712QNVfT+TTgN*vbk{yXKTFIl(~?B$Gsj;!zdR3b{5b$ZS7o+%&ASKjw0_MPkhJ zIk+-fb@d=ku1xyZbQrgI$G8O(Y;#bnVD*l%V~k5vxA|D~#3rE!3VhVJ%E7wSttYgi z!epGo$)LtPuJB6ucXx!SdRuJYa~e#m_&pJpueE%l~lteh7#RJl(b z2OJ|V7Ub^A0U_zOJm$x+jmJZ*Q3LfO)XR!t5Xg}yO9vdbc#NsB^adA@aMW<-fJ@)( z_fbI3Zi|-hHIsk}kcdUx^vXIP4#Mj_E%kL|sN!qQ9_?7aha7<(kXrn=TL^pums?Rs zrNg5V)dXlcW<8PQgmSmAIg&y$91fE-yiIR2XcVZx#A4x+A^}%dyYam5{&4r#os@07 zIYJW_fB5sNB%b!3lm=tf%Cuw~EYy%mUw=CDmK4kJdZWmDYv9;QS-RH)JaGO`*b#MNh5 zW&B>r>ozo8mG=J9=9+%j8=}f9fTZXX{dK(Lw`Bghn_=WdiKSG!KbOn^OPyJ}uhQ%l zVi2kYzA?lX?u>s={DeK`wvyP^{Dg_Nmm+!&PFF8r=@Nx@qga{`hRf|LH}~e|D)kS^YLFU`Mc-a z`~RQN|H~ztf8QeZO^HI#o3D(K)>v37JHUaV_}}{C&<|$e_M^uY#H2edy1nL36+4R9 zeS~*Q6aR#C9k3Qj*~q{3mhV#E|J?(Z{s49-BZj0*fRr1)9QnBd%Gm8P zqW;C4f9=?wcfE8Mid!OKHd3Vi2LSwG@t%CkiDA0Lw={CVhell3gS!WHJMZWZb`X<0 zboq_klzzEjdVZ7#!(Xl*+3%#G%vJ|&fuWR8YW6GbF%O7gV$bf!0?0^a`E)`L?;vu1_ zwTLaeuR^MeEP~iSL%1gv)-Y(;N_3a4->T_8@qk;M)-w$sqw$h;h@VQ6GAFy2!rRND4Sf)%3CyW##00o$1EhW}kt;DVW( zB-ZV+1 z>wI0e%vqOaM~qSsdBWGg)%{0ODb4TccbyJkQ}=9g6j4HMW$fPxd0Ad}k{~;@No$2{ zNN%#`C9Eowz0t%}U{mhN7TGiR*`uOi^w&o0OFSc=mT)rz^&FtV=QP+>8W$HHt_jqT zr(C)v4DVd+rr)5uB622$P_%fK1h^YhF<}+NT{$i+fh94Ey-kv^h&gvdIur(3zO5&v zU#l8(fL^L62y3AUAu`PG!x)|*MR{<;;sBjvvo0OmBpO*mhsgayIT*(=emf)7BtLPg zu?xuWrM6q)nn5sZV>0CP=TaKa9o|{_92~x4&sQ}~2O(WckhDPZFgMNEY z=@Ly=Ood%1Y-U2c(;+JQfCW5~9N@-iv@2>45P52tahdPu@Gv`80} z)8vfLBBsB=tLS4>5{#j!@;NEJy>kYaEJQKdc*OP=pwPID{kmkIi69-x6X_i$5)!#6 zm{sOE8&;Si1i|fIpWehKaZ|*2Sy?sklZ4gUUr^1-;=z>k<2d-TOh{x$oAjg6^RY&8 z$}M4l>E#-supb8@5Eur=bu5Hp5hF6X*?`)knMw!H@uAtr@0}A-sU7m0r&+E_vdK|{ z6_CbFTv^5sZwd{ntN3h~P*C)4~zO;MJ{p^K)*p)qrxp*Js{xrqb= zs*a_yfI$NDBkb09Fm0qEs=G-{yVsfKmZY+!@s47Di<2px)nC^>X8_TwjDXw!r^!5&t58|8eN63oWlQa=h}_Mpa3D z+2PPoA5tt_4X>!i+0KUNy6hL)FT?2V(-Axv7fC3E244%aa{zQMKytuOE(E}02=8N@ zl^RGG zAbhzGdAZl(b1;YCsBcn)!z|0=aiRd2VHExKd2+hSwje=MR>Eb*JC(7#z_N*6u!HeyUA!2)Hx=qF*#%;pqzZm!Db&}2U06MMx z{;5XO%KV@?Y3q^+d&W%U$GL~!R)ZO9YXfMb!m!qA{)JVmN19ti{)-Q1vbpJtpZt4) z|KO;Wd6e{u12|o%;8mX@VE>X~oAe+c!3Wq-C7#jm+e|j@zkujqm*+Xxt2E4EJ#Y3~Hy3&IL((`^G$|Jr< ztf#Xls}3O5$_$XPYW;zk{D@Y?2`|hv6L_h~xJf>`!}6{@Pq#yQ8-5w}v#Nhcl+-5|@=-K&PVj<3bk`74Q3o;93dIsrF z#7gsl9QyObs&+HG2WmW_6=j1WMEWmAE9ze`8(kD}&3Vq^a3R15$e*7Gb*DT6kGcd* zZ{5lRb~y4S}7qJ`Dpg z>%dq;cGxW{kwF4yl(e!yB#3gwn!l0u38X}~o0?7=HwxVwsq+rWO*H0=PQVBX>QM)B zU}OD;c|^3w-O%a5N5A1zm<4<}{9iuDN*u%ELJ`{#R&mAxDHBOH#UG^^Qax6FmSm&s zEySIpTF86_BkFvSa!AK_#JrP%KfE_J*VvHB_TjkWtUuzTXlzlND8K?73T1V6rN`OG zy{EahOEY;`quD&%o8#v|nqQu ze{z3y&_=;EEW-C( zT)8D&wN(gxw>%t-mV<3~m6EE4>MBa<$+rB78Big4OzepHeXaXQAv@bb3uG}k18XB> zhPHCp`sypEfaf>vi}e_CQ?6vid*(&;)5zINhvhCyfyy>OG|1XR70_>$vAFmX?Z%5F z77pBSAx~8%t!qLr&70e(8Na=up@Eovp@0U|S05{bhZD*3P&h8@&s*egaxb|B05FHo z>&`BOCk6L&=<^3Pli#SdrM)sFVQVN$N5Y1UHNQEuw1OWGG5iQadLAjLY^I7KMu+<< ztr!!DX^>MB*FS~<`eSnSx7n~cOuGQ}i167wAFD=f-*x>}Jv^8s_S_Psf4Ttk-Fzwl z_nVg2XM*hO8ZPeT1Z)5EDfYdK$)-YE{~IMA!?U<2qwDZhg8(faSwA$j`QRXv<-5(+ z3{^&1z*;;LS<^(zc(knY4U+=W+HuiJI}t=aj`Baq4{G)Qc}eu2MzQaIUBvPKb`hq+ z|F{UVivQyxj{nj9|9lbE`oD5X$iG~Y^PgN|D*Qh#0-yUoxkOU#-u`N<3|+jO_t6l{ z9IX8OoVz$M0ADv6W2F7ve;00kgxIbJL5DHPyv=|?II%pYmmL~`)8DWf>8ju#z$0B9GnA7T+C97C3@K7^#Pynxw{ z=`o?9YQRInQ5XkjqKavzcqR54Xe$1-;%Lz8&gV`LO<&@L{xOE~5q>W2>iS-Ucx7iewTA}MyG_4eYAcZc-He(MwdjU{cuvr`cKQeE6 zNza)_!$NrEXes3WLur~^(X>+=K2Fgj!*1_kATeGocI_FK*Vh9BsRev@S2Zzf1Rw6! z=aYk{^64K^kU0~E!eKBBL2jtgUo(K&^G2VHsA3V}0kgTX;*s(krjRc+Tmqj42dp|4 z+|8|TwRf$>ky6GvdfkEQ;3t0h&c8V!?0834Q?a{6f4JgSSiDnq+$H|@W0W3}_bz8u zGm%WRmO6y+qAf*B3zLA_dsYesj&9}g99bKmJ!2BBvd0c1A$E@(S(~enc+c9QZf>}0 z9N*vR$wzs9m+2QYFqBl@B1be3geB#`U4bBx)Yv1vUCLLSx^ zgcKc7No0j%%>NL2^0cCc5sQVEp!oRd(Vb82Ih^(0`W0JA{KU-z0XQa&)hN-c>GKey)(4!Mbx?BN@h+n*tSDxtb z^^_=7nJHF6avE|&!3gSN??;IQ){QJc|EgBzEK!kA9>eAwho+!5V`Rdrm{_}Gtnqw40|x#8G&cY z)yL#BC=rU$@m2n;8itzDnC2;V4!jqiV_7M(8dZzcDpI_TD<#<^TsFlkUKc9Uc40FA zyz=Y8{_N@rVc;uukK|+t+O0bW#oNb^Aji||XT}c{Uri+zjS3lg6bcFO_lV10R<0t% z11JXwLknrHo$_u(495mv9;=k4@oW-xVTnH60`KmoeuFwDK1&)x_@6#3IW=#8=58hz zOm~74-I((hu2SzcVizOY#3fMGw_Ei&1$3WfD;kTxF=CXq{UAR%U6@n$+ zKrLtlK0!n&qhjI(Mn0|QkVME;q(dL;diet#YPlo{q2DU#XY@d$op~X#VV;sNdqkyz zrtWGze+t6`P__-_SG5}txp;PJJC58NSQ-d0fV&2F1!%ewovU8G8^R^3cxDyuLVkiK zcbe9shG_bt3QsY*hc+aIW2W&yd%}d__Bvo1B{2#p>JyY$7>T(Z8H?Mr66=E~)+2}Z z-I{nI7QRl0Qi(vCT6up_sbtRKH1L;vMML-O;E-zzaP>+E{R*%rWi%{uRFP+ZWA{%j z@k3mnt*~B}a*qfF>?GkTq06SyFfY%|<}=2|SRBd_e~>>s<3EwV6>wAE5W<<}WoSQB|LS-Z?0r8&$;_6l$}01-KFyH3>ft)u zMGNOZcDKD4D)LUkMcs9Iq zC{V(JEU+u>AA9zS*%$7OjJfZ}tN{ex&eQ{vCi;c!4u!j

w@*<5|R1!clltlwPT;D#K zhXm47%9Lz+u75_f`f~TJ^cGxeFw#t!g8!xO%uU=_eib1x_mTiNIsLh3$yhkT*DQF1 zHR~DPXIkB&tN06k@q@H-^4kgs5c)Q6Q#74$``7oyw%Y!PnRS&As&`u-JIOF@B!y8T zqI0_dcR66zWc}VY$mz)61}Zee{>nD$H=3tcBb`OD)c&D<5k=w2VchXCkMyhZ7)HR; zXEj_$*Q=h0=LJLLWe}BrFohL6OtELBkz7B(l-p)H z6huPN_FF?ES_B9CcD$q%1#K`2x$+g+^a{Rx&Ror2ZK?P~%gCbwx|Tl0C32V4@j%FC`G{O%jI<5+6bngib<#hGWdbh_bEosm z*QJZ995&LSQtn&ykmJou}iSkHgvVPE!Q*cZok+Ioi(t)S*mD+@>X)9PBh{a-4bD{k@Sk|Q3Us84VO8`dkgrx6pTfb zeJstd}cYIh{&3 z9M zafNusjw={o!2j{-W8s2L8c0dh=$Ok=5AS=aqbMgW#(NBv5rnZ*(v%C9Fzv$k7A2EL z)KZZ70Td2Gv|wmPaVsje#9G4Bp=KCWUcMg~C9#ffIQcYh+m0wZp^IvZmZ=fsO~L~} ztyH`!Y5po_{b|b2xWh&&gV1G^2_PL8T7}qclALR#*2sB}b{Z_tFggMD$3s*EERoOC z>rD<#$(hQL6j6=GLaXu#I+BPjELRSA3x*4C0b3n@5%;*y4TTaa*EXb<*HNTI_z&@3 z|3|$44~EYAKMcL@|7GZYB>!RPvb_HQEl=mgv9-f@_6>!B?*Py<^>Fy z$g`++W*?5RsV>z7PpRne&KC7~M_GcPOV=J;?O+?ff_Mupj(sVRIy-=mHJ;4FJ~qu0 z*!);+ys0Eq0T*z$m*<@Wd}6x-{#|1s5|6NE2WqH@DN}Lf_iDyve!g;RJLUx}`(Ib9 z>tBnnaG5ScrKwYboOiq|dF|bi9_cL_+(7kVitg?ee9HXq;IUq#=i>#iBPOc1*GL0% zHM<`?Yo4R=IKNtA29_r4J${@X-QAkQpRPh3lab&<_bK0~$$tiD?+59*wwac@VV3)= zZl_rVH?e3eW0>HZG;SXsRpchMU5degp}Dru8>Rzdxn(c@_g?h3aHW#9MteYe^o^je z;mqetJMptA_7YXE@N^1o-7$C)0eL*9WAfTxPkFRqc2i#fL2|l5f@pI`A8E;_K|Mq zOf%4WB=mB}UI#Ju^S}H_5)pp++GnhiETtyqa&7KH9B>{deFN;Z%HnTC_>rocmqJw0YSJJNSM0 zoG649B*Fv-r8?odVy3|D2{mG8Tg}o>? zl{g4LRrGauC+v`vY&0Xh#O3fFhlGfm@DL8td$XIoQ?lJwwM@`KgGzp)LIdQ^`ann73blnXlNmMnr zKDVgcd>U=Ea=en=wAW4|gPCfLKpv9~9?u3CDcZ*fL#f4`FLYk&r5u?OPO``|*)_S!#bM2#Gy!{ zS?PUM3J_t+}uXJ4f_K9gR3 zL-b72d=mKTRp?MVs&7#y6WH>GA{5FSYCedS+u>P3DNOdTay_lrCx1O;?d0r-zw&Z! zcaNOwII@;={rJk$KsHxv1bwnz+!ATZ7ZXZ>ZLCny1I1h9?KkwS%{qGXIt*vJO>rmG zaHm>$GFsYwKPM_*uHtVu%H(^df(Ly)k}=-uh;oQ#4_ymIm3>ESUV{Y=>P?5x;DO}F zecJRDJ)w!lgV+1`ePw;DwTwkHIy&VkT_7e^%U)In(}ngcx>|WQL@De7z1Egxxz8wf zOJ!0$T90rqr}!o52vzE&29-?8=OGK~L%vS~ht~BtiW-a8rH+NE(GeHd1C`Gw3dr%{!Jqd|Rtq*TVEiUkd=0AS zSxeiCHD|Aq%Qp*2pdviNPq&2OTm+Tcf|J{=L>tJO zs|<7U!rX%v(hXyF(-6ThSBz`Sf$gUhH%)u0Eo{K`!$n%NWH$l*))ER!H{KhOKPMy} zL5P7TOd6I|wU$I>Un#_afnQcEk=XtvFeh8`wNQGiN@N$A(*X=UqxdM2kj%7%FP7J) z#n+SzP~?YU-e({9(1s1;gs^<2561I4_y?$hPv#`i(4Ccl>IuxSs3XMdM` zgrRI<1vLa}nMvZ_R()ky?Kh6(NXgJOS;giKFX{Bfp@}%GkNs2CHcPn7U87g#8O0i3 ze)#tlzj(DDXU8Ks%~yPjCI|v*GEpREyBGPF&5Nd^m{fpM_{3Q(iYh=Yg9ovoS+-;`bTRrC zI3cy@aq%53iPR1bQ5g%w^jB$5+vU7l_J~u4V@*hK5fhxj!_efwmbG7Qpz9a7q*y>E z8MU@f-8QFyUpLEkq7(e9YXo{`N@h8n1FYDnN84AiuIOXI3)mLFvG10A-5&>4KJs!1 zV`c|*6M*69Xb~{=zpVM;*fJy>nL)7X|B^tbz`ZuECX#=uZP>wIwmh}Kia~7XBKywU z2dTI&4j%2sPn~BdEG=ZgaqK=bZd$r`PdC{F@E$fz3yJwyQh~dR zQ)ggAh4akbjdPzi;Ho_9MDkaH;-EFx+)4{ z8ZT|H6~D->-H>M9fEzavPbX0}Y>w5nmd&UyX+UH&DiI|Ay+Imk(@7d@HE13B!UY8t z4dNRY=M_6HCL8ujz0W|^%M}-LW}b7%DBJTdek^gXJ_;*jT=~K7U9Rla`QH zMrzCHZM2efSSGDU0@~0%PNJn=sgQDHopg(|WD&29(ea*sWEq&wtiS2y2( z@!))%nFT+&ST-4KVxGgv*pS8#pRnisor}HjLTRRQ%b>NIrC%H*+oy2L$ER6y>-C$7- z8T0LX>S+^Sk6^f@I(lgNq+Chysg(zv4=9mt3Spqf$iZD5M3H772kBKc#sKB zUgEpmwdf^AvDhNg@pzIG4w<=-@dVDsB~KmG;?JNZC^xA%bEPX2S-_b$?2!*=vB$nk zz@Q0t-$LPKIi>M(XI#BUE~5BS0?3YXt%;PX618=d3a9Oj>Q>hTQ69G>z+qGzk~nJN zGu!^=P!l3hdl1|0;v{b8y9`ZHHZ0X$+u#6wRI~yfFi#m4R~Lsq%AaDJVd@p~mc@t2 ztH9G=V8H6;CfK3i!72?P((We#s?&Z`EL{oN2ku|CRX0sFytZ9tf!~wXLju)`8)DbO zp0cb!`qs7M_>`HEp`Yn|98SLzu4JEz{%&;!b)++U=fg?aN-m-C7&K8mKf%ELNKrt! z*|Yrdz19U8H|H>lJUVps}hcBj#u@WGl8!i61Cxpd;K1cSGNvFJ#jE9N! z6=&q?22jb$Bg@(B?@;Q+0YF;(jSqX7qEOUD#F^#^5vk&xd?G?1m83%U%|49 zAM%^HQ`$65wgd(pGNoTm@#L~kfe5)CklVd9-qH=aO76Fb`eRtuv<~x;eMa*Q3H{kT z9eIC7!QTg94TRkCX$;=G^SQPqPS#$o>v|r|;gYxp4RqbA1j|p3d>UBTEF0o7TQpH0 zWPW_ibs%V-JC{5#mX#5+*}dRlMky)c7c}gO#%Ot`#-BCix^xFW&#OYop|N#D;T&r1 zr*)D)HyhhJX9ix&ec|V&4uI&(B)D|d8KNw@%<;`vFnXlJto$Z2WC7>Efrr-XD(>86 zH{ey$@~6|*s#mRUIE~0n4LC(t2tlWH{YI1qG&bWC>D$kxcrzA{kY{1`G7LRMGTiko zSz>z0-zk^{FVKnR5~-YsT`B37UHv(t*aKGk&jBb7qa{Cf*h(dPe zur_TX0^|kuGB&H;y}kll%vK^hzIoIz4dXcoV`SGh39avatNR5Ymh7;@nadEa4;j<- zE4Xqn$(ZtoqFdWTm&p*!k!%%TcuNBPiee!#KzGY|S z+gMo9zu2St3c=$B$HU_`Jbc2F4WHVhc*qLL9wmuqKmjMMKhQMI8!)2(@nG|elIBe_i_YbpL+^r>-Tc16Wd6Q zdJz^X?>qtS#5R-n}!=^atX6am5+% zL>9$#+Z1_MlniHU8 z0Qu|cZz1IFt@cAfJqLdqi?b;ox-dkoLEo)>d9p*=QC{SFsa`R5rf*P*PoQVB(wu(I zR49BIkJ>DXaB~uEG8;&n37G-i+I($Dth{DrD31Uu(g$A$kdNH@fF*c)K=FOG-Oz!kpdE%~u^ZuPoCdJcM^c1msV-pY(2c`;*{VQqv>o|0Vm#->U=v!T;RTgmzqjf5071tc^>c zlDOJjZ3uahDsrslMzgck`X;G=%XEA714Ol#40T;)QRd@!w!K+^xS{uXjwZfCEU&>c z1FeP=BsV-YonY>1h6q-%RaTOUjoPAq9gOLsyB~l|@q4Eq;?`md=F>f^F*9o#)d+-& zcJUD5`ecPV?kGu@7r((^hL+_RCuqn?Q_co5G}F=C7dyo;5gs*`syt8SM!%Z1lZ?wg zrn2vZIERH#g{Ba^xgTQ1McqK*yhb!X?VdAw8fuv`$8<$?P-Bd$ja&8@Yqnnrk^SDq zS2%U9<>0(Rm@n`dFTpXy-PX!7aEHHyvye7t`8PKV~1G>JN*F*DEzD(^L{(`&(2LV-06m8y@vt zE6bm-XBxnSWxj92T~ub^w>pB;ChyrSq=cGsCc(Sioeu=-U|xQHzLC+F2Y;y~=r;^Q zm_Zk(=DuYCJuF%wIW!7WaD|=thrtI^ZiKSw;B62_{3FdYPd`=|MI62HIVmZYNVNd7 ze-t|TUxof(s`70As>;{=XH`DJ`Jbx1;Pro2R2z?L)1O&DNWC-t z@>+;HnB8UlHdgBMttdu>a<_7K&R26r*!k!0d^rEt4g>nX{ENxI`)AbMdJy7-AQ-35ZmF7S$Il z&AyZLVOL)rMUeKbIn^A)OOAi@>L>TO{|L^{gyQ*QmB-p;Q;BBq1`#RE!?mi;^FB9s z{7mmvB_W8o1KwVIUPGUwM(V;DNrP-c>WqLmN8)3wQ07#5k`D9SnE4vOpznqfFq6GP zk^)j}0e*x?K(uE!D?iXN%Llv{Z#*xO=O^iB=pZ;QWG1$JBX_Zg82$RKTVC=~C6ll; zhq#~BwMtXct!be6z-;q594uzI01HmQ1`VNJ^;{>AFf@Xe0h22=s_k#4VX~kbrT{KS zVK$o6orJ1x z&5~tOz?im5LPw=~_<(a!-hKm%*SI7&H+2a(1$5)mz*4NGiA`J=f(0mM22zS+T3F;V zy!f~9OI<(d7CsT-oM@1$t+h~Lq`r(ktpDPOdn~`zMO8h_G04zi3qKWLm$t-rLrlsR|CGsGiTBl`sWnbgt*((!e)iI_{o{Mk$M$LtV{ zB}`+iT>_guW`6;3D=$%3%5(SpA~^PME`vIsral(AWx~=zP?$BsF(~All;TD^{wv$H z#Y)~}*W$crr~Ji(0+o?xS$)~FI0{|+$=J~{XeA$4!7NkJJFDM!a9Atxnga+UCLQ{Ww{OO_q z^M*t#0AfO%K)%5u+^3M)#oIK3kd}yMYxqB^)p56M53&i&zu47Yj~+2K#k-w-#twh4 zeJv0j(jrI1-?-L#&jj2Lm2H;0P@;06 zoj#i|C=;&bm)cv;{wWx*3^b9KKAHE)SFg=LpN<3ftS#j)L9B&%vO;%lae>eYBd^U=Ul4KNI3Q$KG5WNP^mLhh2mx( zA0lsxeDQz;%P?V*o6fvdugbU1Uc`wV+&|SU$`PIX*1&R49*htZs1AB@ukGRmE=LW)9p6_h)UlFb3lkcwPV&w?1P zXWe2!5IY@`9Y!{fM*xunXA1W-9JP^23^Y#zbXpqIA06qVMLPdz65^+5T~(5L%JNo8 zHO(YlQk~RxMo~*{n&&fz^o>yDVDz>^oVU9U2)2)>idR4yF;vv8&;);TGp~9`Lc1$rJ8wjs~k|za?zwD1T z$vDVB@rA1iW)zfAP$KcuoE+Vp?7k7Wjy$07(fojhI*dc$OT7bM?N@7OM|y`ln#GVx zK6w#7AZt=AcSp{D1q?U@cz&RII{I4s&n7(5oet?%kU+}4ez|}k1`kv%t$pYs%y*HM zCO6YyESOR`>|{)(SG)s%Ka*AZ9z-?N;7i1e9z#CjxgFu1sw*Fl&k!=$n-xV*Bsuyr zGJqpQq9zgn(IXWqmMkRbf?&id*RU&>ZVNbWSQ(73x*r*t*<`zjd?WN)RZC8Qw)b8Jec0ALPL>FSAQo(n4hVO(Ml}!t?}f~b)9R+% z&BZqvbnaAdEs|1N>51wg#VMLq^t`-gPT%+Q5Z2+;j>Y!((`Awbw2y()bZ|0N+hVkV?mfO3m#zB%GqJ)kG(c zmbFw2lGP+#28;TML>Mdqkm*0_rPM03S;BmV%)yR!29V?=7i}Wf0qemge2}tBVFG@4 z0|26!nCJe_e$D_yB31lHd8OXf07AXU=*H-lao~DKjzSGY_r$Mi+(8PX2niB&#kO|T zjzGo~<>1+he1eg+@85;|_t5d{;70?}*TyBw6XqKUeP$a<)CKkmS7yco)#dIb9SJkP z!}<8YJ(+2H<6(Npg5Q*b4<14eEoyLBPWBV!BnX{`j395EZ`kQ~0w20-f4gW(rMU_k ziXjh?z8OQ-_p@t3gRbT*_kVc{RaVkpY*L5hdeGU2@n`fOol>%WL1EKha1++QQD2%i z1AVtjM79B_U8rNS-(FZM%#|~@zbqHN&YvE@a(g)UGsfR$B6kA9$jfALIN)*$n|?jSYaidkhSR3xIkUfrDB@x z03)N_#n7Ron=3E@g3qJ^^-k#MiYcV{=80zAl&n=-_Me~uT?mLYc<&NQ1>ucMywJ+Z zt|VW!WD>5&b}Oj2@58Op!vqoiu*@^Q+`Mz?S(~>lTcMc-r9UDbeIn_~55R%XCP(^b z_wITXbTbOUDGTw#-^Cqpmd)0lGUDc{%`qaZJ=j{l;)Q%crcuF$_9(|VW|(^I*}n+5 zIe!;Xj3lCN5MqBmT*0H92~tsJ{i&alXmU+G>DQHCl(|SEc3%=EeD|7bL|Wrt7G+{` zIFgu_vdz92rg1|^=X6>hC?s+GjH~P7p-sK%w%5c^Me1g{^v#v1{zsw1y8KuF!uc<6 zQ2Bp(1Iqome3XCO1~uuwdxL)v4NidpEJHZvm%__(>jf#k{n^&Tf>P{VCOgv)faQFLfb zcap@LEj~fZ*G&-v(lk^PKu55ZY0+cm)jS5=6wWO)Z z$~8trcRM5kw#1x?!^J7Vk)Gq3e4hMUxxCchmU&+ylAEDbP&%jmI0&N<@z^22k%)f< z_(~@~KcK@lju=JS3|EsKh+0_+pd8{U=NHGw1xCcGq2qdCn}7(x@WGK9j%#;OgKRl&{PctsL2wzlRS#9i$v!nsId!4r@N=eMp3%MQmF%)ZPr z6trw#Mcbu&;MnzE=3zE|0qcwnNo$D>ZSeIZ$*`dZ z#H-x!vx>N%@{}S0HMiDdt+s?sQUippje~Dz=u8a;77)*JvdhscI>$tiM7m3}WM~{P zqe17*@!W!lM^2E1Hh`?NB4-Y(OQW?t5ff@f@l@mZ5o}t3})7 z=;9V^b@cqSG;FJR28ViU_%D*uCPI}(4{YNAg-TJiJoG~2R?SJV5dOP~@G6w8+|AVe zjMsw$8x(3XHu#2hi0>o+ht#`3YZkHX@j8IWWpPb8`NdH6Y}<@8evyLM`6IZP_&3#Z z8SQa6hF-5>QSgEW#VL6N9IoBeYD&oCiY|)}aQKD^z?#B2vK#|}$<93vy&dFR2-jSC zQI)g^rG)&PE~+^X4(mE`V0}QJK&i615x0g70!OzR>vjK2v-UOJoU<^Btg)7DpWpDr zIU!$=*P4L!oN2aRwteq3cMejL+Z0i$*Mz>yk?{jJQ8!~IQKS4igI6{j@Vu5?Zez$T zH9zSWKWMHCdv-OO1Ys!*v<%J$!#SZI)6K2T6>AWNH*KoDeWn}WP2XVnO&{#GW+$+F zb{7f|+-h}t$*t&e*yH<$_6-3Ur5~yapWjoN-{dwzm=DEUv~QLxJWT9iq^?(gYRhB@PFL~DKN)}#k8+G zL`bV-jGRF;&#Bw0G(G9W^qr4r4V{NFlTcIhiMrF&pU2=m)9xd;b6N6B+l0coJ~+nvYtUM5 zUngBK4ylaHEs6LtT$Hme+h%SkbiXU~$2s+U2sIdx?KzCB!+0+YpYlrXUGBvc))ZFs zL1L-pBUOyK){JR2_{(-gE=CjkPK+KhT&N3P)uq(kOcZoRM=)qRnstZ+I+Kwlm65vO1z;tT zk*%!yG*|E50x@N|7~keay~j#vOM2f5e$}C1)k!WYAa>V(BZ(7*JR*hJq;F#_D->S^}P9fB+AV96#QVo$Z&L{X2FA$b)Je znD|T#kTiwsshDSrz#aoiy>$1!(Fb6 zpz{?$>VB>Z9ivVJl1xMwIPgJ|$Ug%(d^}?I11x;a6B%UTh>58M!7u3(DpU4TG4m#O z+$&~6G4`!X=i(N$&Mn#1axvFAK)KpB+uBZ}e|5_?8S=IHJvc;4w;fO&&{7`(Z|z!x z_>(p23i;NOc_=Sf&KM}k``~3B3YDA>{If*LRTptrr?8;HDtv*roeqONALE*6r?L)q zPc#A;65;$fxH*2`aYs#!5q;2Tc;46Zp6K(;$@1>+q!ZX0muE-EjIsDFU2FTp%S&kI zwZe3a5)7BvAI3Ys&XJ0PpwV*gq*%b;*@;4kMxStukWJ^Rg6%j%+SlfEglCFb7D^yR zD2p#*^fi48WuR!&1I;j)oN32Vdmp%igb^0cG@`-wwsfxE%H{i=$XU?)=#z%%^I{@$D0LkIzW>F*za3D6`t!A!13dM#cXKY2*m{!yth6W{!s%h z1Yo0~^&^=j1Q#ia+dnPIC^S(+7xWsN+`w~7VhYX0?}p`oaRU#A-OXrYga{!yE?bVM zQ~g9hp+gv9!D$23e5c2}t9}Qo)=%xYy`-%k7zPTe2V^(mZS#(ORgx2{BA&Q@<_3=9 z*~RmlN@6LJ(L@jJLpRw9RWIGW5m+Szyggdi3^RH=HK6?qx@rJ(#g&a$^r zfLdFQ%ItsReH8@~SNTbK#pO+bu4 zIB_cDNT%C6238v9y~5k0DDps=1LWCSWyPr*cd{xR-lBPn&~>?a7D>KnzzKxli7JRd zJAp^&LL|?F@Aa(l+ESTY2O_caLV$a)NQBHMW)0)#A1zERPM;Y{XR`lrJUd=;KvMPC z{IXPJl9!5M`_<1*l~`>EvN@Pbv$Ju2wzs1YIH|?Kt)yoFUeP87IG!5$p`Ki#1V>=l zwK~xD$XqDGD=%B6%uffuG!n1-A+j+HF4!xlcdjf*3dS;lfo(HYG=@fB5HCUGs&ntX81@!t z0T2PsigCD*n}$qpj-V-qPm@@u-df*UqCJh4U^e)~0&118aSj+MTJTK!3>I5*&Fadr z&pQl2L*pVN*HY_3hB;>CB_LuqpOBaOeUoN8JKV3wn@josCzwv)v1k&Fd z`KkXP+Jb@nx7`Hne{~KF{{1bfH2$BrWUuyr-;&&aT!aoqqrEdLpgOoB%Pr_SIj53P zHg1RleOidMJH-qd33F`+SX*sN7>nE&&X!vK^G9|dcwVIi{t9c0?{^2-P|kP6xeD$C zX3J_u8UYCpaQ%n^JyOultB5XUvf!pvLTD#@nt*V7L8W1Z4vN+71u2@jqAH1=c3j(! zqu?Wd5B#J0=?yWS;i(?EJJ_$dZsp zQjAnRFRiXK%82OR@`d9)i93#oxlWSpN%$92o^qj*%bB*e ziXu$lZ1%iI)|&~y^ARRfBTnt0ypw|M61FFoj`k)xaPjUI!eMqh-tVO=0&O+_JQ}-N z_k-u2mISIPXFpzhJYL*14C`TvDiVz=vDz$?H{|{iP2wPu^>7P6lFgI&LDMp1E-M9t zS5U~VnuPs&1w!A;kb1+pRl311X#5R!G7blO35#klp$4%9z&$ZD?q8@`U;~F>1CHsK zz>AePfQVe*90ydeB@_s)tFslJ4ZdAQ2eGdu=OgTFD|1^}Fb)(nndtgxUF~?7+{yC~ zz%X{p2oSTik$&cxa~@KsMN_}Lu9-oqMOmEppGcXcBRw-T|W{$ZhXTIT5LT4J|fAz6aSoszqY_e0_ zxfI5jOaOZ?k7tV!9LcXoLgj%(!>4=AdX6kso6RqKT3@Q&`?TK8s&ktj^a+FLQb|(J z*oq?%5B5xSTJNHLJ&jE@c~7H8WEvVSm!#n5hf$bCNM<*rq7_=Pj&4ow=T0zMVQsZ~ zagMx>H-UHcx%h@AMs{PpDNz8GPMwQFPFiHV6P$m6%gDzizaeKc5;R++CWqu7eiRTC zr07F7Jb_{X`%4qp2|@+mr!mYJh%=7I`pb?cYP`=OfImVHUGqY(XNs6 zU+SU&EEA51Z|}T3td2s%x0#$g36m;x=m>s;GVn#bG(M!o7ja9pcJc(4xEWYZym&NP z;rfP~r!SwZUfA>dgh6J4K0=eo{f3sZ&a1+rS&=qWJnj+x1xwV$>>mZfKotZcJxu{If%S$e z`D}&KcN8?FPC4ngZaHa=v06zi(WR!6i9&C+fxPS{V1smu z9M&61;kSk!PfNgX(kzZ)7K@Worj2`0<0HOYYd;LAd@HZK#_)YxEjG#|6w+x}8?-X2K`oc+LmvLY}VF?a{F7 z8iCkd4SH&jE8XOaD%^;0JU9s0lS;G)BdK;qlf{S8&iZ>Sq+t=!mB(O(V3Ch~29baV ze09?}?MXeeI!`6^$e`0wL~3p47csJi+@}CKq%Voj%BUmiL(d7)Hw7T2K{{Z#HeGrI zThBa${XEBEt=|nq znnhW&*brOyw7QjPZFw&+8^*Xn0*msYQiI~M0f)pL23IE4?HgyJWKBs0=V>hz!z7~u z|DlQ9lfjpK<@KTvJ~dyZy3{zIyDwomDK}{N1p%r`r%;ky!Cr`K1mAG{wJ&U1YkP7j zef>H#t?7K-ot%$2_Q>H`0Hv%uJy|b7q2?V%x{bXxlk%kj3css%lI>w|m9S6j7LGND zT>yzZkl5zgU~Y>P)Eq9Jbh(2J1E-tOa^|;$Fxvs8!osLe-f-66;W;9STahA>=A2lC zpVkLX7{onvj{OitZcOh+3CT?^#94zxVFn(@uh*iL#0OtriQ}{Pq{nm^A>o%FJ@&Ks zDEhOk;S_TH^ud)sX+i12cdxs9ON9Jbc+{_%;6>FyI+cX&b=9LM6Or+CMPZ(s5BZP* z7#fyugzfrfCK^{a)_8D&+GLL*!HSA$mL^uVM?nq1WG4yQ{;&Mos~}p+Sf6Ui zmiF}wqgXOIYJX?q*yrDnl?u>|Uf8XWp=2X%k{?KE5Pk_r1Jabld7oy@4^1S;&mn7Y zc1w|?GSVzpJ?Sf)Yl=^g0_T-~+3UGRVDi-Y?ryy4aT3k<$CZ*y)Gu<~Gt=@Ug^Txu zno==$bIy7+V0^r_pm#|2$vOCGc|97E>t?RQauue1LW*{QD$(GS*; zC1^XgBJqUXl`4JDx)4^^4XB(%O56+lMc+vI;qpXXjM+Ux6LA`t{h0SWf`{VO5M~D1 zu(Tei-XLnGbsa3N9<2a*LYAT-P+y2<&vL1PBeSarc1eX@H_|=$YR7_5`qlAwsUSl*Z3X4lVzJJMZeIiqS|Cr30f)oGuq%B- zY!eVTb4+n5!Vr@FKHTc-1r!J-TS468t~k!a;PYk=@3$)dCXG4Y6cO$8Z*?y`P0}y) zv%P)&&_SNr=8~ZUSJ2O6SItu5F;shi zg^Ne_1M`j{9Cyt4nRy2ayG%HANt6bEe(7kOg;PPt?nd*wg**r1bH4#GjO@2#Xq7gl zw@NgEyvsi+n&?qAAMBVLv<~;ye4SEssHG<>{qr)~(skaUysG8CpQs0tY6uV{TiIeR zaOn{Oi}Cp81gdgCSdZBD%Ba+a?s}E1LJ`eUca7SxRJZgu$mM)6AA4zMFc2>vdPiSV zw_~eVd$M|ygdsfRej+D@F&8?wvfy_C4YqR_8Yl~P^(18LZCcN;3;ahS?lo4h6dqJc z1aNiD?BDs~ypX#|Khj56HP?pMO8+SIkiQE3zi58$e`)^m|J3{~P5)?ql>d{li2PUc z=l+9O1rGAxa-?o z8LQd1x*VD$4o(LQtriw3Hi!-AurAL7Y#cia_EA3PodcPvfxmo_Uf#0#{#1AvX6WUEli`fsEKeHc zcU)q-K36$6QTP&rrQS+DZ;9YY47*Oro(;PdU8Fb*>?6HrtLX+jU!&E*gAMnGIB_DWM<2))Y(Zel&fIj^>=wIKdP7T($9Z*jnamyu$++JnGYSS_v}$W6VdcFnGI1(qDc zL+RPD>w!1%xFDS$Bggy@(}J{i2PFoRd@UrE$Dp8w~r}h%Ps3BMm38k7votPMPf1(I76=nA* zqE1FHN)+jW0PdEk1D&OVPIu+OY&Gdsybr^hLF6PpLhZ(-T>3fl?XTfHj*KGWsQ9D% zBJ0Ol0>cp4C2u0g^KDN(xC!WFu3T*)z05@6`}&_U=ZU62)=ue7-$;a_SOSu4mP7Gb zk|_7bCh2ufFl;AGJC|lkRRBHxSQ2wf96~*u4s>9S?85RJ5z9G=3kFZ^rs>cB9W}&N zY@l3D(SuT5c~@^a?kcaT+y@pvU3gOHwH6ay6<{W!NncIQw3|=5B4Q8m_5Hnwv)&aM z$*Y%ZQyrV3d+>320OvC+Hl&19x98L|6jlyq)5$Tv)7gMD3$2%YOArk1gl&6-2`$u! zx!di4;A+=3?`jsH%El>+963jmqp)2};DUf}z3*MeC2FI)F}R*rOY% z<+F;PffthKnv5$K@i2*U18z~lS>I4mAERjzL@eEG^+ru81umN7UHoy;zY7z#d}Q00 zcySMeeN~dxWW@t|?|@0W1h%SUyj}FYuEgRXaACW6#S#XD$z0$A9BfaKegO423E++L z+L+GkB&UMrlj=m7dI#b0Bm+PwtIX+gU9c2C!B+*c^%1dbzG!j8dO_bfB3Z6v>1yhl zMO5;t;U4t$7y=1v-3D;8G@xo{tRG%!y`w}V-mDEG#dSI)X6c$K+eJ&Q5>Y*m7fWe=X}4Y{(g6pyf(c+LIW{Ovx>Y*2ne=RJ?54yGqlI;$+A@7cV0;EOkl{7T zytw%MDG9DNx;qfQAppKD6Q#iZk%da79w~ZYk*brereti?l;~Ksib$*pd3gT1Fz?f8 zJ>2v*3PW4HTBWzru(AFWBA{c_1V0UgNdhP^yp1W)cCC6+LIRa)<)nU#=`{DyHMTVe4)nGrtuL*=S3p=a)YNo=`6SxEOa)l-7vz*Em`j1#$2JlB48lko2$<2IqT&ZpCaKRrYC%&$)sxWx1( zqTZr4?EKmxY}D1FFX`}tlMD%cH^hgGmv1ryWaW2Cego`%)mP$_C+5u6sn09) z@!ej>%O0llE6fT(B0z=}jQf*pvQ?{9+te78@nToQ9~e2(P(*GrR8JpEC#BMK|B2bw#TM&NWWeR ztTu8i8@uopZ+q7uz@%C=mT!9^%u*3hELzCO_ooOialuLIcl%ME+L?id&XmwzNPA?c zFEfXV(U7-OB&v=VpHsGxFoA*mBi|maV&hmA2q3w!bDQjX{Da6h#S6V;;Hly8pWLfO z!2_6Vu*~JFvvEO)+KoGluD*`De%l|y}Z+?L_k{x0IA>Zm4NQM$g@zxX|Xff0r|&M#0VOFk?X}8fCQFnuiZG!RoK7nz!Zd*Vo8YtIcuFL9Lyh`D?QK1%)CF-UbS$5*EQeu3 z5I4)>Onyd>on^G4?WWWs#q_%jmtY_8JA`@X($0&3O4Q{Ycau^`V92fvonWTV@VH0y zB_ZLD)S>=ZRUs*!Lgeyot`h2|$F!regkrLLFR3(F)lQ3avrGhLVI;$)WEzZ?-~JKe zt|G68IL5DN%#P}_2X0ZcJ5$q`PR{)X1094b8+o-Bf8DQNWjC$|bDKs5Jl;Rqvm^Sn zTGdKlvI{448zf>bFzPDKsQju1xA@L~^s$j-u-7zIs~6c9sem*jBAqj%&?pflKt3;J zv!W>wSY7nHrfsmvPSxRUilJISU$!ecW`5v?T0whtQI{go6IJr%riL&YC6jk4yW>%? zobfzQwou{4Yp{40LLMFapdIx8R z=8NM;y?fuke27`prcF<~c*e?k2^$nP`AB)|0Hw<>0A`eD%ucmf9C-@^&nWPwzC-gi z%ju8p#cLj;$8#*971;GH4?uxCGR7`qBRx)W z%?bN}wMtjx4{>+qvbcI@pjJ^%F42)rWu76|`yIhXDqd;oh>Mypm2A zRRC*)TQxx|<1}1R;80R$(=4HKWbG_;OydL81y#=D7HC1ckK$h2ba<54SV76WKNvdv zgmaF*E*zZN#r$#SjzOfWTQ>2d@=7F<>Jqy~JUVSb$>xj%hmlQ;SS5f`zA=1vBGW#2 zeK)E|UPn<@8cPpv$_vSgn@6*?Oalc7JTP+^te9WvIn3cx#FN44yV`tP+9({Lq37uZ-KrBoF19mS$ot;tM6fs zyBX#pa|1yVymIS|Q8=M_j~+Rw=(h_J;+ud-9cKPg`&5bF#O9$Qpa4PM2?w~d*#2`_ zIHI!oXd|50e5R(K>yn@Flzg*KJ6Yhk+bKYIQ4R8)81L09Z_OQ?xYNJ0x zMw@u?t10*zq;~#hx>gUNwo-~3KgZqyDV0c%$3lX$#%u~yV{@&5v$wN`LQH@G!uP|S z3Q{GYJ0{(PiFoWB52NWR1HmcMUM$ArIPS8LrSy@t0)#dY@gw)nZ8)bx+wDsMM}F@I z|CDNsZof7kkqn--WJ11X&N7{K26r*kvZKN!siVf~D-`dr_pcjSOFBl=yz>qC zp!4`I*apd>8A!Y5PxvtP3PEuJ;fGH7K19rB{KsLVID5)h;V*Q-sg)udG|X|+9~tUr zu;(!JLRS|)Bz?;=Q>Y(3)#>Z2o&0rEG(iuqGbOE-0PUYoy(EI=G{6hCV6yb=DV{hteRM5p&K z)O?RvgF7Ou&clQzHMc;z;C6rS28Oe3*CSS~*WvmMf$#Zy>7&W}h(vG2(%DtcV{sN> zUfw!Am9u=3dhn-3xkXNdiC-Q^ru)wwi3o_CI1SlhJdh~=!gB<7FdG>8j=)XMP5 zMMx`y$8&tXA4L)BID7AzJFFRH!8nnMTQ`T znK`8I+%amzFjR961)Nj{juy6T&_HkG)+DjUy9EPxg898)gfezH93eM~Lk-=?c!7zn zpHzP2^*H<^+C?LHR+PPaNM>NNcokTEn>aKNg=eP6s{^~MiD_yr?B_{*E_X;LC)#mG z%B@MqyW%}5e|{N^U{^h_Qoh9bBgCgO&y*BpOA=|rs~xhp7eeO#g${5k!C_^p8@X8_ zGki57J2+R&QDpa1%J&#+RTEv(ZSlLwhNK|IL#AK4?5^od2*Szx2^eJ#8ZEuFPjh4zdqQzZTGp(+RqB{CT$&7E+v%|WsY=;jX%dm{83bqRA*3h3?RZ)BKsrsa zS(o}eDo`7T-fv-JHP{NU%JB@%9cP$pKw+js#f;JO{(tPsQRn^;$LLwbGDoY zamoljBTGsq^rSo}DAlfzZcu}zCm|c0*%bywIuW<85+6J0p4QvvPskA1 z_K~i`LRn`jdRPqSx^U)nGrzbwJAHK*&{|QDk2$(Ib$hd9ob9C&;|fVcF^W&ORq~+P ztEi;@@4JnMX3JO?yCr;?{>A1TDUpCy9#pY>#{+0pByh5xgj+FsaHdr*kyFV`ht(u= zGB9Ud)+moP2heByHq;sF(i)!d$Zm$6e@of!$rPqZPpYxlYrKf!0A-#JR zpIEgK7;IKbUIhkv_}y_$YAb7)GY5o7qwvb?9zBml{WOjJ16ha%*$-U%VNoa$s2;sc&`l>)#|pP?H?7qy=% z7VrS(bTG0)G_8CVfvQe1<`MoN0OhqWk~EkXQkPT*=(3nF)zI$>VH7c^Xw-G`8R#FX z8}W9Qz#?8T8xD}|7z2LTXOSTNRJBLR=O%?`(oTXsjJ}$S=~ZD7ka+BuctB`htst%2 zZcE>!s{v%WcPU*v`YU}?ao$TD8`pcasG!@RA|F#T2PY}>X`wUA>h#gobzNnbfNMR| zx74bc#~@_`rtkm-gSD-6!PY|Zwy#K*N(v=uQByBGFtW4=OUk*(hK5h?Q*B$ruU^^) zoFalW`yv6a@>sz@K+ZUQFuHQQknwyl4+Fe1uukRRK zQU-T}6AyVOr*ebGNjJk6h;pOC{u}O5L;XTZ*&`yPq<88xa9Nl6L!Pbs^(1bxTyFum@adZ&I9hJ^Z(jEU$Xj` z;lN{DaPmH9F|5&2xiKD%;Z)o3B!f-{IAs};HtV&M!jp;DISw-+b?wcvLG%kIfDtcW zE)5hvzg3kq-{JfD!|6>k|A5HFja%&`@q{aDhrPS1dt4zjlYB=Udf+s=4~4wZ+c99E zDvKsG7x!GipuG9Zfn4{{ z?;-UM@gDw5y#EJ7=l&N%FZ*wXKCS!@L;q_3zue6KG4ywc|CyU1_*ZU5>pvO#wDP|g zIywL$zs-L#bd2JpcIFSp#2PF{b7FZ&R^mBY8mC7vcv1o8Ml8td!A$GQ1bkl1e&hyI zi=N$K4C}h+kRjQoj2tl*XF(?mpjyD`-Z1`u?N7rH{_sLR$4*)k#c zquwQ#s%{n;i-DP}DSLmLR)d2l;brP+plov8cIP_^@)0Y#txEODJytxQet>kk=Z_<6 zbFiqN^ZbcfXCU;y(E{;qaA1tRZ|Su-6|X*f2}-eGtkO2DNq+zXC(yiqDC>(b_e^VXR-*{qk#DMzLQ zMKEMs^sIvtb+;?Tr6{LeM5)YoFiQLuG3;j2@Qec0{4}I;+WZ6_v*as*uz%Q<<*ABu zUQf<(!o2fx3&0Q3?_A0VVT^&ujZx+IeKJ33SffFQUwcrX1TP&uHD`K6 zP5EUzy73Qf5fPb;&yT>(pRww6*s#vy5 zo0?59$Et*KOX7EmwZ3koec46Q=;KO+3-$M$Ze+hdi@h(Vv{tw z#dZnlZ&n`R#mZ{FR;+o*+-kCfS^JnivX`$zZenNb!$wtP?HxhK2k&))DYK4E`OyQv zl^fed$8AQ&9N#C5p)UP+ze@>C__*!#SWRgr*j3Oc*w`LPCo{)W`u7{Lnt=?_6IRnI zHG(&dNouzOrTh>p={{g_bEbsz)JB`|X|o?MK!MVNP$klS`eYHj6J4riauF*jDpMSM za#5Tp@Hel-5NO$@sr_v+C^2GXv95e01d6S1w^6hP`Ptoj2wS zT4Px8yJM~D`a?q>Vbb%J)al+l@hOwMkKbj_xr$MQUV($)^{4{~m^fmW)9Is!5|%1l zX!hQqQGTTkMO*SPdosIRQk%&$cBK~$!%-`2B}E_XZ?x9(`bBLOa$o@KvxAdK4`Tnf zD}`}*XIxT#_qh9zRq6y3Yys~9_gE*BOfZNAz4ox(4a1Qrbz;CwpvuG2k6O&lf%Q3y zgSm12Il>H3`uT@N1Uq-D%22MfcT zlV!u9W(3=F5L#cMd2<@!K?FETvjw!#6~h*w8|#yOXitOQHXIT)dg2I06W?6kbm;Ka zHri7!I)+^CEFs5cO!F6J%Fg9cPNVW5!KX4Z5KnY` zk1%pjzAo7Ltq2-xMr^MDekQl&(eYQ@57WfN(MazlVrj}Z(SkZ%zL}EssOY6=7+S3b z?Ht=sf#wvI^SkH73zsO<)D?&1sc`EgBQhP>nhMrpg%bX!X@%AlOrHIpABbcuVBT9~ zw8~~^7AkWXV;Ad_f0BBEC|j?RGyr(ju(FU#f?r+P7&?C6oF>+F*Hp1x?o6N6impi|X* z_tk^M4)-enEAkOPXqI|R1apvRel(C=89RD4(`zrPrv+7={zM- zP1;`XZf-t_oQU>ag>K&s?;Tx5^f2=-0u8#tIHf{0^v8WBa3}+Z4E2nma`-Hw{lWS< z0u+(POCA0(s7s7`Dmh(ZZ?^HuIR#Cfv5e}bXE%#EyPV@EGQ$Bk#M`?|%t`q;+Zn}i z#Vk@onc&k?Azz9pe^_DS6lRO3GuaBax8+P*`8J8f<2ss1KoE!*ZsM3O?%fEAf1yYp zI#>ZR253`&=b=7Hm`LwNr4P%_?{2+MH14;R3kI>VJ_TjFfg(h=gWch$5)f;iKYR}V zW&OgC)ZKWq^#mV#Ql=}StWJ~d_2FF{ofAlekoSWDY`rC|er3BKWf6O5w6VjRCy zho2%agulY}H23>LXmiF#eqexJ*J74`ONqEO5fN=2UsQ17YSS{KETPU+F)@yXn1aZC-dMLliTF}3TP1FoZC*w1ytkL&a zziIq;BDivWssoZEeBSWxZ_VNli_o3}8B`FTI@wvh56-cGU(FIZ3Nlp8-%Trl(H;`C z)C!}bDVk}FJzGpeS!wT7)grgdmHYC5KBy=CU=UXsvyI*} zx6ThvtahK3`gbWV#ZtXNslnA88n$F0$Uz)0V`%*lCow_@x+uX6L%7SzEN<9;Pv{Pn zRn%!MTw0Y8vs?CP<+YDW{VczS<-_OGGBW9;$FtW{z~D3~77A?@=CI;(AHa+(d3Zp0 zcc+yrXypup6GBMWn|6K!McN>%LM)yubfao;HFy(LeC(Y>XBofNZtUZWH? zwMQ4dSA+w!BGZpwO+Cf0fkzu4QjJtauhPScq;hOJIG3*{e4B};uJ~r9>H02aE&KFF zBE=N*M(nEMV2?E#{@rjtnTw?ymD+ZuD40gW)HBz{Dm8rU@_ICWot4#7mWe;73>dHU zK!I!!atNiMp_@b-T4HF2fdtj2<&8aR*a|J^E5GRbz?k6f6Xlx9EI$%uJCfIZ2*%OTM^i z>q^R_Bm{{VhrQk0BoQN!3>uX$f0V=^qmqzNPxdaFeG#D+4!dWL`m?yctY`=tq&Dc2 zRLPpS*{4mD1qLO{o+^p;KGraP!@QSaCg&ppY@J>*YNwH1x3|l3iR3;4vx_sBLPqnQ zhV+|{@Y#dWBC0rSRL#9$Zc0rYE%MF@Fc!1KI%qIm6ZZ0$cA0b$i-E4Cck=Rsw^hWa z)Bf@Z8(l@#qN%B@Sp>N@XRVpEK?=_&<+eRdAFxwI)EcrzUUV2!BHXA}d4tz%n^G;P z2>68G9zXJ$@kO`29Pe!Z#pMg{hd9UL)kCsx$#|Ju9eHs-i_HR39M+rk?a>!FCaTeT z(X>d@M`6t=_{z!i`{M=XtOYW7zW`w6|UJ2es zpVG(LGlKQL^Un6kvQklf=0lV~iLQ_enw$zXc{vUInZZ#Xq)mlvp|hh1KOM=kgvdtE z9qNSL>np+sYZ-`lo}GubQMg7H>G5DxUR0P$hE5v!J)#)&Ozl{sX}kwy++jHW(5jr0 zXywgAqtr@acjN-MAk;~vWmN#bBbnVrocV?fN9mP%5_93TU{lz~z*D;Cp9NG;cD0`K z8FFWGhC)A8Ux92qLaA(NFe`BQ@RB*Yo&a`KcEG6s2)`QMVqyE7?`#ty;_tSdsvZ>H z41k!18$tz-q)LW1_6}bEB(at}$!iGB?w4z@>rOfAj6rteWB2~~fSi3`P#uBEe}IO2 zCei(9;scmMLyf6@=Cf$Ry!yS-uCzDLhP3qE4?zo^)C`x>313lNzu|2XzX04>rH{Zx zjsW9y9+Q`DZ7!Vj#Cz!6qGF9OHL zqKRK63^a8FouDE#*X{gv?aKrrJ#|~40gCxU2(A`0;D^G6YY_J7w5;5!b)K0lR%u%K z_Ty#c42|DbkuKV)9f_tE9tl7eBAN$CfDt<|%e~ZwB&5{9uDeq?8d=kF$ThPeDpV;( z@B&8j!D-10>pIha#{Pg~O2NRqFuUL3DK{9@oNU9LnO~R;OzUCgPV%MRTGZ!N^m%+j z2`pTMVDTI1 zz`sK<2U;X1$MMWwoQwMj*=_@@QVpp5bH9~lT6O&cdOB#y7s=$iYZBU8V^t~14nhKnSjv=k--pnJ z!ymyPSJW;uUa!Y?FV9v$0Pv4e<;4o$XTr!dvK|J7v}H83gpQxlicd;wq_=gD#&%Kcryk%2|2H1MK3g-pXuZ^v zZ&0sQ4oyY^xlKotK``?_IU1tdLqowZwV&gNyqU`I0>%+a&Sg&mK>9s_mNJUOS%#5> z<=$U7(zL%7#Ntj##F?7L#HAM~K`&kDEEQDKvuwxx-~Y_hi)KeU2u9F!f_@#Cq9&>* zalv2VXP|ww&I9v&vCLK1z+Mptgv5f{N{)|dut$SfO6WDtV5Y5{02_WwOTL_518t+A zHQlDqMVR8z0(Th#8B!^eRs@D7yh$ z_^rR=Aq~BC+ff)LVyW1pn4=auXiz5tIkZ6gxYMR2pGvN+?}g@piiZS!^bEs{a`|#7 zq}*)hUa_AXZ>cS8iGCEnHG=)96``kB)7=K@A|2{kmgyu|5I4}Fhqv*2sv$9yk0 zG@%VN|Gx8yesT=nj@(zu@CDCBkhp$THV>*1zZ;&bA0&fVS;(%@0g40e)*!pf*OitL z6AfPzNxR>j_QY%4F8^bgAG&u@iCA|}MKyV>zT#WfW4K@!+2eOXvxj@ zTBQb3{JrEOW6llp7CaiPa1W)->_96J3nOaNK7VNUESjc6Ttp|?L%`OFvsDl@bY5rbH977DCOtVoW zpXNjn?)D+R`sUlq0{jx2E@2VB3^4c>$|@QYcB1s;Pm>kfK+qUDfN|}=0P}-rdeqA+ zd$z0>DN$2_ox8BNH8(kn7vC7?eSD6BEvdbL2aYN=FsN`)mkhOB3A+bWD*g4|<|8-4 zYq*NlO^QnR{Nda5+Z_<`#QN18s|ekDb9w=L2c}Q%d4ykulfv)|kaM$m zkqG~GO$ND}smg5%aMphOdja3PEdL8fXNwVOPWXp-8kXITM-%eX(b5JP zb(2e*VMi=Ty7J9Webg2rS9?5{ zQ|{&3{WUg@YY{TG4Q<15B{?Uhq)$qMkyAKQ!82T(Mi^x7?pusF+F?UG0W4F*l~7gt5k zcCcn1Q%m1o%o}UQz zFrxC*1~!*4hUY2{crh|J@}OdWNHTGNP6#fpt-qw)72bg-hm+WYgxoHBue*wSNESS*Ri-D}5LDyiMG1L>7F33bv;}2eth?M184<(1sl=bfZ_`AYpQvK5a)O=v@SM z40Oc$9JiC@7Ac~a3$3(J<{swPZ_22dNJDuu6?rYk7w3XuS_KPn8GhlHE)&Y7C_TXi_HE(17k|=9tx_AMhlN5 z22*);;}XXB0ye0K7W;Wyn4+|#2qb|G2Yl+LBWN$4oi}{Js-a)94Q;MOLfMk>wy|0N zoeAXx#5w2Y{L(Stzmlr#S7VHwCiBctH?iz1WXqx1SeXLHcVAq)`TFaXKr2QhR}aTY zk1&DP>5vop#lxYWZf}XI;=u$_eK8aixsLqi*cp|oSNcizQqmyWv`mDbHpFT?T3|dX z(0-O!-BI2WRk(@Q(d1R97vAz8hfev|q5lsm&+{)TU;5uv{_yc1D*p%Lzp1<=6bJw( z0>HmM|Nl)K1nNYRe>}ff?SFdy!^eMnemM32^!yQ#Q7>@9qX?2DZR*}<#iqZj>L(bo+AyF2*_P~N5}+MW!GqjC3U=$BTEeI`wjKgw7g>< z!d7y_|1r_lls`En4P!=Ps^co!3adCQK6JaBZDI417^0n=%)9S-fqfK>qDJKQfS+6& zOFR}9wAI9Gq11I}x(6Q8<|BaxMN>gQh45w%N>Qn5I){Yb3-#^^QxKi?u1nl)@=~HOcav*;Xse|ZtXuLK;Q%TfA2>R$iEM}( z<}G`=k=f$`3!$Bd{1{>?>@~kp`(htdmtiT_fGAg}&=!+Vp&(|x8^jTUi$c2QX>R=v z@Od2{sa#XD3+(e>Y$kk5)tVt6-~_q}21}4E<(aDVEnvF^QIL;{^stF7--1!c7-F zGxPm%{@Bvuhy2A#4VnW1aJBn3B8hl;6-Za%iY!+YH3gpVJD1f1cXsu{S)`&R+cp`8 z-QumDp{bRH4rFU{?KOe=_m6`EJqP5#++xX|e0F>R3{nL{&ZOz*sa%5i%~&eJO!<_QVIU4 zS`Rd|Pu=^hddUmLSFu|vtBw6x^&!Z%4q~TY?{0M7LCgf?Y2W0#>pb}b@w+4nF0KT( zG0O-oe`k($17i46E!4>KsUE>nN_T}cL$gI@8Uc^D*A8b{hTN7iz3lAC7rM3%gAb3a z)4dV3UuCk>`)b3+AzL!TEqFWgdoTCI;r`1YWV2wv!2Q!c(4qrT;BPseL~}4Wc5hK2 zUCPq<12Y498<9}__Sm7qT=+nGt2W0Fj4OKtC6wp20=KsfNq~|`I1bGAfgwllN?g>M z){Y#r0MBo(nX&qv@wvhB23hi5Iq*WOv?XE}y5ueLBVsnSiIAFKc@WBJOR-0fn26Nc zFZ{Y#46BT=7G(#SxxPGjT9_iK6Ez6+G2`;Oq`tD2%?c61#W)IhsBsEGIKgcD7x2iL zL`_2}rQl>exJ!#N0p$ow0Q z@hio(2Nqp2R_dtc|CL|e!FxH*T?`F8Noi$435ibp+DE^xuOte}&$r+Q@LHDukJ7mB z@`=X3t})%t`6=ZY1hR{J$q!J90)N*f7Z4lVRpCOux1;NRtE4;Hwre}_4k<7OFh?MB z>o4HNBqD|tZ&l2QH?{F6DkH)!rSGzn+G2iq^@w8Ha+Mbqw}24OYd%0b))} zOq8#Rap5ddaRxjo@YAlw)bXBe5&6lH&vK7>OsF)5HXhV-qZ_12)(cB%%fzY_apMyI;G&|aXd9( z{iuQwGf4WOK30Y>vNS7wO)BYV=NmufP20hLzv-Va&Bz+ah= zT;aCfkIl?OUTIh1n}!F5*_y5ypd53AUwz*Ud&Ol4rDn&lKWGm0SLHHe4zZfXev6bs zQ89sm>@4&d=T2W4-HXd52gx>-!-xX!xPJ{C2N0x0bGgau{HS6x%M;_*O@1STU#=ZN z858*yH)W+>WJG6mi>pez0_autOn#TodJkkV9`PwAm-oDJVEg(p>;M}hvWEnU0GLfb z2g#uSJlxVO`c;LI*6HTM@937FWE2*)D1;$Fd`)IBZtHlWX zR7fp8w0WO1FhZM}b~iMT=13;@THG$hb_m>UlZmF!3%#ipPfR59o4O+LQX>@igmjdX zjDZu7$zDr2r?wbyDbcL+3EBE_JG&c%>?S!tv60+wXVewY*?0*=cRVO2uYSi#oAy<2 z&;{Y-&CGpa0rs>C_>JoeXEL|{!8b9}Wz^bWKRkCQRfZZXp|#xv_*EX2QQtoyB!bQO z=ezDxmL~ZR8b#Rl@ci}dv2Y)T2x)3P)0g;#Y+G&Vu%+;F+k0-a**8E1smw^~MLfES zioOR?J`!2mII|i~rCeuo#S<&(HQ04~{X2yROib2EMf$Y(KFbt1GISo?BWuMFHMb7F zI{jw9+oW-0jW*jE+*x-SB~w7N<+(!Bn{c-XHn>?|-lqrw&AKxmCp0#P2&dvs#j`oG zygSSpFwj&EH*HY>iBLVKR^!zmpKNgi)2~N3?2;%8j2_~ivsW0*_fN!&2WQv7Vbb6yA)R+)!UWnlr#?k&DTVeFNy% z*ZJRy4Hkx)xTL(t*)2oeN{srL(<2viIwG zgpL5kB!_exi9c1t>L?TD>=Px`3lm=$0hwoh*VyTHqrVu*q0$lDs1CqRt31mixo1{b zziFyh-zU^pYWD}5a%(TkBj)kiEI5y%v174|z#*JCatohXmySA!EHDz}k!f>tuQ=x0 zPt?2R`9^UWFF8H8r!-(fReFBaO5`G=EcOANzIUE(6@E5NQ2qrr1hXZEEp!9nHhEX< zYWlX*Z-U@BuR!b-59QQ{zbT6C;E0z(OaS_MdS)9u**9jtykPf-6G!FL%(dTqOsYY| z7uV&@QV!kict@%zk%c)C2{(Xcfs)eA=_k%@ytQ{ZpX`7+IY9a1O6~^`#S6FVU9V=< ztMYTzvt-38`^;_XaZn|a+FT+-llw!O_DaTNcZ@IQ*I0(+=%qSek70kF@52k&y%B{^ zK^c;0X8~-^z|4fXoB`!>wC|6Kgg>PNVF-8M%Lc2!k_iT>iBd)^C*ta31WWJNeTtU1 zFv^bCBo1&{nEmHk(Z0>b%d}8G-5V4(ue2I(6Om&KV#B8J2FO!Wyns!CmCp;kuwVx67%g|sdl3kEy>ATi6DsFe z`LFt;Fg+x)g2gOwX4qqrXR0C`aIuawzqA2dXruoI~SPACV^qh+P_ zPd=G{%PCHRq5)eUy);S)Bc3hG>8!oOBUj+_Z+zTYuZSjq7rjny(axGO{z{7u>t*G{ zesZ5k+_eVyV!8A9;j3~zeswVIXuJT)zbT9iqA~;;-Z$*o+R~AhpM~woG8c3q)vi_! zC5H=3>H|d49-PE8QeCDK=-|R7@opiV`7ICIa5~O!Xa0&tj*5+&1|I0A;4OtufT90} zt2~qU(08Yo`y<({%D=x+>zvMN2)~1Sqn5pSOnj~>tzM~rtt(#0Ee;U^w3nR!g-h(B z6t}#o9xX8!@zsmx9n*c;aQOuCKAB*~mCx#F>B?Xo=914uX**@Eyq)}>i@ zdD16LN)V4z`9N!6TGAtFt5kTVF(deXDvdrZ2;k~o^Kb^)G=nGI8G#?tS_VHV75N)u z(tFt9zJ^77Vf|3A)!iB=G*lFe5qK4)&AGTSktD<0!g0E``HE{zfBiZ$41Ts=*PzS) z%(>%vF*cVd_U7hI|NFF`{?|G%jf1kS9dml!Ma5Ba`wxrt5uX^SOeOm{JYZ8Vw5Yt@ z)A%>bbvWng9zddZZ3jFtOu&0e3EtcQt86o!Tt?Df!&1q(k$=``rH(4<fo4HM>d1 z2z#j#9-Gi(WeaGZaL43uFk67Pz;0y1B0IUvTMQa!WS{ck0L+`TTsvGsdTU5B%dWbS zcQiP>_Fa?+#3a(`4!7HO_MF3Is8grVq!GNH&2tyV-6`RII{G6wtna?MIcAPHfFLo- zg6KeVkMn?u*%zjjiIySlQ#W$Tyx>4kNh<(3NJ#!Je#xP+Gt2)U2`OavU5PtCs^s0&+*6+!*heRu;69PCmP!vvkj_$rvmh9Zus&nTm_ z_w;%I*^^#>rB;SxCaKIP@_JM?`THDxBd$H;jf>6?kYW*$()%#xLbUZ!>2Wt-^D`Kl z#mBNYE+_@)VX#GLIk%mb+vSwWX^1%lKO2pWE&5?dcwY(04}2qjalXUQX`&Ng({>4Q za*FVR-Z@7e*!Tr7cJ3)iZNiX(D@XekYS(RS*7ly{Kn#kMMdmcJ$&knf6Ca#qyI{!I zmAqF?>xf8~!XV0h#c|{PD7%A;6ivwZC3B(Pk{UACZ!2`FErP%z)wr<=A6H~dW|*J% zt66Bxyv;-Y@e{R)&F0~5+D<=PTgB4EPI8??Cn?s*houoDI*Ra#bevupb=w&S7M(V+ zOcx842*w2uMD)^QRZ09*2L-|Pn4IaT&B}ZsVfC z*&q9DJUrhgi(-yHmD+o&qc+D0EtuP$_A11(K!&{cBy;c7wPSmyMOOR}Yk4b*62KMhJh0r~L+mGz-w;q@4iqwOYKQx`$d{e{`+^=tW`UC~^B# z^)_teOme8N?3aFDnzGnty2>8kLsH zOVGEXcKOfK0`yG9Ap0tF!|`sH-!_|992bSF!qn zpRR&JZ$A}89#4fky|btnH0qEQWiAJ(h#fyAkXqEPR#bn?jqR)qn5JSp0|?x4WN(*E zj-nfg5v3)6Zs^Q1?s@XoBWdj<4@KM%#5+6l%vdb}cWt^OIE*|ihra2~4>_Qyjo5J^DQsc9HwfDMH z6YS}m4KJoEaUq^?X&g_;rx1$q7W73}{icTNHQzn_0?h-(py7y$Vc9iF2qE(=Tu^y_ ze~yuT7pZ3PlXJ>=vmzwZSjTj%hQmBu)_3=n2Yx?yMkOs36o0joih_9yA#Q0$LOT#? zGTy22&D>1DFx0zZkXpsdjMqyM1_+>^Bv3z14)7e`(X}h9fiXJ+o*o$dN44Y*eGb4L zQ6bz*n4Cy??BCA#D&=4~A^^>{*jSf7rr^|sw@Kgf5CD+gD&nbBU@)Fx4LIUh(Lc&! zw%lhb7Aj~LU&)7JISU=pXaZK@E~M--haD`-9WkD2pDu zCC$B!G4*l|LJSz-Wvu66?Z>Evrp;~eNK8peyOCW;9-Q{r#(-B_*VTb%6u*hR)#5lS}6hVUg9BF}$ zn_{4W=!O&Gh%;Okg#X~y;;07AnTe4V_uO)Np8l!6MNf%a18paqh_3n49(ea`X+%3m0aySB1^ zXYS3}xy{=B!J0v4NT2_iw{xoFz~Y4Fosa#b(Uwa8_`GT)rYEH>$d7IUBnK`~e@eO39wO z%=8VXCKj}Jt@#!b<}(dqwY1*kFSqmR#^mt4Ec)CF)A5X_{!weOs){%-E(A7ukJPEp zBsbL%KNLp(?$YEtWV`X=oAY+vw68~LF{S0pXccjlUf-@bn>&sX+x-GW`Qb=IQre3j zNyfqRBjr-DvZ)7Sa~rPjP-CSAeO5zsj#$f0XpaEG6GQ@C00t^^g#;Do*2OnbOPkdT zggkH42zXMzB)4zDw(oiU`&VsRc7SJkz%co*0A$)I43R4Z_lWyL!T`q&n7mX~<{~JC z4+IVq5(UX$wqhZo4@RF)VL;5a;J-n34gsLIP=FB=;)$2Fg3*5+wGi*@SbgIpp+W&5 zh@RrMYwuJZi;&QzpEl-rCG1lh7k6;s;dcsK0{H>;=|bh3v}u!fYLn`2HB1>Y1fT+5V8Y-*>1zRIoGe>G3p7FC+|bw!p(GxgB)gD!aWT&M+gcvM79i9o zj<&tf0meKNHQ=`YmK#IiUEw09w|!_K7@I--y(|A=)qNk@mf8}CjTHfzD(|%>TxvZ* z75+%RecWD(b9{1B+*_&2wD3p4Y%+CE_YOB!+#Nth)*!axdJq;HbA5e_r z0@SdqAwghF_^LP0dV9;%{BXqRoKRcQHrmdRFzz=Q9GiWAqZpRlH!hEd{VxTkH2W@8 zyRpCl-+(l%fIkJFw&aX@IfU4Mx3F8Y$pF}f;d1-$o6-Y&4Z3R40zX1Da_%^7`JA%J z%tD#k(8yZrflU6-PD%OG}#{N2rK&rzHkq_Kn`YuTm&9?Q85AUC53 zHkmf{wf6>hYX6}-UPbmz)JWv|T5=BatWG=I{I1+Gmrc!7j(}62>yf2kj2o=lz|_<_Ujg~=`(X~cQr0o1DfE{X415fVqAE^z3s`zZtbE0T+@ygd$!6?inXf^@ zcI&=S*R{fBx?Og<0O*dkUO+}y2uD`tW4{$Eg$6^nsm0_~+P2D9S(S|)^=<9-^_NY# ziLu6*?pVDuhs%)mf`7dYl^D`!x1r=0`7$wsM~a`jiAHh6{?!92s=@rmLIH z@rnV%mSvs8qZ!`WDTL0z!bvQ}xY>Llm8g^n58h5JwTNyu>q95A`YC9WSkntrf%1FUMB0fcl~k zOwF|q&I2_8Fk%QFcB^O{wGkfb9JtfGXj=eUL3|s^al7ZgQGnM}ZplL$0D1c4LXNZ8BQQlon^F4NEITaQ8Mi;sNInr;Fpy zqnOPK&C6g`q2MAfM9OknG3J~M^+i=RvPgjgOSPouK2^+r4|Q%Y6d7z5=zA3>#CPKl z>xUo~{1F;7(eFt#Ph(`7g)%WF8ID%7Jfc;k4;>WDsj6rpsBA0%YF@xtO z_05?U2C;J@wn{_$op^}_+Selq7sJr|Em_ClQcbD+ft3{@9cJjepuS{AY|WScF;fs+ zYurzbvwTq#wtl9V;Fu}wCvyovl$#JSbef>G%1y%pL11{+8-X#Q_ zgsp*w{73j8vj61EH&iexF~90h;1iP(RzKj%7HC=;ZtrCcV*1)@Tm`*3gFKG!T|@tR z-6xLMx!Rbld_!fiYfBAFS-zbmoXFXayZYf5Pa~3VmR1~kIMefpax}E7$HLON*u&l^ zqXXZh*6AeVyv@49#*@jki&Pb!a$ZU6PkJgJnLMOJ;b|Ln77@GX>ywDAmbFN}+z8`K z)~KlavNlMLTd2ae6%uf;`$JG-Zni$LrMKguuuSNZ?P7Qy$gEu#3p zwupHE?!Q~a@x;RaZ4s#dzFp?)|37C5<-cah`+v-mzu)%nS#o&%pR;79nL5pRbDbhG z<<^v5to8y}4lc;X36!6kLc0Tc8lWhhv~?G`1M&0c3WXy}IOPV7A^wSA%S^B7hBZKi zL^*!n)eIIp?CtSj%IL+CkGY2w#Ab1mX7fZPuv44Wu=GB}?8uCjWl4wj^re}sI<=uG z+IlS??pz4cnv80s6KE6w0+2c6LRb=T*p{m_5A{_;7#t zjHeZ3yv&Cej?SexftZMObdCJ8cxdQZwO;Bu?B)bDT}0+HEc(Ye-n(N0*KcolT!aS}h2g zultad*@Z#K0Z_WB7`Nlmpx=nTuhvEOvFea#lCOUdZ8Pr?#^{(;9<7-K2DS~f$p=6` zuIK5!5e?%R#7{B|4xbF(UJ3f?Y@J!oZ)*kCH9i1Ktj)pSQ#AeIsO;;Cw6(HIc<|>f zMK1Pgujfr{R~C73p%|O(>BhOC&)uyaXuZ*24Z7UiHy?WgF>imIf`46(J$?MJa%>#`*4^* zRAY8kY%LC}x*re&lvWmf3G+s;^!|ws3*U&lahXBW8>^uq7))f6bn7&Avvu1BgYS4D z!#}?2A%r-f6;m-M{q=zLLb!CkPINvZ*i*ystFg(BT;t-b)`4M^-F65Tpnpt;9a=(EdtL32;=-Ll3nXMElE*Jmlh{oL7iZ>v%@Smso4~v| zHjJm2E{xjv!ylX63&&m;i`K^L0uIOaIbdI*3FFa&)j$*zX;5SBOSR>^F-h%$E0XB8 zAbOuPXW;enlJ)cl`D@1mlsxDN|!AV7*-``{BXi2)ek=m2B z0?JW$2cu*LRa==`_Bzs0_9eN>H@-UhnfVuq?WOvkP#5u)1nKFp=6PB=aiIvAMn?21Vp8D{Gj8_dE-O(ZVFUi>JAp zu|{x=h2vzL@nw_Reu7WNWTD=JbVl{kdN5NXVwimDIr6El)BHM*BgM_S98+xMsrrMpZ2wJ<W182Ci_qLz+~2>MoN1ZK4h?&OLI-w{AAiW-=>gPjyKRc0O+(g z(9y&#(yu!1H=d+A`EjF#- ziGKRogzFN}_cndNeXCPk_!$vl#+mI&w-IGOGf{q;@x(A z_v7e|Q)OERp%6+4_ zAUEM)4T{s3Y=YWv0OPOURf&<<@9L}(CWtb_+T|i=rXPO;AlPqLhI)Ei8@cQ+msfRU z@8FH=NeJYljjOL9`vWTHFD2A}O!>-@Ona;v^h86I{J+h`Y${ zLG2M=MO8b&qkeSf`^?Yp229^WNWfFCWjpcuITr(GPsf1!5#f@`6x1Aw71r3a+MdDW3M; zbo^+VTyT(SPY}kqK&$eqF)G$yN6yZ1!1X zL(m@bp91MwfbI~O)~|4DzKUlgp)ab9m0w69EQ^kvpbP?(q#BvA<3e2QNctdwx$#<- zczD6%+AOSF{jkcblu?Lq$8EB&7(o1fW4Z4&dB1P?^-wD<7u;z~Xz9>1L^Zg~kP3s%u6Bj(^l_P!$yhpBF)yE(d?i0! zd$o}P2pXyG*}0;~DgE5|T{KkTlb1r)k4oo7p@}MKceWkJei#lq1t_Pz=LKa-(>u1*gJ|^2@r}tj#fd!K&ap=jZR^%$+qT_>F59+k+g-M8+qP}H%eHOZ+Bvny$h7$Q$ zUJ0BLEj|MYv@D@K7mMLlGC2+NuXcIbo&%{ay|kZ4zAoiv0Grg; zlKbzb(KPiYYL@VnbT@c&&9!d&+uoQQnHg;I2h%{Ua!<&;tp&aypK6bRaA7+jzN^e5 z8keU%+(++pdXcO$H;1ri4mM`8mx`wlZ)|`a?$o##;u$pghZrmZK^RQrj+tkDHtGi z4!Audh6?3YNL-sxRSY_}r1HTAAB9-Q9YeR?+d{UxvrezTg4sJWDfeu~qxY zs0|S_&ifwZbNOa>tf1NG8E4MY)nv3;$q$XF7#6+f9N~Wd;=__Dl}3!7zk-dQoj`Ng zhYw@)46dciubR3LMYM;$-VBUvDD@o7I6{xUYFAY=HmRj;{>lh3$MGg@He-`D8$req ze7rI}mc{aXSDp)@glp*Hm9&2TFF=hqf(yl}#!i_=B-JE6s=lD^xqth-cE7huBXzfC ze-r>c9MAU9ADHUHUvxqj@ZXGHMB%z%D1p3PmSV}-f~v(2bU$+7j~=sX{@QNS`;vjn z$T6TM)dQdT>n9O?{n<3;Vivn|`J$Xc+&Q?oxd*Jkw`_g5I;UTK6`|3A{hGNo?t{}m zR{!>WGz8l9m2R5f5?OY=&+(`4R-@Po#)d_!f#kqq-Vb5W}Cb?k#tF8iHgF83vn zuTc@xB(N-kjnd`XZ;wmYWekea0;#U9M?hy@!_Hy%_r8W4NDQ4p_COyu@QY`iNLDJw zN$diuK`QKO8(Q=V8V1on$Z)FkX&%mM-yQm#t#GjTcRTXBg&cOjb1+UR0YV3U;z=Hf zCq(a@01|)gaQNJ0(^6`U{4#yPsABn}fnX!y3e9_0Ir8mcKor7z4TsrB5`xp49z-m* z>`mrXuY5SX@BcK>wXPmtdi=-SgUam*m2!7k?PU#kVWuqwz8AdqBT*~^M|M#(8!}jn zF`wj=@15tdn-bdFqyiAPO6M+`rsPM!Nn$jr!lYVJ1UrJzDCJnuW^@ZhyUisaQP&aYBJ9WOdK^%B zE;LKj#HDZ

2T9;ZfS+C*rg{oAc0>nr>zH>*kKYqEdY%)h(#Z{my`o=ZT-fpc3+f z1UFqu#t5l!lg&yAG@)N%@i-)A9Gf1yu7J!XTFGo{$H9b0+H4+fZ4ZP5-xzA(4JFl0 zSnXsZIW7`1ss30?<)KMq&GQw5u9z<~4K+l>Oex&tsyAr*jmY?TyeZ#LmExRN;%f8= zZ#A8gJ)f1HR-LLgw0KWlvPgyLr zy!f5DL~*!E6brNEgapC11Y^%c%|k_ML|z>30{yL+t!?Si_h1-eTDEF{Y8)^bw=LsC zGag>=L3y(@+$w!bd>N15DW0xf8rkKah6Xi-%7|M=xK=X0N3-#((QQbk%R`Ma8T&H} z{4JK&9A28a;R3<$yDw+I(;Rw%4iT#p-w~~93J+(L%1T`_l<7F*1KUKVEFtC#M;Mds zDjyhYcreDOrY(Zy%CgAOYaj_T=ezl?*=>4i%|_2zaE$JNhc?bHo(9qls|3s#V#pM< z)IszO&`_$>VXwq(GyKRMgVG-qXp5EnChEbYxt7`!=$4s;itRu=+BlMugcZ``4I9?r zcRLOtnK7;&*JdFcAlNmOW%JmoiHD@4HF z2--yp$?oL!@SSI1zsqZQQU3ERu>r5D zIzk%ET?fT@#f!oIDSX_;14t%=y}(?^0qu?Vb;?nqH1@JW2CXI=*A-}r#K2M~=lV5y zY*l}n=lnXB8zh6H$!l$^QJYoMxS=pQ-bU9N8H>4Y#MGo7)P}?n?7&WqA1^e&y{D() z$GN@0TVw#Av`&;W3+D((vKL2YYrJfB?%T;kswv#od-C8zop4#!ob5FHxiIs*)w5yg z(8te4TAFv*Smx}B-{6SQ4V;O!%}yER{nQ?iD;NW$zm2kcS4|{jF{vYF znZ37eFi;4B1&>psq97?}9w^6i@^eLO^}))JNZrt|e_9D=f`^T09A(m-VwZ&t ze16O1B!6^dau4C&`P9RvO70)DBM9yb6j2<_u=gEn^qUHfRersjU`(-y!9rA6!v2>7 zCQW&2z*Scb(by(R$r?XUty|eIwwR*@pLfdF1i7s59) z^3!8WrRV)QueO*ET($F%PjE)U_UW@UJ+|%_Y0VKj=aZ>Q&GWlq`IEPZY=wodGZ3<4 zidKO@yyTHIHp2i(SEY4PU@a*Q9))}6!E!cZwoR#o1R3$3DqzN#Ee%cDlhwnx zXP6QB7)EiGA;W1O>v0p$171XHYrkzLzyuR@k!~3Ns89X~HP^D38q`nrsK(5n8s_P&O8Q24THRec(XL-78Dah`>H z_D3A}uLK6N@En|p)fle+I{KxTIQG9=s%Cr{>;*yr?IglAYhE{{R2xlhSnm#YMjE<} zQC5|GktR*sWHxmEI#8FLM+A-8HX3r9^Kn?AN6V`VkyCDg(;bS4_%352P@VOo0Cy~q z2L2JWeZjFM4q(hjJP6CuqJ|K{%uy|9R68lHI+>*ad0^AZgMge{jx!*dlH7ea;E{t(nk}xg70q8tTOS4@m*c{GU{w z?_Vlk_}^3>ZQ~zpPb2*Qr}F4ORKD|{7m2g}C!3-Bm(3LaC!0ar_?ON6xS`R^{U@8* z%Wi23Sj71Hs!QBQ#~jr~+y>a6YOlfD%nt+lz@VY;Rk+=S<)}HlQ2=(oIE z0KkD=XQc)V#PAzisncLR;!Q@q3&JmtdU{hF3Hrt|QC_UX=rZBP&Tf~gymJg6XR*=D zte^5m2fTFwH|`63{N+ZyUjK>-Bz>n2EQ68~#KTDQ?lkc}i_D4pPvL1SpxbgqVs zOkp4?DE@Sdjj&>&v0Cvv%NM4rn-{_pn4N7Z<_+`K#*IoS12UixzJc$XjJC=lyjr*g zj;xlHf4kV}=!7Cd`3Utjv(evO7M1Jf^9RG&#Y*CZ%Q&VU^bE z{_wn42~?|vU;^E(2Ue}%|38fayQ>Ez_*W8OwL<3v~Xs_=j zVX9wGde#--WzY3V?8@ax`cl;3_i7Ab9bSTFckBk%h^&8<;ppnh>?M;W8%`m#!uBM` zYBS7(nyNp*oJm7|DBhBsgQefdvl9U9P2DjI zT?1BzS>~vHkmYt2fYnLu)+5t?arDajjO=mKSFu$ENyf#lzOIJX~qS=oEKl2DT29&0?_bD1xi$WNnx2d(UHG1)LXj;$c<^J zPCV_J?DEx82WFKf_XwbW-S7e5ix7>FS>5%p%;H@n(Z2$So(!oXx1*Q=L;tZpiB`8) z#lQNvC;gogLDZpFhVmc8z}m2w+!Wv?`ku+Zp(Lv7Q60pQ!y(r9)0XK^Ynw%HFlAVI zQ~1UJUvw5iR{=|Sjl+xqyh|Py!Y zzrezTRAiSb(XZ_;@$L>9c55lyG?6b56us=3g(^~M=>F}~19GqD~MUGYFs zlg{1(l4=`L;8ii%zi>tjTl~m%r)*I$5*bbOQtewbxMxUm9zM6lVJfvHa0hmr(rq_=;mwWc7W=p3;%xZh18Y=xnVi)@9&IKwr#;odcC102 z21$z{ox48{w<`k!t0=c{{c1eq#x4Z7bmGH*F=W4a12M!B9G=0RyprIq8D!|i znzKJ2lkV#Rvb^e!+O5PDj&pE0mFLP6zT8j7W0L4ch!kuq2)%~khv)`Gz@k(^tY|H~ zKMAHNixvl}MZy@I8f}-4!$AqZpne~oE+kV`V>B5(-?6U-;8L$-{4S@2jz1A;w4nS#5q_;WxOFPSDf8Ytt;0nkvqKK0M9$x}y9` z`&W1q>8iw!w&8h@E^atODAR$4zO!}oc2w!Mt)V7iipx?H*_1U2n9^DL>xp&(1TmHG z>pPbp3Ap}?3r3IokyS`u{Tm*Nkrw?rCh9Au-E#2?nS9lJj5Ya;de0}X>RA&TT;{fn z!Vff~Hw8X^#>92Zq>@5{Sw2aD2D4ti8@YQmzs)z;S}&xlWZ&4~#X!eNZytNAsFrQj zFmI8i#FD{t(`uN)sF6AfdcY76XkCs*?l5{|yOxPox`sK7@in|5M$utmVu0GpK-|F%xaZaLx z4L@0DBT5tG@FsjQLcc#T_h$m4#uUjsYrWNj6f*L;DN2iPyYGQWqYofAR2kbDL@O9= zsC4_oAL6ZOG8(D)b*96S!Bf>hvHpM@z?=)u2TQJ@u7e=J`95NP(L@Px#%{kl{xEd! z0WxcPdhAc8GG0zF4}k-J4X@QF=GUkg@b!82HgmDQy(Er8Qf4!tkhO?fu9L*$%gEaW zZ8WHL4jhftko2T1SEW=o{e#C$LN&i9#wTsv7R{(5*czlA-&^JxB!n zRVJF;n4(Q#&h32A5(vPpThCw&QDR_8%}{gUK+^<;h^mZxLg!|(K_3oT5ZZS^KFBIw zf<=#krA+w@0(-&sjjAWQ(SsZO`Jy=*wK#cCjR7jCxEI$mD8xL0@utN_MIpvoFv3)1 zxMG9KS^nWoc543n){v@JLP7QW;$Of>>y^IKtObZPyxSSt@2zL{FR%2#`_VogK;&o* zu)o;cP7%}i7Pf`C6v!CZ+^pf1R3K2*!f{UOD4_$GZl9V0#s&$6_=k*vVz|y-d2`=* z!8T$ZF$FqEG9cJj85wUFelFEgW+Q;hn(f&SrC?lLZfw9}fPJrKSWZDqT9m@Gir74r zy-rSkPR|}vh1zh26Pa7`sUtL@EMI${IlG;;PP%M{ZcpPjp3S&ya+;^mDF*!Eb@?WL zB}L>Q_``cVEu|jky2OsX*$cbUa4D>sgRsGwz2eQI0&qw=ec*&*Z{Vs+2M5hV&^vgL zehr3x&8%5vKA+!jgKC)cso`@oG4y#K~T#RG$M-cq^}Z zIK1J*)R<1K-S~>*?(2lNyr%?8Oa8^W}QEIJY03^+e z+;P8on4tIbui0Ed^Tk6M%%al>1#@8+OrX=Q#+bAB9us?X$(fBiQB)OSW@2_cBfXo9 zwQhRXcn}@;lIL)dk$HKWp55~2B2WMN^;inZ)DhxztWsA`vE9fc$@A&_dMQt-mK^wcz?3~-n4|90*_FTZ$i*K zy(?~u0g}45xFtDNx;^wZZlB&kxadc1$13lBQ6EEK+&L)XMY3G7WO84Mhr5L?6KZ$A zos&JGa-<*E#hl2U+<`dJy(#<_6l{5B7XL_}L!ZBR1_516eUXKb zj+}3hB-Sx!{``2&#EHYL#hkFUzbh2UBH7LqT6c(a4hyrt`ZH5m6i)bt)S)tc(1#R6 zTyi)A-S2fA;^x64+}a`*YeG6&m~U!5-seiScsQQL1|rpbILQ*<&~R%zNp*Ls5CB!| z001)%^@Z*&vWqJ^+K=&b``HIW%Iw2CMdXsxP3N zPusu6fN(_uy=#pSgt}Mm$B!0MWj*%|Y8-H2Bu^Xe`zGYN21jWjw7CA)0ee7Hf+Ic> z=eryo0p`d(15Ip#oYF1DoTvW=p2N`24h?bpRpfl4GC6bIG=&>-(-i{o{O@6`X@A9^ z0B?X2RgJJ>8{m~tHjgHQySg>n?-otTF=g2)XA9X&I*&^+(^q2@e`WRs}4 z1N;pGc=&7w>1c@$bgnks`ecp?M^v-#VoEZMUCm4tr_tH+wMK@{kuF`=lw5@{CzW2^ zCS1p%o#(L0s+4bX5sfm`(z`gQy4K;szY_`t#lTA^iJ|dh)Y2@awFmW#oBe?I4N5>% zHf0*6k-u8n?72!RahQ}xr;SY`v3CO$44D7; zZvebM?#0L{WNsK4cVMO7?&`^0v~rW$HSTHK)~~ixdqCuP6)0uU90N{UlFfqkk{SIi zSm|fR$;vJ*!}>Ey*9?SDG9%(uTJv6b`s?N6Htk-xH+3~EL_BqT<3bW&w<+N7)OLAM z1$amKQ$BbTUHnM&(y-z0N_x#hXRRKpDKeH>)(duZrmcqMR8{r68VlPc9-L^V5J>X+ z=}#5TKs6;`yyrno8XCV=IG%F4!W)+{zO_Xi1eCRTt$P^K1KUAfUhe78pc0%yP?`?^ zqADfdmFs6MtH>Of%M0gtd7gkTNt?0GsEC9?P%H)pohR)6M^wG3!xg=1J+;Keza#mH zLW6PHm_onmeO^*c@jcHhjhd7r!`L#4Cse`7-s;VD(m5}iYB4P_X(PFrIw;f4yiU&U zjpyN;cpA5uaC&BJ_yaJ$r#~k`#Z5I=yFxN*)sADvtNfq5a9CQF_27i$%({AXo_jMe zVfDVfLzpSBwRK=R@M>nA;G%R&(9-u^nW;v!P-ar;y#666tUn~>e<&vT|79};|IKE| z7yn^11^>xr2LE}{GW&nBnP301nS%dhGvtf^r<=j;`cF2aLM9JQ#W6=S&R=-njR@ag zhCdJzRvNm#2kLOT;-NOCMk}_rW~jg~&!5yab?CCkZhcWg8BUgKM^ zS3I@0Y3&rmOKVdKQi!7=ag|#X`$uYyPe9L%d9}ZskVj2k5Q9#wQs1$_;PC`RMN43M zxHO;2)ugvRMteOIvT_?s^E{Ypd}DVf8ksZpcboOlb5|TW-hj&?yQ&y3ptMtwZ5w zK@9Pq+Gm!Q5|rTZPlXNcx0`1amB&-yx@SKpn5Jp3pBy&GPhQFDK(|kn;VGWEsgEhW zEf3j+Jcup~^8P6%j}YMA1^aW9*h|l>_uJtaR!m0$07Ei^8p`X=MV<48^#RMDimh9l zd-})j8{8L~_YM0<5_0`Oijcn@nWLPfeH+$0b0S0xwLV<5qKY5fB~b)G?)gQigrdvV zD?}BMpc7w$(FHA!TOmuc5~0jn#3MC1vwwMc_Tt+s-Tb*{tL^7$bSLCT+ka-8fo04* zC{pMRt4IAXdyJ&Zekgj{#PL=9c*b*ysMruiamy{{+gl0Pv*nE=uBbDvtSzvI!E5GZJ$4fN^6F?S3tWs;5>bUSBbIe#sN%*DVkNYQ~A6U zKL+t_MWLyQs2{JAUn1jI}ew>?pWQUt3p!dAa)h3&}f8S|f;;qN~aL>~ofbouUer2SgMt10sX% z^S3{t*b~^l7I2(SWfq;gfH+u55BW^mYfKq0RAc81mT6*Kf-aEmT*hy@sBH`$9Vq<~ zIGu^RA0tF(jq@-CM!)%1YHUa-UXq^k6b?UUjv*?#<3$bOBB!9YN?9U%jQaB{w_*-5^q-=8YbVPV;tJRi#QQfA$24wxR z_uRTwhO0P^v&`T*g|!Uz(@a@lfsTM7kwPCc`$bPqM`zF@VW4pwi`D!_b|TAsAG{fi z5$_bvuWwpdGIjg*(iwj>IjZ{P6{jdpM@FfJ52Cczdx@_G6$0Q(=hQA?8b(9X`-Tx zuPU7Q-y#TkjzY0+5~8nC;LCQKrl==Y1nOV-O(MMN=?XI&e@FbSh2qA73qdL;Q+=71 z1Tia&Kw1{06r}Ys0vY$G|?pxif=A&|HBvrv!LAE5|*N_ZmOzTvV$PknoI641brvN(aOix25}0Kyf9){EG99Z{8-RLzBCFB%A$ zNj`%~aF6TDGx;pGW@m%#>SxASJe9hht~a6BnDYNf^S+ezq7KzGEIs1a2PJ6_%ggl` zu@=4dA!TSP;eKu@onVHlFB6%TBgG--gQw0DeCIDc5`2&t3Zt?)hITUtXA3Fen{Xg| z#uY@&FO-M9ZNC5EpvEl6I$t0aHMFvZXDd7qK|QIaN7dQ256>)M78f~M4mN2CO6l`0 z*Dk2K(QM;lp#=5mz=lbQX2=Pg-&JC)>I{wLe|K4k>Kf`S{$#!%*5CL1`E5$Vebw74HZeb9tA-)7EvBAZL_yE2+#vxs zeU_+Sh$Cb>6qyJNX&JG2S6L&x`;E31Ntec;siq-24?09i5Y4-Gz29F<|PsoLIdOXWKMd9cFS(j(~8T9)lF}}_cg(pN+dfwkkww;f?+XhnjqSjI_xw4s9{u)f6iNy z@YxjMmZXifFbj5kLVc`N?2yTY@s`dUNtsBiKuyzqnxTldW-F;kF_(7TC#fZDy#?ff z9bVNK2H!)K2Gu~K1^AV*$-jM8FyL3J5T-+ToJ&xk=(;~ItSfqZVd^gMV2TDR94lCI zLdvw;N$!qI%jA+H{#7qr+8Y}7zTe~)sIpGz4N2Tk=%Rvp-zuqLIs6Re=kVp8|Hl5z z{_kg{x#@Gizo*5F0A{WNp&p7vIlQsF&xv`AOmR2^Gh>)j?9-spPTQ6aJxleMh*Rgk zzPO%55@(0e-5FLL^?>>~$-AjMQEqrVxc46bPy(7uWxc-s`l zyk-5eL9Eu}^(V4;hVNP!$TgcI7hQ6os76msdSu{H?r6I2mJTUx}iyd6; z!BEQSqL%?nso3VD1i(YxGl5r0Vp6wQPt5a~1NU_&xDIf-Q@OD-y0XiTutJN7Qpba& z-YsYnniI<+dYHFZU)A*qpH~41D12c3N*|bB*qi7klR^SJ=(athgPjJbewGjC(UVVe(o@KX?1Y1*M(Tu?2QrTz z&GWK*yRvLFqTPQpz)OT0HBIIuv4UC3+vZt?dp=~B6(@pvh=)-4e+FMvU+wZi)v3z` zlZb^z_={BV5k+Z2Ev{A#-fhX9Vuk+!M z6o6v`n{O0fM#gp~%LqkS0sw%}v0y;6PmDUptlv+m@j>1RvUVqMp$^#06H6ULRAO~w z_*#{?hupeqF#66E$}Ji5ZAi7~xu&7Un$Y)dX#Fgi?4B53q}ittne;uQ4^WIywn|wd z)YarV6(8iFhy4tlA2swP2F5q>0etw53X7ACVFb<*rGfBk@4j&V6tGL-n=%B;u7XL0k z5l9t5s>J_{pko--3&8Hez)9s%>;+dpj7i-@tTi*vQ6CQX%(i0D3Pc0v>?)vGd(wV zgv@cmQ;^Bt<4c^!@{5*ypAZ(LWCX5V$l6!Vd$$yA!I=?1{bKyblMtE)>2u8gbAXSd zw?bt*&2|xYR$F!?v_V~)&Mo6Muj6{drAa)DSu)%oUF4cEX#+HwXIj`TdmUM-aUj(* zz#4xQ8Y0*%>t+H#1l6axEA=CI$9<9@#L;?!PO)c>mX~c9K|}{uO#ps{;1T#m*}ijrghjE1i;R%?!?d>( z4}pi*Mq{D~-j;qa3LMXVS=!7CeWkS8vZY~GHoc05 zl%61_u@1H-gcT91KR;)_Fri=O3%!0=W{E6$3libXma8R&BC!G7AHl^zh#;@&(^_-U zyD5(uNr;6lslngBTnn{mWx*r?HKiuT^F3$4Id;2RE-;s6airk3H^<)N#o zoINLS-j}ELxxejIQdv;sode=T^ntB1cbRlfG6rmmp&N;n$a6-p=cT7;oT*mDL7U?C z!l5Ccu)jLhq}exSfR$puBO=LL=z#r}$@ONT0uT%7K=1;U8SX$>!<`8fF8{gox~m!!?J z$uheN96Z(#1aGN3{_jYTAhwCr?P!m9unkTz`@ms!`7?peE^m=}#Rz7`sUpCzgH7Ld zrDYmp1l`kt8>~7C;LViyKP1Kbhot-uHY4yao5}xgHp4dg51WZc{}0{FzidW1_kUiq zGXHzcdh?%bhHdiy*v#3V|70^r1SZyfyzHm=Sl!kG4x&Pd$10C|n_S#8Nd`3&7Qdz|GfcjAD@aTV>^e6{+e)URel&+V;WAiyUn-e*1 z;`HK@M?J9+Pq{s*^|2D7E;@$t7ss4@{;Hwnq&I9~!=ebgfK6wCOq@wz26e_&AKqMf z?^;;H(8Y7L+QCcsB~CBHo`3k51yx^wM9p_3si-uL|4KNGK@)jHJGvky$v0)V?ESF+ zP6+RF)jw303;1H)pTt*Xx|~3m-p|LkCXCNzzU}O!SKl;0_FSD4LS{vTKQq=}2GU2i z-r58uKZ>m*-3ngyV2-3^J|uO0eGj=%+O`8UEe=%RS^(1HdsfjO2eQv0lF1@3<%~x$WM`0m@bkJdLJe_#px8vy1;IkP3)GY(fzS zdQYv_o4g2X+DM5O_rB%4S>jrsUF+WE*C2%}v_773`0bmZB;&l8wVZoD14%Ln4aB#v z@7O~{wwA|V$p|!4T?*~f-y@ELXwdvAD@@f$HkA$4X<-DqiZucGhCFDN0fT4c7D1FP zKVnKOLX8Jg-nL3oIs?I5Ar1sGSzztRSf2M;EA$at{v^y!^LWYeGKGcDLI5ItxeWtJ zR_!N~T>@xyIgzk9xO(2tDpqMneBM&srUoF>x&Vj0(L@Q<;zwTQ5W%gKkVsulmGaTC z91SVb??j2E6i7c?`rWKY$xg2JF+eY9QdSRjv2(%p9t;N2YWOTYR(TdRqX4kufc%6mp~bf z>V;Iiauj00vzRmCj3xWvZbO1S!2B$7g_1{SXw2K4e?y@ z%>kQ0!&J^|UiboWeUY8)L7I1!cbw(5N*Ul;%uP0p(5v=}GSw>8co8@{LKmSBKg;YC z+-oHcG|^XDKhF!fV_1X7{3D)x&Lw|Lgum)}LKO0K!&*u2{u)|{;>;8GbBK%g#gSZ- z1zl2d03jLt2`yU1cp>I!`2g>0?GV+`j4=gHuTDQ?Wdfap&0t`7=dnXw*AkAT=?E$g325`Y?)^D# z+1rk+t4wq(0fjFZ(FM~qa=Q7nWAt{eFSmlkl+}_6e}>z&1&q2F7(0b+*$Phq-iMtq z?FAxxrNcZII0}j7ot1}jX1{mN6Pgq`qEIG{eUp+jmQ=3?pPAF_Gt&v(3=08SVJ)WS zpS>b8MATM|Q`#-{bk3XAp{a;Q>?C9{(zkbb`nT71CrSCuLY4@InTKN!*S4cv7LQuE z;4@w@bOsR;OAuBEVYG!s_=VzmST$t!k83b?=ixgC^@N?G!X%kj8hy+6*zxW~W&%k# z?>lhOum*xu3%LlKDgWsuI{&-!v;156um7|1^Emxq<*(oR|CN8}pKI1iA7h0>&&^@5 zO{U9)Iqz|rU&4tyNnrUxmwHnagmg+a?OX5876Hs}Z|pErG^iTgdhHW|)SvFN<-`r& z{$dy#!%pmawjF>yR)Uk~Pv#*~O0`#uXCmh*ki~{X%8WSJM1D>khdOVNGj~nrhJIs3 z6hys<5d7(CPCcM0?Jeknu7@0kXF1L$Zadus;JR$O>wvm7>X@~Jmt?(umIIeCY_zHm zQdmUNe-{n#e$Is%P?Hp3FDAEoLU6lD`yuckc3Qv`}*q9B0bZ zqOPZK8TBd6F9(aBBRAGA`ER|8Q4gtd?880{-uykP(jSMjU}2ElAwQy5)k#n@KIL2? zTBEA8j=JQv+y~HHgA~ctTY_voG$q|cHuhaDx$@+$NXrlzN54T&7c0i!Fb(?u=Sd?`0PD zvRNhe8yBBg{)DR|VeVyxM>v88yeI3LWIhsC@w8Ji7X4jq^fvHKgkrzHLoR!@^qS&IRawDCfMyM;e7Uf6eol$xq<6ebEIW?!3YDtgP% z(o8+Vd}5jTPB@yj?zG1P8Q^ZdffaQ4R#nf{v)C2tSs{U;iiEt=O=?k>;SAhi{SwUZ z62(y19e`t-j=LnmOu%h`apSK~ug7&cffEq_XTUXXjYg8gZ0z2{2rAx4lx$h;;<*dM z=g(gI=s~70rpM@fV`nMrK^8_t+sI=ULSBlPd22aIjhw0&=laZVU1&O4p}sKPN7x-Q zilntP-F?>?_oF$U=zo$nm-48piPth^eXHU$o-iLid=m`G2trb4dsBJxHKby zx6xD#Ld!yqxkVeMet0;=oL&~aEnE8+40 zkrmjoLlGtz9|V<%i6<6~MD1@9p_)Ht{VeQ8iWV>mpN|kFibeLx)}PW0R)~)Y(i1By zER>BWHYJ$;(|9PQZ&K`BV`yIMK5iZs(VLJmz7`Ycks3m1NI*5fmGu4M?(Ub6gN35d zdkRHjlKf?|e?qy>+_Uz5#9t=G!ArmK(}V>x@|hz55<{R@A>9`6vr4H6C^>yL zE>?yzo6b?*wk#ZXbO1}CC!ij`uU0UwGgDgGua7YOMxUVMundbk(s;#~J{U8x?}!vg zDGt~_!~v=ewm(0y8U3Rj#1@+PXmkwu*`unS`1jvyj;yH9+JWuxwZL-v5U0q-MADM# zCMeK!O^frsrL_4nFRf3EGRBP^55>wCdSFRK6ca8`j0n_aJ#Q#j01PZve(ecH8%_yR zf2m=P;PS=3;!>qUHc+25Ve4s{b!0%?q?=z-Y(IOoL<)`GAPs}XZPA;_7^L503AYGA zfj>I~1Vhgas{h`L%^u`&yf4YlI5p@F^f9XrMh`JmK5nFK{)-}mdnsk_BiUl5%)Z1y ztsTkpqBFeL0_lNq`k;<|TJa}jm2E{G_r`y`&Vr~`naAD!WTcuJn(49N?w%!t6yJrm zVcinOt|h{y>s`2CZ!M@i>b-V}unx*jZP1pN%2dNoOET)pGdg^@1-KOQ8koBqOfC;- zlopDia2zmMhy{@EgeNB(<@$jbYlNr%7x=_S%4|Jh4~aQ?5CP_6!FFTwTbs&bvY2d!iSGud0^ zMaSI8GQJOe{d1sSl${hTzrZs6r&w6WKL-7D8Z4Jl)bDM+(3I#fuB5=(8fAQb9N}#s zQFD13!@P`3&1y33fW3x(qskvD1E-fX4Dk^Cd{#2ucU-y`IBpH>cY~Kf%XiyFE~1S8 zCIsuCqYks6aY$r=G9RaDo@SLg%an1R-dOfXRrh5?_gJl*Ple3^Q468=^bZe<|EH|b%CKxG$1;X~=8~l5c0iedtqqzg_ zbW_$pOcE@Cc{9%!wcApSttQ-A5NZK$I!(?olB;XgxA9x*}!o`?2o-? zoP+ugUUmdlJ1`+kO^Gvm2Z}JbF4y+BE8T7HR>54f0#rXqyMf!7mc3V!M>|;K@E-2( z(nLOsbn`Jei5(dMZO>)4n)k^nXXsFGcFE|>xrLyijISU>iQTFEl9F~PA{f>;2t6kg zjL>K+RpXH!2VOG7NiiT|SDw>cezF)Vlq)%%YHoF!jGYh0l52%&+1xT4LR5pa6IlgL zk{7R{{O5V}w@qcRL<^`QsJ!u)$0WOt=y>MDz;Ondu(19(VyLV+%*MgM;ASAGlDT2> zM$C5(!Z9D0Ed^!oQ!}UaV@AQ2V(qsYDEQwI#3!zcbksAfb#%XU+%PDk#PoY8RKBN) zqQ0nuMqausvTsqsh|!>nw`u1u?^EkPFWsfH&RxBGn2`?n)%W}V-k~G1DCNZ2lu78x zOP9DL<&yWt0X4%BZqT|_jqEy^0A<0I_%*{n%8HYC!81IcKUd72T4{%!s}s#CbM&4~ zDR1WN`b8igJWzH;XKKJFz1!Pg~tjj%a|1hkX)VedYdp zTn?QkV}KqkX8bj09!oQYsM7T)6{ki4V6q~P!&3lqg=oRFgTltiG9W-xMzdeoh;RPm z1*g{paE)OzMS_oNTUC+-c?t?&dc81?|xe%yZrhZp-$Y9 z5vU@x_$~Rpy+9r8w$kp>1Uejdma;kcru7#fvbP70=#)Cy0-HByo*(bNj|TRR&Bnj) zXK83@1GQ>y^zima0B|!nE%FUCexd%=*sd=RsW-BPmwG=|s+6tOy!55MNflO|aGCFC zJ=Q6o7&kS?>8$Dj6Wwh{$Q+1libfNZ260M;c0A44gm*y(`iCxpEuLD`SwnPo!=}ot zfxB3tuwa11R&*Q=7lih+M1BCO0b^M?&o$At!MgxP141BucqKl=?TQp_jq1-7({O(C z?oxMOS3mA;168a0S%1Qdtjp!L@@1o5hqI~T{vTiG6eNhUZ0+W>ZQHhO+jjS~ZQHhO zThq2}+qVAMJL2Am^WTW`P_Om4GS^pGD=VD$r9_BD3hiAkjfAyL>L?PA4Z$$R1T;LL zQ&KAr@5swP<5a?I+{8DAaY|GKT){rFC)dba&}@>4c&IQWEp8(-tQa zy1+_~<$?qhwhxf^ef!iffqvf1=%ye~f3<~oYCfNCK@1nD;Lq8-%)7M_P8H<0dH4Vd z!1Wv7H&Z(yAzauRGSM#g7LH+_|r}lh-~#`h6*xu7q+KF*s=hoUq29Y7r%d<<(nt- z?VS(+?LtW3Q^B+I+13qxLcWF69(xSdq$A76AEW1U^A1fe!ur^eM0;P&wu7$N-0<*3 zrLO-W+}6I)UviSPo5}}8bA!#AS<$_EutZz$f%H84(z4x>-ANJ{3k8r$$1&Als9%tB z4914bslyxLZ)Y2xUOth<^#NQlQQOtnz8DJ^wSl&U`nY{rtwtc+lX`KNZYD`sV0mG5 zU{%5XRMTL_h}oZ&mlK>zT{dwhzE`9$__Upb+%EhnIi;?X7;TpoZ!gEwb4oW&X$D{W zCS4KVOeLaTUzGS#erOUs!x<5v@G=Vvjl$e0zjc#vSu(Us^<#toi=4XUvR|>-Tk>3~ z4@a;#Ao0_6E#4b_%7)x$;`ef!&%nnH7);jz1Cvf>&HP#B;wHzM31IUrmIn=oI6Yl( zW(LYS$lvJFpNdMF_dnziEq=*T-7>`C14%8kH+h$ib7OpO=5iU|!owHqDat<+xJG^Pz5{O@4LA!}afRKG6>Fmf*^O?TE zQ>PqStwF2^QE?p=$W--!SA#ow_>i)JG^xL58~U@_ec|wia8Us42srgcCgwQes^AL> zdb`ee)>XZ0ioyrrRH5U{H>rj)d^)5*EKBm$3ZJBq9FITcX0ugUePGo@$i*9qlK~m= z6bJxB4u^u^prM=n(V0UQs+;s*9C06USfultMZ zc4B3uR)VEjOW;8F;*jE<79B84P^1=ulGtJ?)bK&b$BcqB|1QK@V3=@9vbxbMb+)k& zOe9SOP`1NSkal*bp!S;9z^DHp1lcI1&`O1lt+v*bBm)-{O!jvDyI$9$Mrg5hd|OOb zR^FEUp;c&(z*Gaqdcp}stZhxoTJxWtzxHp3{$F~2;eUJny#L$t%US)?^Lx7dN6$a> z&y5EK|Mlg7{a=1``JX+%oYnvI{Mo$!+4C1|BxG|hlVCjbhMmA5@K)Py%r@Jn#u;Z(SI_uVA4QuRIMJCec)glqAJA;nyB` zrQR^yZO7uvN_6d&JD>3desW?d5#(uFw?m~5S#m_qR}@Aj&I2dYdkaCpf=qD446j|s zMsdgydQ+dMXxd{{)jQGjwcnJ7PD)uVaI}b;4wkEs%{zjTVe3!*GM>q9uKF|MrOw^E zUJ4%w;b)^1;%cBm4CiDT;7>LN;g?p4qcV^VZo@+2Frn#^!S{B!VI!4?&ZQgzt~_yN zZ$roDUZW}mY#^vTBN;m@#y-DhRAIKk&IHJu)DQ#xzjC)QD3Vn)K2Mk4R5@xv6lI(|xrGwZlvy3}#Cd;1I*>w{W9mgeo3tv>DHXj_khv@zyK2 zu8*K?Cz`S$&dE8AvE56D*j5{5+H%6)kz5KjH4JiNkmqkA>R6>sg~+1MZ+AhCv=*sH zpZsiji~^_+Qk<>D8Xo>3LTPIYD;3qoJUQnTCVUfx-mn#!h-ghM;kZ6N?ZkgRC5g$*auvaroxMzH;;6)K}jh1xf z^nM?$)0&KnvaN)f@2Bmy^8wLn$fH@^ptj7@Y3aquu=+(i0tv?ViPX7lQ8vIbTVxDq11tR8d?=sqs;eq)1ha5ZV37`!rq7>Uo`%Nd`3vz3w9HwagvVpLe@4i?fIr+lW7O z8>BfD>vnj-7o6yGB4lm84H+cPJ1SKbM1RkIVX+ z^KnJyCzSeB6abSs@I~sC;xn^CCw~fh$wFwAMX#R>FMv2vJQ+cVh^osHV}Fk>k+xLJ z*k^*Y#M$iz@1(~X+GPvr$0;A2><$fmI>aUG95(YgBiW}2Uk3NJ-nM-Mq#Z}g~*5!R2+aQn;Sh6_7y#x#NGU%<#dnev~1=*Ec>bGC+xor zl(sSL7@+oaf)OVG);_v-L#0FcNBLopK>ynw6^?(E|KdNDUj_Mpl;7_0f0h5>@5=$I zHaAw!&2NJEbLFQ>AS!o2nrVKeoO3{Vb|Uc`Y7}NIkFuTY3f%rIS!{bJE5%s~iL7pA z_O)k#eRhK%ID%Tf5IQ!Q7q>muRMYul28YH{^WI5@NX#s8a2a2z()woGv?vj@pE@un zh3L!aNX}!&crC2?8wOlt4&p3BVl^e8$xvVD)4jZ=d2e+EZXwzewX>+^Dy-rTW$krH zjVIy4k5lbHaTHHhbd#OuFslH;4~_tzxBG$0C`PWjL#bn@m)9gNg7sq!n6{dfE}>{y!ruBOB+|c zaUxd1lTP3Mu7V4}^vM*YAPAaBI&*JpTp|fKD+CdCGrs+qzuA_4zM90L1F^ib-8lEY?|OVxN;y>9YR z?qrBkLf4E#UEkmX<6)3Fp&CU#w2%T)8KEGH3W44>-LL!#xQfC-|I#(x{q?P|OoRls z7QuG}66I-Yvrx)HFX6qakGdEAG?PA50Y-D9{UeYfi6MtB(Ttvc+x&GU?QlV#3gqMY ziTaIXbU^lgf#%yZYBq=cvC+<}B~-%5^=n`%eK6lAlFB4}muxhTzX!9*Nj_BJi& z_&BlJ^o^9+G9*y1tl_A%8m)p>C^M$3p_AQr=^i-iMz-#Zn993Lw=R9{90y0H4pK*S zo>4bN7bPFY!gYTx4vB<)U^)Iw=>67WIU8Fufp~O`(CAy!U-Gw$yJP$u0NKw>!twB!L{emr#zZq+OYDRlYK2~lE_FU9Xf`DBkJPU~9b;iR26uqk$ z)c8{ceLlw#ov1$!Ig%+U`W*Q5$5#FfEW18Qi;(QyNz#?SNvVi}qO!s)NcPqe$Jh&eNDs-rZKq~Oo0~+kC+dkzcT7n)ywBc5t^;nZ#lk5j;C`zmzi>iy ztbEn%MVwrg+-=&SFD!{{+T;EJ>=bS&?r%vQ3&pov#dnL*W@2H8JdcZVQKevSf7lJq zjATr1qcgdV2)04$w9ps^UWG6ht}gh(l(U~z+Cr;<_d%%N`ITWV0=tQSQb;{9Xniw_ z$ANj*(=T$ab%j#uK|=fEUtlP=^?KJ;(QCahK0lt?#R#vJAvLpLn7lHXVx949Mp@jTjYYFGSwdDLiYl&vp|J0K0nE$LL zfV?SU(-6g$Wz(f)_WhAN5@Q_^ zBER_EsafB*Ynp-X(k?nWK-_)=q7uAu!UgK5f5z3Ls7QpIozHT23F%%>3!vb37Yx-u z8QRwGisQ0+>WJ0lNwoVp18qu`Z(>m(-ui^!L(wy95(C=~y!$p+RQR_lo47+) zjN(;V5(D){j9hz=uWfp6GB&Si_XXHjgv+m7{iC}bzDoIe*aLR}@xQs{?_0uzST>cG z68#+sckta&$=RoT@zmx=f<#CQ&8$-e^Pfe}GxVa-KIwJdf2OW2xkd#D#X2M}Y92Xk z&VqMLc?9SIJU-@cRGX^%dutD;fFSvtT&!@5i~`yKDP>=v&y>?@cTzRXyKX1_Yx~r{H5a5MCeMAKK18wsHr0fD@+d_Y4XwW?ZV+>S3 zX*da$Z9>^V?k2*7pPQRK{t^a@FK77kIw zN4u-(-p2}(IdNR|WT?iG;K?Dm?PSm)wQvRI^8nq70;oL*ueoBgHv6UrCq+Kt4`sBo zke0!(SNjdml3bMd^V)d`*xEhf|YzK zM)6iRlKmod_`Sv7)^&yWkOl+Or`%^K`g#z$wfIhq?^_O)1Tpfg&0=zMWdCC@I(cK~ zH(6Dp()g27wYQSz{xA$4C#~l;t8h_}C?=h$d{h2);yh#o$LjV}8udv0sy$GilY*%a zEwTKI?4iw3U9*TO0@^J4*X&HBWlbxHV+6d)ER(Krg(@>TRjF}ynEq2Na`fxeM(%^; zz%AcqBRo!rgD-p~uWfI8Fest_3~QcQEy?H7Jc%*?m`0D_gW>oqgR_~PO{y@OKYh5$>?oz6}=A}$xzAbIm$ijJr5%ig`%#gO8+*Hd-HN(D()8#1gvm|Rm*{#Vh!wOM*W_&6t>JE-hho?nO z3|+fOkPI{6=SBU3y-1k}688nEtqit^@32z&kGQ%UmTl5>$2{V{CHQ(l#QapZ=U4r! zMq}@K8UYJFHS`tnip00pjOZ%w%O7fze8PZxYVa`X*aUZt**}0?2Em#p)(SiHu;`FE+IY#B_Ksr`A2#waVQjm@&?Y6Pm!c zBQdKIlCkg|lY#O4hyRLCrVDf4EUK|d z5d-sWw5K=Ef>Jn9D0|$7BMViLuqf(Rfg@fvE3h4fGUTnV2o2*>8j=36Dm&-(k)Z-X zImdAUsGRabsvmDBa7|ml9V5To4g6T66mlP>tNV(lrt8Hcrwca%dw?$=dD@Rqo@2(N zv!4*m0IFmt=0E4Nm3DDCr!amxQKK~ z8fei_Uv3sAs(y-}kdiW3CRO{S9@mgD+$YqtHh`X@E<4ClMcX2-Neu15$2tjBqm;zS zR`SsMPO7`HOlwH?*rpmJW6SxbvSuY>;3VP5BPJGuZUW-*!ZtMGSAz?`~j~IRc-<1Oj->d z*TI-_mF@%Fl+$y9T%WfBs13$4a()30ql)y0^-Kg$_5Vq{EcZw3UBVRZEJA2!+^A z`~I=VJEUSuD;@)bfiWRNlEJNBhz;}GOcZNv02ji1#Ct~IQQQ07g8f{Bgoe1CiV6o@ z?q;%YsPl(kZj-u0?3Bx<-}W_7EQpf4$BaGM=4(^WgXIdExoy#PH*3n}*yvv56c;AW zg!iYS={jNr(bW!K!eCnBm8Z`yDiy19s0>q_I<>|s;8Ts}euo4#6J7TE^zlWiW1Cl( z(WNy9B^@RF3+MQ%&s*QSQdsLSfOaN|yaF zvU06x+pZltft15=h?xr$Ke{;7?c~BlKO)1(8wp-Pqc5$3op#VP*ICeHaeQ_=_CvJ1 z=S^TVAf!EI(Jz?hYbJ`ri}ztUytdrtRyNwdv5oniyU@ z=re*JEvs8b3YgfCM1)GXem`ThIChKC;T^6}u)Dc5gak-nOz?;V#UV&*6KzbXZGPp* z#sF&O_sj){x+#6n1DLMiS&WeWfXY%aT6AyCdv-Xm?mA2rB)>j^E~LM;VZ&FeSY3(N z%y&VB0^q(+!rfm`)`77yWG~{GHF8|10HI2Mz#VsH&m@RP!K=CI)LjH~bTBWO;55Ye zD_HDnXM~Ed;B$gx#+sw-I@$4b7QD|J?txbb;&oTz*;?zKhvV;Tl+5AXtJaLW#fWsK zT-8|l0@?Mz?UE%DARwzd;a?u>=j-x1{n3FNb@#rR z!BTF(Gd``2*%v8(LP3M3ETq?%{>cho{2 z{sb^@iAhh|l`(qWz6N@SD4X7cZ2@L&=V~UyQECA@< zcvI9=n3wfmF)saUTh{HfZm66B()m$6Jor`!X{V2?p=c4-Fuuw}To`p50JoXl*q~pr z%UX-r2lyg5M^M*qy>K`XIOTjsGw>K?!jHn*IV|RBLFesn5S^$xa^W62x9}>7FEJs(s{0y?5C|>q3pPT?nv5Zed_(;jR^$XwdSUS;f=3@Onj$o6&K;I{ zddq;;5Gkc}y&bGSTv=_l8JRV-S(AhiNdJNv7v*F1yDbp}_NLnG}hW;*o{JDNk3({fv zdeP5(Qm}?m!q0>ybCuM(184m;G){v;I!HnBiwo9Ci5-_UOzmgLtuqkZWiUNSyb5~7 zKc50X*N{w#bM(qUu(}NMfmEh@Y`szkgdAd7?e3x!!18lFA>tJ-+iVjz(vzwG1383Q zL)H7Ug;)@R7rVB4y7>>a>PH2*oiA;e0r!*WOZ!hI=`_#R23>@)@7}`|l zRF;n;2tG{Y0-`E^jwtyNQ8PlBVvou;WaLSIOY8DnE_(m5qjXT5i*PYI#?5770=Ujd zTxA6C-@#oXo0An6jEg7Q$xy>Y;-8yogp4ykBPY;%HtIu9ipbM=)C53C^{rKKT>(Cf zSDELfMq&-fpCKBc#dM(N(cDmMKEx`WwKLYCr%2j@>QqqxkwI6@YF6}}lLY2LoRwyl zfsKZ-Pumx6HwB!Y32<{5HSJV;HYEXA_Cm4wmp=E^J5jN= zQb0Q%`DZ{RWs7gq4{b_xE0#8X<5Wl9_QH+8Z9>d@t&{vfyez*NaC6>{>i*Ph;OVFL z5n{Jf=wifL=4CYV%^s7z&J2i8fy)Dgw?D(}V7z-oF5Aj`?EkW_20CCezk6T+?-4er zqRk5RkRVx1Wr>(ndzjbQZ2{PQt*-AYZa2EUf}J16dM)10JkvMLN@_+64p>I|BFUT0 zr+aN;NahW(ST;|6Y-=#IkGOYpH=bpmEYhOktK2Q2rcaL7xJ(e4Hzw=|Url%Lp1qL% z*80NveQzV!eFNUbXRr#dcM2W5Z>i6)QK!J=Z+}0ri};1uGL%JjEwC4orP8q1p2Vl> zaX3LX9*J`d%tp`xFTq_y?GRx!d}|q%HWGhZ4z+~j+WX*1It|4JA0e~qKYW8T0aE{h9d&lxr^f3z3Y;tF_Cb_rxW&%-F={%BUYGR3Jx8T+O z;>}#qvP4l$>h!kkZZMc!l5Eg|{__hz8Wx%$&;7xr7F4y$P^re$mN` zSr22eG18(2MDEDY`1q&C8!h&pGZRp!CZfKpC)J72NaeW$0ILi<0Eq`3Y z6KEFEtxlvfd&j26$;$1I_hbm()K}!tgEt9}3pVOxH>?5rA|nI^dGE>pTrID4m+!m3{I>U|><>%J>#+P-5 zDlZg#WDa$MK%viNUYc?6EUCk=W_GGu)y5}aPN;=zari}te^Qh_Y6IThma}6298r$E z6HQv{*|qkP7&QP&T@u|PgoWR`vRXUCNJo4vZGP2ZrIC*Oz&{8Yh5Svv>;-`i z*~m%{ipb(DNd!QmUYgT4y!ycq3dS&|J5(4f<=wp|d}1>FN9XNeM~Y{X`5FELOu|d! zIg(LYXHw&a-Z2O>3%^|G$Iw3RQi^MylUn2q&XzEJ%uE<8%H{LE{ROUC(&1s>rhqv_ zznacy$k!ALeZF*QIff@5A18_K-Z*^ZGp{4=iC$)NJLQ>RH7)8!SKI8INc1SLu z^OhXY@4Joes?Z_*@2+NEhDZKIPg^U1CckYDztwBOI2)3=M}mI)50fmVh#a+@`>$Ip zYN_x*wJa-_Z|E#&)g_Nd2oC;xUK+Bai$wf-zHVd>71+lFT=d27nmQ}Lb> z8PIwGN-l!J1ky=+_=v4U)c=rzicMuKiQ1E_P=cAZ<;=L$$zpLPfaV#=b4ns^0Erj z0V;jL*_RnlgM|wZNQ(&(>p3`lCJG{ze!7d7dGyy)WGChdW+gbnHuNRD8EB7aCb!;C z&UyL9q=u=aR3|2F-0_+t^{xWEO`T0fPgIZ;5Ar`o^Jy>Z0|*9F9${s=1T5cs2ba^+ z2`V^g2m!uyK+$^s4!MrF+z6d|pA;SmCuuHC{=qNO3v(E@ljfm@cCin9bC6 zZoJZxfK=aB7mCWhpvfRr!6`Ul=~r<;w`S%_cV;`7p3Sz_07pv<=;Jt|)JB~3^AeBd zsj%Yqs`r&J7W`24(ffmhC%5Tm8FDGCprvV5GwjQgv1Up!aHZO*sZuKS!B-AOm_RR8 zd7F@ZJEzCfUbzX17GuL?=y=XI;S|cd2O3?ry4XjW_g(8mi{|I8szwA9mvoLB2h1j+ z`3bR^0y7FscZWo;Wec}MgZPjxv(r1c z7X`yO{q|nSRKqD$J?D`0!pk$eynjrdzN$i@o;RR*ix`&37EuaEnDD85EE>MK1oRm@ zoHWh4Uz02jFQH4Qg>iFMb|G`})XLeG9}1pRub=86_4IulH~g{Y_4oTfkIcZJ+oEzg z%g>i?$1Dynwg1bpm9gG>n4n7|d7_(kEdfC*sAT6_OpY?tev>aEBS^L195%qg(ts!8Xrz;At0(3+*f{zjcE3HW>B@sm2N#<=kIHMze++b zCf+6?ajU*|CwQ?Wmjp`s`C_L=h@8a!xx>G3k$ivT9uWnm3i3nQcda2)c1j8J8rAhz zbetfz)ZpD<5JHq%Pvza4^{y}qmQagCWhoKoC7wEj+&LPdLgCiC=_~R%#uMoI7&b8b zeK?p8crzxW%Ql+wnY(Mr%Sq;}A?wZNN| zlviOXCy2b>rO!GR2Z`DjZ`L+FL9B=d?TfF#*;CpqRL0kQ!c6o8cBuIVcET9_rh=l$ z{s RG^$N!h34T(&vC)O^WO#xSR4EC8=Z6IlQQHGGoucYgDS|zBs{b;^B6-CmK44 zIDgwUY8S%ph066U-T<9n3dHBrd+D<_@eNQvh6w6D%Vtkl4s=`&plRut==}XcGLr^& zUe!a$4AT>3;Xx$nc&n$+z%toM{+KMclHY0(7HTGzJ!^}6*Z8QXeUHQ`r1=_Q+vEdZ zAlkg2#K~S6Yt*HFx*#?{m%uhL-2PhV8y_kd&2s zV)^Ut!quPK=o7`sw}QeNbhLIno;Hi|r>3x7soYt$%iZ+MQ_Lw$LcOnfAK4f@x77^$ z8Io{sx5!Q&TP)g=71PND<>RkUQ)Q9GMotO`8wHjSGSQ1E9qJ@5aHEEx%In)>~%CH@-& zcm;c^bmfQ8jBor@su1bV{BG&3sj58L@-zPyb8-q-T#V=j@kxGA2sOiNG8=P?)DcaC z)6xE61E|ZCq%$tderPK0I}MkE{#uD{CZ8s9Zb%GaQP}sc_AdrUV+n2_ac*g5h*l3S zfu|>VT&zTBG_G7(nA+itI}{6k34}*oy1*_*fAvi1mGZ2qHm-eP!};V1wt}v!&-Q6w zop39RpjO+LeQY8sIu__43r`0u|E?mYYB|JPo*z(hdci+-J>%g4GXTJOx#cY+l@6D( z^y+_S>EEffmR^-0@_#C0Wf1j_`&}PpBjAs<>ST=jvbX03Swz_@J8lD&lNLRRnhbIK zs`a#fCtg^x*`&dr&Y>{Q4@Mh{5oBfJz?N8f--0x&emKz}IBCqsz}ksCjBo?5rPEOI zp<}`iyT%lDEgBqF7xnuKy*79Do$xCl$gE=giuqPHqvGT<50QD{U7;+3mu)@rG(f|z zPoaP`jBHlU9zux1QZncpC{=&E)0{W}$Fw(pg8IM{C!8=$r)RZ^Fpw?O(8K?u9kF|L z-EveK0AZ?mwA8(j$hC`m0)%igT?Btw;f)gkVJ?wQT4+Gv9p&3TR?u}B>Di1YI4;e8mSbT%hYz-rWkV^= z;ZzfLf~Qa4zi1yucde$cna?UXbpN6x#45+ z-2h?09H}mnoupwmaSB;D)w60D1B*5uoS@_EDWGSrb*bcEXKH6v2#LmuQN+_(f1X%@ zDd$VDIMWtNUS6+?HW@%+p6Z-K^KB!?An>`o3#M8icL`o`V|?9tWEHU0m%*BgT_Y^S-VE4)ND8^k9v@KdvV`fd>DQ_F<9m$W{#!cd6SD8#eiUcyi+`YmvlEsZaJV>`8IAUv1`$RH7IWR2M9 zn0|2g#;(u&8$ISZ1wHWv4md1XPl+`|%t~pseTy5S!wmL_78q~^qJ(w<#J?PDjsQuw zrOpwg@>CVY6=VOW5h-3#j6I7nz2Y?|`bMkB1M zC|R~U43v&c^cQm7Dmx%}gqC?8_(uPHcuF1WZmz{vg2nYmWC(pXzGWPx=w9uEU&-NY zx`CR?;-6xfDm3^j**`edQdghOfbNeenAAn8-*GYy7SVKqzXoZv9YB?>Uvi=#RpoUG zN}OUxr*GajL^>-#Z>puuTet?S*pkavmG~1hzX&l6@Z>{Dtx-=s^F8{w%FAFHf}99! zP;}^*i8vz2%AF(Qv1#Q%RVvQ>eY*BDm0o0}sLzVL&=2uv-u*8xh9G8ShQbL>u)~5% z;Cq`S-i3@h_x$9hBE~C|A^en32P%uyk9)}d zDjPqQ8+CgGpIKBOnHF6}aP8j*Y8%g}Q?pOU`RkM=sqN!H4xDwfXW`AnK{C>TsC=Pr zB`k=rpb{~-Oi7#d1GJ@dKZVXcVH3RO>IG6OAGZPN2##|iAbYYPz58? z*rnPw>I}VNC8__DWtWz?WSdZ%_~1p6azFO3K74Tt-DEB8ebqs~{Lpl*?}V%qW49ez zZ@obcF6trx)lobW>w(UBlAdf5Z@V<-X54gOLlEW}YX2#(2pTAoBqtc2yK(?gEyJw< zbC-tojpTRoekT2G_Liv3Y8(Fg=AU&l$=)O_VE>!voYMSHl)MWqZngp#?|V0i4w@R@ zxyraEt8^@#kpfn4x8!@)*DN<4xQ(>9-cfz?VVL%|j zhC2Umr2x`27J+*+nm*$Y%iu60RCmcmJF#iCqZ6)8SZ{5#TN8t}6bXhk%3 ztjGD%Lj+&fQAp4=Ryz0A3N<85+KUtKHu!Wy93&HJ?Avqx5jjkJ|2g;?M7~|gZcBZu zGNjI=^rOh}&T1>Mc07|hWrFm8WWus3#^-A;EQ-#)25!N=f{ z+2gpnXW7n5KT&0RPl9L2bljbYr5({|i!%hv&gE0K78r(=E?EQ9LMz*K5!6C)KSdyT z6w6RgEKpA6D~L-k@j@bN*Zhd@4+7I1AW0cQ9CLf1ewuV8DLpzF%fU7?^QN^_X+7Dk zp7h765GGA37};AqM+*tRER`GoMOVXM;mk9Fs8tPLU%9F-pN->+7}_m;>=#>^V3DD1 zi>^&q=cAd+#M$|Es-79Btx0Io#7J$+LQXqi+FGlgAG4B%>&;&pm!q5=94#aae5Tyb{ifro+7JK_6JYiPNfyX99b8`3OzWoMt z?2(UPbZBmEc*8Hm;+f%FcTKnW{NHYik&2Sx5;w{N0K9_z0eRN&+Ye;dvn@~a%-_Oz9lR5t7eY4{z*m%tA}eK|}+oZRSzy&4_3yIi?p%TQA8|t!=fU=f=tA8?kYzg*eX5 zveB>zF;ZVdmIv@?2Zm#k2S~UW*^|Va>No4|U{K=x4|iioTK4AE(ZnQyKH*A^8HSqL zloYadz2Ql~E3!i3&5 zVd4B{ZTcWThkww2m%y9B{ZWALfjUV&>i@GkaK>ltx#BY%leSXi%oQH1_PqYw!82wf zrQ6>-etrpBv6e$imM@8#pXC_K_zy|B{!3E+3!4%9m(67VUp5n<{12NE|4%k^@z0I# z%%A`XPyqj)|9@@OGXcu~GdBZq_@8X1(B-^-T{i&KO_wn?sOLb% zN6#A%Gm%8@uP$qKoJ7zw@1G#4E2RQIE(iUL{qEV}U7!?_FE4D1NdxrpVp~w6Ya~#9 zlK`kALqj7Pjp(`OTXGRY3ol6}hm2zW>Ccntm{lzgtanpaIB#)PCAC^9EUn4Oy5+!| zN1&BEOi4u366yaAym^a1__nUbK|~9Q90ZO2MUyQ{K?CB<{NcC|$wHMLG4wISBwSAbM^>p&+}{r)pvVTNO!nSFXd3I$GDq&?s##;m z3S9pL42-cQvSJXXlbq5C?mYwaVJh^bS=p|1n`xWnYNZSA+2&4q!4MqRW6JcFqs8DH z;Z@F=!B`D6nshU_!hlT;y>hJ^fKRIf?2D1l9VUM!#`r0pDzu93fGWDo zx$LH8Y&|Oog+bTNnqyJ_(g409fbxLsup6=q=lxMIYg(6M>2(-R$#rpwaQdbeR8RkL zU@VfdVFdj2EI0I;86D-PXoL- zh$Y(O?Sk6uV*PXvS?MgHXvWV&t%sO?8=kEt=MG_%`XYTXH8lp2+^)+Xm&SZiWa14~ ztj#79RE|O@B~C_24g`QdBYs*GH(Fu@_95k%gx4}2HkZjQHj@NPXS|4hvKQfFt{%Q$ zzIydS2N#Qow0c8jJ|qEA;Gm%(+qf>T7iuWPj_KyX%D|HvZyAw5J%O40}t%l+KEqjRj7On1rOY^DmH5ks;v4HZtnouH|j^x2n z5@de7aC(9BoDT%JCL(yVXLhMa0dD3OPTxD*0@;%Ub3&1H#{Ki}-^>#8cmeX`ru5LB zqt!Z+&l?4r@{Soph=KH~?tudkOw1Uix0$RZdc1V{V(SWtPV2l@$sz_#mLb=>_J|?< z^#wKFOH$M~^)|S%(>c4AgC%)jspO1xg&Cy|k+|{}Cn~w-Rk08n% z*yOV*$}W#@ly9azafBbdOdC!+4;2=4X-=98%-jQ_;wcKCl?12PWVqs|V|TyQI&dP6 zZ_}W~k$?|R8;;kAS4=2|&Bkb1U^$Q_leAgHC#V#Rom(f(bzLko0KX8rq{*Dx(o&So zH9@3GGVtC9TEaCo&(aSCfaL?NX>XD<3>cQfpvn=-}COjx}l zY3y`MXpnbCsL79F=T3#a6PJWe)^B!vDp zyaFXesNf{C>fUT64J&_|ug=@>BB`E}JA&g7jN0v}%VN+>J`H?N+3m5I{7Rz3d%N(f zwBlCTew+N2q{8V4{?aK*^4D1Ynm8SI*Pf_|;=Hx<>vA@4Avx!0uBgN^ub(71qOGWA z6UnRxaNn>vfDFLBYpo*<%wf_nM7Hh`-Q~^iJktjhQjgtk_d^+ttBcEUsSSNHrx_{m3RL95KXDaOHT=y_C zXtsO~3#^89v^Nb#uypQ>XWR(cNR0GF$Wt^$PFLhaR1;rJp2~LYbEL_A_^10s`SHgk z)#`%2!Ix|C7o$${Fre(Y1m=ph{4LS2VqWe1M|$t3GiEEpQ%emZw=6C7rgK4x29Wmy zlIi0MPj?dmJLZlajvpNH_$E#8%y`t0IwJ$=al=Mh0|1`cI|ACFL;oi2G%Q$a`+X18 z+2gC;JTf3+epvXEl(Fm1V@#lr0rXp+c9%^1Xk;el6qMIB|KK_sBKoBv~&GiJXH*+so2mZDk&MECbB_Iok0PyuK*0Ps6A#RT{&F0g*z?meT%i23^vuGoefAqHkb zch}v4bMifzmsI@@V^ORKS+gJBk;SoTM*9QH>;S-hkp~|rpy5dI=vtPopa+-0Z7vJL zke@lJPuSRr8Be^S=_16o+cSp62rAGJ(DGV4Lt{7@*)t6LV|RCFJ#Fv&|M} zZPaDkwr$(CZFkwWZQHiHY}>ZGY`neaoOvQ9CSv|Teq4F2%$0X?Ze(x5Wal@Md^se@ zvQ4+~py{kKERbvjv5_0FE?F12g?d-%k}$fR7iy<%+D%`Bl1yg?#VPI&{esWH-=` z61W>lyT!rs@wz?1Os78MjnhaMm9`|B=tYrPu%_1_THyG!kTXtCVrXFB3^MH>zv;4D z?$|SsXi;w&9%noxpcGd`{-VM_fLoelXDUE?sG^p^mLAcb+r-*##4liM|<4OMw1 z&UF!P#?4Xy=5DC2S5+z|LxfE>&p0dS$$t5!gG|4F>*b1oj?Tnsyq_WhMijrFF zY9l`PwtwiTTZLLMWn+SBd{l(>X4eaVvk`}M)PhYHYCcdF&m zC%B@!-4jpK*>f7`1JWHplyw)VzmjUoD}tGE zh9B|@M({=a`9Ns7wkFq*&$F;Be!;7D0V)U3>3EHte;wQvUt<8;Df4+_4_oJ=&hViJS7~5a%Dp06%ZrZ zur8&@{?rnL)JL;8nbVeCO#6?}VOamC`6d2k{_OuYe@yW|=I2HE|AhW`s{Nn)*ngRS z`0tAU!~A~}+y0uL^FPfWQ~Yo9=K=hu`O#Un!F41$@t0`*8_7oHipNW5jma2O+NRKh z@PJP3>btb<$N%hjLhtp<`eJzk=uR^ByG&+UD`-*Dm66I#EelrU4=wQ_o^nP6h(v~u zY)=MS)NLU$gyhuZq6g9fJ?I?n(%EcT zO^Dk}3tB%Ex3R)nDI5e$TWMyfShbfp-M#^=#@-zx*NfExNjujD9A+IEg3k6Az z*e@*GF&`3|PmKCdHI}PRbg-`E+b&Oz8Yfat<{WPv5nsitpUABFT6>Q*YeS2a8430I z-9*|#36)xJ3F^AsziMoiyc`7K#LewULUWQnw6Amn<5C)g!_8625BXT?&vp`Jtd1J@ zW-wq*(a1LlIiKdl;&;N$^ls{R{A#M;v@Lr(e*bShiXDKEKLyj(G0ExLNJ!}LXpGgr zrs;eYH>!y<+%NzdwlJZj^~G=7s|*wQ@9DRGm*nqK3D?&VJ*`%@|8ZBg%M`lVoj%*p z|8$|%lo+#g!+$kGv@k-QDucyDt8@J|p- zkYzD0hST4$fxZc%LgS|tEK@k^9u3CqzfJO6$rsEKG(y6cb3C!@e4lOSK zWx1S@?8XMj+r6wsGo`2W#7QGBRh{MM5-ya22W4a*$LLV(X6~S8eXq#%`yu zi>dr6An?Sqp57>DNLdK=sr{sq3yw!M7*7?^`WVqsnnk$*4THX>Oi zLyX_+6deafd=g+jR-_9Hk5|OwDmLp9s%tTm8IG)j$#ukbHZ)ZIW*3CnH9sE>5fXv) z1j~8_>$ESSn)HZa57eL7wqR34U#<$c2|da=G8Jl{nDV#WRH9ycFwjAze7}hV*?z2n zJ82SGc_XZYF6!voi=|?)p!CqQo04g|9PMeSXtO1X7$guupC7FK=teB-g|U&uLjQO=D*@EU^{eT?7 z7&@v8Jg8%^0HPK%XJ9~WUqGiMUm3DG(<}(}U-gZsCt5Bklx(@fooUvgajvw<5vcpg z6n>$SuK1s+CQ)^BrxaxuVhz$e3PbqngH3$L&Rqa0j@pNyu+|J_k$l%YFUViT?`)20 zy)qRHBFye!$G>jJcunsAz`aPZ?I4l`PE$0-GwAJ)uRmTk6bX#jGvS&E9vC1F(h6BN zBi-I6K|P^bX4!i~jGvpj7=x{oTl;$VK02;I-hZX^M$NVDR4TLbGxAJ<3yy?jm_){B znGrHWw2Rd|a1{w!Iahx%7ZP=?zx)27c4jiC-IlWTUai^Z#N-ZFo@;wo{KT9Ym6CHl zNBAvy-}Q)a1;J)&QZE4t{yXd}G_`y`&xr-$Dwpc4HcloM!E__jg5a9g46_MqDQD}j z_6J25ya890-@9vI5Skc>6i<(Vp_*u8CjBsfZJ1yE)(` zI+p)SXx|CKFr^vucUAU;u05+s_&p2fmE6MJj{aq41{HFpf5mZ|Eo9{S*2|zgy1s*b zz}%5IN!VE;O0x6jyh}WAzk>sa_AvFgIQ3Q39JLn3KhfMIidUBi|MPRe3K(YdIeZp)PW{k}mdM5UC`)qLW?ND%G@7Vgt zP?~8zvS!hdvmW85N%ZFvI-vpc)!)DNCBYo$16AAv(~0Y3_awe@Qg57`0Py^56bde! zxSaObf>{$RDxxB#3#$~t%r_YHrBnsAR6VuG?PTqeLW7rZ$)1daWo0PF@bSvUDI2Tk|9t z2b;&oT6hA-0(43J81VLtPPwQ`t+3=~HDe^x!Xq`rz>KervsSTgrZE_6e4}(_)}G;Q z$x@qUG|I=9^eiJgKD*iu4d96;F+pz@Y+5fNiW?9gE5pZ_1x-HoN6eROy7~@G?6h(x zvbC|rcBfyalWT{rFPRx-hFFC%KFhyeOR4P2v6h!Dv#1>b*vYf>lnRvSn(wQ9BK+}3629zLBHk|Qk^kJ6zeR{Af7t& z$L~8nk#!le;*OE-X=H_31(*gpLXdXcuqXbM{~GJiTy2 zFLtw?8ndmf_Ot=Z1Ot}>Ex*)>zB=*vjdd^iPW|Bya^Wl%j;yH<-Wt7%3;m><`gq^2 zZ1YK#xmT=QGVb)i;K5J0R>)wcd~e&JkXUXvHNP}Y!Q0L} zY|TEMoE)^bQ3Sf*W2i8pWu(2=^v2ingJToCzJ7w&;l`rkBf@6^{sa!Q&U3d6q#ru- zj8sa)a7{8`_#Wx~{xRdrDH#5IzEQ}b+T1Ui5HN&#w>N)p z;3v>7Nl-NZ-tRPx()H=E?=4t^{tS1TpEiR|Bm@a`D}@$q+F3rMzu3N+chHNt&dq-+ zMqZ}MSwYTMjo7bqk^Hh4pvnrP!)0?=Ub${}PVB9CXu!-4I{F)YC!o4l?-ngfR2S^r zM&9X`cm-9`!!W;7Q#JaDT1(srV%$|e5b}%;O#c+_h8G*z1@>5||AYV7Ba`${P&IBr zf|w1LT`#!_X_Em}RfaL#;ny<+1c$44Ha=?GukD+4RH3L9=%oa#r-u^i&g$89h|RSA z9x#j;5~pN)pUv@1q;49YZH_0}3vm&%WV%y-0kEMx8hX$Yi)O04dh!JgMKi+wb@&h_ zD-Fo2a0$n-^xLRW&d8hnF2fMW}BXfP8f1rr#K z65iOo_<7drngfYrZDiszI&$AcSRlSG$dYyLiOWVH_X+>2Qy#?Mf2sZCeGEZGv2Pfs z0i*A-GWu5Hz!JW&jVfRVX2FM`1M9UA#QU#C$EA|{dXTV1RZ?jH7?_HuB%jiVd+jR; zDtZRLNPU-Dn(&-!okr$7E|1|&KtcAbkXa7(0 zr$7GN{JQ^t7xA})xccXP>W%>nKVay1}iR^OO>Y+wmn zR7k_aR=!boj~Iz0V%ZWKs>cF_^lSzht#}IQCAS%77=ue^{DT)b=*LDvt$hdLW-9SJ z6mU>`SQ`VKKI0(`P??8xH<*3t1LrSJ63j);Vo-5D(}U{Cvd|gZ=J6QbFAs2h4?iUV zdC4WOrR|LOU#IozJ~w$}&edDjTViCqc>T)f53e<%JoP)mTu5&&m4CMJ{L7>`o!7dn z)kj9dO}Byhd$2Vty@?Kfqixt`6}Ee>AK}8{STb(-OsOZiat>XnYV9B0ScxtV23m(L zrRq`LJ})6^`Pt9%ucs`{wim^{9JD|;Gn$`~prC<&FN4?mgJ7n~k@jrsm{Ph?5B&Z4 z0w_Oan$wXwM{TE1LdhuvY2?Vp1dNoke!`woC!AuSlHRV8^tQ^Rcf#MziVKMV=yVIO z2=KJGwrE8m+0z1xQw|j*wn~#8g*L#D+2aG@txv{FvTN$v>DZPMkHQkz4!SmD$Gsar zMx-8&3?Lly9XRx^NFEi_uYaG^`CWdZSYjY1qNa`}PaBe%8ptunZdJkO`QF@g+tA?q0AzcwM!fu(E(^BsDdN5nh8*B( z42EQowI{yvgB?lWhBWP&x9XP+ny zRvwTW$>WOS?=6r8)mx|8hc=s|B7sfq2AKUBG;^?TKrm91!&Sws8OCs6YN(?8Qkez% z8$G<_Wgbv0!$IAP(c|!jFRQr-9s0xaLh8GBrl+ zUhI-`^&YuGLP4bPDn2&m!1I$7|~Weaov{v_JU zT^68620=urtq<27fdeZhd>Gi_tGhC_9}n8J$)A8?5BkzxVWF2~Q51Xid{<2ds`@j1 zj^EdRFX&A(3B;%n5dvg+Z(gILq%xQWQ}h;Zz~Yq^g1z1rLCzO%dU8!6ueMh5;8}}@ zP5R2Af4~Z!Dj=t8U7?l zOm1D2Z-(5j!l9g8wj-UJYiRwyaVvN5Kx|8*Ol9?Y%+H~Yte>XVrbc@q0M>vd+wq|e@o$6z3G zBi=gCq7%?dYv|3_5dhVJ@0%NHw6su9Ql^zEC_Xuxk7CMvt<#pP@>b%YPelpI01t41 z8C~j->bs58X~~^g%e}PySav^DMbhxmsFG?tYZ3Mtq8u{qNEJF3LC)~~cE3`}NcY!T zr&=)@wUS#Gvw-p>RLfIsE0gsJrdjdXOn^a(NWsv(E;#$3we&0?nDlymsTYT&)>anM ztIzWft(fsKOA`9|jw3XS`krF6oq0{}J3PAOuM7iiMn>F?v)t~$VsxXX58DCkmY~88L|akG{U3R?l2UGx}rVNdT$_>UEDIjP6JGqe!VHSl3bPTmQud1{gFo-ckZ~(Ms0vOrL^4$l{b1Pr_VHMz4M5 zcY8P{4&Q2YkcX)y$EYz7N|nB%@22ya*>^@Nhj+|cf%3unt;~6@hXc;XQ1zX~g<~Z3 z11T5zAla0-{DGR*nv7M!fK;-1RgMaJ_Q3E$T_wq0sf4-`|C;gmaH?hD#M9t=yMF3B zm^-H3w?=?2Vjq@GX5*8kNfj?LpHHS3*o|u3JBVyI^~CIH zw&j&PVnq2|f;a5lUq#ZlQEx7vHMgS}tX5%KP^*-@Qkn%8b#5(arCY&sngq$me%0O+ zJ?(1FQpbPvFU}ElJ39I(7#`MtC-^jYiB0vxS#F)&SWVD%I}kJ~Jn5HSib>p?q(3R& z*isDjduC+MiJPkkJUDMiMNo`!9bB5XZQPQKb{%TKo1O-J6HBdxdfFrgrxS|rfikNm zmzQjS(Fsk@e`a~o`oBV2BC}N~o+I%lF<;oF8Fra1E4$yl$RG8Y;ewaI(%8%u@klwK z{NY~lqx}^{xgYOb@$muA37jE5{1|Bpsr*Z7f49Kf4x#R=O1}~X>3yW7)6Uh{4Bs4m zAn{jt?)UDGPNSZRV^K`hHV)oR$^_yUcyy*0HoS{~4sWW&>?gU?OVDwUT_QWC@p; zZ2_*20q0~k4qKc{28TSO0Ox?fOm9`~3g^7AVxY{M?ye<>sVTUxiT*Me*Jl`$ofi6Qe%Ajqf3e8F z&EGHif9L%FGJjNRflm;+uL1xt3INZ$*h`1LYMH6TuoMUn2SLv*))8u4iIL zRi7_OcimxuEARZCOv8lm346)=Y6)N3NB~hms6Cs+S?D6ufnbcTp=cmQ!5VK zLUvk<;|Af`7g}#~k)~OhkY^Z)SwF93z5EH*i$sYC{U9RdCWg#}unglpB{>US$Ed(X zWJz44O}R~sb!CMwN?R+ib zWmi3Ukd|KPA>Kz{gO!oDz zImvT`{B!HRsI?$a58D~NT6Oq?$7>mHDRjL@p<6Di z@IL-}>Z43B!AQJz+(8ZB;by$TMCnq-#P6IMKeA5@^~}#y;87XCrhVb#k4eYg-Z1#M z*yRU~k^pKZg-PRl7GDo^t({McivH&bObM+0SAU0yk(Vb$1q2wT3$;)>zT1x}V(ZAB zJ8SOT@2rL9M9n8_L^+P~=WT9;L+D*uTF{lo(>XnRP*Ss;6pLiQP@oLAJ~C-Ksx=@( zGy{L?PqC9$y?ED@K2GKeT#thUUbB{=74()VDOAr;lEYbSacJ?@Ey4tdH!q;$12O%C zz+YTDQM#!BiI^QIeEoWqF{DX?%Durq7j(+L!cT+GX&Sae!CnL(;G@1$GnOrDlH1$> zLi=d_i%NT!LHZGQaegcH@f3kNkVp=H!ib4I$R~OJh7w^M>;X9$cm1yBUYwa9?SIKD zIo#KnF!guOlel)`GATwVnLgnL4BO4?mM z`WY8>g7hnV#ux}Ly-GP4a>iAVSGWHZmxaSw;nDFyzUhb z8GvCXxC;FK!4Jw6Pb;<^2n5~5GqNwFFcT{+mYqN9rWYb+7;~bd0X0RWVtN^6Oa#sG z4uQ})_i#=8RKZZ4w))DL2`&q0qVA;#rMfnSzWZaOw}K=-^+Fm{2z)Tivmj1_-94jX z0_;OT&WGQ9juU?#(b!8%wuehg`&z5$wOgb*!S5;_i9<0?e~m5hhoeNHc_c#!?UiA? zb5kvWLfK<11=+%}=aH!L6N+H|fYS6ke-OEAp8N>`Ef!1B2t9pN z`c_E!ry9+CT4r6(JvHj=M&%Zl6FzOUY+`d$NI3Xec!Mt^3Rn@F?+%PulxlMOOihDH znov^b(53U0NV;%mzy9LlZtbJn#ZGGNGCa&6Eu*VB zu=QI*<61tX?jaq&;$d0JH^3qz$cC*Za}F|WCkRM9HpFWVJ4p!OgB$7%>MGf$$+}PT zgr_XK#J7IE&lG~=pQB_QS2eEw|i)}VA+h#^; zO!GlPJepAJ*1oBdWGTYnu%H{2vqk}Ntpe+8g`$$3f6V~>)AJS4VG7BM+CSE)nQ zI~O0*u5=fQ7|WOau3rP?hi%YHqC@R;VC12Ly%{E{F9D(jGaXwGScG<& zX)Kp7uqT;HJi@}skNf$FpkatY-fYU*4J=p@po<2i|!VG!v8%<OP-Rr(!3s7swzaV$O_NT#HXiGcD!k(D-?W&Y;@$@P`ymoF= z%JOyR1&6wHcNoM48|W+1e|h4}(mZ-*Mh$g`wj+^kZo0&TyLWTdaU`(TG`ViIyDE8s?}c^^Z7aaSl5UleI~m#b^K|Sf=4O**yi^gdgFE2 zsrOZ|eU}gS?=%X^4e6-027lQ|$?CVHs4&K}7uv?y9XP`}o^=L@@Lv){>k6Ro6ie9x zu+f-F?)me=H-g-MsVbb;<@oY=C-vaVR$@*eCSWu>L;N^J_>^JWOvTN6hcv!m74&Z>O0XeA*?bT<#_`Rf9DZYU(pBsEcUcl9PQwoK-FM@w5+nBP3bir#m` z3`*zLgPPW}k#oR)=D1t&rx$xnU$p;E3cF)d$*&x2e^)#f8#{>y^k3bmhE1wq=D+Pw zV5qsa8}P^2O7eF7!dOC3&dDB>j=Ijmh_RhtQT_T$JlKk~>>7_+$X>^j6 z=CQYBr0oEU1iJERwkec%v;7Z^B553NQXE?A_Bv|Jfl?11A$|-&qjUNADH_p%1`X&BTQN zo*aehrXc4eZO|(HSzSFaVcp-7%A1qsIaqB2(V2yyuD`%*x=+4yg&bQ5Ft-WiPXB%I zen<9L5@=QS^QdR~kmy6wd3}UEH6oeCIbD>)y&$;nn7*0-@owTT>%qh$$I7S&zK`J) zxGG+WT=UjIVxjvdP}~B@Gl??YwN9MOUSewHn*CLBl}i7oF=4Gc*a3nB1f6G+9ydre zKrUXUP4Rq-pd1V4fM`|fs0k~rNzmV!hJJB*3w<}JY3=8Zu_lcjMhmBhU@?-k;2)t2 z{1y8DnCF-Nm-#dP+x&IO|Ck?}_`l7cQ2IX;kpJEsu!1RV{-^otlK*Y~s=I%iKNjNe zIX~82pPwWeoMmX~o$QqFn?7kDS7o-~JZLfN*xzyUmT%KDd zJ5Dffwqs!WQJVWee4eH|b?{B<&6pt;vibG88!)^)qiX_}L>3g!Ix2CaCyocaTL`mn z>`jgI`H9~cfKKXyvFr@_5+|ojNg=Qs5J#?zSN<_;`kkZbP@ZE2hMGvCNFN?LuBCa& zxP)ve$ldQX0K8+dLKq zejwG_&ztRTE~z<%7VPIukeh<+!qHPy<0Y90W$;Du;4yhQB3%LvA)CWO;`%w(euJZS(Mw#&MIIWL08&mDT`9rz_~?ga+yYsV}AYvt4~4T!F|GE3e|Kg8Uh9Rr$Bl@mRpP9^#K%S4ftF9(~J zBX#Gxy(4CMrbKs!N+}bgcQTYFgRQMwk*^exF%SbGtl!){ht;aZLX9_5Xk~-bynhDv z+*qxrvFI_i7(kH=(sr=65#D9}7!FsRG^mt2J~W1U^^Qr_W_v+ixFM5tW;mX=uM(zPXjAjFD+L~pk>{H4&5+2D7w4q-&DL8( zn8i@n?`NJ&pfH-Ve{8&(7ip**QDGJT^QOHiUYz27?0|fG){2ooD+AwD@;f2EAkH^F zbPWQkVYLSDO2VhBWZtx_K~Yz7-f>WYS|&)ajdU*!k@_ zryhUz+_Ob6zyaJ#Y7YTQrcdRJ>v`9VUjx#n)dQWj&Gg>5d!?xOZ5@MeW^gS5NXtz?hQZrCql|*)}7|5mt69Z(# zv4)uX0*tueL*~IFt%>boMUS=6Q%)nB8TC;ny^Jbz&aFE1{!yW zXWW7D@DdBMP76p&LL~O}mS`Z41cewG;h>B3#?BW#0}BcNe0lZxxTfg=Z^4z;G7RDx zAi_UbIkg4WS~+zzv2<^x!MJ!l@(==Q|Kxh5m7<%TclUPaih>M%yMM(WH<@Uk#p`>h@m3-C2F)`z!;e` zGB=8+;L=jh1$s@VHyBePV32L6^-$#;%bEqB1mKt&PljsYgbr-AhkC8O^I~;N7kjZ4 z`~#d$M$?^^s zyK!&S2pkStCWFe1$e3cNHFRbjbyV`;1|RKa)B~y^K7`OD7!LWvkY&?&2c zi{diov>a{mcj(Mm4P|pE>)Ht&u9Ina)=*qzjJ}f_WI*007|G)6Y2`A&&my#Ldy0nd z^$611+y`K%H$3`M8*sB}TZl|KO}(sapr7-S3s}oI1!7Pi$Ll}J%pVZ_UH76CxHf;xCjXpS53C1&3VPAr|VU} zi>WBGdI`JU;o0LFP>C4#m^;$gRS9%R_x`!63dmQPE#hDG25OKr)#u#P%{m~5La!tX z0G(w@P)Yrn1W^IajwqvlnlG1%i2Y5Q`LKU`o$)eVWVXM*-Q03HclziONM&EgM_3!nC(SQ2&jTj%@$Gr?ZfSGEk%1zXM zds<^^P&smp1pc}xB|=*t+(Jbh29QImvJ`Xu%<*nnW^mE(C0;iH9E5D<=4 zQubo!$X2M6lf5uibE3yI0JKAAu(p{zF$1U0lm*S!3u{ci+@u7MrWz@YEDIq#XFnd1}sw7wibby(J@iL5nd)^6qmFk$(H0a6ep0dMp2jQl`$o%ad8nb zKh8c${j?fadwi(oCv|G4INsfgHuh(xf+`tkl5!>{zXhr^amsUgUShmuol0oCdPOJ^ zIrawE(oY!S82i{Hab_y>LP{S9iT*{DDWDmEuN$-(K<;tghxGzdjz!|QDre=QrzW42Wm1dSD z0@UJ9&NZEm?e!luOG5h;<;>a!yn;RiybL}dudz+(iytNE$(nu(@!YyuFwpjqPjZTI z4Y&twah<3{h&+gRI0PzDn+ z%nCt@@AdeMgW>8ZSh~)8o-YOEcvRh{vR?VPz zU%lso8Au#oXfmYb?tB2+rvFs_`M;I_e{>Nt|LP*r|GSImJo=}LfN%c4E&^}aB^KhJ z71hT6=gq<2zU1%C0pow}C7nnA-b-2%{%SOjxjGQtI=XtTCiE8 zu{aW*RW9HY^+Q1fJ8yoW^0gC)sE7#(+^8Zvds?Ef1A_@gA{;ox4SsE$KGx%gO9hh{ ztBzqK@|7$$H^YPxr46Ufj@nx5E>_92&Z`PHXIRBdr+`#4`G7 zxM+-x-_lIwD|47=41OF-5q*$jE~TZwYi*qA-#SEw2qUt?fbc+oHD3zF$kmIX%8Pb? z4CL%R9<=mQrg5@G)oX@@P|w*7-hNEM5CGmMo3X#=eg=758rxfc%uSEs1HxQoE{M9h z_g9aQ*r@K(@B(js)9kfdrn7OpoVk}kVc~(*UY8_W5TMwadeKgzDOuooY4Ul`2Tf^AJ^m`|o?xF~$tt)-P%tpLnE+ohN>^}7Ot+UiSSW;Cn z93*HQArOk!t7nA?p4?D839*9)Iecw-g?7yJ)Qiz+#u-eLn{&-`fWWHobw&BGXq+o^ zGqZIxzA|7@ZM78sudf>GdPX+y}0StCE5EmxMKubOvyYyxXo6-Zg`U|&r~-L#%E{O?L{!K#_;9zUC@ zzp)rUoDwm$5n+#JgA`_{J)@#7*?`-|jWr0V=buE8<#njc*M?S#+x5J!5*@r>++rZv zj0?eHbM9iU^M#(_$%47<+fq=V-n{x&K(9Vo-O=WS<*I$-EEIbMaexws0Zyz{yd8L zXnC>LVcu643U}%r+{Qab9Lg7n9{uVqXGn%=(7q7CB@BB3U9QWVseIFUQqcMup2ZYF zU9$7pvnSZHdMsFoLDj9bqIRaNqe=N$Vy7@RC?>|_nAS4>|{7iFxNwy1#1bkma~SVFB*#O{2+p?qvF zRBeeItvJ;mp`-TQ>8GXjG~$C1ylS8;=93&{%3u_DMducp=Zk?$f{&36`J$y&uk%=F zm4JK-Wp{!mydYMLIA@TE26(>J1CU`NDCgPB#1F_8@*miHjIQy!dzQjm=fAIrC;TDB zH_q21v9Yb?#K;Nf>qKmThH5$+U&ySL_d8dbRK|r%bj74m#9wK>2~LtbN7-+nOuoCPR14z!mB~6b>07R9HEyie>g-S}Cd83itPYvQo?} zkc1h2ab+`&gG~qmN121;_QU@AO!jfqfd@#t+-I16U58e+PdE!X8;*d%L0JoO7F^@H zsiafyP4I!P;25oa2Uu?FT&Y7yLQL!?%H+~8_O;OJ=anKP{*m0M20Wsu3x|@DMf#C? z2?V&*!)Y8Xa8vY>H?!45$dPS68xSW{NjHaW^C$FvRxLA&$Ehf+!gA)c_U1Co z{s|fI^sUz&Hz>#b?U{U@=Iw&T*S(&CuD`WQ@OPkM*6%elicI`u1hB8k%{4+bR(i-q z^SqCO&LF}TzrrYSE08l}esn$qIbaiA4O^?c7Ze`sw9VA6MUk{cCM;{qxzJgX&~k3x zGl^-%!fa4`^unl#^$4<5`8Ya+-*?OTZ%i_RvGX?{JOz|Ikh@-_g!VXB&HN6FO~--G zso}vnO{$)|*Pz3&Hk-ZHyjyyQ5+ax%EqCk8Y2JZ|Zj?hc>!ior>%nzD_Uj>P+XG}c zpaY!xb(xJrHEuUr60K~VIILi3&Hgt@oW^ZepQ z7bTE!8`vnPdE^C8&UY!ZbGKDX$_87+e&EC#b65#?Apvk+&q+Kl)JxVN`R5?gKUc#rr|iJ5=##CaGbj~p`2z8M-O#z-6ykLO?Bb!V zsQ~9=8_)aWjLnm59$_N3ZpHbVIE!l46tIdKwaw{2ZS$a<+eBeC&iPWU;N0_!j8uH- zd!YH>Afl9v)F0nT6%Z=7%30*q0xq8R*-U*MfF5Q$Wa`Nx20=R|hu9xwY>naCzhy#k zdPsqFt)hjK#N5CPiQt&woJz7mQsC0 zw)0cuM!?qh90+}21|uK;$?+3k}{%Ikq1Yr}-uPaelnI|0Bg(3|zi0 zEe}DSN}g1x$C{ty=PbZj-Qrv66({RHl`xUte)zpSTOx?rptLPAUm9+SzrGv5Sk%rI ziPTQ*ppg^2r+F8JO*@Z zgLA4Frce>PiPYsKU*Y%JluR{C)Eg`JFDo7=%f}@oeQ7snRig3KQ)sl#CtV)ZdI3bk zAV`XNKk@5Sm%-wnju#Ap{8 z{)GH0v9&qk1vMCmUer$e2`7#^tmt{q0lgH$l9(9;!h57oF}x;}-LYY;U>Qg27ouv9 ze>pt6r!RBUg=*qAnyhY%3(=`Ux0%sjsU8IeK+K>(2PhG?cP23 z7?+b?BJNv;ps$PqtfIO&?n7(mz7C`78AQVSd?vnLq8n%|F8OkNH8g{?GjQf6b5h z&x(ux+x&l5{A+&t|1|#y%fHP3H>DY9;6Kf;2faimq~H~F!=2&_C2+*)M#}9BF{CVsa51L|!*uz@&zw8-H&3{7`-0E}ENI({O+ zwt$rWv~Vv%%i4zoGJN+tsljciD*V9}=_wkeYkDvkyzSjo8WKW-TAos3WOsrDyA%jk__P)~-8!haVPpXTDtf`O$wm3*6p@z1EMg}PWPRjvg$jGN7eojLBS)F%Hj`9tg4 z>moh{gp2m15va_hVc0Vgjezro@^%b`O^ZlMPxX8(QDJu*@cD!83!Y#5Ma;%$4d`tO z#^sJ}LxT2RDX28D?%bY{pgHvgp*6VT9nNj(`@cO)*1DuYsx*QmPYPq=%uEN5ZkVsi zi*lP&c9{zKnV-HD4{X6>%&S4?YGL3JljR(52I=JJ?kRXY@$IjcJ& zDTj0H`5m2HGx&BZXer{6lVtCLNnEq^EoOuNA7AIxBMP);+p=xjwr$(CZSAsc+qP{R zyKLLm-KUd&=-Wv@tiP}_GBUq8SM0ZMfAI)ZWhA;DkRA=U?J<`>Q1|u@qUKpXJhgkL zr$MsGmn!s*SE%0{J5QCkvrK9Ll%$G{LyIp@At)D1#8&?vNovmaVr|Q7XiegMsVnJE z0$6ZMl#zio6`k=Q=p?B6gg+pyJwglUT5;4L3C;Hd2{7A9aCy&xlx^o&%m3S4QJySb zQBAQOEGF&lujV>+Tr}lkr>=njti-2QBHY>Npre}iagaby#rw%WK0{FzVHGH0E5?TO zve;+YW_}dG!B)>XXJ|VWqKe$%FjXQ6jZd`&aT_H%nZCh!d8$Tc78{zX*jEn`+=X47 zVdV5zVN6;Mqt7+Z$XRDC&wg+fcpzsTxEJ2v($z*zX6#v#hosdxcw>BkbCeMHm_)s0 z3HfF&6-B0f>$_c#d*tE7f#}$Hv`Db4-PuI!=wU_ivplEe*x-OWHDJ5+gL{?*)W}Km z{fRmi?@oXv)S`o|8NDkDCw1JCVod~ISwo2{CN*tbS%k}P7I+kXA5EuDaVDhE8^e@0 zFsC&NLW-giL045B!qH^IOvelODnaOo+>WXaCUd9GB+t_wIsKg8pie z5icyTF3(o8L4SyIjq9utuuy(>^K)>oH28xy@ZJ4}1E{pFhn^Uo6m_lKNCkvf+FpyO zZ3dAwn-ag5O+-XsJjOJH*!cH4Xw}d)w7}O2aCxULH1?{P#;^c)%A>P)aezZ z^h;190mu5}BbUza=0#&0Uu^RBZ)3Z^;O_!-v&w3*?M+tx9H_Aal6}rEjPCIP&?f3> zG~ZWIBe0a7O}ki3Y!iX|3<)6jUI%#Vr@)8 zoh7BdVb|Vntj8OK!jrDcGxHK=pqcfM&Aq6T#=-IQy}f)9w@=yLe*vW-l*$H9t~6~< z$@|+ku3YjZY99wDAbT4#{m}4#dtByplzL(%;b~@Chrp@*-K9CF$^@6XO|qNxs5)cQ zq2@C?E^@zbH+EoH6Y)^6M{?|aPQy1-r``)FD!V$_W-36z67tOkiXH}KwEusQA)0wNas7rz$-+W zn52nYJK)*>3dz}?J$@oc;U)nf@)>bs;^04fG%NqI&ADWSw-A*R`!b^n<)NeF@L+J7 z^vZbhRcHTVQ~RomI-Q-bQQ9GQhpXQfcbTy?E~hAfyOT6Rs5R*ZsX^=^Z9czCk_;kuk5W( zO7Z}o8h!q4s*2wbtiUuDB`y@Oj(XMTi!AoQL_Y0EvnDff+f3Ix?Cib{73}oEjf7Zd zt*DHH#jidfM7QM{n}{4*;tZ(;<8zBd9Xr|Tf4vmozDhH%B8T}Y_imRkPQE6D1Q%sg zcLs69H97klj(UTZ+^eO`Hq6>3Yc@qb5GMFcPMd%yt*YtbRi_2B=)G#jRY$d53Aj;x z`y58Y^1K{V5PguzWc8a=Ndx%v5$YSY_agMUcPcTyA|%U zTr+G=LT*+3o(5WxmN~=pnQ`&5?_#lCHCht5L0wPq_uSbDNke zedm)r8-1VZt;d(qHNd8%trzM<-@*cf;i+Y<>O;~Mzw&*ancpmn7`=yRv#eC#TgTM#C;5c{V=u(tV9Y?golk@>ANoVSG zSb-l?Ju^Y3^p-nC7EVFITcC+;<<@lL=C1$jpgvY)j*)x4cii@+KL6{cC9I`!BO*%= zn5`87+VSva+-^4B9wv5?hDwTuedcOyygu!8DGUy{*?;}YvW7%A;n%<-0ROwd@-zFF zZ1V)=3!BGMcW87Zx*DQws@_q~4XQ4i|7NL>kp^5O8Z%OcVG#JuYD8mXc4sCn3-GiY zXxCT;9J^qVT^H_oSnX-j`Mw4VV4ZGwItU{;7*c1U!thyScF?DD@SW{z5qQWUDJ+o% z*-uZjp*~T^SvU!f*+Ujahtc`9Dy!+=p6*p2El_G3X)0l@I|yW99TwKolq>?SIBcm0 zoLtIGa&Z2C2>tl~CUp7#B6QmSN$3l~|83>ns{SXT#{#A9Gj%lPA4wPz!y`y4Rwi+dr3831-Fia$E_t$=`i9^A@!cQM5a1=GR&$83uLrWc;hOP(oO11T$bZZ31NWR zH1BvG6sHY$63%5c9bx^%+@vq)(Y4h?uezepM#}`LS1Mkb8Pq@dqJUXXmWsjfM;=Un z_o;LhUNw>^5~*q`{q0_U zch8MwB-)(Wdtl*W0??8q#(HvnJ9wC;FZ-aD2MLO%83veu4?g(&7NZngVJffDBIthc z0%GnKAu{Kf`4PlBHL!L{&2dqCSle4vHSf_iFzsZ9!j1~piiGg0A+Z8ngft6Yf*c>T zJ6PoI(wfdN=?mOD==)(~Y;j`0X?FP7PujY+*f5!e9@DJO)kRKo9r|*0IQ|48KxGpG z6rf`%ht6FsYLzl6ci2N|I^diLB^*)Tw@fG}D7TC45(M?7vKPRuRhN>9SL+5%gEHd{ zIued557Tx?^097F$&#=1`N-v4eKM2ZO>;8#Bv;4k-u&f-SdIT}R`WU(8MDk62bt1wVEn zFRhqOAK_Yjf4ZJX}g=b;2WcLqFSy{uL$LuaSqXPlh2(SM#h6Wcuh!uQ19{^;tDO@vap$uW>177`N?&3-7bU;v* ze7QQ*fPIdgGm*s#!Te8{@#TwcsigyON>05^4u!(md3Q{*eO`fUBFI5TGE%5xi3=kT zCPw5FR~EphQLt@uKIOiM7uqZBM{|E2pcfuRr$oyh(P9VO$IG^g2UejE%U+Eii7+t! zl+@ttY4Nc5MYbpZT$S2WK4qB|?YNjKhdZG__w1|e*+TG=6um%lzCrW6fe!~wDgr4|Jb1Gz;7}#vJQxZPgE(z1U-Hhi zI0)h49~_~k9JNs8u7?j}{<1QPX3e&(i~BRIU|Kze(l8bC;scoGU@ zKNiUcdqJ(%8Z<863(Jc;W8~Pow-~k!+=0*KPqn-)Q1n9pX;wM5$)d&0T20{Ot-1nxV6h=WS*&zHeeF~Y7 zh@3lV8p*J?QmK_d;g9!;2&ic>T1W?811Z;}Kfyk*RIZC0`QW~*_DZpBB|uCC({6gi zi<~5!uT*gw-?3J>NIJ>$N1#W@h9Mrga>K0t$xYj1tC7%EjdV)O5?-dvW+^)t3He^G zhUm!S{;gH;L!|?(6L0F?RE_b}PB+z5w+FanH9*c(*y+fWV*%nUL!)Y2Nir=x0$Dsn zbm3ycDsWa~^FQBi+ch)$fs&C}R?X36SLVY(zl)So1|q z#5zzbQ%AM5%gM&77WPr-15%baOiSu5mLiLK8;i!^=+sOW1ARsLVZ$&SoyGTBFm3Am zJ}I-)9O_m0jQc}@A04W-w!;196vDaxWI1Xg2kj5dCD~#xR#NY%%xbF4cJ@G|~vu}b+Nq-$c!QQ|^z>ASCtKZE`2~KEOxtEj(N0wuP^$;!IDapHincXyyH?G5O z#U>Gl1J=y88@2r*Y44m+mr~t?g`-}){yU5{0ZPIntB78o4A0nYE`5lBsKj3V`3aNT zMReNKp$J#q=!gbX;kk%c3J7J;;jD>hRHla+Pb})B<8n8gcMr(yv^!yh%WI~%*~~7S z&f+4qs6wI6qOY@YV0)L7Z|O99K4mL8YbI(n+F^IOYG|r{gk&cHWR-$?1gW%)U8@TM zVx?B*a9$WEM4C1e4I&ID@|SmW&0s4HrOf$moO_NVIHE33^&N&Wf6ws8jwgXceO@zX z+6u!@C9e7IZLMD8eZfLL-zeh&Vb)U4;yKz6x_bGsHXpGYij8)3bzOTV-6wEUuEN|5vQwF;55gtcF%-!x{Uj)0LAP zy*Ualww+xiR7~x8RSb{`dKn}q86aYwDV8!kOdp?#_90+MJJ8kAG>bmeh!QLmv@^(J zlzK=rybQVHT>ym5`+Z8-*^O;%@WFCl0tiEvAwHAlCjR**bK;n&^6+n5e6xnFrCvT1 zk9hH?YlmVW5)W8+LJH?6K9vZI$-|^tdL1=pmw;d68;V;jMYEl_@A9qtPEMS$axa*2 z^JGT9=k)OzG5X{xlUzaZQ0kr=iM(C6w`ZM!<|Z1i&k*+MDrgNT$A@HF4^qy7DTpcN^G#<<5qrL6<>Eoz)V!DjK z1ynGLGHQu|#AG_;?i5GB5qwfc*KsQrD(^hKHLSceIJ~L69;m%1C>6t_`Wo(IoR?jYFo!%2>fjxjDEhIMAkXbVS60e`=-9CW z!)wwrIi#c-#2Czct03mIbHiW++at$=R>r%He#Ux~J9P1tStJ`jneh zkiE9iWXg%IchP}LL$7M?HG}^l^xOa2%FF$il~4WOR(@;wKUV&_<9}QE`Uy~g12lmD zdjEevKiYDV;(wT5@c+y6Z!P~f^Y5hoPv$pSX3tXo0AdBtTU;78qJfduBcCb1SCpTy ztDzL`8{Y`)$1F$*{iDl7HLwZrTPEYz!4LXI}nsik#1a!u;4o|cpS7!h6Z$mf}6*G%S0=gjQ z#eDr67p-@ z)+H%&%zEC}7sahKYIbl+6%FETFC52!LM!xh#f^z__OK7&;R*}K`W*DW{Xxg#F7Ab9 zXLUI*FtQL7Z%tc~GTj|>K~)vQg^MJX)V_KvY2sSGd6XesLl}ko>ILI%HOeAL15K?{&eh(p;9DSL;-*R__4K^Tme|{~L zp%@-iR+j*?9QG3QD7>3D*op56+*&{`j;@mVbA(JC0xRXm3a#{~SZapUqCRJQKNEy3 zuK06aIe;;6_D6zv?qQ2+!i0Dgcq!?}k6f+$)aK4^8V4OC|F`EPKRml}4-JQESwn zIjLOvR0jxfr(ETRtH)H#Hkxu~pvwzfhAa&SSkjLEZZjqpswe1h;JbVadDinKWFH#9 z<4J=yS`H9d?=;kICH*TZJjHNK#M9?W@oBEyuCYCL&cOpW9!V$?nT1Dqf!A((t2V?x zhCg$LCc)U|e3^+@CR)X0;A^~?3h(TYl>(PD@6RKINR|*!J=zIXlH9DUOD9v@9Ey8^ z&v&3zqD_Rt*y=tmt)U_l`;E@2uP6KG?NEx&=_I(&BTQeSu zfTQ$65 zykA1cYcaNq#2q{~yo2bj&Y-;&v*D+!i1^~Ra&C+#FOYqQtN(RzTxTa?b!woNthZ={ z-lVxRog}_`dgUr_hN?VK*ZCq@altM&l~N!5HWx)?7=h^68*z4^G3kCcTY|4;CwE61 zx~A#sSG9AA-H-^6nFy4Hh6mW4FJ085J^;q6VUG_X=&cwx>AjVZ`;Cp5F7$cIat|+e zl{flV(j_XO46>E+o5rVbWQ!;Yq3-6(pBXXTG5_!_Y89$#%4>kW&SyBSOu$`N;96r4 zLUbAY*`77?(V)WM*qlORV`wH(QUw?o{7FZP@@QN!kGZImk!Y7g>~E(6E@-EKK7xvg zxXjx)bV};eqz?Mu=$wi+{vR>Cg_U}^G&`BRK{3M3?`w~i`qSBlfkZETgxmXwv`uCq zkw=EPQ{&|oMPPZY6$CZIWP|$Qh1AEejXt4R2pE1Y&2D)) z&Jtkc#oY~)V`k&0y%+?}+V^&6=TQ$(ZJ#U|XwSBnB=TCJTHPF8+~?SXRrDwbA92lR zN@QI=^^$k?Pgz|OzH0OHWcmQg?DIjdGqxIv&%lY7;&yP5AirZ@EP-X9@e$hK+)>zj z8`du~Ez4VS^j=|4rKs91=`JlUXD-~=8I~<$ZK`EIN{C!Fv(64O z<^sP0B}z83g)I^Uw}|<*RP5^GL+#^|;X_D0fjvNz?=^8}w)wLko_|N)*||2q7Qv1w zGnzqp)iFm-&v;vqTQPTRJRk>VhM09F1wHND25?m01e_C$j*OwQj()kBI9=^) zT1E9B6r!uh{jISEUb%y^=I*unx}Vkxh3R?fF^zCP*e;45J; zY^oAVVBAo~=Ms={_Ckdk1K*9}R+XqB2Tq-xu1cABv&xXDDLFq9^1(d~TzE{mi4kid zmK-(Enu#Y3{q*us32#}DG#hEaQJ`r@0YB0cC43)@VCwGW_Wx!COf|-3S?LopHR(+n ztsd=xo&7zd_SecElm}k&iy+q(UTb2@=1c-RB%QC^v(t@gb72Qiag1RvfdMFr?q-Us zA}V1Q{wDMN;$wRg*&OZ*Q|moZ?tZo>+~uBQ78UXS;kOfv1~GYNRZw>-4FgrVLE96C z7i)N-bOHkb1V%e>e+8tF&@)VUGZ$MJ{nvl4)Iv;o>GSg$pRcb~EKI@}_nmIWbZ0k0T)DXvbk zgC;pl1wnZ9gc|}W5d74B``i?(s3$hBeHx$uyS$@Fu~3vU(|vv-MQ^A z|C5t*6{d|uzw!ws8#}B*4q}lM!Mw)0YahI;;{z0DP!#sP*eKSenLv%BysEo!@I6yA zyS<^5HGRSEe{Il*`_4KtrTqPYgBM}w(~||YPeKI-!caL^-fRvZ`QpIrCf4ujRA|8s zz9}^vvr%agVmpVEyWD8rW8y~k2#$W5!x5}}?vRp+e;n%Amw=d%lda`+(neGL+BJEL zjgmntdE0j!%qF%l>I84+3?%}Ht!pI;Q9);x0PpfmqlBgOOG6vywIkGff0;}{E|@5D z#j_i}8nc9Zw-DK~>nliRiM0kldlFbYb&axKCf#+OdB?ARIm!lf2a*!8V$4d*7oz}f zH*&8Ppa;M)V0>&0duBrlGCbc&`Axb?stUR(*Ha1hNo2tmy8}@|YgfqKQh=LU?iQb= z3>l>>n;s@9Sf+TB8uhY^<<{2R(CtixO2`bYQnj3EKFfk~fzPak@IK{Q8*?h<6Q~)$ zsv>}?U1)Pt#LR# zN#h@~R%nugKuwR!wz2*T2^>bOawYi6%QW+-OFn<=8;iZYA`Gx0ayhN<0JmwTYtyctjx94SP}}ps{^u zZAG9FJIB%uAfxF{veine|0swLU``K6hU0Jbklr~aOou|yS{YccM?eJhpE@dMDvv>6 z?evbp>5e@xp5%QQI+wb8nBB1tm0tsedARCuMg&=*i*LJtieLLsYOZ|LO$%aLsF5h6 zjON^*@#=;^0F+2Q%rTowY>4w3X|mCD)dR@`0pw!unXqLlCE0az1PPQ$E{eJlp*mJM z%bNRCc4%bUkQ^la6s31_JU8=~Y|#4xMBzLD)n9y*@O}G_bsK0#y00~ko0flL$@eql z8;;|Ob1@HL0CR3ULX#1=-lW0Ci>ipgzD;_2yg%9V3o(lmYwSc$t<8thZ5|f2k{*SI zjq!pm;3QvOt3BE+p(rgPH*2GlrHh^V8yI|@a#lkvY9lrPk>%^1q+Ecgg;pDSziYEx zgCpjX_hijQcnH%8Y{2->ZXx_wsc`*ApC&_13|>Seyh-`2X;3K9D+Pj5kj#*N$=S7a zL2iKW=`fR>X3R;%-s*hNb0iye6wl(OmcjP3QWy<0TdoU084e=me`=x>jg z^iOVO5ZR7>2DFVyylNQUuirCkB#tUSSzI&cZvQg^>4pzp@EoDgO+gzRoD27<2dW_k zKGTuSHFDr;v)kG$!LoC35cwgho}=$lW-v2e0Qc6yZykk>0<)?@pK zi7*R<79vGg(}fg#WxvJ187c%)N2(#-Bb+atk%KhmbR7W`B97NX_D>TyRdK)+lHn-J z#MQ6SI}3i(r^8-f+VRA9a$}ea@Z9wJT!qX!okT^IV?`PGsR=KWSFE10vm*KG1@xz= z>iA`JnLc8O8j$*}zv|h=P#w!_JGh!L5`D2?33Sl%#*{j=hM6KH(~kNAWwrN@g~bX9 znnLzh+8L4yn75cwuM$TP$jov)akhB=(#OuJ|IUl#p}pQ1+ws`+Oe|RFg&BDczrlv} zIK_n$u!&NbI0*Y{8#|5u3>&7V@TLkfh#In8^`GX)&~#o~((KB-UZ1DxiH_Ws0A-;0 zGJL}fn9#G5Ck~qsC!z}R9@k7CGT0IddLvh&y4XtE|Jdd|QUFSazPi|G0h`7_^#3T5 zGG;cn(?2*)4zS|Rta7*hp)V^%*?2AH{6G9-G7 zqj_CGa0gVoGxhi7j+*px3MmUo-B2$y7GjYSZhQHYAEYkPi<#e%24_6fw$P1TSn&1) zJclVwE4l5h6BA-%a(-tBY3sBAqiHf1Y$hSp8PPCrU3Wi>4)Y36-ntxNKgoW@I~ zhtLqT2;{Xz@=`7;&CY~4KMtPhrZmHCF0Cyly*Rh^9xRm4D=CM(tA0(l_MFuI@x+eJsp)p73q14^Lwfn?mg2 zU#&FEmlZoIjIFHnT!dIZ9t%A|(+tLHK?S zTo$DVVq$CU`M4GBosk_Y+~}TS&VB{R79I!l=^$N%YK6^f-iFrGUbwOpua-<_+3cK0 zj2*6PTC3n(3^UWCckn;+gTSlp*9#Jw-od;#pB5*Il1)YgB5wcY17WX8H$d@FiU<#n zkK#kC710pL%#aspwou#?7I2QKG-lC8r5ZS&4zcfw_($dE(Y+5T|3<1-upgpOjWlg- z8KH0gD@s{DAYAQ_Qph|7<7N(81hK*gIG{!&$JRebD`FAjm=@$yo zqC56O)TPS!eDa1?(7Cb@bR-r|y`0*Y^JS5fRG6s3uikanE092LsfLm6#>cVM1{3@F zZB%n{Hlz5V{%!e_>QyWehr?+YmY(NJX6rhgY5D7;n5g>xhZ^2*V2nVeroX)`?4Tr* zcO})A+mzgV4eb)6@#fK*al_1i4!38l=eg&Z;wA+<&`VVKwuE?R1vSvJNs=7pS$q== zpjA<|12h9e_YPfSoLMwrqkoTtYTV%MF*k%L1`@nh7s+u9cUkP1W+gXLAkqGK`Jn@z^AJiX&OG80r^41`9P2buO1UP5n(a zytZ>#rJPU(Hc7tV^`XvwjzlW)tm!?wyk@%s+!h8ov!K%I!u^-KQHCM2^v!u|gbmpE z%xBAxnH-RrjtpP;^_MKO6%d8(!y%y+5_4Q!5@5DUpDEu7 z6P=HPs)+jxq(A5;tg&y;c;n|!7S)K{k(OpAhd0(=FcXGp;Xm>Z!r%=@9_xe>u>6`@U zsC?Yum}J0LOY;esfhkaiDL@mZ=b6k-1jwUPyYevzR39}9|7V)M|7X1ak7WD5l#2jZL(2bl=#MV{ap28!Y z1HcEb1}m<^>3f9)3nfnf^<=yT<|`!|+i>jQMoi$EK8!EfYct0rB(w&gl6&q+5f7dw z27|jS(?n)81sb8x)&}n|WEQm09t+3{xFRYAfvP~7wUP>u+BI6+Dm)}Ym;34uPBov& z^+Sn3p%ljX-CZMaaJ-#n&h-*<_2!@z*ZOy?bkS8C{OK8U6$nKLIgyVEC^$jQS^ z|L~a?eMi)EcZ(>XgYVbBu}Hiv+D~IN4WmsNZdRiFc!KOT<&TFrZ&rv3>6Tr>^**y3 zW_*`dgUkg(-rixvoa_FYCX14U&g`XAA-#Gv=h;rLynXQFMn^Tp7M|O7_C6sMO$7l! zgaMqJtYT7>h7dG^3OkiNMaWwCw|FP14CdajJE`OfVTk7}W@FPc0}IjO`uB8Um5eD;A&H^k;8T1X*MRPDdjk59F=Um{YZy4Of#AtU$tP z)}a@1VGMp)_9d}OEx`aXfZsOVDD|K0AlkN->x zeNk#GRX4|CK4Vj;1zK%*QPYdL6Kwi=eTMdaA*`g}SMY@@)<|dAfj)@4aJfP18b+HNCR zkgi{!m}y?-I-YqwVa{XnM!wWTuvtU($|`_+eDkFSu$ki5c1Qr2y#a+hC6b97TgRv6hu>7n_2< zv)UDV`uDZ5*^ZpjsGT1w`t))559@L zl2FyrEZ`nC-<=S$>*apANjk9M$L!uesl>eDX{T-CMId(IB%~a>_Lf%BRH7g`;BU5L~E~VM${knDAyGWlyl_~SkE7Ue{Y&ygvE&A+~B)aZykj0l$I+O zb>Q7bQ>Jr6rSgmzUAp25skCO9k=j6VTYAAKe?f(5l)HEE+|)2GG3^L(s+p1-COQe~ zwA?6a2Yv6p#j_d4-&JuozykqeMJp?}54@1hyH0;hlX0@FT@KXYzQ)R@LN_%bP?MR| zcHm&I{j;ExE_=D0HNE6)sX6$xK0)1jcWsttz9M#F#NMn(^7!ffb3wqC_hV}nc@dCe z8Y(h~L>rb%)f-M~-k5|XoI3}SBuIJ$gLYa zH&hncS(Xa65vgIaQ;o#1q6I`pN}ErZ1U|0bENxU5*S2x=p`L(p7)E!9OB=_b9&IHg zaEAmtu<&M1??jnQP-IBEuak%s3C!Y_l5@1^t?12};k>ip*XCtP#0`vY9F|~)Mcpiv z+<{ZTaDr8Z3yv2?#z zNv?pOGSggRrO+LOBGEE3&PM(hl|lOTG5scnn2T9p{L1g{JwcXFMc)&$NrFc#m!)uV z8_6hw&fw&y1qx1)(bDdtnBFa>QkswVt1u(#$<;hXdExhf(kN{*oquXI})7T2x#0}@oPWj%Q zDRNy(5`Cz4Mo4F6sC}cT31dr#ZP@c+dVnyBg)(N+y79B*_-)z>?r@9LB0gV4dpX9MX3)RO< zj4T-DU={Y;PVjSB`mzq_QgN)n`caP6a{0lyk=X@!zw=!PyXjVFu!(qYBpx@~;xww+Y4%ck_G)#2)tm6*`}hyH;PPwG`Pd$bq*(F=01 z4C}*N8Hf-Brvw@rO=PTWAd0C@lfp^_u@eU@1No9g73eRffwTQvYSe$2fB7Gw{~ye+ z@L$ZI{J)w1XZSzNKQ-~cnZIu8|73pk|6+d9|H=G6!~f0v>2Cj%`Gw^^SPv1>pv9`9 z&0Y&}1)aw)3@j!Xj8FK6=kTN1Hv?n<$jCgMCTyve1$-vVFzAzlvCc~GB1?IOkA$h! zOCN{agGcC*%HZM8~C3X~fI{ zxW0rW|IS;EEXEK(9Uk5O-7HA?n~3e0u>n3LN02xbzf`Y+N4`Vj&igE($3S>QBeFA$B4b@wxWke$mTwEIn zSl6bvGJIxIR{ks5K!`%VHN5T5vBQxUvRGTh=oC>-(+H#;s+$MPkOg96qHGnl!M4%$ z6}k`{e7c~&@r!UZ$x<47Mba1ibLW)?HJ@to?jbY{2a>~bz4JbrIL~c-3vtN#;j|mubdF!)eMgdIom>^bUwyWvBV54FzpF+EcS?ms4}eGtc<(rYF<7GaoBo`MObn za(Ye)Qa93;)(ELMbOy_x_cR^L0d!(+OK)+S+^UDd2oFU;4ruyCKTO#9hP%7M10YVx z6BgoO`{t4sO@M+;4}vX#YkxwXn1Mm*UYG=U4Td2kJ}ihgDI}J6Z@Flr&&0GedPenZ zS(~})V_A(2K8Z1cUCNE+jtgTpC1jApkbhl|p66)~uzb$6tQ@eR{yKN0d!zP#qo1lN z4MQ3(0E9q3yvx!x>k&`4UusBZ9D)n>oC|N!cVHi%Ft$1`3SDSpDX@Eja{h~#v#hWH zE<5L#eVPd(4FHR+?#F`C{7o+VsEoL>1r&Lwgz-lmb|8SpEFAONL{ekr7cn&SKW8H-k-v@-y0kvJZ``vNB(? zYU%w$5@LEkTFb07Xh;ZZWwfq2MVFZrVP{k-;R|RE=Z#PQyq-tOG& zM|7CGW)G^X?xk2AHeIs&jj3P)%uVBL{=v3ry=KhG$D#*M&*&1afZW&An#aQ5u2 zNX}@OAV{EDGaG!*DOW!H01fKLinAaAASbmKc11$8Dw7=YKV-~aBkYg5#(zemadC3$ zB=QHuyAQ!d{*nVoYWBlMEi{rbhIvw*%}wjFKVO8QV0Ud=!KFADR+;uodEP8Rs?pW1 zR%qSP$Bg3((Le20osAH`!#6^y`B>i!xrLN|1$g=30Pf|}_-GQi%=VhaN8bSyBDP+M zJK(6*26CD`P_nCKc^_`q!(xynTU0MSW?lHpQ_7O`&O@UQ0k@Vf4~Nig2*jX*b?uPp zz*G1{rB*7pc9prc1}Gv_ym|%nbDKS%gYhkhY5t%iAh_I~cxS^qv|ZVoW=D00KDn)` zPgiHhWybgohTqYytEIxRuhkJBe@2+0vOwoV`_oUaaVd2U*@U!#4}7>TvF)?l!*mdK zVt2B;Ve0FxGH3typY%{jI2)BJV7GT8F`V#pJ7h9Wl%cb4E~dme=YeTdV!<)Nri(w8 zl9~_EjZ#AJ=3&|7AwOjNmHLJ1U}#rC9yC>cMvQIAWi23qkhJ9^&;mn{E5Zsu1xg~= zN;rbflRzjupW@Q9cYJ1R8 zD)o(n0IxunFL9ppyL+srv+0U^xuqyRtLRa?5)enGn^kBnsn72PML1U73q$j#NJl9A ziu1unX(F+5I~@8voGOkZ@N#ffYHr%GVF%+xdw-iTcWpe_6^AAbjIJt#`EbauYa(Ae^%jKM`VRDG^@rxVfG zXifSDNt^=Gqp%X$<~wnz;yPCM){d|VKdD3@K)>9nuY1r5l8e|L-!81g1FZ2U8mV)%BiJA<=M&G@{nKf~ktcP7|VCf045fiJ$-;m|vb%2hD`<4uvX4$wcKsm@XV56#* zKh;V|OkIsGByl%kU!RK|NqsZ!r7Y(W5IeacO6yqp0PLk@qJ>uLiRi1XN0lc7J@BL{t*Iq`v6lks{wgn=#Fn)sA^% zgq=*GIj}4GCYJKI6dGn~qHeERfM14KAKp-*_f#X5!(-nIcU%pxB9v_c zH$_!!(!H0lhr6+OvC{o$RNUJC&T76nLDUfJ7P405 zDz7t395K^=MWDAnqL`rL#C>XtC1QMnZQgSkIDonaWq>Qwq!`A0jKhyI88Cw~b2zcBw#XZw%NpZFilKM#rg z5A*lB|0na$PX1Ts*Z3Fn6a5?W|3v#A=I>Gecjg~rqV|l)S6Z@@3Py3(krY1N#!-l7 zYwQ-Q8;1*n7$gd(F@thbd{|dZ;(hqJ01;PnmBABEZ7Xc(I#XBOL=ru~hqlRec@ja} zvAWvA*4NXbx3PliU@j3wsq_ER;6>MV+Qg#=pWuuNpwwgi- z5$n{lgN`=;<|byIS~l4&Z|zJ}5CJCVHPa$9le*Y9PlbmveA}HcYas4#zxobS_2rLT ze-V59jKQZl+>A+96r{%jLajj%iUwUY$durpdhZ8L^B@doOh_(}Y z1rn5OZzE6;QR$n6~pK`ea^h$BBD?c@0drDT0mc0_=F1iIT`SUJJCVCiSB zmyE*=fQn0qL?Tv#WJMId(C4YhF~_lW)NqP#6SPa>`%XB#9VZBGHeF&x3({_ah+A1T zXay1J3_|2(^(9f?s46ZoZfY>{B0(BsL3mSDzp(H87rVXF$%e6F>}Sju4&!Y zThxI3w&9AKX_j8$aSa`7dnlgoecLa!L*(`O-l4qNvuMj1G#)KLtIDwALOlse$~%;p2^bo0L44AM6(mCT zVyKtd^bjdj`u%%nvQ`iy{6QZypC}4oi`}luV2%VggstiF3Gs`ChxN%DkLw0sbMsIV?)A z-qo97T$z~E`OiCHmKP($J}Z;1WOctRm4f^MZ{aQZgZdo|zCfT7w=UZu)F9*$MjbJK z^X)=P4on5D@1grSk&xYW^Aw+vet`eq!~Aba2nz??!3t>*O>4~xSg!JXJ}gp;ZHSIo zAP*K*J5+;BoLQ@G@0YS_Y>rhS*==Eb7<|JL zE@*`4T=rhTHF2BEFvHpof@E0GH}rvP*b0CORGS?^1hQt2_?^!RN)V!nbPDOIj`s<~ zN%g$Kg4OoJz;ta2A%vcW;=rNd6lfjmsCH^A9S74jJj*HxDdN?9ZqU!AI8lh>3-2Ef z_MeXVVt&<(;*;bBv-9ARQYheqU*_Q^wKiun>2NETW=Ku>tP-a{4pe5YPJ?jSWwXTy zLdQX{B*>&B%1C53+A7Mg)_;E`#KaB@*Q|-LL+m^gu)suMBDH0{4hoPm^~;@ES(A@9 z^Z?I#sGTPa=9mYEYv_fwO|`BHe$gQH%AqA@1LF_ICXlF5$;p_Uw!>ZFIz9DmjA92f>%su`1 z|6vcK&=7^-7?UiHMWi=Z&1r>LiA-VFZoOpLxjnlw2BGVvZ4`q)tKXA(kiks;7~&E} z52hN!s1(#eIBJeoW&Z-~38ULlnK{P{dNq)ne3Y%sYAGM5+I01_PR@Z~yJFOy>4q00 z{@}RiZT9kS_guU2e?-Uw+a}T<@Ld^cE@A*^GJyE&;_zF3i~t##kG9lwV5^z$$M_Lg z6T0>NSasI2T9K#Z=gqFu>D{U~t|?NLjpercMR*S+Ab`H7LILa13W}Y;CJ?Tdhl&CI zDYPNUk`k5*fGJe$235tkuAB(lFE{CqqQY&Lr?OS)>;nsa84fZRE;RM^lETjeQFBrrTQ?l@RagTx6;)UG zm@F2_vNl_}puk=Ij|a-k-1v8w#bRB5fY*{#JJ(`%WZzfx1q+~q&Ea@U7!IRT>{c`EZl{hK66->>$E0K)av2nh6B zve5s|xWZDpggU+tqw}1@Rl*e_nnO~S%uBsXxxbQmv&yv@ZC`nJXjk1Gpug=qIg}Dt zP8H8T-37A8`DnT|IZT}T0GL~vgcmWkhXAyukqm6v%Fjy(Ss^yFK^&HyFaR-dON`O& z0dZg$#8(ea{>Ebb9M^@pM%nl^+_a#l_84xs;4xcjfHN6tLH8=@%9J}Qrgb>63|l() zr$NGWBLqJv-&UXo18k%CNqyWW`wqp) z$>U6;0HANGG>TMa{2{jz`nRiDAOpuG6;~R=+Qe;u*Bx)ituUAjJ`3O!e_R2uHVjO= zsjp519YiT;HNyVyjF2iFhDk>$&?Zhf9_!HSmI>{AqwdQ{s49CT$+S`%ahuB2#ZbH` z!6K`xh+jyd(@kDd!eeOw_02k!qI0o-uL|WZDytxQltqTHoCs#@$YEwfb~^OS;16vW z;5q;320`i=5tjE}`$CNZiQSE4z)r%gLL(zySC#8y5`%0V9-_sm#VKOB6a>W#G{GT) zAcaM830@byZWi_Lq4rq2hh||QW15KaBiLr*uHkoP1K^s+CU_$+ss;9_OJ2EmZHbn* zHA>*3+@%lXIDh&O#liULs}v__8pW$zTBvpEu%h4QMW4TqBeUfc%P^`8xeSwD z=XLQ_5ui~kU%g%KSg%J?v zU$k7Mb zDAxD~v92ew@4n0U87`pO2azHs5jYOBd#*eE`0Ws2p04|(|KdMcwSTju`V^^sIO|#s z*tA6;M%3wY7-77{);bS~iVXOGe}f|0e^eza8Vd}U`g28h#rKS?r1&uL#wu4~t>}WE zv8PY3L?PoSqEj#_lJp%tUbmX|9Agh-apvI}lNd>1q5-|&__7ryZDYSHB}vYl7X-I7 z`Wxc*6OFrgaY(5`Wxz|bcleKnzzAP_dWCe$D_mad37fI>g)I}Eaa6Oj%cdHmZm+-C zH3!kUoQQg?vJ$a)GV~qy+tJ_FRc~J=Wv*lr?J=u0NjEDr%^P0tictOv3gM7YN{7C# zDY4#$8#<@8?p-rk$e4jNt_+hlwjo$)R`R6O*{6)(J!0A-l)cFeTsoPS80bj^e}>;F zgsvnwBl0=nQetei#h-w`l>){yBZooq`7qt@b~03|uji|&b$rF#SFZK4gu;rSgx&6! zH6cp=%sEfsT_wyv){0Ux*Ikjq7@&J!m)p@x?mW@9XwqH{uhSO2`raLu(+nV9Qpz80 z!#L6q*7$MI!sf1YiM+Kk^L`=Keohoz47UC-f`SN@k^KaMn)T%D_Q~z2p%W^09X?lG zdJ>pr%zukrCd;I7EfHl(-ALN98Sg0fc znb@*EkyfWP`%oH|LDmr4@^#RxNT2Ks+}@R{>RYVoBaB720I4v}h*Ef7sMLu_8XYK7 zIJ=eGHL1X{)IjDR?U?qPIeP^^sHm|8hP8BHn8gW;v}hNngjRW8D-V6O+NPE18lHY4 z!fxXe#cGH1Km0^>N;1uY8H$_s0Qi*Nj>>nSDL-}3e+%1b2Q;j;Q`6#x{{RhWIkC&A zJ$DlCqZEqzQ~h=sgNxl2E|^C!kgh$T;axK0;-NQFPE-uhjxn5SFqFVI>TtU!PCye* z@W^cgIomw$*I(v)+Qya?I5qZ&_rdpl)t^HX>YJt~@<1gVFvq3^?XL7fs?7YkMy~+e zqG@3yq^ropy_9Ep&6X0Gt4D|hQX@EnX%*1gW@@c`2zpBnTB%GHEa6r5Gwm`(H7^gu z5WF+i)0!ew^Vh@&iVtg+*{IKja}Qq`pfh34uHa5gvO9z|9IqC&m@HH}P%r0+E*eWh zubvFTWu&$5RWB=$!MIXf40YB?wta;~Dt{v3dfQVbmKcr7{3{IUqJ#)>KfwdMeIKaY~N@vRfibd164zLbC zpqveqjw6qdq4dKdNpOm?9a1*?IZy&;0gfg&IUwRM?~Q%wPj&twe`#_fdG zRRdlqmq9@t667*~12njMH%e4tH#C-9lq}-Hu}8v#rqsrOrPBE2d$rq;GN9cBnKb>B z=*M5$2%Tv$pkyNCxNWsVv)I@BXPb0&g-QS1CBc0EHS_=eSLPr6_sow4{Xdz%81dgT z|3TOu5g;RM%CHsW@5gX&bwoh1LzLk81>7os*v%t}EQ#*8+}%`ExEbsCHqEx&=h?#} zkL2G{6is_qBw2W+7iWJuF{1kA96Q)uKBHDb$7z9}jTRaZ=u6}UK2uMlP2wm_BbTt( zGYmNCiMDYVvJ(rh6}#mQ9;qqMNADIL(kj)aXUgViyueu(94#efxyu zc_gO7%S0W#k@m+n#uBw)@*;2+dWRi%B{!(K%D(k&(KqeP_JB1~HpYYn_#H3Yw%4Ad z4cTRL1_&R$@CQf$??jC;^Z8G=!+m9It)c75*AWNJICSh28SiPMZ}2_(2#gckgbGJ=;2SrT>$cTSq+TRa9pg@ zd&IRilf|a{x|$9(4!uBfZFaJCn9dJLu0m?9=x6ndfi1&!LcSBZ0I@ieStYJ5wU3S> zhiDtC+!S_R^hzRk247{GIM7?HYBP>$q*Sk|RXZsoYk~pUHlXYYqTZK>IpcB>|56=$ zZgZxRI{;R)&vH_*V{_=zuiKr$K16N#6H{q=qt=`Mpn{#7l*{d|;DT*~J;sxS4v0eZ zcLv5^*a3~qN|*~zRgyX0YSphugKv=!j8obd7VH<;$DD9)4UEpl!8$*4oWH8S>4!zU zZA6Y%NLC!|)HS-O1kP1uN=rVHe(-Af zt~t66g{fdh-k+snrj0x{7^Xrq#WI8kr9#JF(!5BwoQ&k^@<(}C4NU^Fbdjq9ZXD{aIHV71&-uDV8lE7haubg9Ju475^5g zHbUT%x~MqPvU!cdv37!0fxf)&eTZndv9T@GP@g!j=4LU*6VKmyz}ug8G66_5m*Ond zg3VO)g>rUSo=0u4j{FnC?7}JRr4p&bxmyWtOzhpn4B88zd%C@^5XoB&0o}Ue(Rtsg z%b|zdn)|CY9v1cQyAY#2%k*eG@P?M#ysUo^6L~DQ*kBr=OM<6Cs&RB@W<_}oVBJAJ zYZ^T9MZdgKP6f`SylOfCm>I`rK{*J9Ph`pY{nkyw$Q9-UBF-r(%i>9<-lT^V2Ri#} zcEn{2o}`hpO?yMQ?fby|C27oEGFWQ{`xSUdQFtP}*b?MkJS zvlA1XuE0(c1K9F&?8Qg9Vq$DJ@Cmf&X9I*XlnP=MS2LWPG&RI7OX`!;X~#8oaBpy2 z8M#ah#IT804UdyG(knN6e%|DHF(+ne0?X*qI_(l6!;;Q+SJ0ngW(Eiqa-*okgyW}*z?1rGj70(N6mg7=s|11Fi?|IP0$w06s~W*8>V4-1 zMe|_JOujx4=g!@fhwd4XZbxH6=F^cNhc*rNn*YBPMh|T5e@T z%pnAhp#Yrf=$)Qc<4xg@k-O*9Zlp(GNN`Si)Z&-@Gxk~4g;VTB=nQSQ`VwvhQfL|4 zf@u!n4U@s5jS9<5^CT2!8k>Hu{`2B596lTDKiK8RyNam`(f>_FE?!_Dtx%xC=`J?q zh9H;*K-6Qai@36bqvS8`cimB&11U#yPKI0=XwdkTIO zDovQDM;A!QCp9#BMrtSOY6{~!o%z;@?O-}{qaxsCAVK|#;8Ab1ZWX4j|5zn3V7H%K zs%G<)7l>w>X8g8l%Y+n!{Ch`nB;@dSqImvqTME6iL<@&Z{y}qUje$$=JsQQ%1o ziayxT5=dh-SdTH_|KL1>X)Xv+bfCJxx9zn?$NVV`y+pdKJl)_uxy`lMtt_cQCzl&Gl(A16xo*s_3ym9NBBgMx!om}Q z22PVfJE+=QCH@M}lVq-JXAXR@L9t~?+h7xK24~un_9JH3?Ap%g_M(Eyx7A&voj-I2 zhpi*sYrstEk_Ow^eiISyd=C3OvoyLr`8^1e7dqhG3;CQU33=ILV@tAAqy{#00eJl} z%^+2LvBR>dOccRJLb2mS7>i}(MDZsuDU{V`=AG=^4!bEP7HW8_<+i(Wn8CW+v6at( z5rrQ4MlrW{yJGvJb{JqxBtVDz!ZqMU5S>6O9BcLr~%-pusmWI?8b@O{tQb5dA#QS>j>AJezHU3 z4eP2o@RETXGOV5^hPeCPNHtm_=~~JzsFV*{cwUjA141}lE$a@s0t7S((O=)JZa*35 zsEfD!^}_gcF!?pVbwd7WtcL-q1|hJpE{a1 zfK3+(x=d|*oYS_$T2ZqiI5~kCulsE{JBFhd`CF5Llp&gg$h)^CWq_NL&SWdGfpifH zO6_vsCUkoIW1hPoZ&#X|x_+(m7#kDT^F~Hec@0C~DpLb5>1h2kcr;@n4Wz&X;Q3rr zPK@vn~20Onn8ZTDon`c~qQB47$_@ zb@o>EVkZEFf8~0AJELm4AAzpq)fyFfbGkVmTm0$b-g(#nY(J{#O-RxIH2PLuIzc+` zj-?Gry{&4G=v$F%uBAJrnN(H#kI@O)7Uhv_g}wJcf67V^LkW*CBB4OWf*Zs0T#H%m zTP*5;Sr>L)l0%M7@A8qpe(#{@-&=(*lWc&BmKb~5Gt6$wU1)0A=o3Gb*B-1~D~08r zaE-HyNrVV1p3nLIs!%=x;Wj)nAy*_$0fDKYlo_J|*ULN5DB6C+oioGXJ#vKgG5IR> zuo6|~8+?%}cG5m;ZS|)+@vz~Wo#LGgpx3TS`2re(UL;T^9#DcCcLV^SgMMdua;-B@ zoft&H_Pm$QAK$kMwgy>u_>Pv&yx~&^H5G|1vBN6#FwP#M-W6o^AwE+w#GX5)TqF^= zgPj$orppB!SOTusLdIg(&XNsjus>{_lU1vXiJzYhVrFpJllng~`j563n)LW43tIsK8#a z$mdH3V$YIG<-)s9l=@J-6xQ+JzdewBAXH6t)|-06b>|9N_Rmu0XW_KK@;MfE-!G?^ z{w&r*e>Y`1(FxQqdX5@Y3K`OBx6>W$@w35w|BbeeP6(~XdU#9r3RO0u)WC5zz1b_`*n=j^iM zI}#v(+ftbW9u4(lVC)L*0pX{*g;rg$eig9tW+kX_izz7a*xz`q9|VMR%-zqwV~;Ck zPtxaMH54}!P@6l|w^k*mdB!;9Z8I04MH+Nii*c%>qe~B+FCn2kI8%o;2+Q(V51l`( z(Ij{c25=DxO=JtJP@T6__v;MrBg{FUHqHWmZIaf&9r%eM`wF4|e#Tu7BaKH|g#P=m z$H=gd_~GtrU~Rw@>QksL4AIoStUj_(4izjyN+|NSt48PId`*n6$;`N}jvpcX5?O_VlQQ`*3l%Dc0W zvX&&n`PYcJ7!!bNz$T=n50c^F&1DE%iul=ju5=JY(?VQXkW{cja3(??fND1IT_@bn z`kPXO!mc)9;u%Z)na9>RC2I3mFR{eIo$z(-%P=xLasMU(pOmdQ@2`2&oAjSqJ3;@~B*$!qVfJ z^Dgo#WKWnt88Lu>FpRpz$nR2RtrI@(t5QXmNsaSR)B1S5?o@l!u1R;ovU`ESbHk!M zF6uoaCKfzVe>RzQr`4BZZQhUZDg7TNBKBR-8R^^f*C(K27+K84i;{r82fTi4Q^tu% z%t8l&J>LrnJ^+xu4^qx77ZtXizM;_(`QDV@UX^r6HOcZZS4}+K`Sz}PT#{=F1|P(? zx9^1^0wn4B&M+)#UL3KG%^g|DqvHL#w%Ma-|MXq~ppE`p$ahO}OdxZeY{Xea7MV zWYzH*DLdmDtU3c1;7oW>{tA;(rc=f2RBmIBz?&RvaUMpI86Z*nC`~yjPF@)lW(#~h zq(=-{37_=`$Q1_`ZC9H1@+1E<78{rls8bYlF8+Y+;^Q(`(X5m|*eFH)6ge)AmCMH3F}U5S1X{q7AMVH6drF`31As`T1|N z229yFaE&tI;F~7o|KMrmw;eF}7wjjm#&DtgcuV1jgR=w~TmPLNvx>bOT)`X!l#4Lp zJw<|Rq}Wv}GV8$bA)cnr{DYd~@qWRWR_1t$0@*Dpk%<9HB~lX*edR^#@bZxP2Z3D4 z`I0EOt1WdL?U;xBYp+U?o}j`p6V4=LmX?)|SH=)*Fb72|E-|?=+`2NHN8FC2LYF>;Ys-q7xfyYJ`ia63UBc+Vp-p96haFbo_>Zr#_L1h9Br`z$En~b<`@tK$C zk8|z=-khd zX}%2tIY&0H5UOg#YOWVL7%>~G1- z+AH(CL2vlpJTbUQxP4mMEn(}K8so1de%pPiESv%xk|jlxm{WBF@b5@~f+Vc6_fczO z-6ixueI%UAr9;ll`m3>@1x-VitE`(=)za@4aVHd;I+e#BOQb}{I{Alj4pxxLCYqV3 zPbG&2bfU{+ZP80JTG8>LZIlz1&MAgrG=F~k@_B8f9!mxhkMkAn2GcU@P;ex}klK?) zw>kyb#t3|4$qW|n`qaiJ^7Yhn0JVPNNn$(cSnbHOS=5QWz}~aUmslbM%Bq2OH(8o| zqX-qDI7hRoBzyDDvWc^}@fC8IgI-06aI^&=wrY_NLcz3Y5j`=#mw8~;_J`a3mAlNN zRg+?0tPB3SaXh>FEKPm0zc30B^jIaAflBwl{~|IOJ0JQo{{kw-ga|KYdCx}E1+T5X zK+fAWNhC-6W1QTq+BRy|5(&_1KL!T!80{gciY7*3^6TJ6y=LFQ$0%L)4vI>V2>yO5 z0}4Ejhq*J$G)foKH-;e=7y*UT`SG$GLGU(4Rra)d95wgmG&07#gVZ zd3Ol3K~#BF-c&pVj#hq`by|VyZ&g*@8=UL+q{Dti6F~=O_L*SLRe#+h-4vU1?MFQ(EClFs9p*ZzDFeI;58=h z6Fb9Yq9xujjp%=Os@@-QS^oupKN%exx8nVw}b+{kRqr=MA@PLY7_mQ!^SDgfDSkIk&_1*D#Q<29vIqtH@bC3%LuihV0dzWr1g4*iW#x4SyYYkUUOtN$cMT|&61qWGcV0(V|Z{GLG}#k zj~xpSl#N)176?QhvLQU3fi{dd&DczdcYG--G*(;*95FjCeU^0$uejA-6uQ>IanoVN>Pty(o4JvVz@|E^ihs1VoEF*jLezFwi~q$St?9NBMaaRS?$~dH z9#ma%Yrb!kGC5{RjJ9Z=Z4v7T8LZ>qggtSas8+g1uKk#*RvOw z)?aK4>~n=_v?XhMh}kJ#Ze#@O@_;*P1Ebd`d$oU!>W8~b=BpIpM<}>UFNFn4XN8xq zqL$-UNC}xUhD`|!^ibdnrZV)z2N9!?v6o`o-X=30>?t? zg~N+rB7ZJeM`@C0h&U)0K zbz1iLsA%d8bRM0_tO;T<=e4zfMMd}&ydoRx9RtFmgas3WFVRso7lMAFh8Vj8-C>`l zc!*{ojad8!j~_`qGab1}gEa?4Vx3Gr^gG2dx@||K97Ek+?ko1QuDsNA+6>TtL#yc6 zO?WHd^SCgUtT<6_un1VjJblc*JsNJ+-b$rcxyt2P7Hnq<-KYc;dF$<-YJ8Le^jOHG z%Dz-11N+F_L5jwDk#tUc z&jnDmAe=;$Zs1+Xk&uLhp(9OafX~K&lN(}08K7T6Bf&MpnP@&N>w)qx=C{qKf`t+_ zmrsLdVYxtpS7b($Vj;h9$8-%eOHcuSG?>U|6_2c+-Wjs*YEGig->yHw=(H^(zr%l& zS1j)txWksa7*m&|H#qFHDCCICkTG*hu-b3oLz8zv&v)V3X!sbE8ZhcVk%s-_E|vx` zI$tW>Y`nl}>H*wms9Bli=Cr>h95-i+$T2tfP+vS0gq{Bkl*B;~%zykk!_A;dza{dV zf1zriXuOCm9(@h>x@etLJyr62q2#vM4Ewz~5^_oy#i9U6h{Lo4tFZDL$J~rCq0~n} zVRUV+LLn@DxUUd%CuFUXUv7Ax|4v$%D{&brzUCPDcu{2IsZ)Kv1$ZeVeJS%*2KO;> z+2TboZ&~dE4PE!*OP5u3Z~d7GruHqq#^x?3<{9xIo-H*RONPo8o+j2FCUc<1k0B$_ zkiG0ryI}X;Gr^{yJ3AQWldR8~+(6rwIc>a4+K4f2ViDM?m3Y;d` zedpyy`gTvpAnY~s%;|YcErGjJorT(VjMMi#lGZ`*VJP>0QoTB_L}`49;n<(L@{VV> z#Am&96b%QZ;desD*?|4Rs+7rWvt1J)7^YHQHmhvItREt=3V`AM?^dp4(h|#mHFYT7 zdt1%8(byVhS82?avUh_o7Mcd5EJ=BkWSod7(xW8nZR~=~5U}a*Q7=d_5p1e{U(6Ci zsKtY6KLd~BOlBT_+N#74sr`kxX)7v&PwNHjX8}&ydHVqE@C3ZJ!Yg2XsSbn~yzo?_ z0aO;<4}*T@TdfRr`K`%G#P&+2nD>74l;76KB=@{&nP# zbYTRAbu(sR8MQS~-7-^t2Tdl5+CD^KV}-$|W30GWq_de5F({D?Y1J=-hPZgD26POI z1`R8>i=Zg0%5G%S`fh|F%aLMFz!H^>OFPiLeK#^7j$+?!J{b34Y*6g$5Sf^xh?N3t zV!HP}JKf3Ke+k0a(*Z>F*1%t6l|rkKj(QArP_X*d(BBbhvP}fC;Vf<-87lt!P#CyA z_ng%vdp!mfJo9B_=V*UJ!=P9IZ*l*+h1C=h(<3&ny`0jM5?8Q$u8@`-l;`LRP-0mp=(9P!z4KkzNBP+qDX<5xkbpdLrE9X* zp(~Nd2Hoc*QH776VCvvegIW>V^h8xkc2l}g6ogs*h~bT%vVn=cU8vWnUuTUBN=|N= z0LF%o9kX}`DKbHFYMdeB(FRiw*B-1%)N2yUpW$i3hMA3K_;%JtdNVl_Woq$!>)FeK zWD~r7q(i<0{TuQ7+N8`@!pxcMz#SIoi?rg*XOzrG2&XI|(=jw5>TWPC#j`6J86(Vx zbp*)5qUx*E`M)NTgtF5`y`!8VO;f%IZO7O``=~)tA?R-N=zGSNxS3}uSusg>%nL017U7^gE|?7xFq&zFnPi*^P@2(je=G%&1#V;SF@Y+-c<2@N z-dUYiZ2NE|6nDwtKlXgq_6!vsTVXSi2?xOClY1r>H?k{{sq;DNWvFto6}bLdDr7A0 zX``{$sj5$CEIY9*zY-X~;W^@eUA7#PQNCk^p|c#9^^)gZMHb*SEZTs!wS?gHHj2$u zKLs!$@!kkVS1=I0rtos`qih!71qq_@7~`_pDuYKA6i4b~LfpalPoL(&7llk_>$`Vf z0E&y5V0oZEd;>_Y#pzDJjG65vdqGXHObXzy4HKvmhZaENfvHTsFhjgV7^;oSD0H1nO z4F$O!?GB{$G0YD+&ir8(GcXny7t`dLc3+{l#4 z?O*c503rC=Ql1uHIyU!u$jdl0{!5mv&%x8ReMg800TXodgnd6PaSEXYi4y(p);R&m zr&RF~3Qtca9RaBD0nEnIp}LgyzJ3Fp{Y+xcL{EjN+Qrzpq`)2ky0|}h5bfz9)zaw; zQw1!Z#(uN9dK;OJC!V;(1=h1PH2}6lq?G9x=q3EVCiZ4rUhbi71%pr)II!Y;wakPm z{pc6Z0MuJOob+{|Ks1~o-N*b6OT$UxP7`*s?Uo4bI0-kr5CF;`VsP|OfZT`)A3`Wl zIHvb%buz?CEfbgIt5EbsuYXn{HJ{(qchWpV$1L=@jl7)dY^j!cI4{~Xq2dNh)}skZ z8SEC(33d4QpmD~I!aKo^6W3i}W&Mc*u}WY$vAV+1!LRHKme48HZ*%xEUE#-I8->*M zsB$_hxXep%&gZ!8Q_;p(lgw&o)rp?AJ};X>NGxGP@64;wls&Ye76)cC8!m`_mDz0D z^M;l&wl zs!$sue{)jV8D&KWe{DiV?78~-;CC$%T4-|d!Bq_wgvqWsVW6)|=ZRCaLa=uZm-Kfm zj!{^X;vwXzn4ZOr-9H8ENGC#G(3-7ga)kcUw~GCP{BaR_TuHW6Lg%C`xdc9kmWRUf zCa0ds7APGB&#Z={^4 ziaC|X$$Mb~aRUxHM_mIb8V>ViolLQR>IHvOwew}#^!-4WP)HYzde={G?-`ZgWw~4thV{D*^C#r=@vct zw;{fv5Q|a}_O7hH^|+(Hc|&{%5VEYA-R5@jq1Ts|lkTb@zrw~F@OlH>?baS+#&=vT zS*By(l66HYZXmj$zXd8x5LgFn+oIDhrv#}R;4U4FWx0ea7N}Ot8!*S>3=y?dB=szt zUjBsnNXLITd$=t$ZG#zN@p0Zcru1r(SxXW%rqYD(iu`?PSS)hT z2+srECs1iLipBXHi^=4TV1*43ncT9x@jPzNwR0|f=+=s8xj}rMIegl+I)bpR@&&|1YjM^;>X2TZyk7ryy0=d=^$G9H6Y)m?u1c44 zPcj!(Dxz$-?4Yddpo=6N=a<-zBP3gcDxI_^$9q$uf}L-o7&wHB3pDeo{|>F%Cw%pb zfI#k#ODn~2J=G#@G-vJ+62@#~SQuq=(L>6T8#54ak~M+BwyB*LoSW$W)fbcFyURWE zal6>337%ZhCeEXA9#nQ4c;2#9@qDp152g3c@X{b4PCgWftSLd7F*K#EHPz9jEh0z6 zAAat^H1QBsba*lSyRh~=)qq2G`>aruR4@-)*3bthrqiQ@i&uAb2|QKN7#yjskZ^lj zhy!J8#n1=Fv=!sm!v2mb(ua_?PJS_P1y8oLb^~)@=l0UE;Z+(VE*k>HYgJ{dR!yFo zT41Rv0~P+vhKf<+2a3aE=bZQ$PoX(1NWe|6u|V8(uC5M3h8g(%??96cEY{Xa<}IPt zpkgkE^A0;fq(g4+DERR!#GUy1EzJ40K@vG_9@zQP*CUC)jH#ZzmjV$|@ zq%b640pJ2IHXFqN7w*wkelIPq2>gwRdTRNK5lSegxl8{Bk^q;CU%W1dMak{ka>E`z z?{;;byX!83Sd>fdsn`tnp|1{2UYk~u8DerWgc0^Zje^_$ylB!QfIyi4=(7zpLVBcq z5C;bpBYsf2DLuf^Z-Wo*ju}T6mZWkq$_HCrbdYova=W1q(&*y~(w}i~eKTWt#iX4o zv%VjAXL7P|*~HC1h};s)fl|vD`1RyqnMlA4{wy%5wnU|^18Ok9QF_ec|BvE*@S}MD z7Y+Sq59ZIrZR~$)=z@j+Xy~C`|EZxr{6w?>0QlD-F63?yefj^oXCMGXAOL>Tss1aX z$^UOe^q(2to_~*M4jgWr0xU(SB0QcP&I)HziQi$)Ldp?kSmsk}8&N_LeGuTD58j6U z&$kSi{#W(h@L%fv|LOY|Ec_q!KCb-V)%#B`K-iyFWCyd@qo_MwF%O(H0>G{0?sV6WM50_kMC0c6=PGiZ9o)!~H1r17w4kLh5)e;PQ&!Ai(=_4t$}P4WHL#?! zT)NPwMHWw%23_WZW3aNljC5z_<_bsHH>}oWIX(h}HSnIEZ!J8un+R?A_Z}&q7AnK| zna~)I7mH}VqemTKT=rOpo6Yq32u(BC=eY*@7HzbI0fD?7Cisp<`rCY;j z&Li@i3lKB+MZS)!G#Prq&(tr6Jj1*4veH>SG2@DOP~pJB3Bz8oh6jK9($ut*-E-@5 zH4Tsuf0*JFB?e5(2wuYQnRrrmat(IX0l+=GIbIk5)fY_XgHP{~y#Wx9_a@TvfasI( z@+4)+-_BVR&IfHA6)PGH+V6FLmGK_Bv{Bi;>SLlyfqQk)zSOCxhKlQ`96fM>qYEY z0^0FWmP(3_rE~K;-0RYfY&faUdEVZNbW73nXhalW9aW@&B$~!lrK~FtYs_l%Pe;;4 z2x-eJNU*w2`cW81rWJ!w+6@j$iSc+$Y?`tPbeD+;6bK`k?}|0$N@D2Y>vv))-yV&p z!BHX~?m&oskh@{GPpqO6!5VjnN&3cZCCLQeg*xHeNDN5o8WGc*f6Av(o*TO|PDaFe z>~=&q$1e#8#!42T)cPjbJ!xE#A$Lk(!rdr%tlO)i*$kOm!uPNb!YVK3_4E2L9KF!=WRE<+QjA2Y zmLML+`q22RRu{=IcJqzX>avFfj&;biXth6oX1q7=@&v0JQ;C8vg1<0Un5^xdjb~d5 z(!rL}`2@2yq%%%Ew%D)adb-h_5a-)U)eu5nId$;y6nj*KwF-N#t4lKwyr$wO!{i#0 z7nHs^hsuV>&BF}7UAb>_3Z{!}vN-^*u7bTvl)}%+B?HN`wugT}ob&~$3 zPVeilFvR78dAfiEY6=AC(<67=HdUE7o@(8sM~EPw)NhZs6daVDytREgcxAERodJ8g z&^^C;uv_SNwRMILzpnnhCFJz$n`|M&=D~C?OfZ#sn>l~o8ED~zv)(+yG73mxDnlC4 z1KYURsQshMnqbwJNSQeE_>0YcHCDk!hLKV=hJm)VVifn849#%oVk#1KI&QCbHH{LP z5Y&Qu+SZr65LZx`Pj9psztFjgftgH7ex*i;+OIWcqOWup2~PLsP)&oo)}g*BG*eFNi5xdVbfa<6Dy`i&<=?|Vwnr@PMc;#N=%z~1QAV60J1%4qlqg&jPP9+3quTF0tPYi zYmHb0S#ws#KjW_@*_s(&x?S)8N)+H06*`WvmmiXq1)6h0=JYNqmFGGx4w?(Kca6(^dP4>$sDYFa=&Y<(0#)z#Aj5~Q?==8Cxz=2 z$pS$$^LQHBM$seT-T;yx_J9e6I1Oz}!B*-ssZ1k5;ToVCg+LV+JVX@GyFm86Pp~EaL4<+@9 zaLD`k+0xtD4pi!*U3Z(SGTRHj{@eVlrRsR?xr$1-#32=o6%!)qOVZyWHt=k^94w<1 zuKCsKq%XvvBt#3Et-f+&=y~hu*~iThT6hz3Z~+M#YrkxjohED6r-TYJ*pu#T5w6-o zXHEd;1DVa;DG@rE%Sq!gS7dn8QZrn+@_vP`td2qea8ZnjP9qD)3Nvsc~LEv%Wd*AZy4E+X(wtp)^wZUNO4 zcQl>G$t&c0AEP>jiR=!qRpVy!o1?BGX67Y<@*5xL%u9Pb$?rtd&RAVylPeeJTct=V zXWHA4^y^Vpr1WQ~-OVTCIVrnfV>t)$EVI_Msbw$eVdv#!hYYG4SrMqW3WYXnmjxH4 zf-&Qd2M=zYyeuiYdEbMupsq?jNhG^^x&M}!o!)%Eo4~XTPa%VAh4krFor;c51NjZ?=h^{w$YnBlrB#c$la~e_Y@taj* zcA#$LmHSRscLTX{WixOBU;r^2QM<3{&Al3o=&oqfFl&)m&U9FQHE(>iH|IEI*NLd7 zFyyN5<*%e5)*gK%AIRfzt)8q5`eJBlb5kwLvPt47dH<+!g}0=Bkyq*372QL zJ}o>Z3$+0>BtX(0mYhw2AvcsV;W~G|p1D5n9|fj%IZ{>JF`C%X-ULy*E>Uyrc#pEW zs^vT83M#pQ*C#}M@Fdpt3Gy>n1(~N6$em)~Dv$9@O@19%W{#fT&Z5E!FCP9F#4`m_ z57CSKoWc)i5KVTo|NeywanR>J$UAvQ52`Ubv6pT;ijKBBwyu#)vdl!Xoia-Jso>wh z&iN@@&al}!;WbGD@Tm^nAiEogs+6|U1y1b7RezSEv0id%|1s{^% z%m3i?b8j3j!JzDkf?hjGG|A=R847U%01kbcBiI?GqymYCk6SIvN0z)SlcD{);LlI# z24T{^e;_CNZ6*Uyv@gL}e+v!HvBQ8w?lf^uH; zNiUO%dUEj#8I?)CLLKits%>aDco$3W*gU}3PY1~5*7F>^i19%kN+zDK%e;>8QIv z#LVXhKlQ(-dNWuxRy)TtW}>u2o2CL9+2$86>m8#QLT~HlBN!O$5c%7q>5M~js5dxJUbx)Q~zj(;T=%X z8_X@=Ov4O-f_`Ih78WJ+%puyPb6|R1imX4ZPq2QPdwh~@%h)Yyjy)Pa-^t``XUC5- zgV!)Kf1CRdn4o%f10{ox&AT;CJ)E*8>O~XwlScS;8kdW?L&Mlo8P@906>H^L6Q^&I ze<(R61v#FGF(KmBEUuxkx$9(i3?=4Q-M99*l^yA`?gSjWWB?|_2EGBnN7heDqelsH zI-7qZ*K=kDg4B$y+Y%W38T4(};IbV^^ECuoqxy}AK}bGHHoxSbsPc=-%xZPs^j%Pv zKfG0v5HqalUT7N723b26-q8%}PhH`krJO@%qKM`Tirkx}P+bvwG!5OLHL(4vEXn#k zm1`Bsq90D>1OxA`B90VduRnpf$fr5ypI9_GUogiLh`cwz`%Qa=Gf*JO(d;JK>%;yL zgk9L0ikXc0AsvIRkt_r`{sPd)bwkrZWk>|S_8o3Nx5ANPL{o zcv}$}R08@Ut>-&@MDlCTN+$J+8+RKpSaxUPf5EtHx;B0TrdX_+b>Y#&xuZ8qG`fSo zLAU(Cmws=Y@Hg;=Wk6LNq`Bq^y(j5Di-=wK_2u#BSI@CdQs23CVri`<(ffL(ps@|T zM_vnZI8I5}|0b|dAR7~bd4_=9gQ01y)a5SW(s5oYVfUXg=m;wQOl+Q)V;Yhly9<+Y zX*K@#YcTp9_AnZ3B%YNF%<^a;Nw!~wGV-gY*Plx)zhk;ko~2L}1ka0soV?u1)ULWPLr?RL>r2?VS~+^P`;T>MpcWJM=@8**LVxLX;Ob4mREmxP1B5SN9i^ z6kh1DolrPCJI*K;lXe%D>yCUNh#(sg&H8XwzaZLK`YsWNDhcuB z>>U$%T$hUAi!sitkK``y*EsX0xtb}dvy+z6!KKL7WjSX0!gQ_rR^~7DpdE6~VTp+#$9kN>d=US?#S+B^=g*mcupgFVI;!K=~k{Fd_=|#Zjd_ zsI#_E>?7i(y>$X9eY+9pax*%wIsp~3@%V{7AQ<}*a*c%fy_u9rOPSYvaR^py-VKru zV@o?{h)=+~CUnEG)ll#EpvmpFSD0n+PH-x^a%4sM81+ubt1R zrF*JQ&XV7MVHvS>s^%sbwNw=BGHqlwZ(4SKCV~!rg5^T`amW)8InZtQv*&s%uazZ+ zw#KltTp(XlJ)YT()@;k8Zgm$WpqV>jsXSGfSGD^jNw&{y4Kuz+qY`)G{@Ps*kO51* zXH&A2gIppiZ`#`ns3+ML%=fSnbCO4{Z9bRJoTlsmZx;ol-K5PJ42GQkmByXmIc)5PRFNujgE!YpB_`ttmSvhy=Pbh zxdbAOQX%4JUb=Zs5slPAi!twgg8JL-xQ4INpGj>%{q$8=z85bzH|_x_*59Jx{z3Fn zEz4Fg6SZM4Muog-TxURneO%b_^=*N87w?Ug0Q}^BlmMaLZ+2Ws0B%i7i5nK6K3iPq zN1$F6<7S^%X31l8+1xv&cf~kWO-lwkHAK|U^|!<(+0?UZ@hip^wNbJ%vz8SL+p(^t z21NLa1wIk-QAOKcKk?qTB-4510%5 z5lu@7x1z!;686?V>3a_L%&3f{UK4X8)?BpFGlDiWQ5_j-QPh94r>v7huTiShQltPf zT3p?}V`W_?A!Tu!nkzxhn9idq!IB~dA!msjf0l80sB;6jJ0v<+uut5-WEcVxmJbxV zQxG-%VO|m$E{L9hHx0_FBmGfh05bvO2k<8jN&*wZuG&^Z3}a*;lYC!nEK`xx|JwDT zCrUeHxWTlZY9`Sp=1Fwi{DfI5AtKzVY= zQq$&BYbqC}ZFFdOZqx@^GFO=6x}V=$BzjuqcT)bd8IITa23k8ynXAC#YaRy$NXmw1&pN-sqqpz-efjv=^A;IbJ`(Y%E$wZNBdbM|K4)c>?cfXsBg~xK>}ttgxh!k;ykw0MF%7xie_3dT z(%RL4C`b1FOj8o@4Mm&e>BHJpO>X02GmUayXIF3v?ya0+{moET?>2mxp0YtlrT#?A zQW(u^zuZ3{rmx@hC7i%{eZonD5UOdLyA0VJBRaE6Y2TpBuD~;LDNFhrQgCH@Jdp)U z!S7{%GoN_^q9I*kZ#Y_)fOO(B9!u-&3J{4O9@~HL-M==}HxShl6)Lkzl*);Am)P+dvKOSCX^5tLN#L0LN$%UZ2-tejbb)s=SLX9;XqqDzK4-7t8v5Pws7J) zi0;eUE^NC5JQ8Cq_NhIcIDE=GUi8sx9F1OGtx7c2g(8l6+Mg*{@bb;)TpATaVfySj z`mjq|xxz8EgLxGvQhc87LLk;MM1^p9IzO!jso*qNulGr6L+Tcn zN7VQ+)FxeP{V%A|zIp`UwB?EtQ_K*}MdRQ4^)}0!g_ixu^t;+tM6$(z9IiEFEkKzF z-r@mQ>*(%92ff$IKXq{sC9fwT-5L$=`q_xt7`FBSSsY4FFQiL}n(+lO<2(0;`yLzN zkmS9f(zBq&`r(=Qm*cmLS9^qdDP_&kWs=QqSB?sfAwzN(MmPj2TUERQBTST@l%Av$ zk`i1P%K2{Ccy}5}aZ!PpCKaAzjTj>PJIz&b$a+H>{09yn=sU)%Tv}$tFo7>v5-FhURiw!GP-9IwoV5BbeSkpwE}#VGfee zr?{g!hK4anc?vz;zk1irp(7Km%%qQUIu4NTTY!hcJ+A!)6U3`&pDl{bhe>}&iH4@e zRU<$Km1f&trN0IL_)ny_q75^ju^(1hvbY&lvt(p|$qw>G5Fa5MkO&f{$=M4ozor3SjV598&c`&>-df)@22593#DB2fS~bA@TO|Xhis|LDE_(|=m~KX;rl2Ls?l1o+qW|DSqAq)syX z$I!)W{&NCeL-^l@Zb|Z=hCViyMBm*Rwvz>iAcPKlHT$Q@`c4TsxLb%fJ=$wM8bk=& zi42|)1qrQKUggQFe=GqYg<{$C4-uAiXo_pQ-1*K4Xv;4c4_vqxAWx{@38T|^t~J_4 z6~cR>!yit?MW9y+4lDL?FRJ=r2>x3mQ7g47_9_nKBn-DKh~q zK^qOSh}RcF&!8^?4IcU&@dOpMoiwG=kB;Wdyws;6yI+u%nUD3!_O8c^0>G}Z_8Wp= zbI(ph<6e~4h0}e2eq5BPSi;@hO$}q+80_K`lrKqF!BBEO*>xH+U<3I&kj52$bJ772W=tSax}9Sw25On^@LG+W)9e=F&!?EZu~|1iw^Rv;TJ9HL7EQio=fHKO8>) zTWAlPN}loS#b1hTK(TC9k9j~ZTG9L`Klx)NNfz74l9hC4|+R%nLnYJmyx68Mh(gH z{ug&c;oK9#01_uI&yCM`zY=w_^_&oLMIu3Ri28&S%yeH!)+jWDEypymqV+HKP76^3#e`>`dNlC_-?nht%0Sg%IVb^Z662hgZl_QnshZ8Wd zvVDRAc{%{VjyvRG;@CrZiz%v%PX_aWRjh-a8LEPE|J@$)*|g$^apm~fIs$S zFSr}QvuF39`mdA-Z?xxvd-V}!>KP5GQms?$CKNVWH7**O<(r{9DPokbB*kpE3b3e{ z0&KB(Dw=FJYbdRsrAYuA3aeA`7~RY{d?H9WBqIIM4(ory0F=%;jHV!VsNA8^+g3s= z@a1c?EnkMYIv^wHS8$a2cWIo(2Ee`ZNH4?R(Kfw|IOTOHEFo9#d^vZF)^ z?piAZ8thilBGT?*942;%Vrut5vTv@N_T><4ah-l?l zdl^i`99@KH1qw63HdftlXmn1wE1};SqH&668(%L?I;^G(=&RLYk+S!vXP9eFM*I?J zon7Y*-tBpgYa*mJ4dz{S9WVRK!dBq-1t_=`;FX~Bh^ti_L(@%=*uN-Fg$62*FzT0G za#R!lbmqxe2ierXnRLWch{nuqtiSzTp9d;`F6lR=pFzfNxKlM!i$sStD54}`L1R-b zE7L3ZYOTH#D7zi{1xkyRK3_e%5qJFJ^~uC-x9M9Y#ZS!Ad3zK?giY>zSg=(jHM$kg z6Yq-jzS&uxZyQaH3rv&lAwTOzgBxUwc;KmsR89#VYTp}4PPT60E? z&WLiCZ>e02Im9Y7MVx-jTa8_UqWK+kuN_5R<=qOPh`E-lmJgb$MmmX|chzuF!C<)4_qsldB-p#EE~I^Ae&3 zqyt_Ii8aRJVB9vp8Z|jD-^^PAYy3AbFZ1EiH80&CW!#)eA<73Q+@-!<9DIy5#5C&g z;n?IkVue1cVL({Lkd)J>yhsbz55zxiUEq^W9x(RIlrI&D%AR7sl9Jwh;c~T>AzO`L z6_L=W!|T$!iT&fYdBn3%_2lg3LKK}ZcNE$c@CXJ2Aw6FQ($1|s7Kp5D>V33)TD-Hhb;zqR-nDS)D${XGO;k zu28V{VyWN7r_aYypGC=lhLIV|XDRGSJk;#mSJsg;$;JrDZ3==LaN7@>_tsaNIC`_9 z(hPd+qB9Q4z$1RaWUhZ%{po8a3q=+gUQfr_K!?AHHFVgb(sxK}!4*Q&Vih46h1aiu zoMMVsWRMGiv||P5s%)IQHQS)75Ox*{=Fh~XZgp+YVH_ULv|c%T0U{1d5)Zs7nLCsW z{*BC^i_3WjB%h2jK7W2>P)m&RVx$nSHWudY5B1}1RCG#vCd#plDE&d%)17UOn!-cw z|G3PE<5`b72W@fnJz(8u`&jkKk;iNX-T_AT=j2d4iX%yhAJ}};9Br^{iQV|VQW!aJ z!Lk9WGFfJk^T>5PFb8m>M;M?Zzb&`A#L}Qp(*J#ersPkCT@$=&XeJC&+-EU=i>pU& z+Iwc>6HTOA)c!uRW+cXf1Wv?-hi#$a6%(trzBleV0`fQ#sv>TI|DF#c3EAPx57Kt= z&0lyP!EGj?>Zh8jL}x>ps$29TskC3rC8pZ*5+Xi<(tT0@)c=X^Tfz8418YXVfEFvF4jY zuX7*TOACL8`R3A2u_SBb3k72(E%Q=yE{c7*l@7NbmINp3xvz3nd^+jidzW^|!Bbn% zdQ0t*fm&WxNT$I95FQ1tJ!=Pd@UB>e^ zE|CWb*+2}>7aGTwe>X^LMUr)H6V^^a7Owt1Z-N0Co}pP5(0}ki%-1@by{cXchjtS$ zs=IYfsv4lXvZQPyPJaGunbO9+Y4SdS77mTBpTAPEEwrWh%lII8-~f?qCVom{0ANu3m5Z8qlF!GM^iPTp z>*SG*DdBo6kQ=1Ls#rwDh1O zqHvL5Yc~ToH`kuend;lLUqng=(uc%9Aec4V?}ORB

CRr-rxc$hOjUj*%z5 zt3ss&_=@f_^UIbP1)hVi3*{lCRu1#W&5V7E+aPIJ z#v9sG+H*j|SgRHM%jj<1SDohhCSiJnox(reW=MG7!^zA)NNm|WpW_Z>D&42sD^Zf+ zb9e5mHLg-`S@S*da&ka;<9@<H#?RJ^y8J`@!^7zlGnW|Y%HLlgE{sQt!>ITaX;XN5le zbnyI9ylFHiQE7&WnW|!N%Jv+*jA7A^E{4>C3m_H~5ouQDwk+vHUdjc zwYg3EtK9dTT(P$pS;GEc7W7&uqQC&d?hp_N-|qVy4;*8H_*L^I*L>H*DClI*4^4sf z<`!Ev@qR|rPtnC(p69!8ff%xtiNPjhqSlHs>NWp{ic|8_siafGXi|{Ozg=7L-iGR$jJhb zk7-LMqrWSmM5#bysLn6e0`T6fV3v&RvIeY%nmq1KE{~fGQ>|z^y()Iec_cqU;w{TH z?(Q@u^v~q1&P{1FsVG2QG#jZ-%%JZ{@(%Xy4PRIf?+-kvMFvHS+(6GS!}%$nL1+-` zYv1>v*OH2%mKK*n+)7}|`&7?fm#uxJsS5kA(RhJh$0FW>to?!TP^4G0aFqNfdDW)= z)Qu_Pd+wG?wQ{otW5=d%*&mjx!A?q^VqP{t^lymL9ZLu6N^}m6ZnsuzL(N@N01g^W z>f6fI0tyj$(E=>Zy}pXuK__OQFg#&i_oxkiNb+&hNt!5u8F%z$k_iQ zDf@pV<$u_W`oC-@`oC?)lKUT<(fj&un;EkBpEhIpFPpLaPn)si{zW2+DW|E3iR`B1qD?#X991~gRrkg3gWQAjZ8jQJliV< zR74dRjzG8IoZ6~$D#YywbiV_&`1|S!0`3_R1vA;j1lTtSaA)&6gOxtJa~HG=jk`g? zU`HxRExIzDiqPS)c19r>>Fnvf6&&D zM?IZY3a|~4U1D|UhE%yg@#=Z6p>fvDXlD%#he*fPSvuq5F8n$Oq9uI#MaYVxZFph~ zB?Ssd;IdU-SU8(|-fP9E;ep<~tY``?v?6R&cx}ov3!J;WxI}ydC0k*-o?#)~*zA?L zIiD?Qd_Vey_!&6Y2o%~tXX{WZI*eE>djH;c*7NhO<&$H^_}bwp8ub9)ZJPVYsU;gD z>NA;iHxZ&TV878)4Q`jKYiezMh&w9h8eu9OiI|@#B4~;GtEP$^)}s$4FnbLb57T)1 z+)I!baukFIAV`qVY>cFUi8EsnIYKNuq#xD^{JS_!WakmB|;Z7L}q4f{DS=%{Fl~o`%aI0wg41U_>&@^Yr-#>&@iOHmt7Ew}@Iu|?{FUir$5 zqdk&qws^^%&o9xwJ}raPPIxW2^TpL_r7>H$Or1_6Z!|44jaafub2VwY2+9DMs;DI< z)US41gQwqRH!AiF0;q`mSomxUJ@Q*geX$>I%dhiWn$!&+r~2v##~Xyref7 zuQ$^AUbSLldT?EF(`m|mWg^4E8+OJ}1R5#|qH{%9JT(?Er}#=EYZ)#KVuzLK+koQ2Cj%pb~F zWu5|Em(xt$tNCe?CqIkB>5PUyb-)GnG}X?w5paPcc)uUxQ0WdZy0{5-~1?X$3K8MZ^=Nm;0wpekwMF+~^B@TWTfbu7+ zQ)Byjs;Ra-*~#QmNhxSjq`4o~yitdhXYe#DqEkBE{+P~|L3uw!<9^J%Ul|=^66edQ z*C~JxYpz4whJBy|W%PE6vq;a-1Xi~~D`b%vL9c}NW=JBnv@B;AoZ-%rUa#0$1XD4 zg4)P&i-mtf{t@8`!JuK(dm1_*kp&ob`=sJ_3g}wR2Pyiq1)W^MF04Pkq9k_ADIOA6 z4Ghw?pe=NZRRo-!#3c8gYCAj*vE1I^j%U%WWJ}O4Tm#cmJ1SuozVvj$(PZtL+**E- z+Qzz%2kAQ1R?GzpKt$&h2}gl!y4k6QsI;zDA7Mti&IJiEqh6J;a5> zj0r)Ty6q?S^7B9Z z_AvzH1~#fPxlU!{^dP^fYlRe1Gzh~G4w)bw@4L&y#7nbFFh@|zpHfO2W`pu`Hen-R*jyoyq!rKt9GP`R0W${C0xlMp znkc*?@5Xi6dZmA@>y`Y@&L@j9+5D2CX%>gM7$y8g4$}T$g5QGjR#kH(v1`-SQA|7j zQL}hX1?U8VyXx}ip*s>j$jtC@x*R587KhG>s8q4#$Q|fQf@t3LUxy+btRSL^p9%eqf9eOD6WXe7PskPNtu@bj~I* zqrfe4%R(ABN)hy2Rc~@Vd+<}dtaS|@gp>ofzC8!suAwJFjpo&b?wpV1%vTjjmZ@%F zZzkAik{z;Enf78WF+RQggizj&ojX0l<7>T@QAa%LLmO+voLo!Ij0jt92??y^WMDmeYy zTiRrk0(VL95I2SS{H+f$iZ7Sk3yUB)oo?yi?o<*ir^_Sm@0tbYO1O@$JXj1!(rDT|`XkmK#Fdfh$`vabViJwEx6HPVwmXnc z1Zgc+Q6J{4B^wZH)+y0SemW=XAh+w zM14LNXo#WaEf4zWemFqZerCn-L|OR-tvnKLE+4D7_<~Zo=)#h(R;OFccsbNnLRwuU z+VV<^DVcT$j=k?m?=#jxH!~-&JU1w&$wTlQ1PAW?YvE*}?~Uj!OXxC46zc9Wu2*rU z`9eIjg54)Re#K-Ku0*~bd+dy_RBEYhe!mDeP3awxe=8SP{D!mwGFUWQ(S?E7Sj&WP zYAgV^oV+y8@+G!2;!SL$ueF{4I0#c!4R%4lD4Q>hq$#gvq5wu-TiB(Iyxx=ZdY7Fl zIWAKBy#rU83k%BgM)$D3&_%?@-nGgM=IAsMAJ9+!bi_j$#|N~^tbuE_J>Z_y+X4kJ zU|C&) z7y2-+i?%#W%{m%BBQWToyFr z0R=p>K}O+sCgt-5tCV7cVVtnvA+Oan-liNZidQSvo8XNt-C*dF{K+?uZi9~5MiCzP zDCG;Op@V%<+9Md(%Z776j?<(cff^oyO_75ypC*hjxt|_KE+g~11QX7_1rEsCu-Bx& z+I##u3`etPr3Bz|-mn((5ST{Z@fVQ&K3>2yWM;fEgOcMpN?NVIXk--HT7UYwrBSaW zX;(W%cU#8urM`%*xD$HZ-_#uDgBJyil_%T@_&|v|9k!0o1T)hBo{a`;B+6+=-Z6Ga z(M!B+TU+ls!r2f4i%Eu6Y7Rx$_9OiI>B-k;)DOvL2;&5aKC$z0OJH?MjM{ZCPhm?G z$(p>u>w;%9n2LKdVz1aRsOW_)3f>IX{IK2DebUca%#l$S*SNPzD@t1{xxmCgMHGdC z9>@o^)9|u_w9Ig79-^jn^UB>amNb8Wd5L14{xvuAS5p3m&HUX8`*&_8>c4Hqi}@d$ zk^8$_3J?$i>Tj?6|20SMS^m$qc$`6LEOfm@>Lan*IWOF;%emdl5+{!DJ|j(F z8QSeQ`|zrDr~3rd1RP?XyuZp4FgY#uph^eWm*b0j<4oTzFBc3{EuGp6hoF#1c;8T% zYxZN}^qTYP*?+eXqAb4p8TXw_alD~1rz)o}z-N9X1#qqyX__EcW@|EtchDRJd}7?5 zQsj7!lW9)_TY>)E@m2TeWA=m*c84@#AHlE_h#C8ry*fbklc$9B$HbE~{|Az7a5OHF z;&_5=s1evBs4Iets5h@-az?&Yl|^K~-;aY}UtsajJPE+}g300n@tR%X8$FbvqPMtl zlbBqD+t`D@9}1e(J`L6a7Y{GcRqcrI6ALvpDH4z~4#>b34+RM$Kt4 zfmH_t!pVr_i*o_UsNa=GZX}b?#r?MNNzi3vVNoHr~KMYgs3NpJp|p`~bPENjyj@A2Ywt8E;6x_`(aWV_?rKdVIbTtpu&OfUy0+xaq3 zj$VRmgwKwh=aE!K0AdJwl4cRHnGjB`!u{CSr;T)eqZn7{2;VzJ3F$C$)l^RfmQe~kBoBfU00VdtsYsx zJd`oc(6mtA{4H%qG@})EW2+Uvc@pQ#DMA zH!K7Z$6QCp3}s0+?r++M&wR=Is*T~^p=!1MLJvQ$ikgJN^4Z6pg(lr4NTbrXEd3kR zPkh0@r-HCXDFNt3Pm7qb*Q!SF_)E;<+bb(jm&GheonILq04Nqg_9ST9l+ZKe2V|Lm z3$|4?fJ#_Bn+NvbRkTkytDypn(5$c^*r9dE45LJKQ@S5YApzsjNMb*M zr;K?=UPEI!9p@vnR64D*vZ>4&)6lDezigIsNX}w%s)(=GxM39wFhZf-EWxdmOuhoE zoyt0!6DdS~cY>eCh_dLK0m=I{k=Kmg=7IVrE@2!RIIRjDr*e#i5mWJ;U z=7M~;kA|aiAa5R;Z!q&W=od75*d|Bb-1^WKN`0B%&8j)qfX5X7QY6G`UK zMDN8Znzh|@<&7M5Syw|N&vyN2ul%uJFNz{%g8p#~a+l~g=I{o+aKIHVp{Cq>RO*wp zWlHutT%QNuXf{$zTLlNX*xZNPflSPs&c$U$IwF!r{VvAbO9Ot^&4z9dMYX*&E6(t_K5f;0(6&3?9#Xg;Is2{DG*a{TjQdOgZKW#yecVY1(dmI>vMA)>9(unYopbp zV;N0l>6!a^)-vGB%M)snjF_uzL$KDK_uK>{I*;T7{w|WzRVmQ;gN&V)h1-Vb+HsZZ zKZ5My^}5h++icoq4go*L8F_F-UsLFY<|~K84J5Ds#%{}3%k-y zz`4pTyScJtds&X$Mlp}|L>wfj({5Wbu;}M!A{R#zt;B0btaE9~R&oV7Jj)H}5rr=1 zzKUw9RgYiAG<-gswQzdO>&w;Xof34_7kibBgkkNZNdAl+Z?;5D8d!obKbiVdR|+!e zZN8>zIVHb;Jwr&P;N+RhWoMHk(Rt&twl^Dt;A{2yI`jA-58E==G6P7ptmMU1 zpl}zFaI_re6_9)fRrjwf&e4QcR27h?es_e#@bVE&Ug8K-h2Mo=QpCy>4xn*7x>kCy ze7IkL-w3am6Z?rvg>;$zp>oB*<&s(~q@CzgX>cz-%k!9aXp{z(CIo-A5~fb_zuzJj1k1%gVuxG^Vn8p|wH% z`^9)bEZ>#)lGb~zBv~Z z6`;*#c#W9sM~kbQA&CxuA;J6koUsE9f%Oc^mx245I$<@A*EO)A!5eLr4Sa))4Kdr? zB%~kauhZNI9OiS897yJQMUftATi=EHME+0afB2iw|3~K6{8#3W{O`;k8vIY@7i#|R z%oBuQOhX(&U^Lyw2U*=c&`z1l7@w#AnuZNLIKP|vkg1d9^af(;X z)Xyqnd`3r2cg$3oKCc47nyJA^S*e@`l2Cllmad9To(!K!Xg~L5{~fT-b*W!;YAClh zwk~-}+>@Gcr{IrWcS{qk-+4T#RAVHLa||J}B(vxH5GxR(J*0z%`MQq}XkP|Z_y?^- z2k+p7DQu~->c-SRS6z@Kr_^g=hmRkC@BtwGd|Y=F^cPY$ak+#L$K)8h5qjY7Bhf$- zdJ`Wl4L~siQavSwpV^vQ^`1=hk_IMrO@S^$$O%t@4`@#{%EM{<`$+ZsXlL?j`}|EC z^a2~MA{Ei=HM`8hyF0t>N-!*5*1Rr`5zIL>!DwZwOyiQ(Y(z9OtIz}AI1}kxD%YL< zjTIi|6uw%c|j%;25wk2=q9%Rc)X_B1?ht4%)O7X@S9hEom{hLJe5xIU3enR3Tg z`kwTI$d@IH_?e^%;3C9@2lm`fE;Y&@Gk{v61zoGLXoEVKL!=B=NH}6)!5h~TPUO_*b>u{*I zi^s+OXRE`4qgGlVPJ0$`$-r%9!Ke`MRfaS`f;3NGpz1CnCkwkCl_VcK7&aSV4w~nt zX(u-+agZ^i#;u-C%`gd|wm+;Q1S?0;$WysF0Lp!S4U{vHt^+%rjU-XC`yw?x;~-x} z@z#rpX*M{v0FOT8Yah9#0sDv3r-0h9tuwXT_08>!_Lp2j*T13Z)opp_v%!Pe(4$%> zDXR&Y#Greh$QdAy6QJW3~FUB&IXr@(>3s2a|*MYpy6Ip@rP` zt927j=wE_SL= zpBNiU?K7Sb$_LAfTeSvYI|`DKan_#JI+Nt07NLuB z^%7t@timudD)hd<{S8W;m{y6Lby_au>T3zqP%Oth1JmARJ}1nl%=Bpl(kBLyNBGsKe!n~wxDCY693#J7C(*~MxmJaL3PZrB_IL^7&SJB^<=_$Tc|w1n=Tj)U&9R7`25X)cP4 zAyBn@wpXfnJm2%sTTK0G)ETqeW8>-_>Iz+PiqLc9RNIRD+2r8T3uqs#d`X?x1IdG_CvPy(ErsJtq6XgT zyQaeqe#H^HKE=1;eW|$@gZx5}ok4lPm&sb%4d5>UfQYRH4?oYc z2ePT6M=_q%@vABTm6Wa?e9g>Lr=eN4w|gbchRw~}z#m0=6vh=<8Y}Fi(JNq=y^HfV zOLs1?a8qQf*M3%Tw9Z6SrLYs=JAmmvb=Ddsfc9QA;QO`H()v~YTnb$9E3?|mH~`0c z==9tpl}1RaAWfn2<<&#;7p|FrWALcC_&;89zVu&}-|k=KZ~RZ?kD~b>lGyt#wD z!lcWFvaI7;xb?4kh@hY~iIN7NYanH(Ckr3SeYSx6Fh(G_telVi)`BIH-Cyz1GQJR? zl1YeTCtzs8akw;>Noilrb~V%a1o<1OWfmQfOn~2Ebn}-S)JlR_hhpP$`gl!p>}=G* zU8%hHVi4AyH0Tb==DC<9zhlVvZuzL=CIEAu1M=sJ-H-4U}&9rcm#E;ZwRZ6cOSNe zwSdseMTHLRML%GY*}5~T-vQ^EZJIiu5J%zHDD@mL()>yY^?1iyk~#xg!`Uy`(FQ=w zIrEvpns(sWq_>=28ydBdDm737M(wkZp<)bUPvUOg{@%@XQ<_hbtQxSj(WPMXQEntH z9=wZf-0((9S^+;RR4YMGG0xP{ngUP)p>U8bUDIe(Qrb5x$P8&&y+Q%#Yiv=}zuieJ z1TD{2^Y~8z>wC|(C{~nd`n584rs){eD6b@FC zY1xIC=Dj}JP{0WhNIL$9=4C2ct&;xU66)B^spz=fcp@7L9uBa6Y%#`oC*1jXK;BH7}fe{LB$%#v4BYwWOFl2cm9|(&Sm5SQ>+UnPo+6a(68#9a~Iim z7F+{wCyT*Fx}3PJO~Q^FbYZsj0;IJOE+d;%y(1FIo(;!OeV@9ql+!EEZwR=4ONr(M zL;2Oimg=o*ZP}VYwJ+f$Au50(E07_mj}{sFWUx60u7j&_-__|scb{!=ijBwk3{RlC zUb3e$#JxrUek+h2!Ka{^s&pX0oi4rn;&#}?2$%j|5d@J7zPslbraF2|Bz zLggISdEp#Vu_Ukdac6gWn@f4xT7fVgoyTzBAu+@XIF7>5VI3sW;fzuu7_;>*LqHJ0 z5*rBtTCGqzmf5QD@6o>)q~<$xWUXwC5C(~Gi^>y?7g^MEpfp4zVWj2{JVE-UtRPl{ zReiY&sO5^AHe6`;zc9jI+ojznA4smBo*;j) z%f4P=(aHqABBs%du5qAq+373~zo$78@Zqk4d;2)I=i3hE*`34>X?>GL;*`&(@NHQ+ZKxx``9Y@WV5N$sdWe+X@8k-@aQ2O?> z@p`SS!pPmvUZ~Ry|JI8EwG>l?V8!b+@4JhvW60u?s{RhNd@1?D;zs)>;+~RV->5?& zD9MY`l&@xhM5zovTrbq`x&j#J$Isi~<}<$wU?7>yK5}>f^XF`#!dN)e{R0MB*i2y* zl4Q)J>Pp2r@=^5%U~hoD+kQQ7q~}up=BoWm({%k)1G8ASB#pE7ALR#M{;yMn z=D$-!`2U?E;urs!A~;0kNAqGP7emJF=;3{*{o*Yo>j$A|ySaA5uO>WDW?UqFsVv_(a zdU~FvG}Olh`m?G+p5Ef9kzvew2ljg8vY!%aRnby)ai$l4Q--ErqlUu>I&(s!1(Lr) zci!WhSetFD+8~65Q3CRBjVm{}8Etr|ShrcV+Kx0#{P|(?A`^Ln>}r3iSRJ^NUDxun zr;+X?-4{87#`NWJwFbCNht7FZ4p?b1=%VfLdYxMyLviL+imI{rp8{zr~yn&q@}>OmGMokAj5Gxuiyfk!^` zsty{K{E8J9L#~2^o~l%+?bY^y$8f!1^zhpyOV?mgJ4@KW&X1=muV~AG4o#3HYl@q; z)*wOG8JsrXx~Dut^+1cq%aAT0?B;0~VBo6WcM2Qht!gTsQ{jr~GXdh_k5#ypQ1GSN zIVkx&psV*2Upy69BjZk7jfJ0wCz2wG^6`EY&m)Zn=qy1JUoUICGbMhDE zfsPLDy1~V)4Gf7%zdGNM7-DCV65=u^IF)a4n7gsIMMSWAfykg3qhbSa{W-Urn)`d& z&+WQ(qMItY)ETM{Y}ejmr2z-+9L=De8f2SW+Hw4J1b8*bAFs=OBKdRtxqTOkLT!~D z*XhP{PsNGu)bUt2xN|XSl12_IvSXXFaQC zx=j>D;sq%F2OynG(ai{<*%9sgn3--3+oFxZ(^Kk!- zyIHUTSjLk8s0t9GvcW-2C!&*IKUU1mmkDG!O#f%(?-D_1D*?U400_pfO-&DWUKT9R z)rib;)wqSx4k?{nulkan7>q`P0_M+|2i|CPQN)tXU>@{(>Njq20}D*5&^#G4c(Q0? zGTxo{MRLZ*&Oo{hivDiAQrZ!@;>Rh8$Z7cT@)rlRmNxq|O$~&E zsu@%%>tb8Mc9SiJ1hk3hXXNDVl`tHw#%hHe5`{=NftEcKrSF!_*xh;H}v7c)EK>f(9ZrKmLk3 zE8ndzty(9;!K-c1BZY?ebR|RDxaIi^+b55P` zb3p~r8;wUCIq)y!S8rv4=j$LtX8F1yzQYIW9b65eBcW=@s3C4*sUs9xu3KPp!LldM11d%Pt;8eOh2Ukjc&$` zBiBccHr=U&!4+n<5ZAzjP7$*ipiU+ULLBI6$^H2>6>_*N`Yj;}g~#K9%CsTdpvQ-K zTZKqg_Uehb2~M<@#}~9!45EFEx>R!7VHfA6-1==c~6+`;c$# zqW*G?FE_E1AUxbgzj*&14J1;HGCbM z<#fxl8y+G=AkZsgIptvNP)C?YQs;M1?b`!NTip?4c=DvjW1LxF_3oVt)QHGOj0*C? z1f)?;gHZ);uBnuSMjoDZYKWMx))hh)`Ga(6LZfAb%S6te9nDQ&($l)EW*bz?XCi2w zZ0h(>53^IdeqTA@2o;N!!JTr}WH{7W@!U*zJ^azXKO;%3%eVhjkW!+==_yci>Rwc0 zmZOZEnMD>BP%EB#;ai{SjH~54*9|Q09NwnVUp3)gF|zuF$-v`%(;y3w1e>fhrPhj3 zfDbwE{JrbvqjrGt$Hc^s^cm-&yy37ZI#$JL8lhqlhCI4)?)bpvlOjd?-g?)cr*kSe zT+myiXmrp6=QwV3aSgU)J<9C;wDQac$-e-#ML=DG zLC`*V?TcqS%=y_O=>tmmmzq$C{SlFJ*d|3L+mmSi{-BpRb9?3Ug26c1k8)Gd4k<+S zqn~u~a-b(=a>H1BRK{Gtu$iE4=<+)oxHbum2 zO-^$Lq=0J?6uFXL?md20pN$~ZG#!jVvgb7(7M@Ii*MnlEov@@u0HWCkhstGLbERsi zuYu3YMK&Q4`a-`w!f3h9xPJ`>mCy^i=K5X_hQftPBUk+!&3+t9OBbxd%E)>Hce}ts zj}rE0Id+0%`yWEZc;1rD+Yj()62~CMAS_%XxNsEh^9*jmv|4~Jo7Fw8X69R@tyrI^ zFsXPj>Vl-*bsaRU0~k0*1PLuAfAqq24hS?)*oH_vT^dcu0E^@qQFf=pCS;`!qtTS` zvJ;NaCy79#NnUWd9I z-!c9XnR+i)aRaZK)B1LniAQ)qjFny@zxSw-h9s(_+&;h+xwR$~y<_oN@@aWp5(jyU z^nL22acREiBR-6kKJ+6j%t?+Dl2ovtGra6o0z~6$NpQ$^Ew{j}qjoG_ZVnPa0MfZl ze~&ay-bR6b>gWCV7>z}h&bJfh755!o|G3hL7|R1)c<>a@f6ao{WtRtSWUme*%IGJK zq+Nrr+8B`uvd3>FUOuH?9pUCa+M&6UVj`p~1sCnWFl&w8f z7L!gPZa^vjjmSzG^kHFaC0hVunuP=CT(->^EPMI6jS z@&2vk7dA;4Xt!PW)uwTwD*pGDC>2KQ`@#50^WLc|Q|aJgC-hM2(4&)v&oeJ&Bm`RH z+PBsdesG8e)WLK+hsKO7O~$zTfUI`i#3FrN$mwBO)?2>iJ_t7hfMVMSy)(YV zlXnFJ5*#z75Z3c=#UzIqSuR(llV}(Y{@X%FzY2eme3ur?OPU%PbJ8=wUy##a1bud8 z?U$9^Ret1p@l=JJiVWeP@>pL43J{g!BcJ6|v$hX4neO4#og4IMeJrc}P|8&FH+!Qp zr9JBCH+p1>?Ja0p{$g_0M+wd`-g3Mo4~5=2drgftX{7g?oJZ8m)0ZEw+MQLsVT(oc z<}S#;cZZutf_sLQmD5@1%3qvv;141P1>akd2y}q3W53ze{taR3oRoVg8b0)pt!SAK9q` zOQ~dd??PH0_NKNluQcYg*2B9e`6D}n$a`KU-&`RMh!$4zjcb|mh6veu(lNAD)Kn@C)ZU)#yIOJPET-2E8yaIRpYsEtiBox ztVEK0BMnKIrgg|jl?fD1Day3}QAbnkkrL^u0o8nTd|bQh2(o&C(=>(T;4 zM2l6r-=MDC1(6cnIRO)DKHn35e_!WUM-d9Lk-zPSnC*mdO5$okvRmC5XRgQEWIUj~ z1Ph^TrHf8TQhBSBQ^)kOl9vT2{uy{Bovy!jPjU;s92G6;f9!nl* z!J%=-n!3Du#dcc!(gg_`6t%_E#Q%^?I>+mZ|7;0V=m*N1H4lA31QZ}t_1vAuUgXf# z37TeJ#r)x|#E*Kks;e19%_Th%x$sOVmwVy_h@@PsmxZq63$WY8NL^_XOA*d)?0O4@ zzFgoiF)nf#2)bPd0YE^DYg(+6;tx|N?jG&SWbufuS z=r@;K65jG@GKxiwKL)q-pLWo2XjYB1@BvcqGOdGn#;FUK(+7_u@-NCG`24{MiXB(M zOB{Y+0PjudxqOQK3`_O#;Hsovj!JEp6<=&Rtt;_|K7$xTl?u=m5`9Qps};24DcZJBMa5IZEustL&yD|4dUh|PNW{F(oBc5e!&MP0!%QOrtX;vU)M)^ zX*@#h3bV((T)j-O-2=(3j&@4*_NC^(Ou~Oqj_*E$M)gXDvL(g9W!9ERn9&E*tr2`k zntvj{dvY@0aGZ6fRtE@D4G1aam=%&&VhcI`u00CZ4UKtLYg5sO3COBuutBOFvsBUC z+3;LgYb&V$#ICUTBN=ui=%mt$9~x6_9n2Tm*}r$ajWgXAsJ+iqad7bqNjp)a z*4=fr+xCuuymh^D6wYFwsIC1#?ic*5KwR;na#5W6QtG1rK<3D!WDi^~*GFWHf0^3U{okV6`>d_4%5SV*^S1vvwFj=jnI>@T%>ji!Zt3Jzkl}mrd zo{v8c7xadx2Rq@{3#y$P5{4r&6A<^%MYpA=Ab~-a7^@%S?&PH7m@+2gXv#2YGU-Fr z7-S$m!NLUgPZ$}Ah4wA$=#5V1I2Zs_tjq5v62ZBGy78D5z+IZnRxK1U7U_Xxq{$>( zd36S(a_i=JBOGFr>>{o+NfuoyekvPM#CR#jTD@J^9EB%7{o=nKBO>br2zwpSf03vL zg0+4dR;4eKjx{^36xZ1WOhEtnnsqVH`6CDoDYpz)W2BbREg!v@Hy^z`(;RtjJU@Rr_ z>6^^lm%AVeabIxYbhJhyC43_zv1Vd$!8pvbP~&0&Xu#U9!*ZkA)RnX=#JJ&mkC7p? z<_8H7{fm@aq3DhEg;D~(Jh9hu`|GSC;L)nHPzbW9Pq7k+{Ih3Qc|wW{whoYz;&1b2 z0HzT$9Qpq6s#j62JonK4h(HNu993MZMo73mCV&_K)-PqSb z>6~4B@lWGB*!GtGG^w|Nw#~pZOKUQAXIl`I)NhgXL(bXn=#U&?JdHdcWiP%u+6NB{y22 zr)3&6RZTvolw<_6Z8SP>TwKi%C6m};5Jb_mk)p*Wp>ViNS{0^hLVyVp2X8$42yEC? zEVYLj4hU`fyd6Ob?PSH-v2d^@mXVJ@@J!q6;U&t*W_ev|FJJ2;VHwb#t68-njX(PZ zDg@P!tCa&4NG-mpUn)aJAAc$WVS8!G(J4V#IHcxzr|HgysxH%lidhR##iMmbqG6M2vn6D3d5OlhX-V_x?6c zlnFN3D)W_A3Z+AGwHrhf&LV;&4O4Y)4bXMJ*7a_xNkOVwRxeUl(!&&7~b>}`)&I~#(DK&L4YV+68YMHX9W%m*?{I96(7 z3H99tYk1U<&0_{8`iv^K>Be9*F2*%{GlS@fxE~*eOk;r{@a?Z>R(a!wp1FGxTKz&l zxOm^oTBiDT1T}YAz#G+4U|0a+uYiT|bdgx1=+G><%q7kQc!R0zMG{x5wU1)&XswD zCtXLcdU;X6#3E0a0M&n_bVPdnf^{FgBTx`~xGA`9(ESv%-c<}V%*Lltuu{hoh2^*q zO;*tGE{emes@apbhdj+wDJVRzYY79zFZXu5AgbO{yQR%$1D`80lsooGaD|Tjs=}F@ zc0;7)_E8VIgtprgqsl-CwS0M|H!UqxO9<@prr@pcdEl@c?ef{44%aRoL>zXhmsUOt z>%|x%NSnLWXN602FCzEUKl&%VpwcfT^Gj(kfX(AKM_8w?>b^9yP8i;h@s)fT2e1;+ z2;r}ukeyMb@q-o?Xg-t6l0xo8S=TQTXs*}6EwKYr-e_<~t*ipg=lUTQ-ce(oZ*ssi z#Iz?a+~6(LTm$ae>F(gd%r=1B1MAQ4y#}W4NHQ4Nj>{9$)?~+9oV*C4plHp+X~lC) z&5}*>ceN-5VC(vG`N*L=r7mjS z3kfp{cm9~(Zq8cHA5e8>A{>PHVM*Y319~Yd?nKb5WkF3)`o^NYlqV$ zMl&1|3&%i#pX#^1pjM9y{x8|;&J*gBap&;4o*i{g?%juY<`)m6v=4nUak(YFBz-y< zzxs_=BM9YjEs~vybyp+wkv*YlfoO}A6troxOW#6?^kkfkoHt_w4vQ}@1`@Qc1#E&8u-@Dpr#iz%a9&!dh zcVuFLZB=iqvXX8;@86APp-MU|fmwm&I2#;L<{xiZ7 zyoo=sd@E{y!(?qTVfP(mQTVa`^T{nTKkp3vs6285?Rx5^|uhMhndP2%%7osJ=jpGGWt0( zITr!cnS658ic};#sgZa0(_;1eB1+1ur|wYIH}c?}n+o4!BFW&2i;W8N7skj{v7yC# zksH~IFu*y*m4SOFI=%ScoiAIeJ+Y1qQd8HZm?S5zNWbcoqzdM1m06BeaPX9?lb2lx zEwaZ@eDdC(63P~545t=pr_~$lU>TR%c!{o!A8v(q@QH47EZ+lRSQ9pJw=_?))@B_M z^k{NzsKse;9a|R6mZ_Fj(0KWifYOIlYte3vCpRLa$;U~lw=InG71tm17h~48W+$M#BN`4+*a%1WNn~?TS9?h*F#TW0Y1-qke&Ahm>ia#Ih}JBKV$t3~Kde&$=~m z!_}W9^WU={%*~ekJFMii=CjVb!Vwi3Kr0d~A~+G*92iPbTtI{c^k7YHMIa;7->ADA zJcJb9V@HkA>796_Q!=cd7S=B4N%}vm`#K>+6yI7OWcYlnKHD6iQccDDc`3TA!bbTr z^wiDOa{)tsYFh6;_M0s&#&F=;;yMT zwpuP8uZls&+_pgwRCA04plRGF-t01MCClcsKvz&u2!GonqL~-M8HI(eM@j|OWN_?9 z#X_LXV2H(pp>IYTS^+^4d|XJxU-KA#*Md6tM~diTVHeLY=?U`**Ngr9T2@-lZ!y6^ZoWnexM?xDpYN3P6I z2^`L!D?9oPo%K7qxDPf0<+V#2NmkMO$g=;ZmEz297e>eJGV>5!rzTAa ziH}`{Tu9xO?nar`>*A+d>A-urtIpBdguI)R6GRg%f-Z*7aZq@JW?;V}U^qwh`OEDo z0i~DifHSL&ilFF|m;90?v^cHaM6G5Y*|~TI{dc@al6!TlP@M!PCPqW^#)c$2z$qFwvau{*&;t^w%h7UHRGp%RVJ*+0UZ8DV2AwEG;|9>ppQh~McTPoq z37YT3ZeuU>P$OTSUy&X93%M?x=d|sc=cuh?SPe2>o`EYD^N=gKG9TFCxQHAs9$>gd z7KH%*aL;bGOY`Lmp|Wb6mV_>6XSIhIOTF0 zvNKftYS+JuS`2aw*(-xlU=gdFcVSfAO*#TWt)`ywIu*>2jtuzv2qiXXOEAa+3>}#wu~{QP}V-&?d}-T3k|06_=!bSX;E=shy?hS zKS6hL@jmCEIaJT*oTIK zNzO1cd&o_8yy~Hw9#e7$d9+L(n^ciqbqP6X5TCW>Q(WfCIgNX1L$u};LQjP|O3ScK0-mBJOuG}Xp zq&HjqWgkg0FxA_0)zb-1i%c5{8D*Gy{chA}3f)0kyTY+hx7>-SUCbgyRk+HoSV)v} zc^qK-pDE6qubTFL6LUefbya!ugmw%!tJLw#Y)nVxFO4E*myp~u3#sR@UIMwo%LgSf z61c`97wh;y=bCkAcX?y zZ$@^Jz@Bq+AB5$YIja5CCWT8?%7ReG(yfVY{e~Gc|7h5eEq308*s1Gp!c=OhxEJ3D zbKh`UkExEN$QLWs34B@(SdMvq6 zb)KzTA7JdV{2BNjDExv}9ejK#KOUsU^RDwX1p8c=E6qa3?)sS)w{Axuryd6suvSr) z&!`;&>iUvA2o2Et(yTkqyV&Nc-$B0!|0){85(CvGF&o1~R4k9dH3pepb$O@ge$=7yL z*jx{7K*E%p;U2}-wZ*-B?9C-eE5~CD3tCM}msz`KD!?ELRY#6EkLmL+b3!WHfsp zk_)JDCjIQIBx!W0>-K{_MiF8{ShGAdkbw3>FC;ZMVe0Bx8jIUhwe1^a-*Kk|_^N)V zc`+Uto{h>;_g$~#EW!3tkIDyME2Ezv_N})2jxo7cw}s^;FFVtABvh8 z+24~fbLrLWDYzW0k#?6rG{``Dz;MM;3frc$PMRJ4$sZ<9bC|jp{#FNLGh?oXHC{SJ zM@fkro1G-}<~EIDxO`U`bU5BClti_Cjc=cpIgNyE2fis!NAg?f5b0oMw~mchf=>f$ z5>LF(Z=s-G02M@~4!RSC+vPKPwjujxnQq2=rG$m>zHL^G`!>OSy`3^y6&vPz;arp^ z=^KL%u8woRCjrk*CO0-q<-Z>)?Qn!HO|lH6W!o@EjXQgxR~6(c18FH%x9802{Lm$JyD^+@rV}=G&=zT=fPx>bB;E57c=~*?pj3cQaFRqL z)<0NsR(K|>ct>v1HZDYvwqk~pQuz7+mbfkQ(OVW*d=u#{O#aFhi)RQc9o1mUK=dil zm3$rK21$}ber4uL^UAWNGj{^HV^--vPgiF1mu%1 zVe2IDWyxOAak)WL3kFGswYt8y9`zfY-J<@6wHre9+lNN#BeEG^f;UwrH%j`_dPCiG4>tIaWUuMu-xk7k5)@J>{G@k3S%FQaE6Nf zQ5L}|4BrC}kX<~*8VL(u0Iw2!>ne2=o}WB!y&Ch$dX&mqtnM>8Ldp0&06rfGQfBBm zzGk_u(f6tuHzIJ_<}Jyhg3AaR8-Z%eYtErn+R(2(Ei>Bb4Jm<3uZjJ4 z_ahsPEX&{>6&Z&b06m{a+X9q@vY47k;OZ+dKQO9|1<<*ipev95YAC60Kpue=Ij9>J z54_bADN9Fz;VI5I%qw)z|b{0g3(G@Xd zG#Gt#^p?L*2Sp5%VB*pxYxKqg=}AQ*0LZrKo`)dOMq@PS58cm4$BFsoW}5Z?dvY-YR3scs!+thtI3)fp=p^2JmivQ=`YLD~vt9fOvcBFv#{DJ(wkV#4Qx z%Z-gyKuj&?M)i4SZXHG;VR$d$&FR)r$#fiy8r0~FU7#iEAwVP{+@Flf*zKJbO%m&j zk%w?$!hHFr&ja@>3s1j-O1ux)_w?<@BWl@%A$YYC7E z=^wQCI!Ax-_6x~{(vet2mF1s<9N=qGKl96-T!+i^ROMxjui=9Ufe?zRgoU2ljaj-A zGvk^b-51xaASz7<22q~H$XNa)u*oz%{FpDu@ZhF3?o+AQ5N|sqUln`Isb0LH+62J~ zq@gNWUIl0v;iOPcAl#QNbWlb471ixGh-{%P^mUwTETa5FQa=8Yl>fqJwEtx@q5qf7 z^q~C1W}sgGFPn)4`>$-q{a-et`JZg22jzd*42IQzvYE~q7yx3PJtIJakYlyoD;?53 zs$s&&c~G^8bAW9=M1HqYB>{yFb0J@Sz3@qOq$EPb%$k5g(vakzop&xH*lhXWR1V^c zjcV10FIB>ft$pNj%3rnb?)0a7>-`|}Hx7%>#HfY4;AG>Nd;$7}l2^+)g}c$2$Wj)A zhi?F{Q4YTRmovv>n;cn%m#Upalq|mQ!xbi=v$FuXLWK72bry5vEb3F@dk-sA{3YJ0 z-ut*3ehTlm3vpTw&mO?2sP>E13P_9?eJNCwKWblscGh_k%T%!fr^(gUy+WVn-6}S< zpiSH-8W>;u?1o^=q&dW3T#K^xaf-oA22bz+aex;-GdQoqF_pUMVD7TY1-d{p@hWQC zTNDHDfD03MSF3EW4}W}}jsEmTmLFC4iZ)q1ruVPC%fWQ8tSJI@*Hl0&q#7UA1!A|1 zeL_j@4WknOsJn?dbGz4^(Ip+epby%Kv}G8eKQi#v*qT>alMb|}8(>&OwnaA)km{<8 zs)JX)-Ypwe!?3w*O7@0~JK@LkRSiH4aW<$b>p)Rym8E0kq>RhF)fB@e6iSwq8s%GW z+QKbTksyLs1L-OPf?fN=h53E6(OJ8y(!vKyq5!U|#gH*D^fEsw_h6@j6Xl)|Qm!m+KWJS~!s}S@WpY>XN)oTU^BA3DgBFXS7WSHc`_ z`=w_y0MxT$7tNP#B;p_#5m}{zjzimb^M&@CX?jGbLhEdIQFs&u`zC7ijoI?kmrwek zS?N2HNmmkzV~x`+(x%;F=$A&|nRC0;!;fjh;xs*8G)kBwTwGmA0gdyoPRG|$NnVO4 zFgh(2`m>ruf^6^U7?dgpWo1zYlm#!tX<01S9LkVU=H-jcrfIh(a* zoZAK0XxRPAugK`Ob}gAD@=6*BVRQH3pP6M~-K;P`(AN@56lP7%IJ*fk&80Rj+Ek+DZ3OvnA7p~) z`lg6R;~4cT7kOMoSHoS0=vyW+>dKNU?%g9|r*{c-`V-1>UlfTR0#tIH$9-()EYeyH`k-Yq1>J%OnS#rc$`k}8m zixinciZXoN#5@u{G8yYS<9D$H%wJZzhLRpvbipjMg9kqQ&Wisqmd4PlZXyRe=ohk_ zS`Oi~i*wvkQ|ihKYJE7Il_+jLqR1ua;_is=AhXhJXR%BW9g`P%^~0eZHBVgKCQ+@M zxIkI{Q2Qi=$ooA8wYhBI3`D#j`kP{+GYjK8!|Yl5h-B=OkjdWdIKnA5WB)f!V4BoEO(ZvX8UG4Tq2R(N^73pCT&1iJ3P5GcgXg8G1V4}_nuC@^6-BM}{ivZ-7sK{NY%@+}nW96byaHz?g50wc(Z;2L%94KZ&H4|mZc#Fd z%hZy)$0>xz4LFE{!>uPVJwF!Sb*(_Hp};UvjNjwW)3TPSycq4Ylju5QZcT3s;POB5 z5L)?HFeS+K{;VXJs>Dl3d6nXatT)_>D<{5Vy!tLF->VM}GkXO@@X!RweYMf^A!Y>e zoL=iS9ob3ulF6BZ@CpjN%!UKJNL6QC7D79v?en#xO5D|;vKNZ+L>Ga$KzU!4BZeN# znxyi-yo%yXM!~B!HzyRy9$pyJP;xsE!S+Xf-|u`7Ho)=j+!Rn40nb_If7A=Y}E-W(g2H|7`T+9B{}4X}-=j zQ)-E&w5SC-jcD0?^phd$IN0}binB+=vRC)2Fo@ua&z_n0RJI2()r0)Z0+bcxfH1|XOSX6sHN-YXbx{74 zsD5IsaNwl8Pxpq1n#B8&U~cu^x$)~~J#Z>xt>PP_LlH=2+NPxKu4D`_Xvm1VqOz}fRRIkaQ z27p7$e!f$gh9>#{QIx&#a z^b2nlgql3#AkSlI?__>=5fE3-j>J?UG;bbG9eQODqenUlT%PB>-d7vq%6llYP57>Q zZiO|3J*_oU!9h^jai>ZhRDhY6#%J{isIxCyrQnzUuI(uWa;H^G`>*3=M>UZKL5(y4 zqVa)^CQis6*<)-5{eBD>FJT`1Ee{RSNtO}Wp@e*8W#-@3Qn}jME~v?ii1eUfA{ZPm zQ?eqt%|iIXP-{$M`SVvWai~uja3XT^dLTuo3Kk3#K~L=L>yH}VJc>qEZlW(D#pZHj z)qE5BdTz=sA5&;4v@&f`hDJ-uTpCUXK87c>*;xQ$6RI@bM5{K9HCb$|6jrxcdiE0e za+4ZQkBGkW6Vp_XnDRg`=a8xk`|g*O>7hx-hfY~hv*%6RTSrHj*jPrSnc%L=>L?C5 z5g)q2=zNZq0AA;{p0l?u9ZU5ob!_0Cm+LkItXJ%CktH$h79(C;W3X9o2v34#XZ@B^ zS6*?|=L*?_)y7=Wv?&A2cJCgxGA<@OAy~!}=-Sh+fr?k11}oIrsf87Zg%3&kvmT6?xL*9v?qQ>rZ$iz$xF4qmW^(IInExU7(ys}4ldA` z^|PYX=NNBK8Cr+*(pLNw<6*^3om^5E4D|16_E*H6>_U8~LV;I=t03x;8!g!3F7l^> zm8_p)O5Ib3WvZ2&^H5nW+wW?J;NG7ED1oP2owVMpTBvDUF%3W7;ikG#S-XnUpi>>* zx@Nm#jz_&^*d9+ibKAL zGsrJ-K-R*<%5QmkJ@Vjqh|QKU+SYYM7VSi+9*xkjd-q(gCIXAb;02-pQM1AQV*}W7Og;5NB zJWK9?O+}jD7`YFb3=gVR8RTLfaBuQ=^mMYC>67YRmIm`g4JFZJ$rIv49O1MC<^dFagN@8B27M}_ViY;@Ukjqxr}z714wN8}<$`O@Agc5+2y*>0Gg(pODtSK{&Eh$)n0mH8jXX)%LmG>F**PdXxa}3oSkiY7T5(N@<{a4+#d?-6k6ZR;0L5 z9Os=+JGM*L+#S->T{9Ij#C_Vp_{g@oKR^L#Yi>Y2f6fQHDHO`@!1_{xm8yS>%_t?N zR9`;7F5_2&Nr8%yRmz@kqmJ2?_88tV)Yt{-*U{MCSjgoOrxgvMw^sIFs zyM&sW*Ja?icdOuY7RGnt8(Om@*xl}NMN0veJcu=A`k73*jPsk90R>IJ+^ZdbEOI5& z@!ZTMFw-U%G5iS>#8%6laN1@4JNM>#rz>|RI+tQu9ykRPVBl)Ln4E^L!!|-Re)6z6 zFJ6P9-#keO?#Cv*&@F~6NTk#!8WP_hw2p2pTp2xvfzoHrHow`|Zm1)dztlRcdhE3a zBz6Aa=F{yFM&GYvXqvTRuYJ2+e6M6tsE&--2JO%LGj$b$6>&FBdw|hB{^a;vQt1jE zE!li^Nd(|H;vgr7Q(vmIc6+jyyr;9x?kKf~Tv8GxLx;AbvYI|nlE@o45LLx!l zz1f6t#hEAj2L?=XQngA9y;`dUVa@aa#t|j6EiPGBaYXOHQb=UiDodc zId=rmDTN;XHPvEG1f6>?lo}u;-YzA0G?8{MgizO{+^L@2p&Qb#v2>TwHOy%z0Ik;2FR0WbODo;uqm}DaC>!n-hal zv2?KSFIM3(oseqr7$T((d+1cV&s{&`BLSJI;iEDL-Vt4>ozM=r8|v&ebUopqv(4=E z^zgFBfh>crKv%cPrUp$p)GCnX>pIVoVl&=g^cd6vnv1LI!^nZd=LTSI?}nB8PByZ0 z5~hJ1`3XV!<-yk!`pq8XE)N-%qwrqT33r3q&FhSG)x3J0_V{MYniZ`-z*(Z#2by$i zL`Fv7a|>k(5ip72{$VqDe@V*!U^BY^Vl$!t&1Pny|6wz4KmW~UBEY}^_E7=;_5J@o z2B?ck-v6)}f%^YsGqceDW;2K*|H)?1G>yWaMi)r|&4TJ64jp*v^hA|8;Mx0{`}w2R zI!0Fg=$|y~T4~=J{kL6s6YwBs#puSw=YWAOENsB&bK;885Up3ZKpK)-F!K|DTvHHx z4Gd1zeudCNFFW*X1pfe~et#cFWHIAPQ|Xp6ttyUsL|ieY^@vcA)4C90$t`8IIyRAb zvm76bVNk(qpRtsSeZ1k#9S39Qev%S=#%*)W@j=e#MU1QPu_wWJEE)H6y z%6jr~&hVqLh0Sv_GMaszF^&&5a=*extE1?ieBzfdry~rZlz@BzK*apCWPWZC0bcTQ zEn&=7B0OSyr=RehI0vcR4ja|EL^e!U)mclj(N$f=r{nTi{hp6 zFOo}m{ek=Gl^j!UQ0uFZ$un3L4i^)7lN!LC^yHA6-}97NN{|Q|lnG0B&UElbPIx7= ztpm3yY>S$%8LuQ52q^SAD7@b2R9(-0J6y)7sI9$92Xdl)Ly>dm6vX4kHNNj-usaFW zD>N^bVhZNQi@HOFh>zkGsu6={SZ60h#4VnK(=cA43EMu!^ZlW?(W2Xzrnf(NT4jnf z{I#;u=T3+$kh*V2j<=PZ7NL3JIM*``j%|$?qA#`Il)blMAi2E+EXr!TCb~bRMm=PU(FY94_<@GhMEmyK zW9e2UmM~Z1UX-YO=DXsVcv*IbnkOY~toO|WdD8L#22ZKH(rp;U%@)%+H&=?oSzqb> zi$8uu!ka;BvrSuuKi zIUCabER}YsB?+sa;|&)&ZhN#uQ3ZNsLudgYoPWUpEn%T*v6+O~|Vr1N{!ABH=p%Nk=)wg2#z4M1!m zM#ymBTaV_aKjwr(1sqTtTchd}4yKu>sM-0XZ4KT1c;|_rH=ik_&0BNFny;ni&TRSw z?AG%TDtxqTN=v-Voq(>miQQ}4L>%cQq%GllWDWdjq67A;QZ!8+6!u2KD%Q2Yj`C%%r`mr>ZZOmZB?>j*ezC-1l-ePdHXsnL3W)7Fm z)Cwajl*3AX$Wf4Q%-m0vuU4di=QjCT8AjYU-?{pvK+c_D zk9kcr?mTe`22h2AQ4_!n=OZ)q%_C3q8C%4$0+@eAs8NJ19VaOyPvG;4BLVQ3R+&f# z|J|o%`=!XpDy8qeqESP;O^g2pKHhWy`4ir7li~7vMzKcech2-^nL(4yTy*B1+S&WOcS=bCgR=!954j1Ym3=)k{5PA;dbT5WqXx0hpeOe1vClke39%YrJ#y@}@j5Z0ub#X!NN0fL*ez^3FW= z@2T_#;J$dP2)G67Z@_FG9=u37HBsMec#$^QEz+Jn31TW*KTlk`@cN*% zt%&=E!J{c04R)|Q70+O$StD*b6yPKuaQQTk&OIz2Ow(`jh13)wolEnGQa1CB%P#O~ zt!R6>&)l6JP5)|r zV}w*?kKhNQ&7o(&a)#23L>Pc)kyzGYmxzH6P;ds=kPbeQJ4q(iM$`r1sF=_x&J`~x z)UQ%5HlEdV@(&>&kUUhMU6%b}yc8&ejgQo2j)2NBmc1i!>4Ag=LPxNm(`7sv_WHP1 zCu5THM_9y-%QZrJ4bk@3aEWhBN;3L^gdwRbO`25#{(W_#Sco5%FQ}y3Q*G=e?iP_3 zlrPlRrCS$tCr$0uYZ_@`rtS>QJ6oe(jda&zxJsW}{J$Qi7HKyt=vewy*#N)57DQlT zvg9jl01$T4>k@5nU)+MYq<}wCzlH#UON44>A&XSd(pkok=1`CFX8@U`6Iq2%7o+F6EpJ$%nmrH;Qx!YQDn zcT!?KMcUX@=+my&;D%WDt$BsY=bqez-`mHe#>EKbt4~S`-K6i0ohQy&E{Et(I*fV{^CpR1QD#*EK7qy6E-E1!O?tW zI6CAQW(~!WyZJs|u%lpI?$a&y8=C9l-%I4oQ>wQvEn0);@Hpii(IM}}i;IrQY)#~o z6QO^e-wi*(Hc<@d171HH34OTqLJQoCP(4#k#0$DW&8nk?(faCjY5jB6j9z($`8#9+ zYUoMA1{La7AuYirOdShLH+AZs7CUh@C0i%J%!42gqLS+!!WkjqOq-(GmoX-R_s7HC z&Qu>kO6wx@aeJgDDFNou<{aodjHNFj!|Wrjc{de*#R}ZQBDDY&xN*Z``o1V}%&597 zK8=WSE-=>EGrrTyoM5tfa@mun*h}a<8oo#sn6+DHkXg?r&~k-N)y;de)fjCqLtV>& zPoe&PL#wp7jbSnjV{vp)=DYJ0j-Xi138f1negQnD1q5&!Gl7 zA8KW+w|AFme)wz24G8~wLFJv3A7)9xqQv5J7xP<^*UaryB)JV+J9#Eau8#2&Hg|*$ z6HFI#Gm8!#gmc#hsgW@25-W3e&OKL=gYK%unl=__cpO2pXU94(#5Ws-Jh!MYs#x+f z481AxbP;*m{_gGbE;D+3Nj0LT*cSHcF22>TK4=MhQK9UB;)x$3h%ZE{XWAM_cFOQ3 zw4A|Zs`wZK@6>RtF#4Q|R2oKaad@>9vqc_Oc!y5pe3RUlp-ieF0}4 zmSrPjFBG7dk)DV8MF6h1s#V|naZ3#2jm9=gO&Z~&zfnhSU2o5`tr?l`Q)pRl#jBCZ z@!MY|$_Iu!s3=B8l^d`fik==2Yhp)Dax2Go?SGGI>|b|fdPyQBzwUSbak1C@eXOZv z+m%{}p`f@eCimmrJnP=1HUxsJC7f!(X(0F5b6h99{)eqgF1vu|@7295-xqU8C4?{` zG7ddVK912v`nN)B{SEFNMNeUT5)+{%QX3&Sg>Qt(U0H<{d6!ghBq%y6)Uw-%!Iil3 zuT4zr?nBDl-MY>{_ORe9TSCu+=<5U1xu8ihVIm)Kt8#4f>W%^z%)lFbJow=#cxlrvJq7m@2-h29=G}Ouwk>2yZf0!cn+7#&v_I?^Fb@_=yV4;D z37DN_GNuXt2(}_zCm2`eEptOfM8@9~vjXXaTq$8W28hzb_5BJ}Hd-C{@$!V{gVn&R zsV6NW8<-QP{J!sK{JRDceCTK5mbZSV`H?-(Y6cemrM!yyTfYD#)@#8`SC-$sKt*Fk z*ez!MRX5MewJA4K5W!x*mUzBLzLBst;|Sj z-awUPKwL+JI^!H!?uS#YTKr;Bu*TpA4yPkUOtu}|ns^jwa~&<^7( zK2m?Y-&5wAZxH*W235QUNKr>y!Pn<46b;(!)S)I*jz4yJ)+O&gJ(ZZ!rE`99(nN2A z_sI%R!Lc%=I9_*pWI}FW!>W%M)?EFd?vHyg1Ujo0C6xKlOH}SagIlQxL1GVZ(X#<@ z+B}$lUU}s+K!x1Woy)|>#e@;uGN5bfA+F5c>AX5B3VG0WN!|cUQP4|HXjwgPm0;$%5xM8Ab(Zb1)CB(hLMn$N9hew1<7pPBS*Y~ShWA7 z(Ym>h7u%VlF?(&?W5^cFE`I!afC`><5)yxa$56v*-Q)i6%?9S z;@7#Aw!nQi$wje&x{_+TfO_@*wVlfQEwd#I;iikVCCpTf{CDD2v!}t^eC1W4JHvCh z0sQN48b(?8+EGs#oAw`m=q2A<11Uw+aY%Edk8X?Ndr{=at%fiE1*IoM!&2|!UjHfg z8gYNE!N{1ct)8$9{!cKz5-@a}&md6QFU17Z$V<3W>oG9ly}Q8F&3MUGdc`zf&~>{7 znaz8Q8RZfu6gFurnDRi6y3=TD|275I9B5(=_|Zv{apYUnO{z3p)4XwZJ{zetnJmzm zwwrsID!mj$K*nQO&`-5uTqla?A{~4*OTxKd(O!$h{-BqdtSSrrlvAg$_&O9lhm+6B zF_cjpe=g<(DDh6_&j5^eYeK&oiraRx-&+(j)^*-!+V`P+FJ-^yG>Q0zDOMd&C8oZg z4N27-W1fFCp*BZ92^XiASo4o#>qQ+{JEO@Kaen+_By`Q5?H@Uk4Orpsbm?3L&; zbJt{jPn9rwUF(J=Q8(7My%hm*PP}aa>=4y?i?-RpG-rt;ML+(=pS;xS`#LJtgh#3t zqAgB^ZnC7;AcA`Z$-)SAmQEHQwtG_eRi=*#wD9_Fg{FPmLp(gnH4@U_uZj)vTXcK| zO*AuhJ};Cl1@VzZSZ51QqaF+W>pUM-t*~SbK!oS@1 zBtmU2y;`Ul{m$TK@!SSpsS4k&DMxA}(4i!OKaM)tTZAXJaryHcp}7>bWA>RERHV^9 zm@V9Cd#eN6x%9>OPxCbDM@uSN!zA)#`gQ)`?n;bZnDySl?{m>I1CstDL>C}c5eK4- zTc;egV|LV;XPvAQ{DNMOiM1h4hFe6yUmiMd$I!7<@c=AFrBQ5b33tO*Sw&pKnXmsa z^rFAS`+qQWy?-(EkpE`r$JPHZ^aH*BX6U})|I^37{~v~~Sp1(1{kZzy44uOAKN)&7 zr(V+w&(_$9wj_2j2dW^Y7{_*fBW&Mz*4Uq4AWXJ6S5~aZI*W3@^FWtYDkqpdZTJ+M zMP%5%kBUi=y6hRqm9cRxuab}kF~J&P`NEO;67wfM;>8LdW3(4w zKx-5|9Ap7LtzySkjdLvc!lu|WPz@Qgv0hzE5D37MYpT4FDw&Z~BnPROHfO{vI?hLt zlh1CR9VH9@k(({KltG0$Rna_h2Vnq%xr=l$hOBhUu)zXuqfRD2BY=yv{UY>Wqt*oK z3AAQj7jaG2Wc+IIGuNiQ2kn&IOJlLo#JMrFi&8KK!pmdL7H{vT6Aw<;xX4|W{ipHu4r8*%sUvY@zVZA?;#X0V#4he zERs7#xx{}@m!!kO@6It~=aifE_J5;~Lau}8cc(O1sOHpp-{CwXDbKZ0{Y$0eR^X4JpCW^3Q9EqYq2%+*ymDKMFOfVVF zBU$-?jPExUJ^f*zzzj;h+;nljUrvRm$BM5f8M4@ z1Cs7Pr5DA~x#l_XBSVzto zr$pjAsSfzc6OljEVS-<3SSGQjnm|?#$HCq4p_FNwiFjB{t;}#23NcdbuYKz0u~+wH z*NW_Bya0ekoK#a*q$p^vOT(wE=4QPPB z#E>0A=9O+VKh*R0PKk^LEu{9`O9|GO%aSq-g;dg?$}|yV%Z?zv@0yF;lZPAY&_ddi0%pKtJe3ChH)>&b-J0=rWSRANXP70iUi7)@S` zk7MFv4reuoVQ(6Kw+%k3UTPZpDt>jM0MCryNcJ7poyU;H|D+&_E6?Y3m*F6#5hB(K z;=#GVWN;)__%({^1jKZ3q=pgHp8kN@`flK^?PE&e5NUd4#<(NRC|to>(ZesX*4)%Y zY^PvgQ?4+#88mIdQKzU*unLE1Og#i^fJYrty8g?z3Xl4pMBMAxjv)hl|AxXCFen_H;zv;?Y z!p%4PzO~A12i$`O;blU&G2=)&n2&&W17xQwSd~B2(M5n#p`7%x;5e3>$OEuUE%93% zgGTae?+Tay0AP@Dr<4j^6bFZ5rO8%}x`56l*>tf<&SG9&@Nwx6#_?3v_2;`geSELD z?YVHwzACd!cd-3(^}df(vZEM%3(>*hJO-kguR(KHpE)G*yZF%(Gd{M-juT_Q9ErYP z*h3{Z{yx`VCqjyJ*@sCcUJbz_t+TWO5S>thG7f8brz*$vhDu_F^9}Hlz6snO>#tI% zJ2w6?qUt_g4`~&4B7YQt%xv!y0Ij3b#eRHi7+5H7vUkS!;0z7%XAG2z86FD;P5Ux1A0rWBJb(SBr=XTbqF zMmO)(N&F-LU*K^ezoHtbE@nBd0R!H$<(u`6vU0yz+tLP5LI)ltFn4oEfbG|I?{pSR zG_s+|ppU7O@Wn_lO$IEOPCDM!^qXT(-aBpZ+VfdNt4)= zRyi1AIjH#J_Jm)z2y9to_`9+ac@?n-c#%7Rur++R3$nbq->ONRf9j-8jukf8L6n?t z!&F<6nlou;zPf>wKhFr}hBLH8`5r+9)H}<_cjBy8-Gt%Lpig36EYXkU-TD_6Kubg} zoi-1=LNe4hIGJOPJk{&7j!C0+Nx8c0k{83_&8WofC~r47r|hbj&(&U9*#`8fPd@h2 z+NHAXDa`-Cn*n!JhtHJGVkNllOK)Vs9Q~~Qjn)DXW{@rcs?!MAixRCZzsnn6=X0!$ zyr6m&ZsSobl)n7Szxc*`gcu%`vcR>KK71~8)5O~Kj}kz%XJTIlxTN@?<4DD2e>>!V zsW953*GS-4(1^@Yu)@?co_8IkSgwLcWL^DX&*9$gC3Pi)#^qluYh8PKt3O(4^k@tW zhb}Wm3_4D?+`%}#bjog=<%-f4UhnkKP`>UW-Sj1Us(TBq)K4UWqvmCHjN`xt`c#_m zF-3n!=+F>=`vLt^`c&M)IQXD`J(Z18#&ZBP`$zmN;41<0DKOMnF(bVFR=J&~f)gCO zKs$~+@c44?!nfQG7Fyme70-)4?lB7If}Sg96k1g-^?SxX4<~&dCQF7YsQN;}l$EYF zswG~I%+5XXP#DbJu6R>XenGF~a8wc-mC~D8^FAgrW5b|I+UOMxP~XSC2`}#Uz4_k4GF{G2jOX;)Nj$=L zUC!uBYkS(fAy(J1a8Mzh0L=g3lW`?Dmpm-baG{lFC;Fg_(@zRAfsrE@N4K(e3N90? zMN%`QIA0DCmp%5Zfr)tgIg$gBT%s7VedK|*ku-f;hXYeq#Kmhk5jiF>Z5b5@P)l*8 zF<^!9;QKX2y7nwywof}F=|11ZdVS}$ny z$Q-jn`j$qhNqRx&&**~gU^o@bcrK%tw<=?!`+~6NUfv7VuIeH=kA~FY`N^4@#k*@| zyfUo)OFrJci4jo10rfEWkuR-M4+uSsBupPpTk{6`n@HL)ADnnEE>)q^YV zaiRfrZmp^7hh~2O_7S@}#sEur2=8g~D}_WU;v}C=oxbzVauOyOC0I8l66i_s;PeBIEKG#Z8^~kmPrng>3%y~25Wx(8uA`^ zIpY;nuG@i3{TSgdU2a!{M4K$S+HgY$OPQRjDf{J9*kgMq>P9@um&wrf3rFm7>2sy8 z(R9pj8qyMxQZQ2W^IBjamOGE{$l*T7snXiw`zQooc(AX7RY6|ntAJ!CX70Rb=pC)u z+{B{gfO1~D$Mb421Q@s_v7AAa&d=4UbL`@?Cj&U$2!GJHW6;g7jv?4F@1EJ~GIFA( z4)4>;!9Y!6xVcbY!$nBOh}+!}(JMeUnGAP*D&%A)qk5fCZKqYYuR*K&rBBs-V9<&R zcA3Ybp6wPB{HF?}huIKKVO*FI_Xm5Y$PQmE%BdU$`@@%zvhfyx9mX)a>SdelqkrFN z0h$}Nvi+DIxBKP@&|}qDd0bNM?)5Qk2`wvXBZ6(oY9wh8v-%{|?=ibV_yV1blK<)$ zMG}oQ5!?~$brwP{Rd+pJ#YjQE9(nAkDdS(-5~=^(h*^7%A!3OPk+A4@?( z?GPCmlQ;5`^ZIBWV=xj&gRmKXj_JHn$>!;8Gy{KJL1PR$bFqyOHYt{?h9|6aI9Veh z1f^mVAjWg8)tckVG4ZY>Hy}}Z^y)9m(23n!=&&s($u1Y&EORb#Ch%I0bX+NO7HX&4 z^%ZHE>O-R5$*WpVP>aFoIqMNvRA2tN+op9WJjG=05(O-Yu?fs1SCV?ZQu(0GO)x}k zl;d>Xi1*@!{{W884xY33>;;0Kd#$DOdp>WSWY*VCuls4L_xZE)c{(ea>Z59RP zWgvG^$!n!)LJH8oks^=u&U)UbtZGD$&PlD!q>C2!E95ffy0|RicGIyNZPk}1=zGZZ zAMT?C(cOfZQoh_Tr5P1f_$Nd6`J18t589*uFWM9Q-?ZnY_#fIcZ}#7`=eO(sq&-3Z zqCExwne)FC|IPUo{NVuz>(&1+=lA~S^3&1w`LeQr>*-bs!5BUMW5v5FD@qhdj^`l! zPH!d4=Y!3Rzz+%oOl}O)Pzi>MKGS&*9c!Y$rH@eN_4}KFxs;qaTU|ja>WVW1utm?N z%sbrB#_dG(`Rp>a_@RiZ%?W&^-LuJFJri$sFKJN*e*>m4lH8zq8-~9V1qQP9 zI!i2eiO9C1kr67F{gzxAr-s0qbqK2$eUv1LTM3M)8`Em-iJ}y~8Axg}KL#z}z6}uJ z#F|vz576k!!*IY@yQpzeL@a-Qf3eLRY6W_8wA4!Fvs` zb)upec?a{2y4wu*}xB(rWqwfy8}$_x#4 zlJ+IWA}|k(I{7rhZ{bCiQOAKS%_hNQEWgy&U8yp2dEw%V0U~(s%s(s71r*OBMQTVW z*zsy0nf7Ri+1bNu<*E3ItU}*FX-YWmnlOp+&ZGt?`@AmLh~``R>Sn)By&zTqO7^59 zRn%2?`kXdo&7cREWPOLw?cw3b*#I&7*u2CL|BN9=LTx7jM^9w=vT_&SA5ATB8K%e_ zkD?j7g0H}cc~P!Jo6r?>f(=hK@-M#VW7lQ)RcGQt6p@gVvp!x{4z*pc#9p?Hlun$6 zkiT-_EeMX3MxFV`d@$6bFf-WvN}41yvEWK-r1O^Zk*5qi#S^^&OeO)>2h^|GJpxU@ z`PSJ$-~i|I#L&0tR;Ykt+g33?=F#~&yT?qQ>PJiKQtj86*DiwVw9k07+s#nIx) zy1-~JjZqR(Ab}cx9mY?EQ`c7NDl8iKl_-?kdFMyKc)<@u*)J+>ulw+VXE#}o!Jz`j zg+@t|*-7Iw;n`yj{51sQYU?5#&0NAkw~eYp}be>E*N5zkg-aB2e;}ErNOsohXb7- z(Y&{iLdqm<<45o<-(sm2WO+W!+1OLrR-Bg>nzQkXLBT7YTwj0a`4EDiFHYBuwH~aB z$v91>XfASYuPa@)@NfHMtslXD5^JHlPi|WJg|5!ZS%2(Jc2==7SCkGgovnDywYPR) zctrl5SaZ7acwAI7Bj?pyId0Fwe%6kmTgTB#=FeAYDX2(#t!>8FHf`=;UGPdHrC92@ zt7MXefXvGNwImpzYbOh=BMu!MDIA#NcA_XDH;c(${0AW6qY;6h=zuS~LW1*5Nv0Vc zU9(yaZkg=|A-Q9>PWSchP*Df^cNu5d{j$pC3qsw__F5UAa(Xjsu1RXkTftC^=oanM z%?sw4f0b;LPomTkpZ_x5OQk%KT98Xj{eeQrb(*?=-KvU;Inkx_r{}f*A~AocYHnDZ z3thnGW>iDdqU$c2U&%!MX4Aei>3AkAlk%=nkW;z3}gG7krKw?@aIud z6v4`ZRKU?utKd*aJ8WzA`w}YR$n$%94X550mq6M#wp*D%vc^c})dwUcxy^D;~x(Ju{ENN%~bk147?cexO# z9wwMC%^i!j+{Eiyw$@Yl@(As5W>R*Eg9ANZU$u+e6Y4Bq*IA-Fi~oVZtRS2savlBy z&Zd>4rs9$EXQn6uJ9;tlOb^F@^5q*unNYeM8Y6>nQ;yO{aG+ zK1nGUy^1JOWvhKaWTmGD@l)w3RJ{a&BlZH*2kK{vy@4!D|2jm!U9d0#k$Zg96U#vCYJpcKs7 zn;#H@R!@o-FWb-D{6fW>0SX^PSLMCwj9Ao(5YP7X6&2L-G8SR?1mRrSa-hI%^yh4Q z(sX*aYqc3%+^y5u|HNbOWU^N{ocW>@s2sZjibp0jsmz+R1TMSJA-(DA zc;Xfn#U-iv&eb4*N6If^wJ>P4(wWi1Z%cc54}uL3!;*ta%L~P_tIT+bBkbsU>cW`x zUUj}T+9xW;%@rD{Rd|Ow>rK8ooPKsV+h=@8)Sh+^9!g{CD~7r{91J=U+cW{57+if5 zATCV5ry6$}PWi4-@IL6Sz+Pos3T-cu<=2qeF*I~UfE!T2-5(z8yuR7#+7y1sfN%Cv zL=F<)^n#AkV>7v9vl|7#txq<~hT!V>Sc*ftvZslQF!x>(_Oal;(C8$xZf`aP<^iOD5%k;$Foue+~PLf@ZDG#F-=6N zLOrKCYH;3WAP;WVCXi1Y0lG+dzgb+P(6Dg#@p|FrwlFlC6HN=dR49Jx#kFQ4-oG2Z z^lue-KjzAy+?ceNQu$KzA=+I8PNPgWZqi>h-Kv!*(?-SoH(N4dY+#`HGlu2?3sF#EUz^iE&v zgA#0m)XQi!J|F%-ed(xd;8$v^ciL%el8y!nt}z53cMy*37poj$U_7mx>PXyJxFB}0 zvoZ+gwn8pb3ku(0aXs5`oP|U*HG03p)sqG8%9f#~*8m~LjJ6+wfyPvnphdXI9o)x0 z!BG8O*MI2MA+bj{mmG6=+-2A2ZgTXq&`B)P=7`eB7Y2Lonb7U;E4)TieWQ?Ydhy?a zR26JEOGJ8&BOSD?tzlhj^4lq=^xdBnQAVd#nXLZtvO)+8Hcaj84L|h6=4n8w!_}YK zpSJjQOaPXHB@o4ix*&dFQ{!9)urgvY-^b$ZOqmVdx0-Hh8Yz~k@MxrKcX$yOm?rKd zk_CDxVx!$jNytr>a5hX<_!@BlWI?0u%gm>?)OSi0@Y4p@`uiW{m;bB$|D%d9_*WGX z^j}rP0?^~%D&lVB{{N~7%D;Za-v7LanE5|D2OMP!1VI7j=6f zO^tg39ie zxazf@dH7~Wlgo3K7U9!LdS{q|t}{95QOCdwXFDevdREs%p<#)7u#pErJ^9f zewQxM9w#UX$M=&=>j!s-))~yIuP^|py4M5)bZvaL#ofQP-}Ipy&18!F>10Exs!|r2 zawz4V=%+a!m|j zW~u^IxgJ6y|b#6UfXqW4)b&Qv5VB|7GXj_?PSUS~T zARQ_hW|FciB2B%DU8TKzY+e{YK)_`vh1SVqo0iZa5Z`18v^4G_e;YYNvxRcyHE|vY z9_1fd@h!Lzc)HeFOky0pn`Z+0o_mX(20Milr4}XbOH&kWqDcr-ICoQ4rt@r!`Tew` zqqLZ7S3VDW(>&E$3-Zz4YLnikockn@D({i2{vTiO*rZw1W$mVI+m$vdZQHggZQHhOn|Io_ZQIVQ z#9L2C^oi)x5&Z||r?uA_am}&ENTClW;uEelZ9XEcf}<)Y%svX8_eRR=EfyIljsiN1 zZ{+wC_fGH#<+^)qQoregd$xVdF)xnrBbwpn9Q}lFr5~@+GNYoprzn=rrLU;aUQ|Vke+T+*qMDCzuGY zQ^v~2-w(4ewvr5J%Y3dJ$Z?0?ghG zCiX~kjv^;e6TNDWb$-a*ia0I2kg9S}ei11e!L9_BUYQdjDFVgnq37y)BCNdM+5ob|<`Dxjh%! zJWU1;{?~-a;==lpk)`ck2fmKfyZ|pmCIy#7ZSDQA!_tm2W0DDtf5dl&x?OgNqd*wx z+IcP;A#6ht?OTJQ2kV1xXARTQ=Aasi`Swi7k&J;Uq&qbXb(v{nr9UyLWVNB#QeGP@t>VX$PlMCKRoBo$qj0V$Aa2-@-~Vk%2hD#FfxaAxnnWKYIjKEgA`s zdup0v-8&;$O=R^IP1X z4xutQfww`R$6l|^xSfcfjYqxPea(Wk%Zw=;3Bm*{M{JIlcKAGK54=U_!Q$v`f8P=4 z;CR!Gr~CQSLYCoo{}>lUUWJ?-_>dq4nj+qxFgh?}Gr*oxI%`&#@hZij|23ew#_#Fs z!nD+zZHf(Wg7nog`Ek>EO;N5JxU$md>lCc$pd2tLMlab7IsEws0rMJdquu9h)w2lj z&k?1InH&jdhEZtGY|+vaBil+!62^H&TqQ0E5v1M zwDdFaJ}N}6Fv$Su>X4jWwWOdbxhNSOfQ)h`4pV+a42OzqB|WZ~(ZprrPXQ!bbVH?> z?>jF&Jst{IghsaMRKDlvm(e@Vv-AxO(27Kl3rWX&L!zd=h;>|X>t$Z*FJCY$E@=B` z6tsW;_UE>ozV96aM||c+e%L$7$BU0JnFftZp&E{|q0k2Pk!q5FOm>7IBi|+E&O=0a zIs(zg`yin7(>F$!@3-20aMMQ9>4OZsw^kVY%4k7RXhjOn^>c{^h2U3dZ=Fn%fj{T3 z(Ck!A&CRT?>Pkt!MXCs-;x1RoJ88!~FXyI~=rujK902!`!3;qxEeLm2qbxanW%v8z zs@BkBrx+q819_@u5ss^j%k=`}(L}IZ3}pbLq)rg>fEpy-e9cH*AiaH zjUraEJNz^9`4Ji0L_Fx-%qR?TjAPvt=KF>sqF{CE0tP<1V2E+iQ7Hf<`)sNnMCF*& z9}OX*uyPjHLRW|${($pNm=qTDgsovH?h2H}$W;@=O4q^peHc)24??^2=>BPw-1;P+ z>)C`;J5UST%HluR;X`z2xc6iDe7D1#08i0!-^!}M`tz_j#ayMW2D~%N8L+4MlHZ9` zAxlHVac3bYI|pi5*T?gu7y2`T=)SmAElw)e;=}U7Ua*R`z0dV?PULQ?$mJO-8*kv< z$+7$9!a(q6{mrZgRBm=AIb|Ig&4)<7eUk?QGN9Z_7F>%*PI0__$WC_wE;cG$DAni%pZpn;ojP^D-QTf_+=-g(bI&GW=jM`Xr7~GrA$EUvi-x zj!0qy?A!@0w{;?&AUjJcEiaWX$m*SY?6;{A$>|Jp!GBmXUG?p+Zi(mT!RstS84(KQ z74VzYWhFK*M2r_@^b5*TiH1}#Ia|Hrg)2ADVTgAW%E(*dQY#xUXzx+FLhm${pg2=niGK63Kmd-2_Ax>ux4xS>Mog= z-N#j%SN|y~wI{78mC-Y?pZkWYZRbB5Uvh+t=9AH8^OD2;_|%~O^|=gi8rBVde{s(6 zF{f$+kt*FfUgY)_;1o$Z9<`dVv7h~LHSAIab`OnX7f=$AExnrcK^n$l982ZUM1&yi zT^Ll97vPX|+{b9}(+KT-pp##Jjm7@gg0nPaBi|{Z#)$XC!R&mrmJcq~n>$?wwPV`& zdaA$*a8!Fq$JEE@7m{+=OE|fRKW=g>bDsd5szUFrvKswf_EtNcDzSj8Ld)6Nhy|_)(`9IS zm=CZLvuY{`_>h>PT;#not4-572!WYZ73EQKU2V6pGQP?2tW-7psYYHOt?VsioUY{W z|Ft(KA~Q~7g&6JIWzrp&j9JAqM|0>OV#{v4FP0Q9+_@6ABXlrim|_|*&|)iIwwJq< z$j=N*rEF@t79r&%yy601S_5d-b(m6cEB0PNPGtD*{Fz3QM!nNqWmLI>=aPAB1-R37yM6c;FO1ZYrz;Pk0*cf@_nyC{_YvI}^C=e?X zCo8XqO|d}`UByZ*NybQl?#V3!)-2B1Qd@ya2pl;ZN1y=@NaWU^QWF7W@vou;_fefl zn&11B(;7K)u+4>nHc8-phHX{YKFwb^7QRU3O5$RgYkr6$2A_mgRdr4Yi5bde7DZo4 z2O$GLe!{@Wlm$f=yTPffQ05M(&F2||IhMjt z4TEN3@DL(7AbeWj{{*xQAF-df*IjEw_bIE8A*5&!pt?4#mQ{KL4xoBN+2@CPPn|+k z)O>7O3!o1>@xjwI zx?m|#`GfCAY;JsFIJnCH>{d#}RNojZ!tRkUl;3vYAp*brRUj>L-JR3aI*jSnCZ6cf zMN2S6V{Uy6mzW8RN-CvOq6hrL_wvsg-W%dhUewsPi$XwyFna~~c@cCN=s6_wbi$k@fEZq1_3=S*4Ipqrq?RrVSw=a?AOpwb3>tacfvW#=_W%c%nwm*%QqE z6ZK(F2nTp6P3Br#(|>M$>VG%?|3Q0<{)_em{%_iYdi9U?JOHl$2ki;}&qUm;|1)JL z{6BAr;Q#zXU=j7|zu%Iqe-2Y%U?`Y>?C8H}Pa$Q@LS{#iT#B+3$G*94Fl{DD6OhH~ zD3BGlSMtuSsw0f=Kx1N|7WT@tY5O28rK@mw2%Wol#n*r6GR~@$6$AYoxbMheRWto?Sq-+V!QM zQ}{GXIP?-`Pg?BD@fkRphyb5&AtF>eQ}EX|rgiHEdnWefM#%YVIVUUVNXU>h3XKk1 zzV3TnY1tn^mIqUj1~nUe-#|xCv?Q+tgY79`LR-gYG>akK3sM%%<6+7?Qf$mD*F^!` zR%DM->YsuoDqis~=RQW%VaC-;2a+dFzVy9SZlp0!+@0|kD%ytvlD_hp`q`V?ieVXb z3jcXvkB)LS6|PkSUnd(KHq6gnNA=Y~c8@G&d>huJ^Jzs8QcS%jpZ&NTj?%bUIIE5- z+W_(0N2$eCiXHfu*wFA2q-t%G89|t5feEZ`3Vbs&D!Y|z{!--7yI)jcypD4R3QNvd zq4QkioRSJUl_5Jk18cGt?A)(f8LtfM3A=4=u(_`_;>U8g71tXl9Sl45pvvkDgnCsJ zM!jMgZq)R~KM$m9pvcTNWgmoOq_xl3IJK`9ZB_5Q0cyC>xjH{}w_yJCHt1iShaerP z-BbOQ?lmhk(Vz-&yNJ)Jv3}$$71WJF!~MgBth9P*n|`y8SV#uu!TfTzGF1>c&Ywmf`t^qi$PZ!C zdaGL;aS<9i#C!cdKAy#_|0VJ-f2%h`%HJtekFL-q6fuMbY}|=^qqZTMxy5ZFF^?tc z>c}+=bset5#`3J>q)<&BlLrk$L9S`J5-@^?Me^1|VPgx48oM_k{Zut>;llnSu#n;b z3?miFRbd4RT2dk?X?mZ~-^px8$9}9--m)5xWMvB4l6`5ZfLMJ`|CqE2+2&~|zDP?4 znsH%vh<&!TV*FU$Hoi#CYzq7F;ep$Z=jHG;;)i9%W;tdXM(OL3)CUbWHsVPUw<6r~jT=c$ou7eg!D$9Kj z%2+OmIt08n;tQ*6J!REC6hwJQkGx!c59ZVoZx+uQ%9)laede|JxhQ+O3VQvf5Qtr#6Mayn^c{# z2}i!lmcwsm)%(K(F)-$WueZk`pr-aasw*PW8sm|blO^s+zuZ4PyV=qESJJ}a6z zBlYkapqn%y78Jn%gaJjG8)#%d*RaQE!O2BbBzfdU!*-$(#G~&l7M>L%CZtb9N@dUg z3P;lUw%4k9wQdwZ$VJ)0E9?AkcxYxm5hLk?9o_I4?edR1DjKULam2Z*PRzQp*c?h} zs>rS74y%tyU4f5WkUPe%v+%IJJNv>oEq>AEIRW&{DZ)C_af-Iihv+ z_9N?)+I4n+GNNiI?`X`jBL~to%-_BxCAQxqpWEl+I~dmz9Fim?phIHGd$Iuv{g{D? zHu|0U`ub--Jh&=lf@I{ctl`ks!T=voBHTe zVG~37jd5v3+^*6sXB&&L4NUL_@Hm)TKaGd$lab^dypv6bbZWwbR6n-CL;yk`6KU_) zUbRcKJ|~CB$`(ed1(T2Xl|kB6R6#S0h)D!{(llR7Y95WME-zs+X=+pa^};F&4E|A0 z_o+)IGxK{K+=e$F9r<|KcgkqF#MnT6F-aVxaI71<@1i%5YWj}8jd|2B3QMdv z#0L>ZAVHGUNV;Fw6k{!<;@gLSrv7K5i^#_~pD$9J@=BkD%Cg6E5r!rox0nE?qqVe| zYc3WZP9&?37x85mHEQ#tdUt7&+pmio{~Z3JUl~_YT&Xi!Y_Q*Pc)QNz3EoS_p{asD zPql+mB*7XEMQ_+IsZ1}GA4h*Pv?fCpFNYNE8T48Y9 z$fszRo-U44U4jvMOyKs7&_q#k+rAc;P%6EEDJV}2fZZ|&zJ^#<|+=D$WigDZOwLg_F(GeBFCGSh25m>*2qD&i8upwq+|~zGG89C6iv<7HN!_e z`P=NcpD;dz0}ZwQDsRt*^NUKfLD!V?PIRJL4fRr#lu@J~Fd)!2d7fyB zcGhg6IIzPH>b0dHR=f=bocJWI87xMRQlDhZfx7Q;#hP&3-+QRcO!3!d6d-fArm(ak zly@nW{|q5f3=;wZ0)@|28;)yUrIN*9N=OhGAJy!2>_6{|^zSXXMl9h|_N zDFBOl(L>LSKiAg4BiZ?+x`(lmP%tl{BQq*f&5o&?v#-*}qvqrI&eA)d>ABB}HciX( zZAQ_ojgmIxB5V`ttTNGd4NbOqx)S8xpg059>Xh{9O!(|b=txtvJe}Hq30~7NaOCGg zWe=t!7$Gt*t*})P{f*ClVu+c!@o%paX$p)<-9V4N zICx14H*!Jn9@?vzql?2_57SRNfJnyK=>WF|v!HZ$%vvgSM16ta;rkip1IP@tAE2&x zAX;Ii7RAjWK6zXeLpQp0%R48Ihq+wZH?ZzOB|=jjaKoTEwxN=NNrjh)Hcs}*ywI!`Qx&V=~T1&xUD1O?|xuT>^JBQ!nML@3|i5*ZcR%pp7%W|~X8Br$|s zX59H`6F`Gf#FL(KkghzZJi_PG_6}`{+Yc-i2h(W<&plMwI=X4btu(*wNwzhHZ-O*EQNLb>9`mg-216M-KMPeqZZWEAs*o_*xVP;;ydS zx~h@!>6Xv3SsnV9hC9oM{lY=NFeHqR=zq-fTRWJq46HfEK&~;m z99#vfp{drE8iPhPo1_+d`ZntF_?~ON1D`T8dDXf&Dk&W_K}2c2=Wi&deX3Zg$*>ZF zyNC+L-iK7!qgr&X-M72cqhWVd@6j|U?vjuuIfzW)SJlyB03Rd0hFN`G}WRgD}EB;C2LN`-6Gx_ zeYR0s?$v3v{(ORzEq6q?<03O8>#T7wjWx-CXY5t%V3k^kOQkzD1{s2>HjR)bjMI;V z&Ll`3+@__G?jmFPgZOsLy?=Ni47G*?lKx5{!%rTb@s3Lv#SIB0hE~~7AiTtF%Awz2 z6zYCMZycd0RLEbgSh!_#*C&&TE)^LmA0X|%1)Yn8$X{!7FpR7GrP& z&S7w*1&S0sLDS$8e_&!WT%>{`^{8L$5~Tm(A4QzgUfTbM>A6nt|JWqLOKMKkN?NQ={%(N+Ch(o zPOHy9p6)NRZQpqzQaF6r56QkIr1thh_*PygP0yO_#w8gjLiOTWaIGjfb_SZ091H>AFp;GdgJa znVrUu>FLr@%qGpjaqI33&bu_HXnRE+3POL`${g|IHqbA9c;>kwNb4*)mt83YPJR#a+73C`XF`F-B2y#*MB6BL$aNoU4-Ppu6I0l#)-E9V?3%O8#vc&M@>C~0 z4(k4yL921^*|p3Lgp)!cc;{%MwE(3Zm%o8un?#qaoOgGZ=eTB*;pHd=(DKn$v@lQ7 z6d$wi5*{Bb76|O7i;8Si(nuFw{-q+8Wwy8#3q*RBp~CbieD&lJj)(r{=K)lYwe6uy z@}m$qTMX={_3#PoDG&Twc8HT&JDFo{E?Rv4!6vtd{+&$V=y)I%^Ry2 z@4&Ch=h%6Z!sY<$$kQ_x?Zt{ls7{u@h_#;7WBS&urt=B$qFZ{vyz*5DJD(+C#RxlL zz-MoP%-(=A@Bn!=CE#i3sqT+Hym-{J2e@c0ii8aOS(JN*PBcYeJ#bhQ?;6?2frT-G zJs#~WK(}1ic|y9s{g9 zG1}(FO=!meun)C%mXF5L(7BMDfr8g|C&7Qr%~b=gLv=#(x`IW-uZHo1#rCzULOj@c zLAS-q5V1z6qzc0)dJ*uYTP7tsEm1*%JIgst(74}`y3YZP~t1PCp4?97H z`*KELS5({@^3a?rpn!4dB6Tv&-R#O*XOiv$D`T!|$7DRMyQ&$Jrg8eC|1m@vPT1F4 z*c&x;d~!IXeiX7*{~a=Yp;cS{m79xuTs`#e)qoErKky~aN(*ctMvw+A-_88R ziVqwv@iEc2kAS8W#Rkvb6%3mlPLnyX^8Mu~x&f=#G(sb5pm(zYQ~uQ$|M1ycPj^v1 zCLvsDYiPv9v%~31|99Ua7MSMR0Yf}9f)mL*0GV_X9RWDTH7)0ldg~&-E}XfoE|ExA za6U(F$rXp{HLIqd^;q6<4z}Pz^@AG0h~}3SqJ=4?1P}0gAn%Ex!3bk54oKwu0HwW- zC2|Tot4YA3SZ=K~FN=KHI3*NMkehmzyTLOe*Poo<&xBs4-__gb3IBZGFSk$H?bBV5 zN*sO+YQtZw0GRvR_1sJ=mVsm>RDEO&uqOtWu69w!SfB#FJDLvYPu_kn$9ba^xmk zYh~$9#fx%DEc8*|GSLL~JpxiX=j7Vip`EEL_}x?pwVNU0Z{p0VdB06nnYfxadk8!N z`Sb^~%$M7dAf4@E%qlEM3N;S8Dpt-sc?3F1*mocZ@6C3V-ANpiYh4V_s1jSny-7X zMg4SUeYmjt7K+&$UokeRq1WPhWH1rY{HN?e&Ru^INI%&6B{I;l z#+9yvTeK{+#5wH{sk7+xq>GrIfw$Qlb)=1A}3gr@m;(K&!bfxGv!kfQzyyf zFMYi)fFvL-(BiEL*96Yw9Q`;*UAAYMBHO&Ag+;#Ez{B<|!|qe+^h~V}%;oY0!C}4L zMXY9D`4naJ1H$6mntAp)VCSw^`LkFl@`wl@hZ4UR?FSsezAeP9b>@Z$b#Z05F@e?| z!DzjI8hHXqzsRlcaTYZvLw%!tl?-AN}00~4cos2h95(6!zt zY~Qb9d}~&8$X$3_%~Dr$`GY~W7cL-87BVUq+d>yOj0ZEH0PUtm`SH-qBsPuM>j3xc z*A!VR<6mJJtA}6Mn8z@@XYjxKUKxp)MnDRSJ(|PbuC*#(6;(QZ;7A%{LCPrdqatSc zQrOnfzZse{Sjo8LWOVb|Zkm5t-I|IIlqxk^sI60FX^AJ8~w23vsBz zne+=jh1(7Js{(F1^@$cu`mf7dr*J+G+dl&HHn9;3dnMo=Yy{R2@Ska1xFuD)IhvR4 zq+SgB$U*sfd_uSuF5>m5ZE|xAY)}3Sv@_{Csr(_;V#zxdyuP^}Zp}sk0cjypRAwcm zgd6MYEXnbai^u#4RXAko2?!bKGT;tffr&~cKpQ9R^~0il$C&TyK0|UT+z%dOAljmS z3;!YB?Ei@O|H06W|BImq{BMT-uafW|L(h}>{}?*Wf2j9=CNBS*_51XCt1Sz4_)%^DX3~(y8)x zIyv8Nwk5s!V@>;(_>%!VFyt4q$kN=M$hn&11MCwR>EmtrKsR%Zv0oD=nXA;+g+`~g zXgas%+x=KK_=Td}O7qO7&3B-3t}f)<8cg9c`!O@4WLr~4UQ(|O%SxPXo2Er0BZ}n3Z$QnSS;8WN?upg;I%vaZd4&+=JcyTF{Hr z(+*5u>9iVH27Jhql88PkX!k{|d7``cu1@QkEkHNpf}xYbcZ$$x2W^I0z-XY*2?y?y zH-^s0eZRn1>1>u%723FL1eg;}SeyH?LZ4|SNUk(Jq+{)4qcc~!%Beebh@F)Kee|9h z!3QUVDAy1e;+CGt!&Tz0tumgKXpEJvf^vSre6AL}Lf#pc)=RQ-Z%^Ltr#VbM;#!g( zAn@SoFs(n@m|Q>~&jnAJBDdK)dH$jxl!xzY+--UP8&PTEZlNarJe|d*<%yZpUiDBE zd?sf?{!Oe>POWWjqX6*;oi95o2>5`6Cjf>iUf11M^@gg+e>X&g4;&wUe{jS0#%C!# z-A$W-@dKaW-p>-!J#SJD)D@L4vjV3CnU3WmyuK3V9;I9RNc685+=kep6~TAT zP3mhW(%#_06=95R4>JGH9^g)eemTgKB+&)rSdaTxQa(B>^1gQBu-)=e{{5W8 z9an$omae-N>WN1*Z4?O%0Q=^iRhbeBSa%Qxg>o$CPf$mgvX~Kl38a}X3yaC^Q+o{+ z;!5`vvvtVuTsX5!GY`Z!galI$*+>Uect2Vzfe?!|lM{`YUI8wx)9lt`zxNNLBgm5s z5%-8v5y^nFy3@(s?RpxO1lPZIIZ8+hja_E7U=>UeJ$i=cFyB#1v+m~CJZ(3|Bdl+~ zi1qwz^Tc{ViAyrJM+j$qemD}CE5d(S1G^9xn<#(WyH;QoqZwWoOnIo zOvq^+ra%YQ<=8MM-0aJ)R!pVuE2?Y;{9S+>*t~1y2-dB|ak%jws72|Y(^Q|0*L}+O z4b?)iQLI&nfz-LyZ!L_@$>Qo|N&QMq5Q&mc@y9C2Z*P0JIKkK!b9D@CBMF0Ht@LE_ zd|txah_HYD2H4xCEL0^4DJ7@4y;Y9!Z=LT+iNn+^#xobuen#AweDO)ZEBR3vf2*mB zPW~E}@wt@aYc76j5k)6hAgU`ESHYH`=Bu(d@@X2EWzI&jq~F^uKRlz-c=#$Va*hN} zQ3t!|vq-oG>cblr&Ze08GJQ&?Oc(N6wj9+3|7^?Vd~aO=VZF_exx&jrGtmSZP*?}^ zmN{;4etCN8o$a7e+=jDf#Sa^{Ff7%N4z5d#{cl#c9aU@Z;{>FGy z_3=k}zm+~1&*;W9=f_zDsn6{~r&jzaOCcbFgIk5fx_mY8^-W?%se+k()sf5$U=`@dd_kC|YXBHQ(kj0K}P={<9Cc z7ZWi^f+T+0F7ELT-nb;Jc_poS8}sRgAzq#SK~?rIy&LUn{*z&&Z8}pmvLH?B)D@j= z{z>w0%8J(haWQ7s$gNZhh#m-4vKJF& za8}sA_z|iJ#n8b-D3eHg+D+C3DB@ zO*OwDgV@gT)Q3>O5~n=MWjP9{wBUNHpcb2gpGUJXxv3vW=B|KgK~VH8)S$YpRO~Z%N66a??Y#tnXpgqudWBIgVZP@ko^+A96J ztxw9C#v|hF>wOi^A50$r`yxWYxOYrxy>-y5mMrzI!r!+A#nd-qM3GaJI)A6HvH&mTsOakvw+jL8pLQ9#rQS2FdUC#sP zQp51_4_R!#5QN<|io!`c0{TW1sM|Y&SCaG}NoNC71I)sX(=Iwp zK53YKc+Kl?RTKK$CH1N;O4_J5^WMjqkON7$anBTI>MK(OUBb<`P~^NwGj3`~@pqj= z95YR5Q-M1jJX_eXvIhQs7iU0>Y09yeg`_z5lgX~f$xSR71=Emc;qeeQV)g7v-DJI$ zRt0k4Vk^ALQJUgEiw&IcMA_M}iXU*pvQ6s>yV^c1 z>#zNEBH;-+R_C4p5zeyZTsU+j63;n{RE-k66Z`cpqAQXR5XdftcXm}JEl!pQ-lXN= z;I=B>VcF~TN$dJ#;4*$?YL3XYhU}AfrlprS(5Jc!y3J{K>M}b_7~45_q5ib4VKOdF znYC~}@?So`JBy={EPM}p7|`q|3eMqn4xKN3!e9!Gd2cZ8D29r#Z`dg!|iX@|@SQcKi z*|zML6{&tTvw4vw7z{L@{)-yVaTHcVIyk%)mVzH%!F58jKRQdaX_?NET120aSbVWF zUvb}D*fTbd3TP>~!@!N?*9_4*5rrqwbNpk=xh^4pQk^oH-Vif7)CYk@bEC`XOIqz# zAiTx#dJT9dF+VfNI1caDgO?PMSrXi*qOr#6q1V~>vf{oIo*_#w40{J@=3q3~qWG(M z6-&U-A>!0l$;9=$@_}K|?m-JRjc;_b4qTU-H7aWdYb2*GaxD7xk8eMkNLYqoLpC7i4)eHChMfGwL{fOEhMoru%;s z`tkp*`Az;y^ZWmA&Cj;wj|4)PH2c3bziIaW>6?lDFW*e=|J3|!TmP;3!GQm#=AVZG zo6(eT6q)|RYHtaw6wPk)_4fluZpc$=qIWH(D^v#+Bik`PZH9-RKy4VrRx4uD#RbLN zjiN*563-FmHs#?BgAK@$v1AnTWw>5_%{z%0)3k z%8nC8m;`t-=~X0ZQe+_`CA-}Ex}OO@|Jocgzr-%*iw#vEQb_&4-p(yFZKLz)%}jAZ zuBnLdu_ps$`~kqx5GGdiEJxoYecGUd`DF|}umG<;>AHfK>p7HSO4HncDe240;r=nQUnvd| zNJJa&8hKse%%s+w(#dJ#qm}rq)@gUIhOx`Fntw(chU67vV5@_lyS}V+6Of%2_c(R& zh>c3dX%;g&iMj$jX0}Co&ZvwZ24j^KSX60i2bzJyz!`}CD0qC@)#ht zoVpXidT5c1a?@|YMaZdmjLcb(z72b}YbBFQ=la$Pid|wFzT!?%hl8<($!1c{fGF87 zB=koTk6jSYIgu9}w{{(MDz_;-GRwRJHl4=3v_CWUz+w*_Hk0k<5zY)pL%fndC<3Cu z{d&CEs@T;UY746zsD=a=&d3Uy-1w+*PSEXeM{iLt)bWN!qBy&1r+@j~u>Xt2(4TqL zt|fd~osdEFZAgUr-b|SVw^Vn`_Xu*KqoUpCY!;RnQgQzC}@U( ztt65^76t;g=>s+ZzwOzk7oMG_P+jtnjfZ%@=NIf8-5J+9O_VCaU!M zg3~pK(O>r$VKq%VN;YQ_BQE2R8In$3I!zM65?ZwF0?V+P#Jt_5d2fCP76{vxUhp>F7}s{DvvDab_EF;QNOx05`0Z;%9X-tq zN=Dvmk0AEOK(WgT=S%#o%mHGSd^+sAjGR2hF3RJry3F*6Q+qr3g`u zc3K5UZghYDjRKs%$hBN>?cI@R9?{CHz%p4Y2+C|RLh%b=aH-0x4>@XrQ$4s%r2mZE zLU@k*yaUGE;+G&0cAmER9!~Z4cVA`|MQUren=w)=8MULv9>}+nH zx`{n3%pd0eY|;u?edUW|yadYPH2|;?4@fwiTbG}iSx@aSe3N07Lcqz)Z4l62@fPKM zwl~5a+U}K=m&#>h6tg(mCP@6$JtdN+U}MG`S=DnBp5OC!&tTw#i>^B~P=_e_LU?Yy z*=rIPj1hToXCP;_9S^gE>*f@@5)LiyEp;mFa7nj4^a{Q(SG*1M<2p7ynEYBWuwE>y z8?v#63gi^wEUwLbgNbM!n>Ip%=ay2Iib8eK-)8b}Wk;6%g0Mu;K~U*|H&c+VOL<39bg%}ky|Z` z&b*Nee#EX22HCY$uyNC~@qhHi&;UP34$kWgz@{Kg+kJS+af979)U^TjBea2KFMPag z?XT@IM(e{P`c=?mT4mVEU)fg4!y{ZlS3?~y8_|`CKKy92ynQnK^TS<7w7!aK)M-~Q zb2;eLhecrce9862F>ubDE$#@Od~0j85Lc9={O$UINiSNaX%R6q=%bm<)fhf*bkmBU z>o_)g?8nO(HG6-cx$_L2aQGSVG7mD3TRWs@pjZsriOlfwS{$^2;>eQf>t$Ma)wLgh zQ{A;_4d_iSRq^@|3?h$N{E)N|N>#lVurYJpcbD(SRPz24+tS`wc`b5F*5dW^og}ENK`gsip%Q-~=JC%T^;wMFWCi9u_*bC}G+6107 z5)%92iyVE%77y`1^8;Suw@YK|TG5sQm2df6d>bFn%Zi@^@I`Y>e4A$~U2-4PDp=%) zIO@SMF_xr<`JbzKrT%1@oBxGb!GP?qT_{*Wda)yFnSE{SI(KXSkX_1Q zLGhaO;?=u-zHrAd-)Ep+?8O$922rn@PcX79uSS#8ZRGgg`$g}Ahj&CZ|kx3DY($>`Y2sZ)NS_W6eqa*_I4F75KQ z?flF^lMmZPbbicn!<78#T!3kVOI+h%paS8`KJ+>@F^VoT$+@CMpAA8OQ&A*nWHaXn zImuh`xHKi|4=u$JSy#QB@cqxgj|LAHsAk^MoXYdj6VW*h65JIEi%JBx1(}`@NqY=Aw zZ8};J0pjNVH1C69>i9VD*&4kz%=bm*;+=4u@m6_#)&2QYax8VHgjl!8-)&ZWF#fK#(&* z^eyHTDA9aID6RW<=YD**yE*b6l`k$x<7tm4D0RabyD)pc6f#xj!?H;KtVY^VqkWH8fNW#1{Cv~Mf@ zBO?bqxTrCoTC#u544bo>ejNBOcvD2XWRjjr6O6` zHeQoX38L-<3P!;OY441j_&k1UN@3v_$S6e5>6;aFnEHl zYlkLm3&x$%8k}`OY%c7A^T5?UBYA z5a#`u98sy?H4fDirEfcGI;RA6<3Dhr(Fq90IT+3rid;jxD8@LofHsDth3U4#!D-dt zS(bzxdSn~^v(^s^nx@BFW`LouAJOeM(;elUdr99PCl}o9i}x4#XGbQuA_r&bdD%Z6 zMHBC^8rGLkoU6i1%4_*nS-NRcUK|L%pkVCl!>bLMc+#}Ho^=^y)_Nn|7SO7aKT{BXR*!>sNeIn(~R+$ zdv;_Mld}*?jh;Qo$+^d?RP1;=NNZhz;l}c(Hx|jj#8>6J2!5?C3qUOiF)Um}t6$8;SL(=W7<=YeeNNej>Xp}fb}UQ!e^8*OnSmHHGrvEl-F ztT(|vX2MN%9TzW;nTbPehrJoOFABBmM-oc@7Cn>@QG1oE$^5bxhjAH~vDH@+t}5*m z<*ClZGxN33f!xmP<2_;JAeKqEm?J1`JcH_6QV@bnE767pBS4=v6Cx&9_Y5{nepze; zwi|EGx%E#;LWLGm=0{Lcq;8?m29gE|=xX43a*fJKt~EhN3c(su&|cc*)~o}g;?me@ z?{}fwh5zF{$~Ji=JjyrKGNy_}27mI?aQSn3WGF8P#RI4E(@dUBe#5dH4=9EfS8y{; z)+-56@b{0|1m!}$aVwZyViO2tWTSF*Swdb{;akQe;H{oAd7H+T)7o;B(baAr4s^pjOVG)a~sjug+$7gVa z8_rwA!}7@JH1Y#iL7-tD#h`ta$p0%-(YDrk%La_uyk(5`(|1p^B^wayW0B%U+X6Kf zHPXdxvsy@=(Ms7Yob;FOR>g@%BpA4%0>q4 zwPbwmYOTb<6G-;XcVP!e$`e7HOF~;jT3q0sD>xEWgZ><<cX~mQ+1aXFd57HN%qS7YkZt)clGScPbnovrXNQhmWWUe7Oj`@(To|a0{;yCnW8Zp{7Ek!6 zELtc)WZoaxkuyeELyB46*d^GgH?ybJ3sviTqYdYLv> zM!A=_udUpvwAL0yr|b*0ypwgz3?fc+&gR+2i1tz~PKdG0*$j`-)}SMU1^O?F6nW^O zhNmWOyjDG(O(MNJ0~=^(n@PP4DvfO*x>A`t|@fI!;eD zR{?RgW6K8#?eK`A8@IG;g|TocTA`GmAbRXbBa5%(vmUD1p z3c3>7daLvPR!~=oKt;YABezX2(=(BV;_hm#bYVX|dcl`?&ZTY>Yy`?*3;m_8XB$7k z;O3;yRV;hZEz7RAe@&9R$mNt+*|L1s(c4p)OWz{Yyy}^NSri+4hq)uXO);eYl&Spl zHmi?-zrF8j`XbpUxKbdqW${(~r4?wsQ@;kX+z2mlVYdPP?qWtz%zEI&c$wdw=2F2Q734z zL?DmqCx*wDa=}%Orr9aSqKC{0`S8=GMM@WWWpT?q7cm<38A79@TT-lXKAmYytJpep?)qd``C&GKq8mAhDBa@?qLnHl%X$hO!KTGYK96dTB)uV-qJ7*YR=bMJoMbZ{ljvuu;n6u0;^@}q2DK zT}~!$i^Lcrzkvq5j5txHDoP91ndo(C6pYmXOB+-NRJ6yIf{nUFZ&mj!5bs($+gy+? ztGjeJmabNA)7x^_KmzOTuY%1_?Z^QU=ye zvcI8HnYhePAxSC|t0OPchba0OCl?raWT~ykO-V^{1F|H;KgIzSr?GcGPa98~+&QXt z4#F_7qCp65p~}e6_nB|$xuPV8#*?r;3|vAf5rkFH3+Z>0xy!SmN!mw>N0WdGMx$Vy zm=12MgBHutAezyr0Uy{#=m)3!Pi<%W4pTQe5j0Q_SWtzo{)<9YTW`+oz=RiD!@sy( zayX*<@WMPtlfi$!E$sRfKTT`ro2aT+$Po~9mZm6z@)ueY!|eSWNy^%=TR*u#e`{k} zus3%T$|d)zO_Q4KD-%KqESM>FTlI+Y_qA)rfD2Lf1eEOSFsR&*P9dn+ z^w9yiWc#Oq0rInyDEzJ?u&^EcYCRC#Dv_BDx{Z9Pw*90AuzqJAMO1x`=pPQ*!WF@V zfsTLmGR9buWb1Jdx=c>Q8qJYS;ZZeJoxcJ_5w5568EyP09#*W+tegrdyA`OdH0b%5 zM3Ow{msvyC52>&OjL9u73zUpKW%2kirB;aQ|F?xc9nf=6dkFqF9h^Rco>cK+8 z)6)2tjReE__SsQd&5`ygE$Ry1$1dPYfEK@)nvQZ;8dpmXHm&n@-#Q04?~(0D!V##% z(=hw2#Y8YsHVs<9qBbGsPRt-9tb;T z4}!a0G5=<)jXCwF83wh@l%dljpLYNFBSHMHksd0!J-pQRGIak=Mt^}RvRJQ!$#ps= zkP2B`d%!9Atz_!8=q#H(GGFvsJH~*_HB)#Qa+0H`%sO8Z1@%miA!ijnv2VXrlZlG= zba}KmQ2w5tg%OeAB|G_hFpYtna+Ofvs;fZs2o77fiD7+z%Jw)aFq$x374p>cmfE`t zvPiBWd*E*6SgD@d@bN;*c0|V8{j=0NGy`dGWf$tb4wY}HE4mS{2{$I-v9*B%OxROAJ(3bP=Zh0*I%X; zdW3ES8HJ|oiNnD{1MfUtE1W7nmKs(Xar)YN=2!)Pn$PB!zacywisSC1fDpk(Fm;QD zn&Ov6(f(y~*TBeS9xlvt?r-L<@Isgia&=^}L8rt>CU+70E{ceE&Gy>kcjcnyT-4#6 zaU6Tzc(T}7d^m+p&m2>s!%*l;+`63rzglQ~yFsJj^yyP}Q1j7K|0O!6mha5+&&`1z zh@8rcDT9#BxtDwk4PDZ+u-RIa=vdxh7L4{1e^9Ozm3;%6AYL6pcSMr~(8a#CZNI3c zuGT8p@Fhcg|A^P_`n3Is^X28I|77Tne-rQjF*jrKPloRIe=~F$@4p#3yAS67&CrLl z{^#6G!as8}XaCO7WxW5Jp+ATGJ40V`L9t=$E(JPXoFoC>+3nHo7MXVHW-F$Yy(zTc za=67YdH7Da|Hc*aHE0Phe0=)ueE|QOi+n+bv5MhMWfr!D>cTZC?*%{A*b?cpUD%uE)XY82>#5NOv0+c zstE;3pi!Qg(t`lh_8Tn7kHl@0BDB!uwfNJDv8jcm)fGR~dJl_2-fVi6*Zi33xeQWeEvY+hGj5&M&2`dlV^jy9M>h%q0LA zuT65Pc9#8-{Y5VQ7oqEpPGX{q3P!S~vQ^?5aS_uyCOIq{ zi{At|I?L4l`Pk2`ld|ioCE-J=yqF@}U9x9}K2gEptFE}$%EhKN>cKm8vO~F zvrGwuu2dICV(&1v4X7Yizhv&PHzkI&zWiSr*`m7Lr5Ef=6T{$Wk~+Y|D1!>24GS27 z>V}x4#SB9{;m!kriWxdRF?a7qpCQz~jHSzu43~Rmlb}=P3pkBYxbsFrpHJZ24Qs>V zw8KK$S?m0SbL|X2i?|$614DY8$<7Z-rqy<}fMFhabCcm9zs3^nTV^Hp0XBmfhN!N$PKVf zr;}HH!C$T8@BIp(A-#!PF7Zc1*&KD(a)yT#_76xv#w%PP=lM1R9YRYQO{g5>Nt%~j zi(-ZlFhpNUW?sizxS0+Q%Iig^lr^YWweLwgW*6WPA>4aQ^>}e|M^{ox_2gkT>)5WQ zmL&^kVxoDYhBj4y1b+JdzCjCI2s-DGlwW}NPU@Vh&4qIf6e40H8Z~N$?IHFPU4{EO zjIOdyme>tP=Mq?c3xT)op>yywLg>!quqp5+<`uB;BfWO8Ev=tfN9w`Fzg?Wj8`}l& ze)h^7Yqr&5LQzqt5FVVVtMIr=?y6eL!!L;HJqABXfY6^mL^`v|onUk+^ObJeK9J!+ zh*h_Cq#jG-I=nDyYD466Dnq}op!yCv?Dbv-Q~`;;Y_Pyox5g_N{Ls`^HXg*L{@|Ng zLk1VR870SM|1f)2*&?3Sj+WR*E&dgc2k*o<*7_sS#5sYQ#)2C!q_>NxqC2Yr=*18I z_d;Y|&Z{@YUe!d`O?WpE?iTC8@PT_Qhq7q{V02s(f(h=MeH=ZxzjRPacY2!mN~u)H z>S%u$+6BqJO7Cn56lMI@%Ue%uHRiR?(6*%P2ynD~F_w3R3l|Uf27F9IxI|fzH9D+D zu^VodTH2%T`iB?V^_M^x1bI!B&l1a`7;C*Xm`4uw-#N>%eRRgHEb=IE`H;b>`Cm&_ zoIKA2)}}eP_XIt##iOW}3yK9V*@bP#jwvI9Jl z`7>ecG&Hq4R{`}LH)g{5p0pmi@83&?G0d6=nh^V}pau_r`!30}Z_^p%uTt!HGp_lp z3Xkn1XL@qDn|^Y4jZZm~D;Fi@(>uF5l6eI0G#qFWiqzRLStnH7dP56^#I#6JSoj(Q z{iXQ(bX9-k?AwgY!TUk46ItqkZ1y@>G1;r%)Tk|*>}1vv7dbtd!gDmL#uzI19Bhk5 zKM*bqh-=8WAwQL7xXU*;e`b}Ri2v}nLVEbKFD`}AC6@1vF9hXEOHs*}ndIRu4>J0?24|d+rzv<-rO_IiXj?&*(h_0bAAn(`43lF}NWoV8 zvLCVO>?@D~k|b2-#Z6Ksz>)bHBAs2;^yJDmkWCZ-?j)Lq{pZW@M&M^B%VO z^sjZ~SJYT7!nP*QI&YER?VvJ2O{OoYrq%FJJZ>bCMyj^$Pz_>qm5A%Ugg(g>sSnWs z`D6O7kEsgzlz6aHH^T0r=>?-TW4|*FIMI*Wdu7s0@oDrjKyDj&5xBBNqYIed6?Bqr zl>2sFsh)(B;A^fMYZDiu-wW5WNR5VMOiepnfmFqu=8NiU(B1n>+22G7FD*OBY%m+w z%;ms@%E~2%aND3d7=Bl^?%E6TIah5l%c%AhDa_Ouxq_7LEozKvFjV;i`sv^$hHFu$ z!mN^p7f)>ZyItcK+%8*TIWp&PJbx(v2$U@vD7D8%Wz+axuC-1ZQE zMg7Y*f}GK4jW2ArlkGy(KXWUH0N8)+lKh*M_9`p>>F9*?M^onhmMU&(3?J=cl6-Mv zUn*>p)yhvR?al|{Q5gucCi|x-PV!FOr=38;IOI{Aq6$SN7|9oDkX-gohV7T7a24)E zR%V|0ITpEJNjr_5`a4%sJX5cYC}!5>x^^kY8Kj%;%l01@Iem^y$ z!(FlQOa&204%>cwJq8yttS>8aR6Zi>BpsW^6T%z=H`bHARq`lMoRNQDZrd%ZeHAIYRG$b{og(0J4&YOL#Wh{PnuKXXdwf zL8{n>n_?^@&sM-pwuJ3Ohr;;<$*{GRT>x>@tzUCQ4SF?y9uo(EtVn3>E zfyVQJ2c}5Z43|HyhtxNA2^iH|NX+b((QX#s+PYNv$q}(JSZx!z`1sX^DHh-OaYWwi zWYe^Sf!d$&&%T+-zY6_-XnxawG{5iv)%@xce>FeAq3!=_{=@A5xw|asKbl`D?%$eU zed52GUo`9An!orDQVjwAiH839O!3Hj5aq5tK)QP?U1P@rbYAbz{>sWj3`uh*$F}*I z?L>6L z4Y#DdSmeLq;Vy?#h+(zZ=}Et4%=a{L zKZL$WTZUp+WTr%PM`KP^7(zWFK{JSHMQMjkz1@g=lvr9^eU^}rh#;4PBTR~MeUrL}*>y>%NJLCu8GN8^1onw}K z*if+MYE1{`V}5Tx#>B0IjJ*+F1_W?e4!);&UKDWa&=*)Rp^gypIX})TnidzjzSQY< zuU*pVH($327Z2(nPSA%}3aZ=E;ZK4>?hN7kCqtt~&K0NN6yI8y)qgEL(v|65%l9Cc zgw`_=Xt=NiUFa#1^UCmvwa2p8jKt(lv=xS};q-nubbGJy&~Ix4`znjYF9Me^JZ1%J zwCcxNEf`ZIfZ1fx5IhGb<)9_D%L?WB7gM^-=1Y)h5u|~Z3To8H^=4;<;5hy11X(j? zutJIBoUj}#4zD)l2|?f;Nu31T;K0336Xg=owT=&^Dtp|hWH@R9zBPqaHO(9`C)BawhDZtasw*3#`oz$om#+Lg3r|=jk!>b7rkg) z`QGW==fHGFpn=d`Kb^`N4%`N-v z^S85Dp&6@N>#i$~tj7z90;{>?8c%0&f>DYAGgF=f*B-vc+Zu1Bv>>+TI2j5AgD+sE z4*ZjvJst_NyguMP6PP=-yu*HLGNI|#&Q*uf|8+J)J(DMdv!EQ7QTEc}y;HI+_zX;eINt^8;UsrJKZBQ!(QF2QQT{W4&oc~RFTG~E};454w} zh%FKt;njER#!XG8H+to6{^DIOtAK#$NcLE;0{vGm-Nb`ti37QCU6CYYmUJZz)ftnV zk94x9TY49yV}|3(e$KK@xEv=Bxz}cdk$djPkO|@ONt%^Nt-udIwnn+59(B+ewgGT# zI8w%@F3el5O1991=>;2|xH{~VebaFeS9tpNkU#2uH)Z2-*ZI2>4)(=9)!*mkY)ija z`0#>NIIBKy{U7z&no>Zu)bvjqLDE!@;7!7Y(^}J4E zb}4ou<7mW)jl{x-iXR`h_?dP!`)?Tox<0O@$G;2`ft2**4S&i^SN%VJcAU# z>z%{8bmkv{faiG1d%Np9OR@J#6GGpYA0|VZVCyswDmBs*o8k$mt|qQh;w`Td6T9H4q5g6Un8-W1ct zad{@Tqe5UEs>xv#T5EXYnMT^7{%!)%iW;y(>&Cd$&Sps&Z9MNdN9b7!Gpz{NHbXIi z^T%)bGx-pr%k{lh8YznJK3vn`D2`d9%A{ddcrFE(=h6NgT6g!=vsO%uBs*mV(!x{@ z*-&G|9n@O{mrf&8T>(8sKp?sM%eX9LO1xAaHsa3#_$Q#QXYL34FFlOvr#3Q-6w5V!~| zawn1pDB2yFOZP$Xcc&%gcBiem|AsoGR;Y!^F|9uBhw7t4058o$HxZA-m_t!g(@KDP z`Ot4d3EEJ3mQ!22S#Go2v9>KyqF!(W2T-IHvKr;4ola~krSC)!BWP@>ib z+xI2=yU_HGyGMewIUkx30EyIoQP?mmUjQfYgN4GezCv^x9gdxl1qcW63NIR_j3{iX z9T!BvHEtt3qXdM9tw1QbRL0naN}!=s{>(cA->mT*@Lf@VA(cWU8+i<4T=0z4N2=}MRbOnN=HrlQie(t;ehk?l~YX$<48F-@8WLu$Z?nU}1O!h*y@$d`HnOI8opYN4z&hL9OSlV__)`rYiE?EvwO@ zsqu`$Tz9w+PsHxVeGfLCFps?x=oQ51bzAr0J@Ab^D^HTJix3jz7%pxX-#mVn@u_66 zIamb+FyEPc^+-0}6`W4e**VxTqlTY^Qmo$fTLTRfAJjcP<=viri5(8bJ@a>~S`ZQ} zrOF=P39bGgON4rC%_8qlLB^D)>e27D^)4bY$n6K9`zL(kVrpPWcX>jA<@UNgA-cX2o~lc-ao>(4SvI^lg7w1&T=N2 ziawNy2+a18Txee8D$`%P_pXez`E=>KJSO3{gdXW6e1GW;Cxay2N03sc-eZmMBNnY& zKtMPuKaEqA2L<>~F99`sG;!Z)5zZKi*(}h>bwdP&6Hf=OS{7C}KX9_U!*<_j6YnzC zJ5V@!(9&sBaAJz(iKS-9w+%w1s3uADou1a^^yp!6UE*O79$o`_mIl~)0PWy*PA#)x zl?ds*yc3(3yRda5Vp%bpe4Rw6)6rgKIWi^W|3QA+zsUbTT!h&_F2d*kx(FlOzb-ikwYrTdo>}}kOMqGf7=0)Ghu$~Uv<-^va zD$tB2@f0f}u(yzT8xPO;StgeO!lU%T!3E@1F@I=HL8~SQ0U-|nlT2IY-~13H&g*W2 z+BMe^B9k6Tp4oIg0=VatBsBq&DOKlnf-!-`(zhYJ2J*ikDQAAPYp0-1HXg$rTS>7r z0+8Tkx{ zb|4kGoE|K_ydxEO($1mB>@;|BHxs8EY`g{7|aX8|n_MY-4-3}B)TIRHA!>y;vHBvQd&NH9Yj(Evk z8wZgAN8Cd4<$cZ>n!ALU&q(-CoXNfi-l}4Nztb8BZQNle_cciDgZ@N1TXL{S_)SdzZ(F7&yW-bZs zRBojq0Q^Xj{YSUR%~EcBlvVB#+K{VB^6n6cf&;S5Ca`4~CyvA#;<*9$a$M*_wUU8CzpuQ~;o&R7Z%cu;8N}pBu5<%$N-E*=&%+qiZ}mqk}NgR}l{O{6>_` z2^Ue3NxGBO!2L;q&Jk+1@8>K|p(ow=0}*6C_L(nT>Qqp4W{S>lR94`tN#d#bHHGH@ zGS>?|%p*hvtBQ}_%L9U$soS=SX1g09a%ro0l{{>!vzO_xCDELcdDji~4wr@M^zD(c zz_x-xqTYljje5b;t!&fdG|u^sL&>zPdGGdqR%aZXVL1CsIapUya21sP_ z{pIWAQfmcFah1CMUPl#tMvJpjd|p|lp?I5EM)hih#N8`K8zA+Xe~t+sf3KVpKxP}I z1c~8cHBFQ(Sfn=hSUN&bNjpDMMBsb6tks0~2Fiv6^9XIe4XFx$ZU~{{Odf%1I~*&} zVsQ9FcK9ZbQ+}d}e*zRuY)~Gw5n8dbZCJreN4!-TWs4E^N5@=%vcXj*I+!29ETEZHZ!XprkFRUuK4leR9NBUWjxI;kh!Nx!GW4T;nct; z9`Ufs2dbeFt$o6rEp9r8f7-R=FX^BtUHF4>yLMjbtF`uf=2mpAz?WV7>B(2f+Nn8! zTlfXd_dU;9jQj`Q_|(KC$7Do8*ZPols~rjNqAhw(s2p#$Na&C37dkH|)9p{)tPtyn z=Zn2LXpCpV%8N>5qxzK8wKR>~yct4oYVWptO1iBPe~p3jRKX&V&{|8o0kn*xG~JT3 z#wDh=Vjw_5?=zC^ngrZZBsx{E7=VaHv5iPND^l6OnU-ueim9ukRQm!z%(4XcT#tlg z(UKCks1T2E84NCO!lx~q8%=N-uI_U++a%|!xsTMk&sHB4ai~RRx_!uIJ+GCi8vs;} z5U0&dQhv6;z(eBUSQ5N>C-RiNyPoc6ehe4Rj)55}AGA%dKzb%u*yBw}a7$K?!N!U_xPy3N9kN<9VdJr`gh-#Zss9z9qT~nl^ekRAii{Bqu7_H zA*0~7EV`IMco*o=3`Zc;^@4at1rJzQJhsrvY=MU|!Y!)+_{2&s-ycFOR)LbE^20GhKs<8_E`9S3L^}IQ zP)Q-t(7T_WN!70BTW5llj*k5lxEs6~R zgZ(4?0LN7Ub3Rj+_7_O8Ze$6!WTt{(TYQN-NwjT@5^K4jj#fH3TH;2w1S<2OKn?hZC*R&>#veicPWu73MpEvK8An z2sQb5hxBalyUs8InG}B@aU~4sDCDCmXbw!@jNJAu_KVxwxA%?`ghG3w`$MQ!3DFP2 zNwd#6+JLv>>L%^6_iB`AaENBMXnk^-*@V4ftEe9ElgDHP1pit;iipAKiY|mVcLnS$ zsn;CI=f|is(q{=?=MfP71sx}ku6Y;=e@?D=9-$NJQ~9-d(*+S^4d_0G9kbZ{g<^ZW z6jzhQ+NO4B>qVbj6p_`p|M9#$<~X9MxAP+m)}S0%M! z$2^xgBm)#bilBZ!>Z}w&f>J(M*NJ)o?s_26?;vV-4yiFcXG)aeD15sz6~(Zvr8)4+ zD0?&({lDOTb6uf|#W+>_$jB`BmKZ#dPS0|`3#C8y&8eIwl~JYpWI_oV%Se@L^I(wc zxYye`xRRRbXB8&N&8fX&NB?e67qTmOt1OQE&whk9A;LJW=`T_}ae@r=Jq^YRm_+uulc zp#jT^Ojd{Mg6N_+RlNR>=70aI(Eo?#H~&ZTd;ed}Z)^Qm^UG?%|4Z{n{pS~dmi*8B zDD9v8DEi-;-`4uSn%^Pj-NV`L~taPBw*ko2V z^EcBLdv3;}p`E)_Fg?;)60kVmqUY}uqL+>V(xPFR5Bhf(h~tq&-EN87^TzBo1@6Z@Z=#*a+?sUM~LKx zE>-wq7y@DmO$-ahm%s$?Q>_=Y?;+`xsbqZ3GX!3eL`0g+Mh-6WnwQ(a=)-o>wS}^& zYM76@M+4~hm{&0Mq-8OZ@EO6ciDK0fFLH^Fx~rI2i9%sHG z2m>YM6eW}GS7CI3$1RF=Bvi)`z`v>PV#!xd)lmJrTdw8eOOIQZbgWp~vG`Zq)t$-< z>EHeFF99J3OmZLN7Xu89SRy~>m=BBYn`HPV96mFE?@7U}?)q9!M(^IcS;w|LtyCav z#*>92vPWV%nXr+h;EUP9L3Jy=zBhWBP5?ER$b=LzSy5}lFYIFVdUkzST{>qyg4rP= zvxi5Lk#(Lz4WX&x9<5PSH7vdhWMu|WfDOxWhI6d5G%4yQq?1@3xdWE`>1~q7nTH%I z{T&BNG(TqS81_wzbC*A`*rICYLcwmA0NDfPHD@gKlI5`>Q#wJ+Au9u}n!Iq8XIX@tCRyIjKtb~sY`#QUWSbB?P5M9*Nms~$yG z#7WVfdeVA!g;-D_0wUq+LQHHWdhngmSS;;e-+vt9M z0N*)-a>CVHq7d>S1)dY6ehqNiiwOFoMOe z33!81!P;@;r8Uhol7#M!k5^M7T1sp=a7qD8qW(0BgD5!XoS`qkY`Ac-Ti{IaL!9rFl&k!j=Q8n^0b%INv|&Y@eDKagL~qr zEV^}Zgq-Fs?cA#zEj|mx6D_g@alIAr=5U3Kztx=l2PDB81067}+-h8+#4%+k!Umw! z>fUZPnSI4;&mTi~xFUEKA@a>w8l^!S1*sv14{)#U;$LeDlMr$+(Ljei z6%Por>O*&?%%sSY^PL5LDWQIQ;%T!3Lpoku37_+olTpLc(x6wELj8<#dsnp4l8^yu z4%=`-9_&&}**z-qLl}tXn}rOa`5p(&mTM{_3@$ODYC$KNF1BeT$@?1gDyN(H<1LLN z2CpPg?*$`b2alkkuLZU#>&C%tP-N)%nSLXCa7UU%!>f6s+m*niSk(;y6Gtg~HN-Ks z^Lbb7yya}pse=ZO!SG^)1rrYc$LGN_)#*?od~Vy&sfMKcHqAmn$j*>_$8#OH%U^@P z>8V_l!^`42OT7;++LI+EmL-)jrw-kx_ns$7&E8ZDXxgFi3J9<2Q3Li}u9D*VI43~d zx%PqXib~+`x84Ai{~-SzD&+sVclG-p8{y*}U{%sDZchMQ;`rN;u zB0^<%Jj38uO1<|tymr88Ma{BG%{CaCKhz$SZBby6z%&6F@pgEO=8Br@t)oEJ-}iCQ zUQ>dPr)Y2=ID7^%OW!|(Af&3x-N$HZZ_g#zW>->U52EHR3^-C3wlh5L$;Y4y-+!XJ|9$%M|Z{U%-%{ z4D*OMA%U*8)m8-ML(v{R^Uyp)DR0>#!-ci8y+Irtj#fhsn|@2JJ+do zQTB?+Pz*P7URbp&Zu`fT$JJ^w31}NJ!6Ey8EoL+z;W>nCxW%c9(vgHyJ=)2j5?$me zu^ITNP!xFQe4V2Q^fquF_KsrzlO!++{z+J4@7XCHObp0rl^WHDt%IWUyc9L={koyF ztn~!rBUkx>PcEuds6a?1v5lxDadh-)TyUb=ezHpAKkF(?C`nVy+F&mp(bAd$kr&hm~jk8_Sl7kS;I?mjp1|~7O{na@l_ljPJI5uJl44cnb6mv(4u)e!D zX`lm&&KEXsODh}%gVRB;HTR=dr)cLuU^DRq$>Q*P~vmCH<9c zs;{s5(edi9lW8O&>DCf`REs_BS%JXG(fr#dVWBb^7mFfIGsEj{LM1VN5QW_=KBBZt z(_>mBaS8_tyv1tOI6Yk~S-hqh7pQ+FudBsscTEhjkz?6C&hZl59x?}|I}sFj?oe~j zw~P6u@x9m;4icKras4-7(B-W_vds*+fG)tk2>+-w=%w@OeR9Abia|$w%Ngm58#w$w0c{>Q++UopOf{752@;KW2)>=J{W6iz}Nd$sf3^Q}8xgDWhkl#WyBwr=MJ|Iv&G>~%9d*$ok z=Nrozqh5ry5K*7~K>YSyY@JClujFJvd4Q3WSmG0rveC}h*nf~82o3Uoxd@AYT!h#E zbrBw&|7i~7JO96np#Qt8^B)(%js8EmB>f*QiTpR0cy#`kOH63~%_T0EG>d4m#^d~7 zoZYXt3?Ch0m^Aod6&tb&k4^%xj|9vGQAA^dgG6O-2|?5$WSF#fSo1W#w&qpiKXscp zw2psH=LOAa^fM_V4^?X!SMl@u4*9U4M)WcTb|gu?&5@}>!s4A^v4By(+_1^-c-saD zB(I(!cNEiQUMqKj?p!`KT7&-$X-4wqAx%BT5;a`9%d-{h?l#Cx_(Ye^PVoO2OSE4p zxxPKfcr{v@5QSO+Z}j253Cvy+xWT9W!CjpLY@s}-G~{9uITLM z4$0hLJvLn@dxTvbB&VNc8l$Ys@CZ(Pho3Kj&)G0yH$udVC=1lqON$`;wC=t#q#}}> z`bsglL$<5CVsdJ%yFBtx9A&SK5dDZwDs}p}N>O%&-mFu@_Y#0+vk#6~PPb4l4%F1l z)M4V@{>IotQ3=lJzN50)OKoW{su)ii3$O9#_-Lv_A)4l$z_uyivN0&Y2^P=Xe;%3G#O6ojJoTTr~=#rJD7{aGpPUo^7cT>|V6VN*^wZt!Ra6 z$A7}@-l~IlfzUujaRx?cF;OzD!zh{TQJ@wGk-{)T2>@;6MdbAm#zO{Ics}nK9Gucb z)QveDg^V7j_35UhfN+BdgD zgS&EMD~sfz=u|~VDgixsQoR>_;CjU0VEIU3B~OMrlOXNxD3fuL9(p=ZXh%)i57aJ; zC?Z!$n_IDGR*>qs03PSddJA-qNOg#L68}k<5)$yWyd!eljgjshszO}fm%YQo1LEx? zp<&OqmxjPcHpG&)wIUE}dA@z7qlqA53s2E;3wrkXwJIUp0*KI+(zXbiNx%tY20xvuDV~61ZS>k6yd{C11S|+N5gH@kAKuS#f^MA?Rzdg>4}i+}V_ z87(`Ly?dI|zIwQDqh>@|WifR55M=MB2wio|D1SS6o5xyJuSv_o_leLqOtsrvF=eYt z4f%WK4&T!;2fJFBk$7YhZf-~4cJ;-mq~2HdofXD7M-ZU@<(7Um zlcyo*K1^cO;R*mX1@l&DHhTIQ#IxX_L<^_oZk_K%eqm7e;jJ zSNw~<-rZL6Y!69N$PHRW&%KaFYJ5pvyBtO!@#mZQ7*#m-biOAG&u3H6A#OwUQ(T1k>K}^>`S}}M2%9iX}&ifYoUN%kTvqm#F zGJ4ITKX&Yii0N54{J6jB%9K~POR#ogRj9FoqP|sQno0ztRIMQvSZazg)s23<<=I1oY1XM2Z*e z>p@z`+aUG=2?QWSqD{>B5Aut1{TuoHjQ@-Lx<&sV`5XSa2paT)1Zdu!GLp3AZdnl; zIU8fPxYwS@gE}=%bEi`E-~FJKBSGXjU#}cCjGy!AW2Uz&`;(H2D+^=w)&x*(Ew=03 zq3OD{4XHMEbHPefAKUvGwC=YFN8>XG(HfG9Nu?GK%Qoyf_oQd+=cI2|k)J_I&`Dcl zp4O$wEi)S$dVVlC1#H&veks~F4dUYRlV}H|)8YdooZnd!0 zjJ_+88 z44rL(vD2F_I-Ar=1D&$tfh1MsNgNICps{f9p-UiE!1@XR4NkD^_cX_(r!C)8KHwBX zT~Ph@-LCPOO47&O+g+XPx@7FIq7syN)iUUwX)LQznteT+0lYgX5xPUx;xU{`OZ)6oH9WpYOYbt!R#+W*0a3O%FqA<&z z*Nx?`C+^*xgjPPKNu&x9MB#*U5lIJP`aa2cE6_3kcNjW2)L7{v=jo=MMXkPs;2q{z zP&2lyw}lY>)Znr}P=MAy7!ioyo#I1_IxJAL0#g&$-;wpxk6LhAV`&InAWAy3ax@}5 z21B5*c2Tpi{zSOBM03Sv_uWrDjGq@gBU;m{#buPR;vjB2-=^wjkfNwnB^o1S3OQyF zV}!_Yd1?b=kRJ?Mk%9p}#*8D*y@7bVFmyz5nOPGPrUq%pHQUe9@(dY&q$9|%1qIJkHhmS^reuL@uy79Jwa{LW%$&Tcs?JP2DN4?S^fA}lpUy4i~7;Wk{~arpMMk`3JMdxc^_z_wfdf(e8B z*EomHK)bXmo=6VHo6s&X!;Epz^`fnEl9f901a-(9H?0&i4X044yG;*Il6dZS$$+T? zqexP|*R)$w`-AhjtMN+gw!S z4e1oP5K1A#%T13hRMqPsl?vuPD03^6nm-EoJ2d5hMsh&un*qn445#^GIAfXHYVzw7 zD{ZjV!wi}g1p;df_(t@EV4VtB6H>(b0o}2Z>f_0R&@Mj?6&j$RjPnsMcJs<|21N5h z%G$ciFD`Fb^>fNqY+)rsLI12ge^O6|MQ`0nx9d|8NQub%lsVL2N`S+jS<}m7odtWq zAymJ1x~tGKxo|>?dW47qs7+E5BuTzc0)L5 z1=6k_7iflk)w4LE6>Wob!?TADgQt77zy()BnFUSW?UXtT2PSLbqDqJ7WgGPQ!cg!|f%eG%h2?LS4Q*2@*1Y2~bxT_`;qC@^j0$xk* z^ZBnjV`TBaDR2#?(U(f(!;NIGHc4GPh)D8|ULpjzlEhjFw2H93ozIrjw{vQ!9=uI}R+lZG|Nn8WBg( z+GYbN&xd(jlD*c+v&b^$LxunW7z@!0KH$}eCxAM`;$NRkMMrg82(6V#VqlibDl^I@ z8Tt;2rwF-LIdP$t@+Ev-${z8%2^dJ^DT0?|&D*Xwr5r)#S^_)M-w%64y;I@s#BpD8 zQhPZNhL#u@^tU^)0cGF!rWwruo$mwG-}3*DuXl_Qt=Zak+wRr2ZQHhO+gxqiwr$(? zYTLGLob^1(dy@U_WdEqYmCR(O>dIAP+~ZtzxguJW8&rENhHyCRaAU>{Ag56dEprr# z^peO#qs3dD1A+tG^u(LE{Y+;$7IrG`w7VLQO?h;?(q;auM?DR&?$wMvyJJ}AVo}F9 z-Dyh~1I4;D&nIFSu`(pAXPw5K^2_?SCHZmI%x*}1I1DczM`Rc9Jeq<`0M1vgucziu zYE)vca~$a_L9S71WcKyT28m~Vs~8H626E;yuKq&9n{c|0j0=n2(K`fy+gW*M$^M?G z0z-$yb3N$XC=-AW`r!7c6$Okt0Y#@ zr@oD?%)pZk7f59$zj-n>41r)YTgr&U<8uvVVcv8mg5=D=<*?* zOOqeSA-P?8VP3Fg1yqp2XlVc*o&ZX)mLPW2%Rnat(Ud0@IMJ3ZzBf(fq=Vn{k-(&x z&8n_dvcZJ08_*s(FF~CCD~c00Zx~r;&Cl-OMq-O7MXnhp($VHpF znar#86I?D&q#*$=5hZpale*BkHUpPOK`OKx+XU#P)4J?us+G_^1G=6g{*O#(ooMUK znq!ziGVhQvJHN~;o!gy;9w(sexzQ>lyzYpCwc2Zd|GWo4m_bCQUMl&cx(^=Z^|NwsU`(xZJdgpN?g5KPYeM>cl5;cA{xL* zRfAsC%Y2wT#dN%q17LhfsX6Fd8ydFSqf8lkC!#jftRxc~XDS^JF=r13x1;WjGV;9B z>ItfUcGxJTUdBN!qQ0u|2kBBHm{KTqJs@KAvL)3wwQdj8)A*?z`AN}+j@X+yK%$}7 z=+KJn(wU(>tPCA1j4;xRcOO^p_b{Sl9^Z@?^Y4Sjj8unner2{4Q_07)8RMT02N1+Q z7VIl+&Ii2+Dg+DKQ~)ii)dwvy+;QG{s~hUvic)aXcgG`ofBml;X!|M40bAnvPYN3! z$JQy8OA^HRIv7EUX)Fs%^vlB$8ZOIt$W+45Xk<`wcMmi|fC^sc(BIR0uEUa&I&Y8d z4wx5=j84FmwkM{%Jm~V3r&qF0HNsUE3&@*|=rIDR#=%M1Ty_6gL@%vjzUdxy%&>qmbQribhWT zpZ;V7klm{J#O~mZ9HhH)Ui!0hdnH(G zZAvDTSSR7?0}!re@>*T3B=cuxdU6Y!Om_5}lfQNY>ZB9B0roEu(G50q&jQ0C}NIsy62)EY}4=o8O#}a2efL1Li?gg2Nh4MTsD1w13%t-*R`dn4mT`#)xd6 zsWlv~gm<~fY@m&Wzki!`+ehmi&g>2{thCt9LPULk(>EX-vbhM7TmiMylEY5wLYno~ zt}e52ZmM8{x9SVIMwAGDqmY8^bQj;48p<6|l7q&ErkW+z=(p-gmvmFfN7PVNra1w5 zm)Bvw zhs%y>yKL~7U9$O;^4T#V#w07sA9!GQ`Q(0#F?AvcU~wSs%PyP|hl%$J{cJpowfUng zTRJ>32p?TZfMW~r&{>)xGw53RB6wd7}u45R6bjOzKy7$wxyZJ+@V`lV9pk%;qsNCkH*3gb@ecaTi zXvyHc#r8@4y%4@3#O;NjXNO%TNn1{V zZ9Y+&jWNVUSzUUNQZP|#l!u?H1)yDI-KN7AFmgLRiq1R}sB;rdS~pR=FQ~PndUu4G zXz6^QGgGHFea|1rNo*y~*B$?yec9}22iWpDlV3tCMes=c93+eUXkNt6_?;LB$cQN> z&m9=M6gEZ~ZpRaP%G%X#o>6J6p)ekKbA^;dq#A|kRzP|!f1&R-LooIT`cE>q449ay z^FA};n1a`KrH|`G<8$%n$_-gCe#+WXqxYMbC{HWD5ii*L!lMH!4)_qcyPz(#X1>Q# ziD7cS%|Lv$!}Ep-o7%uSz*vazC<491HW?!5ivhzD79(Brnf;zuUkMZ(N|NAzp{~f43c558)~3a*GpZxG|B=i4ExLEG@A^( z6L!#jX;&2$^hjeminh^-~k)R%^T(c-he#4AaQHHzW?YcuJ)ya-)TDx31Iq}P`=87`~YzJUE;Te3KvVI$zbIWuj zF)#VkW>eh8UT4N!5zjcR4qeuJ;81tw5s5lruohX+VlkPp2IV0-cUz$j0nN9Y`86## z*r#^2LEssOGX`H8)0EYH)N$|qC54`UOqYB#`W_Jy%`QuoB);MNaRAjo!=qh0UI?Kb zh4;A9-0();NJ4nz)Lf6tn~exR4oLq`o793Lh0!2CLHD;&X*V7!hd2u5)!-h$v#M*0 z&a`;WLNvYDv@h1?gypiX?>{C*^{+|!AGJM}|5|yE|F-gR+W*w{uz&skR-W#!l`s2e zM+hN^|207?=N~sCz5SnVCQkeR+>F!of4Uj}9Ac)LmF1r=C2uEF%*K_%$$KPNB-*M{ zOFgdB?FOdmH=5^5BI0n<`*&b4s;f*jm{kXypMd2F`fK3inRq45>i}F`!FAv=q&~N8 zL<2i&D+NuaV-gB!KuCaXZVT9}88aMNE+3D>XU*5O!DKZiOKvL_H7glGpLf*snV;dH zu;o6SgZRSV)@tm|d|vwk9= z2d3eyBd3Y}s1+c*`-K(xT1UWYhyC)g#nh0BYw54*Yw-Id5;i5FkbT1mA99i0L879z z(eP)9HeNDlEmIv$v&D%Kn!8@veGQGq;n+{e^6mF4K2V(XE3pI~q`4s6I2F;llCof_ zcVsLQymCS;PxLpg@&~Lv(G9+hj;{4< zk>S4Kt-S#~dD0+4lCA0}LuV$D`0w`vb})zOw^>Nn*wW-2zZ;84BPcdLS)u0)yY_@y zb4okCkg400MNCd65CLlj^iPG(X{BzCVB}v;@R9uCQ06<*FOoP#0V9T(WX$ZGT8cC~xo-v6Xj+fb| z)YR;o5-s#EG(Jek+T+R_u~e`@EOJ6q#Ps5<#=Rwqq5w#Wkbm#NL!}|*50*XIaGn*7 zropB8Lyw$n%-lU}ow8i+@LV&+PjN5R_CiJj!Q*50?Br~VqWMFE+;2sw^)XBT3>x>X zBcwA-AMc>8UX!FF{GPya3cJX$bn70&OV>}R?q~o5)X3d?_*xvKI7bLLGeFAPh4 z+DKB_6@HlE{0n@D1FLKRn*|A6yivS&_<9MQc+gjqbDTh3_daP>cpP4futuNOnuTC6*S2F8#O@AFV{MiBi*foencaQTbDO<_lP5~ho>_VKzK6?GQ%L8Gro9t z9q2;Ri>kzhpcFE#wwQF0NpN~Sg3gMc_;8G!4?a`&M<$&i>GeQ*b=&WHPQHYS=haJD z>C9n%w~{iK4vZ6^gbQ&CkmW;HQNF^ zBijI6*@UBH(RSFC%`$bi->%U-X@xO6ZGNO_=ss^8hF?({0N$;5pA_t>fscw25oPQ} zmzIc_0V~_40)55aUML>jM=>?A?#<~ER66Dck~1X?7Em_j%#uhMJho{eumF;~;mc>P zsP0^yyb5(e25WHb1n5)-4y4<5KY+e9W`bNWMKo$j3^>AN>ul}h;K$$xL0)=v%#u|E zhrgH*-$VYhv`Yh>9bCkQj2E~}U!$|Osnj}9D7%T;6#n3(oJ7qIyxwOU+@!KwaPenF zD?-W?IM+PsMD_w-d2&^| zD}zk818@~Tkw@XUx9p9a_LSM0jSmGcusU zi&kE*s5gC^37^@x{?5wINg=egE0`*$$-Gp*&`9$&0W2U0$Sy(@-vtg z0TMGbHcBCDiAd@o%G+zx`n0?H&xat}mS{(;4M(vedGt;zpL6w9rzeg}TUtt?WVKd(#&C=3sj5DvQMp4_>J2Is8HufL4(Jfy`I(h8c{yaf@`1dzIaqUWXIhbGF*A z%B**N{Wq>JY)dZT=gZt01`GRT4x#agPD$9Yj6OniCp_@RM*CK-E+Q3So>EBTXKA^U+6x-ZsY{Cs^A50yuMeM3NYHQ1mH4c zaJMzp=mG~)HuXR}iVW(Vbe5KPk>?ftRqX))HU7uW|^+?`=imVcL4_GhF>rs z@|svXqC3o^zM=bL)1de|2)&yKE*u3chud*$P%$9Bv_~QaV0_j75;#SgB+Z#beDLG( zFZ|ojo)lNycif!&WQVYwx+)$%MTL)J?1ImPVrhBSJoguHM~&%oT{y}_}*{1AshNyc2iO_&q1EU?FSVD5;Nmet& z`-$@i;fbh6<*F&MUmS*{@udx|p=a@V0W`jkzhi2DxlN2MM$)%87t2Xs1G0d2^SK?J zso|h#O6CuBlp6)c!ZS2Odr->$KCUzW0>k*O-(Wg||Fj>)VMtZG zkJ_fDh~E)rGMlRG%~qqCCz|*b{zeCAv;!ug6v>O=lY4E-#!9#nGNvfcvUH697PMN* z(b8}G_04jv6ufZlgW)G;=-LPXH*oFUbUcr6Rzt_hInJ$5eRI5h99re*)xbkaK6`&- z(sP@+&I7_w)tHH3XKUcP4Pv(+T8|vBE;q40E6(lX=*xcn_JCbvk~^f{V*Rwi=r|v4 z4LhGf6n;+o)5-hwLDljDH_hUHZZf{^vs;LEEKUPbc?sJ2-HTg6DrUTSA>!F~^RPsz z$Y2O`z|d*cA|v#u6>9BEPW*RdCy^Y2mhR48zUY(GPN5BN+QP4)(OUD$dce~jt=wbW z51ox+cPCgS9|1bL{J@{Lw*@423!jZPrY68U*t`*>jaP9M#?1(rS(B;w{C_fjTeVN>1mC zwCoS%UtU>o0$2rgWq-)L==kE1hF!PDbZexsX5?(1GGzFZMY{6v(FO@aFp4Sc+PPziy<9*%2-$0;`b zUHfqMO|I5Rg8}qc@LkJA&1rR>B!d*?F|?I=3IS9)GDXjxqlSjl1O8c7D+d^XFjiV$X{UkB41o7y#c;sd&n`{D8C-QEg|5 zQ%&@{bP-_d8eTy+YnUp)xC-gwCZMvdoIL3FuQ6j^oiBuVt07IyCyG7Ezv7b?`E$=~ zp!bEYrAjX1oX98qLlFr_N)Lys5TQ-gEFnzkuOb8+Mf3usE5;`>DdkbaHlknMfUuIw z&8OYN*{;wOr6pp9>ldZ~ZvD3Ng>+fg7jC#lw?<>otq9y(0V}Go> z{$)L|Z+JqGoS31Bzq2f5NZ5oxoQN}}jtr_yA3z$PH%G8cP!4&&S~fI%FphM(6dB!I zH^xu+nY)7N8ql9VNEh>nY{u-_sohow<|9OrHINUYzQuG=z_XiCcseeJWTn%ih=jF2 z2AqF0dBt`$ET~V#6ivS*>a%y7mp!ZIN-qIs<6HI>Ju@1R15ijTl-dqA7t4|us>LZd z<5~h2oa_)`Aaua^F^r&Je=xUFgmn4))4zSo(|aoKdW6bWYNr2IG*$KZTPEPPfz%JF z&AwBvm(bz@$am#=(ED52Esp={Hg$C`=GEW;B_{wp}`V{eWZK>uUxemDFY!-lT#%RIKOb>h%E!bSOh? zlOgpkW&2F__m>79A=fhTqm`d%TUF}P*PRM;A0%}Udr1J%ReL3 z6bTy-B(-F4FD0}UXu5&whc~J189BBK=IBUcXLcL0oum|OtSmYpWLA7UQ1PKfEL1@! zLC2~{L#izOhEu!EPpL=6P>ooH-HF))(OVjhATwS7U2FIWg_#y8jbUaOc#2Zyprqq2 ztoz)U-(Q>@SnA-5^$a-}^Ch@MG(j^BugUo3RZiSpo+oasBHnn40+Z_E-r*3n_C7H| zrZON+glr{lY10N*PDz!Q*Mu`|%8XLDEKCCvPF|%R1rWQrnvmRwtP|HLP2)1TuT}lj zNU}a@t7;5{>h6mi`I|k7e_j#gaKgj+!TkF>9Yh-qkp!6((u7Ca1L_?-BSl)mMMpKK zWx1v7wMX&kpsc{MI`8f(>>AL;1j0xptkDYE^dwa3l&7=pod|iuUXW+j&s2tq@gESa;Km}hXM9C|g6Ua8%7#8h z$m?)Y0nqu-Z}SLUPNAcS0B%OV-c-$YA87u5LQCP`H~aXI&Q(PqmbC|v7?7|oz=O;3 zS|A^k-VqPOElx!+pDd*iJ6H%Qfn-N9G4X7!xz0_4MgG3aIsKoA!$FMFn7#cRiklVg z9q9Gjy~Una)Y!TlVH2=lv#UVd+izh$&aM&_Fgk}BzgowrnOT&y{Rpo; z1K>tyaxOB^<|V4H6h`55I)qF2SoSAp(-0L%mp?Bv5}(AcC+v?qgcirF{*8g!0`ry5;L8stfysq*I9 zid9j3%8{eMnzquRN&x;{zZ2YQ(i&P-n)@7xvyf4J>sHx0qVtQ_?03rUM1K&hP9H&7 z9CX`i+1Suhz3`D?!C&f74(+Qx|NiGL+56wNC;wmDv+4ekSiwJc?vrGgsCga6Oj{lPwo$ z*_U)0cQzJYI)FP0+^k)zo-nu{jGga-Nf7X!yc`V<6JvH(mk6$Fj6U{i69@Y!KN`+1 z(N&!_yqdsgFrmryP~xloi#9Z`6i@WYn0Y#o>QyU?KSlV# z4&BC7(bDBj(b)^#!9aL^KSY-`U<4(?wl*KJIv8h~lFUj5hb11k0H1cs7lDuV__GI%vMtc9q%NrymZaUFYOTDn>DTim z4>1#Gu!G~wYi%iTbCRls2(qY(7qS~wwiT5h5haktkt{Z0Is2XQ9n z$TE;H9`pB9K{Y1nt4!eFKSJ4KUptcdk1LBroAYi^nXl^!GG1DN4e^S4Mg#=9U9)Ws zC!17%Al|YlPqc)?UgeZ0Ewp}J4vp>=Fo(_ByX#wnk6`_}wh;s#4-_;|mqOR%o3y(^_|8mW>&uXQ?z=L!@kHtLaM96`Xkizav(lNB( zoP>Rso1CE#k;cky_0#h0=hKaLGIW#vMvDjQYa4PKFPY{DLz@=BLbeLVVybPTOSQcG zN}QEeiVw|*g%_emBypDKs3j>2gpm}5rRiuRF(6|Znmq24v{YqI@1~}Uj_}~x?=V|3 zgUF33EbZ1DoLVXP6mVb8TO&1R1pE4Qo)kji_?bSp+liUI!Y}|N2N`BwJs~_xgBjB0 z&I{v1>irytN@V%_cmV&L%0>H&(@d)tl#3WG=AJzE<62+kz|-mbX__z8>rXuz4Wb0K zgq_RB{Uspv5~ixZnHN{gEByC$0e{(hkbB}fj-d??6b0ma#g&jcm8G7D zB0AX#AKGb`zX5~)-ihexUJu-iXjcq~WWE~TGX{C2jMQ{R$%)C0DqaQq;&N)>^y!oH*J&&~H<{#Epyyv!AD{-685wAgXArJ-Yi0A8oA&*`VXSy%svK9Hepv z6d9dHCgWv7D&8b9iIkPNm(>b*WAHgDPpvC%cP!T0E%>!-hj>tdXfxY$=DaEs2<-(0 zbMH=}VL#Qh>?=ot&y42Y<9eo8fyhdrB@K;Gn|6A*ZtG*C>4T)C?Wi$H@Kl;^W4@%* z98Jn}>OshbI-FKj_%nQ|kM+Q=C^#hHt!;5K-P7+)v&Gu*7KjIkC4r7d`A>lTpYU>p zi*?X(DV5oA@`|I7=c9rZX4RKH^(A&Qz^!s`JKj#fSS!Xo9rCqf5f^x51@T+E$KM@o z#)1hmJFv=7UO&^81m?aIu4^IQ4};eA4^FXgfQKNzPD5SbWb*jA0WpgCq@#au4T5W~ zA2iM3y1WB5=0-_^5JIxRSxhZjb^@}|#mo3h#x?^%C)n4Ak@A(ua)hUlYU=@-_}5lv z67f)5fzKMs*_AcD1hx1(-`0)-j=7M#0IE^q1F`%}UL_xvhd<@XcW25& z&Y-E61M5No`?LCYigl4ZpYodq%E1JuQSn>>8%rb-dvVgovJ-}K=R^hGmPn1AWExHM zE&2lv!s7rqIbvlu1dKBvzF1GGax`M1ZvYmBEC=q9bnrMkPi=I}!?v2E>^?Zvi)^C_ zi;;C$Ps7a`N10qpa$8&K<4sykA0Y}3ItguW-MZ2N;!S+~qK1S}pvn|uTJvsc1|sf_ zq`OZd?TUc5s4g~#Aa!J_tsDxFcGo)AMUme-4Ql!lcv(4}K!lZZ zhO)VBgTcuZ9Ni@U{e|e^MkU#U&$gRUZ3v}x)9PQ(c*Lcd0IO&-h|JRiRnZpymipyZ zwD7otLssvhNj*x9KpUP9)BrrixNW0d+vh@aw@HqB5$RPuD!aNsG0A`b@^VI4}}fm z(A@MPwtHS<0^kEOWbGVWOFW>3b#IWD;m)0>ReztN>Ej4XmUb_V(^67=;bbMi`;`$n zg8pWktUEM`5fN3(bB|XtEda|Xq5V_aE%QYa2Gb*?6gFC8k>~=kyL(Q3@*Id8Yq4a1 zA(yAX-VlGIJi!Vo4cQ43>wp#Ky_NIwdFT4m3MvLEaL!>XS>2&i;rU0g4d_HbpIcd{ zkc%}K$X^g?eT_ptONOmSZIVgE34u|D*Yz^K3iP)|?Z_yh4bx0iQU!fg4u?RI{%u{k z6quiu4L#bCF6!ImsJoBV>a2Jq+Yu|UB_)df*$MyUUsX}_(h@9;#QGnoLOGB zG4mIfo(i^0u8U-7oz12zs;cB93z&S)NR+bO-iCHH(56-GRH`_eeUC?MA&`y$4!Yip4_^{6O~q$ z{_0s;1z?TRpD>)apw^Q#RPeL6LP&_Pl{6J^&Whmr+pRE|))A zX;w|L9EHKFs7^VSB16uM9_d`f zNIIoy3ve|fNB*5_u5AFkv6e38d95k@u?6a5lr4;3(%lEZ9|sJaT1%Y`SFXyaumq@@ zL`T%Yl)Vp|u5qOkAZDH#KA%-jbFJpuKpYXr&gV_iY$xNBT%PmMsPAGhoIjtFCb_tl zHu7nCtxO|`EYO-#1zMjgMLG_ez=en@hR$}kq@9;EDkf*D%sykPPnt~{$)lCj253Nr zDkH2-C&19%Q47~?QE^?H)`YSGXp-~dMd#H#JwftxxOTuSIW>5TI}t*lOV@OMG%m_P zwwbB(xI`|xZew25rrTAFh!7$o?AqL9j(Z?mBvd9%F<}1?`s4q$J=Xu)9=HFtJyk{j z*dFYP|F%7D!Vm!ar~v=2|JU}QE+!WK!~6o_|H=GSMgPbA%isUW{2Ck2LF*!aaDkEv zC?+?cTIhKNm>T2xr}aVCMgq3AE{f55W3%sP)G**=ME+DK=qzjIErS}=Ft4qa2UZNt zJT+a7v;ZDNyq6F3BNTVNuC9N38Oib=CrzJKM?3mAW_c*YAvUKr8HPan56My)4jnI& z`onZ=TOn@eQzRfziR2u`0ySAVOWQqQu#a^L0(Dt zoScrd`IQ*BevOkralec!_)uPh)#zZ&0ggsQ!DZTF(hT7xE2-ehe(FxMi?wNOe;1nU zAsvxoqhl9~7AEH4;=6cwbc8?7ECA&`hI#KshX*vIPc&m(FT!&ylpn}i6RL{bINZ=D z4|21S{G-%(BB=`}9C(B1Hbx54RS1mjpcl z8TWLPt1#LjO4FdKc5M`$A}I9y<;NRIYA@6@WxL+Flrjhb;7b2v$3~cA;AyXe1T<%a z_0IVE5~5D|XLbg**7%Q){6U|wuJ@xL;`Y{tZa5zT^H=#M6gEf&&vB=l@yA%?ULFy zAUJWnW*z))7tFJPY{GazW1|3^>vBrEez{zy$BKpZKJ|d%}@+;0XqS z%W}fBv1G!CQw;i0{T7Ub!C^q}IYs}x#bSoNB#h*~DV`pOs6}+i*I}b>NYM9qFc#8j zbmP%zM?6Y3s@MlMFA7C>d4npc!Iwu^0IDBSay?eAfjG@0Fqn-+l6R_5cDKs2swQm& z$9Z!cM!#v*117645?oQEV1jOU;OWU_e6GxIl6Ef3FwU7qZ8t1*q$gQ%r6r}C-h;=F z5bMtLBGY>6z5#_&*cfs=tu!DGDnk z^qkojh(eg`U4^I6C>3`c6WvXJQx9VVuz~sLfDR0D3+ulJT4`uaEKBdcR%*4DtHff& zj>3SkNxDMWJ;sg<$aWr;e8!OI^2s6Tkp#ZV(^l11*skIXt zq(M}_1;M&eGjMPf=CDj&e!_q^7vVtk1EH}f+EkO@v`IZmi7iugUlMMXdzP=DrGJ2( zY*-4AP7aboabxByCx?vKW3QO6dwAu~3)>;P!dS^P%*>OAlp{VVjN=oBxS5dp@|6Jo zjAR$XQvOaSj}lIg5}S`*NhL+a-Q|wj_aB?IN{xUf0}G1=>XlbF8T7+|F0ZAb#}R#U zo0gALMJxi?nC4uf$~csi3~RKYU1XPf^mn$zlQ4HUr2qsnXDYL^Fv=2lTOrgIF1Ko6 z6*YO%vE^?G9}Wec$)~M>m(+g6Ihy1_9R5mus(KX-f@ zwDdx*ruzOjun(tjhS#lv634M*OstS1MzgL}0Y+vq$mPlwb2K1}ubRm{5;_I+F(U?( zHQ*ir0#E)?5-YmydGozEKeNzN52DtDnn}ZvQw)2Z_7HlUxQ7w-W55+x zE!QiTyuxEbIE1U*ZVVRMooG0Z9Mq7k%zwv&RMO zJwxv2_zSpZ*cV`h3Vy%M z1}eYqOzllZ`{L76T!{kd6&%vj^P4)V=OT@XrzJ~@n(BN5*Blf=J>*h*+Cnr_Gyx-z zJ35r!F5aGx{{|C_Ju zhIenK94c;0mQUlc)yNlz7R$LJHoqW_9aza4B?< zDm&&o1AcwXw#qOvTs++=@vLk3Zh=J-Y3{ZD)_f?D&z|w+k`CcGRmL{$-VG-Ea?W(l z>3}e9^jpONoG5Av3}IV042%jl-_@x56LPIpR$0lEBs5u6W;qqYSU?0v1V>As%|I<| z?`&>zU^QJo8KM^4A>39KUS{UyC6X9=#^pr5y_e$yv71$~<(JaW&sW(adik5Emv>FK zBtVPQ1dKS6o6EA^Lf%@82Psu;MS5Kl=}Jg6vp^wwDOk;8Rc zMlIMwlcIRp!T03qr#Ns2p5>4@*;fqsf#&n~`qHey%>wITo^3mBZ6a!7Y&O{$ zJ2cXjgHF=AR*;0axC_VMuMO)Nrt!K)%#Nr;*sx*SXHEnTzuxg;?DZ4hH;sX2KeYZ@ zx^Aq4lilJpLo14630=9CHI8zjFIC$4IXhQ%@yS{wv>&vp=BJ+KO4^By7Ph5dKYZelOa)?~i1&|`5!o1k z+fiKV4pqdp0oY*P7qsU%e@xc8f!$R**zjX%44wLNh*Vu%ciTaQlLWiPOApI?p}QAe z^e2SzN76Pyr4zkE!L&Sai{j->-AFRw-uenBO&VLSYa%3Ew+O|0lgLA7haLElEn`ui zO723SEaLs$q0YN^uGji@Sc1^lEY3JYmO92{Ki-l105o&Xf$R`>!+ncp*o@ROZ$bo7 z+<2&jpmcc7)~fSd!;nSHGTDcICGsn6=q)g4cb zpa(ZWvL}BHQFBo4YIMijsLL03utZ4@$EK+FF?{b~tw3@V@dIMkF>xgRoJV^%f@+ zXI2i_o_xe6BraS%@#(ETnK z9(9+mmrlcevkc$g4L-+BC8@Rdj!mZsu_l5@YE01d)f(v2pLx!?DL5yJpg$0j;qjpA z$tlA{`a4D*J?vzU1g~N&Y;*w|@!6_4fn_&~-JjIN;8+O|!HIGUJIzT5bt-Ab%(>YY zr}Hur4=lf%uR{=v+*^a=N33aLZWffES(Dy^B^N(d`zW%3rl%`>x6iXNUZnWGsf3=T z>J!5gqo2b(xcf@RzKbWl!TVmv1(Yh?ZW}QzJ4Cs-A~4UofXj38GuBZq#zWsUYPcYwZd0(ft@LxyqBe< z5RS$WMIY74CZ*YMCr7Cw3kyWw7OxWA-2Yn?3XrjFqZmu`g`Pmy>6ok3R4V1iD7t`@ zJM~Zc-Av!;5^rVs}z)iyV?Iw?qHL(BH?re>!Fn16AElkcbEhpwBd_!4h- zX9P<#4P0LX>_QXaF1gqC$QdTHqs)W(Vs~S~iw{-yrS>&7zS@HWkajviip#2e9X5=H zIjauR=;Ox&ihNqr6a*zWEyop!O$QHEQi$<~c zoyG5}@5zvohp>i>k&bn>k>j~&sv&$s7~MXsm{x6I31D(MLDylTF%pB1QW=j&y0H>j zN>$>6wGHpSu0Mg`aqXC4#2CO(smLvk2?rzy16#m}{7%9McVzG6At4y68U3L{0X6+E z3+cx;XB=clKArxS-sw}aX;Up{oSpJbzplqtm2^vXrM_+9+PbX-h|9(p-ZgCkeSI`<^O^#wVbUOzc^c zlZ$utES*PAUL+*0Y%}5Rhs>yO)pduX?9aekeemMb@j`QG`)G(Bv7|k4uFZL4FkD1J zV|`equCi1&QPb1I5??|72=7-n4lPQNjATCF=<`ue4^HIoDTvpz#N6oc9~%2LJ$ zm7>&a>q?-s#Vu^pUQ+H<<@6rg2;Xy$G9Xg}rl7W{s6<>V5i8qm-sm3R3pe&R2j!j3 zj4!|A3F63>y_xN@J%5t}l7Y1ExV;vX%4*b!IS;VyEH*JdaM-~o~1L5Q`j9%PXvH&|d6henCR;6JFkRmC*^|rM! z_fF)p2+!oY^pHpyQp2*lrHr;b6ijvpCK^9&$>V+#?bevEMW3y7 zZB1kh;LIat8fWrZQf5^z$p@wFZTP#mNStW{ye{D_l0)<#gV$QSG-6_y60u4(CpQ&x zZD8!muPEYCEl3H0LSf$KTTWhS)l7VOHXR-UUY9JNV7E7OKTDCA@(k46Pkx&zVbZg7 zAvP_2Vz2?4lgoC7iXYsIY6IwUoi?^-6r1UZc3Z65i^c~_79M~yZgNP!?_$8!JR(CaR6ejscnpEV_pSohOgi3POVY z4XJ}p(+H$h-#{9K0TkvI&ef{;w-<(2E85|C_abr0hpF#_tu?_70m*$lY3I>+I~a~k z9&aG!yH&-t@W6GQNMM3)lXL|>q`***DmCrth&gJbfFUDWg~=72+Cvz{11NA57ApknYm@p%nrA?hwEA^7!ff6Z zQ85mQ@=6?B)Rum2G|y`HNFfg6eX4Vh!SR@P>`?0r=+!dF9#%7GwiHF}71*|1RX+p_ zS45+T%bSW|#a16Opp{EgxZVU;oZ2Oo=gbhrC;Rw%b-zjl zh%6dCZ4Dt~gOlY@rFC*zRK{8L}yse$xmKL^?_xx~a&r^1(9tINI zC|Y>E=MudzhbryjP5?rHsZ3$KO8~JGNH-Xz9y`8Ca=l6| zA7`u8Sl}bzVmvy0HVV&*ARE z|2#G}pX|D8H3wW9piKgNTRTb&_efyb<$h;GNs@bt`-{))_^SDlt<6UsTAs%$T?+~; zGERBkhIK|z58RJphNt%5yqVR%#`}L%OxpbG&|UxAp$`iGaF`A>&VA_qal7yI;fdE#fN%KzczRr!2PG@&xGz@Nv}v^4wzYID8Y zFeNIr2CU0mS+e#1CV`|XqfT_B5%4$arU;R9cFH-ox^@LDIt1eos?Ub04Kw|H095;I!D%fBG04ZLdtC zLTc%QM!DFaz4ACln|E8F_>sfl^_>0`VV&oVZ-%KmS2>=R(;6O0X#@)wA+u%HH2#rPCqFrmHs5B!fRUxV%mh*dSD z1ll#T+29bt#J3q4{{3%w-L@T9^SVaA6x)*X%cO{6Sw-Q9^)bwdSwhjNn%|8z2qOoK ze9UadE&VyvFjP)WL?RCuabq3%P`EYp5FxFp?D$zGG(NOXZAW_2{Ea2 zkRkj&XSoKbvyxns!_4`{qVl(FwId9Jl-jcZX)?|Isr~PVDb$=mP)ol9H zV^iQg)bgwe5o!691VhnCN@cTkie5F8Ee#ntf8hZ!$L zwYN+h)hM)v;~cwvE&8oSOfsIa4(k&+Wc^ z>a*8g>$@t`RgE47>SYIW0hVU3KCO4PYlFXETNJ{&Y6jH!o6yvg4IRsA2`#w8U>~z? zGt~ASV;56VAi|QrHL9*6VeBX!+hv56H^W*~PWOZQ8WT2Wxx5HMZ%Y?0@&E(*P8`qeRTfs5Q5|2)A1;pKbH=d-ZUT zF1}Px7+i|Va(y_%ZO0B%Z5o9mVH*TyE9rL$aMC~77CJC5554`|9lmaf3dZ~pE-r&= zvKMq=743HqZ2Ga{-Rzc;LZ{tL`Pbku>F7FW2ClITG8ca0K=M&(k$kvLCu)GHH@I+f z;%k@dVx+?3aa)wKw(Lmce7tJojicvayy#KpPHjcX0@Vl-eQhw{dyxO66Ai#SL!@ti zKw3sEE{_aF#BResb2rGxVADw}F_hRW3)&X=aR$j)v&w-k?E;lpBc~2d>#4!D$Bt4( zqSFzl;>kbqGMj7o@$2J)%r=l+xQf&TmHOLonb55OW>JjP-$YAsk4(z4?G*nw88q^x zkJB$a;Y}7Ho53pVrKHp>NC*&N*L$3HW2si(J+@@!U+TGg^<5v+lJO^iryzL=ID0MP zk?KYe(;#KitM6l;*KZRDsmiGHK4!(+$@ix0UY$xZb~4>L#GH=VE{7^yWE6K%J5taI zaMcy_)K|Q+HvT6+i1CpBhCFo`QOV$u-$*AXXRjFCAz0idUSouQhYdO!{%udRZec25 z!Qeg-W{v}SNc%KbDd{8v1gRYg26$_Rx6%7s-1hwNYzm( zG7K&5K;OXjS028_D`YA=jw14q0%aS-3yA zIaL)Y?(NkkMdD#$3c>ZP$`9;B8-?caSRF}+lOC&tO8Qt;T0{6IeMFY24rzAptR`tS zO9ucm=RF~qLa&2b_owg{eNtbtx1h-;EcK9>b9aiP5*dj%T9B8(^W|XX$S*W~Qcwa? z)ahPC=|5y_JZC>fOw)9WmExbjzqG~Dq7mtTnw3OYJS57n$qKQ_<6WI;pXHR}FnBPQ zminE}pXK0eI?{Wq335SsO0U~@iXIZI3P?LLGAfWPtV2!%OQU7s zpYB68!gy)5au~PEr#^!sg#;CSOcw5H8J+pDcu_oeXGlqKzqnGZK!SqRf9G@U$VY3o zsKnmwVy>uI6|%+wyQgU#3pXxLL_^(-g{z5bBI^mFdl&#n>aZ%)^);=O3n#K}zo_lM z2gdm{Rgq{4I-hlG&RzPMO2j-~sNgyU?k%9n7{lt>KyuE_`X%AV2+t9@gv1V_ z_k@?Lu0fe`2dp>}E0vh%(7ouEOr;)-*fIJ#;)z}&m~C!Z7aKm{QYHH~d^qy{myzPW zYnVrOXGT-G(+Sf`VKHF@74PotB0xt?!yCR;S=hhDp`SsB#;gIDcyQ$Hk6p+%kxcjB z%8c?y?tW5QC-#wc)@{exZ>g9; zrR1A_opMF4ityJeZe*YH&|xc>VwOmvZ`~UW(|C5aHuPG^Wk^gD_vVWO>{y)t> zmGp1(Hyi$^`A6@9uHPTl%r=rl3Vm=lJnb|&eoZvSCC^do<-~uZVGW(M5$r>;bB25X zg}?1VNz2YiYv9@J_X9on+vw;dLb83uAucNMO!soyQRdZTVgNQ(nuzfHHk~Q-)q^2}tC)*4(|Va@PRqD%BGaH$j6+J>USXQQ(EWin|0HR}Hg1@xSn|Ok z=MBDrUc|Y_tJ)Py00l1$v>ZvbO+y*T5^3O6#U+*8 z#h6LyA>(5>e9~x`YQbv}I_m3b!j?_`fwI8Ac_pSy77e4!iPB`ExjDfm&2758xTflV zxjE1Y!zgm`YnxOq!t(3|LK+N56Ae$3_!2aNnAQJib(1XZG^1Dentv@ZiE+`~YCX=C zn^n^#PsI`USmra6Rws^}3Ngc=U>M1*Y(x#nWSy$#LWSX^8Ld!p@tr4i);EyzupES!ngJAIHPH| z%bH4brc?M0kqYamI}TQf0zo&zNoh&mcluIkBB#tde|S9W+i#E|I=ae?8ivJiO7H&M zl;AGo%DW5?H&w0p3DX4i!K|wyP0m9^t{1=arHo!gGA5*wnQF!{C@&TVsS`_C|7EaJ zTgQ?_6|Y1s6+coLzQa4lB2l{?*4~+-UcV0J1PP%L&cqIcGFdF@CtGO1|bpEeZ2A9P8!oo z#0TQM3=y*(x>m2tdR2pfqVI_rPo>RTH`ex*y#*`1$l?nJn{ZC2QS7`*=gPKV!{I$m zPHdt`Ee%>B{DWFMrks$r6jpP{yQ_o#(Wr^U&2}P6B|1&Se4AOmk1FP^^n!4e!2>6& zTMVa;Ac?aIxz#VPg<}PnF;#U0T)h# z6H-m?nKL3oUe%b2ymQruwP3kW8z4CO*}-pubm7VF81woSJY0AjLLyHNp_=OCkw9I+ z+}vRRJi@0%ppYT(*ZiH-8sl=OfF>xiy%`EDP|4h0k7WzWrHfNpSf7*zv(}(!EyD8W z%p#t^U=Jvhp$PczFV}ON0cpR?$FUcAt4$Of(?BSL7sftk*KhVhO>w@PL1IqElpd#~ z+4#Rp=t9!C`9$^27){jiu+mA!TnUf9qxTr}u_A320;@^#i%emk*o3AZY5@!!A-($%iORB3&xFQKMn~y=Qr9JgY|w zgKm2qbV7w-0Zpz2Lo#XkT~@OrOrE4JVhYH!_bVG{Knc>-c~~z~RDfVpsLq;#^~dCU zyNNBerKwh^o(!#m)0#@0f?vR zztXb%}0<(!K$un+Pu1Hg&88Z&CfOb-&oK6-z8DIiN9e+8Ex zCUJ1S{jerO>ELhx+z>K!7#Y>B-n*118;^5D{dlM}33sugmxLGg5rzPSfLQoIbyMpdC=!c;}uF&uxNfou`PTCLcqQ(wpT8 z^}&>^C=H_ISdOVQ)77(4*d&A`@5}zXclhjMQQe93OzHbbP#MA9n*f?F;UGi$s75wc z=SD=fs&>1fTI&QF5$i*i4OIG`chlkC?A?+Qa)w<9ydyYGCFCf6_8Y6mKFJeqCWVNM zSyW1iT89lC-oL9o322-XS?|5XQFzl*uePQNsJKvFtZ1%VLsy;W_UUKg%9+yAKue9i zk)aCe5HugwfqQRe1B+Ay60oCi*n<@u=Kddt--Pc|$?4#hbm6F5lfV&}fEgZ-u#UZf zWgk28aCoFm<9h!i3|hLREmY|^YLUS^FrJ%10B zu_2MgQi@EMn{@S(#ZpDj{E>o7*k7xz=jooCb{0!)7Z6I=M8B`JkR!_BK@x^8{BlFmygBxa7;U?-S zg&G|{$k3?jyM;~MAL54sFom-Zkq7;72UjyZ;q~iE>`)}}2#^d-e5=tCl9g=9OcGyZ zIq=Ku#aTfjVMG&L?6IhSOlF_U%Vl3Rl?9B!O4VYkt-~G7a}0IuVoC2ftT1!>gR?{C z)xf&d+^DaO%ajUM>wlu&bh;#d+To$R_6`GGwj4|JwsiZ%mkjso9|gc*qnlo?>uzhx zT&#LqL7U<_29U5s8{@797{st#=BBn9n8d7;)wbI7W`1bsNQ$S+AjgI>ynV6~PRb9Z zCzJ~8G^afTo~Meco67mNfE=m+)P=p%;<3PTv5t|!D;WKGl zOnl8m3C&jV$-;t>P=BJ*mvc6$;oB?V71QCXcVRQQJ60()PebKK&Z65Te5f|tNGl}9 z;+85eO+E$%m;#BEE81H&6*^&pj-c;%Xv*oWRKfx&OJh3#*K=mev_#X;$Xn`9oP#k? z0JL=2lSf5h4z1nC>c%57e#3o>KZ273!|+j}Hf4#z9>lvfDUkI-C^KxHRKerk9Xcoq zSoN1NYxkAdW?F4rYvST$YQulBjK{oDn_Jzo3)nB~KIcZz;_DqpzE%`)#mw!@@+;JDl%0tC_tPh^Q z#m$jW)?~9?AXe@X?>;iY8BRs#=(U%y8z+AChz?NOpC$Oab}kP#4)@^+KTw(U2-1w=5JYS+EClxuycgI0TsN2NU%8Gi`TU+qi-JPI7ia_KF zQox_PJhm+4dID5sc=q!rV{0&pjf!J)A)Xer`kJf}toExMJJ9sYE-VV-aB42r>OKI! zT5}V~^`V+Vq_GJYnqlj6v0DS{EbO97qBG`rk56`D4~n&eFzffzj*n&$`+^ER zR=bD<5yj?0@aP{G->UodaeYVF$qEovl0UkJjrtPd9vmvpSx$jgkPQbaU8u`o z2j8nTNv_c%NLJ3nzP~jf*$!>ukn9If`>dxD`X()HJ&&%!t0GFxgk|@wM>_n+Rw#U5 zf*J_UX4cuwpm83LqoY5|jfeYA#$t)^E9V<`1;87|r3wKNT{`@Ml;kp|m>-jl>tO)e zZT$1&RTsN&raNf*csss?eh+hkTJc>8Pf1)J)WKce=`(Vg$@U-;y`tryq}49EW?#v` zYL;_7wGTL2$X9~+L0(^6lw$mTqN9i%kj54tYTKRg9vT`0siG(55~HlDv<6`(#rn{J z_|f!+eVpEGbunzKgyz_^usZ=ht3iFyNbl0sWQ6K-~K$r>TqPDL%mVgLO&HAO3gEka>c6{5B^? zyTn+tJEs}7p6hoxG>@n&gx*2@yGw;wLcP8LHx4j0booXa3Y!QPRZz?vx#)?HLOD7+Nt~ zFGZ(`#;>3xn?ACP#=Ac*UJa=N4JNZ=vjE{_5>!7PC(f)?6V}D=RfK>~!Z>y$OkQk=QNI zGSU(a-OnELS(Gv>MUGemVq~h!{kOy$aDeIy4Kp9gYh2x^`RwA#S=gj%U8xG(4zmPJ zzH0oTdT{Z!D`sDhj9_tyDf{)+ao7tkmb)yI_t7EKT5w1Txp5?4Nd~tw)7CTY_mMa# zOQSF3C2WuyZjA$fbENFTVK$-ti?(qi%-=waYuBSCF^sh_;=k}e_&q5kt+ejKM1uJ zOMJ+B@?k-4>;1Qwl1DenyR*Ix)An|D5)c#SjgrMS<(48n!o$XgUQmL)+;~B(Q3(pM zl|@kD-e2`<*RfWEpsUxN;x(sDAsq&A0`#oDr1|B3jr&>^d@~eY#toj$B@1bUAZ^#I zFUa8L93aleJC)+ui8V4+#0sKmv0CzGMznYO|CB-u{ehr@Ih2=e2Q2n!TjpNjK%1z# z<&;Qi%Upyi=5t&-Q7~k`nPe_g1hNo_rVR5*!fA~z``IT75lBpuk`liZS6wx%Z64K{ zxgQ^Rd<-b|A)E}#Au@Bu&y(xN4Yog5Z#MPo?GjI`zE98jO=W4$?oW8bXNm)g0)$js zifIQ3+778+=E5TKjDD3|5uh|hCa$o;O#wyNVh550ifd^nXya2BjF!4@kv}GgJKV2C zj-^bqzk}ETWss!av;>kDRYiAtC?yuhCdVO9+DhC-a}F5AL41HO zwRjN$vyI03&7xn9BOiPL^YKE>GdE{MqKRzhPb{NxD#|!M{--Ku9_#M;8@+j!7NGyj zug2%9Zxtrm*@P{iSApAv?FbWOO6}*!DAB?R9b~6gg@o;&yBFkX;Ju{q3{0Ir{aGGH zjyJpOg)eClWMM{nWC=GTEX5KN=*P1yoVVHo^39ae(3teGBb0pQP{Y-;nOAuZ@dfI$ zd~;mq!S^$hvi9nkvBok*lRJ9>;iHY~;>ym3iDowjCGlvhtOQ)@CpA(@T))Njt4umc z9lmO1x9W*D83(W^>99Bq#O0~c=$ef)y6D%$(||*?b%={v2`qEV6btYjlG|pV^EDV* zX4N(Se1#i0_{+MOO265-^txrSK3M3yV|Cx9x?QEwRcDqA=U~bO6c@0YyfKBoh}`k- z)METNwIQ31%#L?uiF6v=4#W032sQbnzwHF+|0)!a&JSW}f8-+=K|EVZv67yiST<)k zS%vl7$N~BrZ68KWNBqmykC<;E(xLD%U*E+=eH${LimcV0tz@j)Px$)tNe7S9SEW_(>Xo%ah!Ou=xD0THf% zNJ(LsW2_*Le)ADR%<-zL@z8<56_`ik#=lFjDtKJSy-iH|QQW|T(8V=`C3VE4SisMR zd6cRD)f2|P+}&$2=_stG(?F^Pf0wH(B^Yvx^aDKJQVubS*ceM0p~mV;W0JqpJx_XO zQw$18{+Ay<2hrAAoZE`R8T@##|Y6p;*= z#Z3UCRR1n_BeFwpDc3mp2?x}4hN_7mmm1y42={6W<}N`;T*iczI?0L~je%w#34yg( z!1m!M1EVSqBCXM*FAMH@pCn97zwN{K1p~5Cm1MHJu0LK>g)rfU2Xx}|Qj4#oeIt=0 zS-0-j{gk~y+2C#=G+QIzp3k{KDRhFi5q{|>D*T}25utl`QQ!!~{H~EIUt4HfeAj%? zrjDtDcO~N4+-~No6bC04lRyM0@7c}Dmpa*UkzO~_WDu=(7V9@&u}!qQTVyIc7g^AGL7eEGi6~`M$OyY46zzl8`LE_ji zP2sem#tl;ck?ZJ(1LY!4Iw|*nQj&B|uBR6zX_s?m(J1H0=KZwKF#Y%QfTZKDbd3jh z(hd{CbT-aUdX~{`%UDOUd{8dZuu&$uSE5@>+9L{98Z@7delOxL-0JeZh&=+2Jbe?? z@{jR|`K0349@m)w-_H(@Ww!CTorC;e{7GyKeHjYfQ@3>$4Gu6GBdLNI;T|$~;EMf$ zBpc1gW?(M7XVJl`N>GwTcycYqkUpTPxDv(%ly;-Y5qgzf197-;{VJ)|Mwlt|9Fjt)kITtCrx#r6J%e(oot zTxr9T5j&KcBZJcVOq(MQV(Ggc=PB@G*GKc2Rnt&W(VlZqEVPe|o8OwG{hA_H=N(wZ zw4?rt-1$dmWOLfDi0W!Kjn~xfU)&PnlfJOlSL8cG_*ltHTeKxMUyj1T?rUSKD8IrIgU65jKx&n zO0qW$b9iz07aT*gi7^3Lx!w6>q-6b?KQOB7Hc{5~Ts3T^^`J#T;cY>udz{&s*xr$B0e73pW<6`d_n_8FO0wBD85G9k|S4RRg^zn8djXNp(#y?otYfqKb z0u;j@&<2u0Gr__ml`%B)DdYG1bt64h%FoQ1W2V{b4}N>x{K(~`P&jg-jG5`cxb`wre3Ghua7Wa#@%nr=ahqW-r+;^fu$gm`bYl1 z^F>2RJ{dzA(MV02IT(Wd{NrzlC^?XTY&FIVaWG3AYJe#vg(QJb>$~4avqL61@rO%% z-`^E0`qFA01Ezn@K?jN_WJ#5J`?TPWCvc@?IM3Wbg12#aN=DT5Tr)J9K>IUIx5r+N z$Po16{N`ZBDzceY4C+WmCS<|XU;~a3{%7A+IJ+NMO>7&4vxu%0#qDn)*cktmvFik?3+sxJm@PYvHAgHlkk$6^D?HTVD z6?6*Mt$wm6Xby)!^??jfh6#Z%?Y)C?Tb<|yGe(x(l7)-p)eSjJiWrNkeIUdy(E7qB zGC&JiS^=zS_$h&X$X4%}$LWHzz-yz&*CCr8rvjqpv?zD>_xRs7U-G}-0*9#V8MXNq z22~zWjCT4B;|L)`tKRvPY{(7~C}_{zkz7Gh4di~$X>?u&@YWK6yMqhG#9bI6>3b#y zU`$kbRhVcCd#U01NvTG)k8=R)GR+IbPo+9GAnm$kP2o%Fcu57LbQ;%wJiqQY0iCq7p8jYXRhz_g zDyrdNN>CIcP{brc=sr5p@l$1EQIfP31Ul!ZA7t@I92^_MD4%TgsXONK2>c-R&#qa# zuAv9&)tfyn1M#tFD93ku#*YF@2yr@cV)}@Z&Oy%kstn;cHpuxMIv$!syX16y7RIoh zSbbhMPdG|R?31P)=6W6~it>tMxM88$MlRXX3ZrhnZ*$s)M_}usz-P%)l4KP(!D>g{ zc!qhi(7Hm&d9O_F5=jq3i4o1t3qE>2lz#S(n~eQMh*A$qYuhs5ZNWmAa<9(Vr6DWzy@9zW(?>R59P;KKoTp4lklMoiGAi^&vC+63NOvJxt z6>+gXj$zHV+Jvf&!yajV=~fB+=Ms!t%W{_G3b1r*L>~c|rgDba-VKM?OX}56 zzC#k2P4fFJ74x7C<`1l#QeaBVsroH^!!ghAmL+ScPH(b$M18gvUG%zN6KcVVZ3NZI zs&E{xcS8PKjUJ2N9$xiq0y(c@%PZSbSz4wGS=r-p-J=b+k=8*+Q{eR`36RdN-uN=V z-+iUP2AR2I0Z#CdZ!=f3%U>#=r>ofINWA2F1FyP1gv+yTJBL16bde7n9cz{3Z+*oL z^g`dH;pVsg2(1a5u31N^vdsGXCk6lSLA4)KtTq=g_`2R7eIxP3Ej-jwb6~1ghmwcN zp}EZyMFou+@i2&OMZ5P{Ph%8lcYU~_GX3;I`bCPk%UGf$8<7w&Efj;V_sGgRd`aDS z+8}qiN}T@a!lA7tEZyrbx}F$NSPaBio3qm4>#9f4Dc-%4CFoE_?^PltI%f^GQ-)bJ zrYID3s#-ZJI4fNjUgOx-;|c{zn)u9_EOIC}Vh*smdZbp#@oHOY&D2iC`?`!-JXHSf^QBUBo~kfXN*VRvRyxOK+LHtFXcttI%Hf`tBH< zU!9Ys4nIb6cp_2}Ic}*W6=*3R&#kGb{u?Y297PCcl)=OsEzJj)5{8sdHk#u7O~-%$ zSL)Yp)@FHdU08{fGohT!kSEDY0m+q~!W%KyY*QN0344q-G=PaG9!y^+KTLoHOi8O% zIH;GZ4asT~ysS|9iETlsv#|R?Itlsm=p~NdOd-$WY0_9n!h-~n8;5ahF?a2rK~@Qd zEWVogcac>k(@W)}Hfc2hBqrKAYn|~lf*3mbMt7=fhc)TD_#*9G6Iff{ZX>eE1rxg} zW7-o{jPX8`5smd~A#_!&Is&^n1vjQGp*sl;A`^f9A6}Y@#Gk`p9LqZU*>V=ji&5FU zyc|k}0wX(qc2SbKBp3JnQTBZ2diON^CN8_x)2E}br|332Bm&pAQph-O5mgd(gsL$g zZ%`)~BQgXKiWGzTu;M$n5V017m<`JVy0iWCtA@Iuz-|P1VwRn}fGHJms~O`MoVuKa zA&bO}^xEPi8H-~Q_^I1phS?XYf-I7_U}Ab#EKC;e&d5p}f6k6Ov-o!Vv_(H5PR-Uj zWwWjQrs|0_tH$uD42~%BaA*e1?hfQo7+8bO|8!{#y9%_`B;i0ckWs>pn$;Ahkt?hp@(804X~snFr&cq}Q%^%@u$hSL=6#G!h1x_@2= zp(V^l@CWR;No@}qpadac;KO?em+p&QAWVko^pE-N{tEqnnBV?i=6C#W^WOyhWB!%m z|1&@1-`<}2e@;vu{GaBp`Iq@8|I_?8LH{;C+4X;#f4;m=GKPk7yX%mb0#}lBhU@gm z$lFnpgTJ=fV_Sv6Ak!BmcL|ynUUU7p>l(>{0wLDhHBNrwTzjSFQaQ@0I>OF589kLb z^p;R>#6nZNJ_+$YjNd*#XZ%`0D8ua(ps;9{`XNW@U_ll7{QTZ;wn1`IG8`5$R%wCb z?LnsE*Y$>k{s)GGrgW-)af2eLLbd3}!EE;L;Gi!gC5`-$C6^E?aRj?a@Sl9k>%ztB z!`{y`)(*TaOMrx7ky>0zIAd4G*upS;T`#WHy)wTY4bm3bxK9UwgGTm991yJgV-ptF} zdS_ujh5?hiCAsO2RSCX+_H&8FLp0Y9hrrg<$EY413d@Dgkcm3ydNQ99RmmvJJgYAJ0 z>4zX0*6n7B@eQEk66Dor{0NnUq_ek>zVnT5h0}7W)E+hR!& zV}Bp~!1p!&ecTDTgxnUu=G<9T~&RzwRn>O9g@)Q~@dB`*lAww>#D79wY z-8M$8<5Ry`kF7E=h1J{?wa zG&-iAZCGJ$r4eySA`itGC9Q#w%m563Nn+>5Hi(h_vV5~_sX5L$-tKk?2v}}!|AxbT zBr}3Otj998Me7#HcAB9I{i1$cMv|*lyuv7rw@2v9pn9@^xsMvkZoOJAUz|XmR{f=J zkYsfx<38|uf}a{;22(?GYMfttXuexB!htK-D)XI3$zeen-laMW)$9`-o3T}%UAej4 z%TfxAhc9@3bb$hsryd4?(^XY@DDI`fxDL&hY`P4_T-wMGOtFHbLB&?r&;h-gM?lZ89lET0Gs}8q%_-0**L^u&$WG@*?%5c6dn<1gmRg67xwn_tzbHPFolyGo~h&( z&Yx;0`+0a2bN=HAM>z{&jR|+d3W*x~ItI10eU3YX0pf{W(5|`EA#@Yc=1hi-h|w(W z;OZL%O-f_UyP&^IakE-hVCUQVYt*^xKCvk^4yfYE;wv)X{0jzbW?nX2aU-`szTI^L z1)r-oh81Bsf7oxV&(0vXzo5=zC$#4_(LZB3i0wY&_Mk81ie<113x^t!du`GT#v@@f zLnv+T2S|uBZWhAi3`l6ZmAr2sC93iA**?6|vu+F$vad3NS?glLJQU!a%V;0ZOL`|* z=a6xw1ejj&mmW!l?=w)pdZ0$`tS({Vx*=_6EQqrrEya*(UENco%4jV0VQ5^R3;5Syvjy3Ldgl~JT51S>| z9JEV~v-ypw&jgwyIhX*L?2~HFi1+!BuvLSieiI525$fI~A=x#cMY!+M&uxILbj_?J6x8*zd!9=3`P3_ikEVC0OHZ!@6X%&gqzuw z`%|clq!xdA}BzctWz&HJvKt?bDlxEwE zQEri-BZV&4CAsRg?5Hm+jYq0dh^jgcQp!mFie8*#l_c7MyOr5Y&a(1BJ&0a^W&5d; zLE?Me=@HcfpmU?#)T!t>E)B|Bn(3&P7T*Im!7Eb|leaV13yw$o9kJ$htv z8R2qF06OgOBGe*XRjX%6`2iMKg&l_e+5jxR=+DjINM;x;_(YJaQbpEGysM^_+Z>o)fnUJm?->p-Nk{V`Z%gjuHUk}` zk-SDwGR~XcHBqvK9Moz^~97VdF!mq__%AGfOm&yg<2)>2kfY7jWtveB86`JeeCudu)hYYE5oe%Fd^poU zJ?LZN>!8?F=+t#hxWp%en-hE@4JR;ZMaSu8!}<%2(hTYawXeToL4-cpMd3`#+1|7- zA!Z&{HC!|r`OyGhao7cSzXC1NBy6CI)?!u#UL&jy`<{k#JS;qGCGz{@9M47Oyal|2 zkVb58%)|Q|yz`tan5bQ%@KmXW3r;mmXTFWYcdu~5FlpfAm55$7EVs$UeBdUnc~LT8 z?c6d~HHZ3Lv)tOWeG{OZKR#NHPl|-mSoEf+QQLA@IcW8yX7;7Cj&=l0VVNS?c}Y2^TTa(&1{u|-JCvmO>?tXI(KJ3?lu4Hx z9;Q0|x=;eQf{y)s`@GtW_{I~hv7ydE-q{@Gr|NaCLh!YX$ zU*G>f2NRJxvF;!9ixU5*`QI1*ZT>!(|15qL;YUc6CO@ zh}@4p@xcVSqY&QmIU{BV0dcV<1vlIUY zLlk~6PGov%%RN{Wqq52G8al=_A`%E&79$cqmOlOriL4OJ>NO`jOjORu)fg=fE-ma~ zx)c>mmLMky&yem&$w4PQ$YwOrKkJ$Wk4lul5=KlaAptO2<-~#7#M(VRObTInLGkC! zru4>!e0OZ4BGh60S#Qqa!rh8YG0o9!3e}9aAd)w$ZiGFg*o4=fP`0Ip!al#7`K^-3 zuYG6g`!yAYg>Iw0HWYA*XSu)+_^y_yR6b$d7%N&0vU&I6Z59zHx{wE_`>u9%SGy-N08)@K{75e-!4II2A;}x}7cXC#9ZYPND zUwLhK`8li2)+B!%Bh2ZX(ak zl_4oq4~no>2D@_)#KUpTFj|hIZ+Bc3oiOYy4;m|Iu7uqO#hzrqv90P6vJiZZ9< z{Gm{=XEedUG*VJqYo?Tq_`S?qnX{|Y$(Xaf?yyb3Z-4h&KxuSlsgPcg`Ppfievg_< zg$z3T)^8$(q5p&J$V*byH;1L-CQakvfHq$;32!1h$^2@Lu zv2N*YUR>d<9BA99bSwLbd?x*l!=*BxN7_5XD!%plhGgpX70@|T3`!+O5FbH!HCa@? zM$cjqX1b1(xmUOAPy%Xaqjrwt;$w8txfHgB%X~SxXlaTVa5C0LdlFDuWg20r-|uoy zz)73rI-5C(95H0+Z#%C^*t^$vL=Uv2hI37wVx64xJ;Ad6;mAH=IYvn0A!U_#`yO+0 zc1My4OHE0(4yxGEI5%~xPf)z5;kMG)z?;0*#+G)S{QEv>^QdL-gy|TWGbxr<+aZQm z$EpPu=bm2J#25~3EpzsOnAE$OtBg3aWpuNApjq$y{O#W~7&e%dBwPA4dR zawqKt3t$A4!!NfCt0KON$c`pQp1jHxL^I8|;gA#Do{>uAE1*BVGaE1~H zJUghIq2nud?X>hvUay5I=Z2FGrQ70ru}_g*7jdE8r?vje7o_z}(PQgVCCuC?u&rmh zD13_*dU~8eE`ae-*o&cXvuU21GSca}o>X!HUK zL8HoH>QOvE>$3W}=rWZ8jnrPd0<<<=cmMRd-#3U%l_Yo~Wnk?gG~*Z4=&4-QNaben zHg1bCR$_{bh1m+-h?TIb`UHM+S~ByY`&h{D?%KN}g(hp&&(KEU7o}$EM_)*r&Qr@RDv~(}4Di!`?>~XSI$eq+vmDZN>qSYE}aSV0PQ3anUPlskd#EWi)U~Ox2 z-iLfW2Ivif0nkHQ6f!z!+6Y~GH<0D6mk-5Gc!}%qU%~9w`bILteOl)A z`H`xSOSD|+g=hmWOGAL2p?;xOyw&{<@>(eawyS67E;la;m)@?#SX}5J9{zolQbl=n zj<%3_%exC{Wqcm{Gqwu1jA|}f2?U2f6T1OigJ1IMZWNbYK6vOr)RqubdM?!lXK8qA zBWfUgXTvRkt_e!^wc<13Vf+{StqpOJ20k9YNMY^RUC(QASgGTivtvBQi z0%W`YKe(1M1*7|zLYl_6{TA`$d!*duweiKTNKdgP565b6U0T30Pi@89&oFVVyY&B zkf_>p95F}ZN*L_hsSSvcnDh}%Jy;q@!@f)DAJ$u4*kjcAv5PnojS<;ThLeSGJo3tk zPvpunK2oZ7bvf&Gc{j!0vW}ELBga-)Ggp-U_&PeS<`YK*A*Fb6{{$^M2~Zs$exh7Um!7Lz?I1pA}!1)hqMg!{AB zCRTx(kf|y#JyBNa79Qqi)4|k@w;BOHvVf3~4GBYpKkG6s$Pe-bL%I1`rhS5-xPTu# zToRYTp+P}MwdWMsJ!z>qNfbj7?1NFKM*BNb4W1?!i^ZJltZA)}Q@7`O)iH^V*doaI z%TMCKk>2#zw=|4Z8#QO{YjDD!@M?Z{6JZq~Er{0~KKlAzLIU@&;qgox0chq@W6O8J zRdWZCmbEQx-o63o0{lPW$uBU!DJNHjlK+SYOF9y%IAB?*pqPwvy~EXvzq}ATcr)rs z>bVctUM=3@y^F~mnVpD}SC{GG(uv4Vwvjo&)xBZ^o(7~En2%rh!6jV{L>Q@Y56dj3 z0EdYP&WVq~2}wHrnrE?f#rEYBAIoVEaCT3y?W$VaaL*R|OY-LxuhRWltKBEpl713c zf`CZ*!q4@-wDc|*dNPdxo!`R0Bx6V9KcY*l?LKOFT3fh>3YPUkGYOj5pr3Vfi_!ld zzWymVv#{OThGW}yI<{@ww(X>2+qP}n?AS@ix?|h;`gy9}ziR!fYHiHjYh!MlbIjws z#uym35ueu{BGCKMTpTYnH7#xsoS#ypVQm}zOpi?Bm%HS$a?~>1nct2?wZWro&$}nn zLUZwqV2%pBfV_S}uY-)M2SLSs(FBY5!B|6o<#?@VoXyB+hiwwkM)`4U3M~X8RXIIAh?+D;VV-G0-3~cQ>|n(>ZSEMT za;K8t7F5q=1>4}&$z>QbW5<`gb#-&l!ZmFe5b)pQE(yuN$eSv+`vTbu`-^F5E4}wp zi!~+8JD7n^eVMl5zqg~+6l52&$mYO9QImDnZvI|69XQw(x$`5=m#(sX`KdDu&$(dK z6d2(6jsNvvQCseGIlF-ve6z2b^Fw7Q;j$=Y|2CApTC}_!x@`71Yb|=TR>_cr;s8-% z@|+uji0?j`9ND)d#+w4#i>HKZk^U{;qaR{>cjWLB#)8F=VZD8Ll=2NarLS|A@f=%? z9$cNZ&ce;D$XP0LLcK8R^Y9YM6oly))3uV3GJ0EV6XgEFc?@R#KK7PgXw&hmC?4dN zY4J^KnCzD`6JLsm!z?dLvUo^FSUN8VSP69- z_12a#W5y`)EOmvMb{gr8Hm)%fzZ0P39%JQu`d00Ra5h7 z0DIo2kIF-u-4;gN;~gr(#@XSd*g0y7unQSFe@Jv(My~bkKpW`KlZH%pb`Q5j4{Qxa zr^P=p=X?QX$6jj64EYvvZaKk2+=FDQ02GI z*M)yAWcb-t!_EiSt|CP3UG&lrS(BrS;hE z9gXMi-L7b*ECg2^$|CpG2&RMf=>9--!q2ZxGuu8qm^%r%lV?fzL>>c(67R>yZ+s>= zuI4Z`>eAGTi6=p)^n`>5z#&goG<=Cc+Z;eiii4qP-vvXS2e(B$F(DDI-MK@?$H9*loS#L z9YE^QS!lO2YhQt!DGj=ZhDL^RKsE3xI9A-CJO(DNxYCU-QrwKFoM%o>=5vp`n@}|(jT>9I%FKd z+uv*Fgu^eAs*C{zlT#1Zt_(f&uHhTt%y5?(cQq)gex~9`4-_*bN^Jt@XduX7|f;9v17MiC==Y#%-wL^>s*c(8wP6Heo=KL9)yzG*)Th zy&uqVkkr|(j;usR*VC=3C1R_=Lfw!8VbzQPr^u9c_;u{$^aruozc?HP%%Zm<2!Y+I z6#`5E`p$%&+wwE>otMe_#*;wH3Bs#i;_{YftITkMu0>TJ^9xR|K^eIe@pn(F+RqFg<3V8Pi1DzM|E)Aw15R30OpaSys$BkC$u2r!Y>!s;waFk<=X|ibj zB_>*Wy*7%YrAlksz>C)h)M3i=ax+&4l1|B^nq6nh9c{-QR&bII<)(^JN2X?s69HQL5HyZ$Wta3 zdD#z?kpiit>h&b(MQ#7}UBRCHpKQkEzih_of3cZmxat3}nI7f;ADdzMw~yWV5ADhM zcjEuiNZaxsHlytLKiJH_)Bek5{x#C(*8ER4!%Pl~9;IkGR#F=;<6{wJlu%Xm2DL9&=6)PgLj-D%d?CQCELt!JG8#TLP^v^pC#9Fh3YRZ#?&@S zpr}<%YY_{Ket8Zk<|(_hatv^8`msiVv`h;892my~guBM(f|r!N_mcmV>)~B5NB7_f z8u9J``*9tVuVV2RU=!=xFkR4M@Ivq`u?#)xtbi}9FKM50;N%1Sis=K%%HEOnG}`PC za@*$S%tnrXN)~NDcNAhE7M>wahnWU`VwsT<-s}fYRw@%ceFlZec@|?3RnFeS8 z_IoSwzgz=Le3hLZU!=UjH_NqwHTjb&hGxU;L*yQ&Hmg};!OC6ZiDaP3^W}U^p{QO1 zmXQ>U6%bgb>Xs!J9und|wy%g7F_);|v+P0)XSdP>+Q(Yp&;tq$?P(1E+ znx=R6NW%KTo%6Ivd6y~J!J$q{lX`v!Ki>WXe`P21UU3)uW{KqDCNQk5$|JY8z?4vdua}C42)Cv%(85ps|)Lma8Q?h=T_g^#$doGSoCl^;GT1DT1=&W;fVL5 zV}e|+1d~%9<`k5x4n9NJ|UV0`^nU@X^>$;C^;deaT~^`Qph zie&mW7D9Y+Rpva!Op%4XU zJe`27r=Gs7M1S^(XVZf==8o{2_)LF5im(WBQM-1>a9>WYfBeFxvc}5qM>P{JlfI?R zgIR5C0qztHZB&t#U&5WXu(nsnxvBuIEf+qAZMGYJSI6cx!Y`hxLlrT(|1!r;rlpz8 z3JNgY}q>(M@MZ4U=r5~9giUuXXJqn?RDq0KubVE+OXj&w?R8Oje#s8 zzmsVtQO9E24Sg_-rI%w}ofiAv4Oh51mxOpRWDh+P}OddN8q^&Eifvy?` z<8dkvO8HJR5zf_oa23bSZp9FE_dk=r@!#bCKd5}`f2lm-|D60NuK$n99~b@4$zOJF zJNdH#-<&onwec(bnn)ofNRte3-!%Mz_IHK(&M-kr747M8Q)ycbD!2BY8$sKOO(4hn ztOL&}klUb{9Hrw9@U+H~$}QjFR9Ip5f@wjWJ0L;R<**LOnv)T88K(mVB(U#2TViu3 zf^xd~uckZ^%i`v+reDm#s$O-=%yT|dpG?kZ@JmwN*;0TeJU2g2{k^{p(}o5c$(i7u z8ZBPBcQe@s`rYNO#0lg9e5(5IR;`Bg68F7lN@v4q=lcW(a1hv)#5g5h7d)(SdcvUP z7UcY`?hvl^(kSW%3A3|BrvNS6QVfaDiIEx)zZdtu^d~ul-n4+~u93O^nl9>V$?a%Gemjj(gX5-R z1IW9j0t#iJnSNvNUe7=l&YN36V)N!#cVu0YGBw<~`PC)1JsJROfK+JNi7b;m?^oE* zHTM0)$o~3r$}>>ac&Wg<7q?f6(KHo;K43ojLvT&`B%e^E$cDSF zr@LqJo8OeI^JglBS+}b92FR#iVrmhKbVhNk{5~lrlpI6Wofa<;Gy|kOOKBhZH4c+j zFG^*;8+?L(WXEpl#)T!5lLKLwD9u1r-sP#x}TV@gRDZa%mzBPe1kX zo(Xj4)E$-wg?9{|xF6}BOnrn18*szTH1hhoRP zQsM!yv~k*eW6)bcc*`F}`x?x6={tTU95g}H58sFyj1mUQ3SS?aFm1M^^4IF%HIK%I zwS7F7GI|L08VxEJRq^0%@2TEAdbC;pUQ`Y4_2X0>@#P^iwk6nF+GGG9HlZj*oKum{ zF)S{zIyztr#J5iI4i|;JYYybHHm^dVL++-=CIbczhIFZb%V7f7R+-}S|Wm`hb&%$RzbhPF?8z7>#O zbO3S4u;s|4+v^8P&VeP{(1a|`BaVQ8VzbT;A=7reJ*{zN6QuR~QoTd=V`c@&B3Oxq zQ(MLMV53Ab?uqDkaoKPI%mBdO>eq4&L6tW@slGb)r$i!KH8G^|K6qUfql}(wG7NJ?y);)64z| z{ysA;hq0X(D3FePh0f3iG6JQks%P_-73!HOA7rD1X;e z{I`C3bjazy#WPVl53gyMvAhh*Tz55$A+_u{o-t_;b5v3^Slahj2s5-($`(IaLDn)T z={g;Nt~kh(Dy3a9>BwPNAdJX4PaPi-K}R2@cecNB>IUij2p+;_mC{4JN$aRt!KH ze(~$6=HZu58ekA*a)uD#!Cg#^&LvW*(6f&Oz54qU^VY)f5P9>8L`Cmn4NU8m?OAQj z^|E(${NM#YW?j|4%?f^hWnlC;=r@iCwN8Yf4C?@AYnL_?WF6^%Dyp;CirzK}7A?~LvVzxb>CCQ$14fb&NK z{N50_cGmqc7JMrd3Rk$XFXfCTR8TKd!qByL+MmjkiJ=p=`d_)yJ()m$jM||#0hW_Y zJrwSAV&RA$!jY}Tw^b0AIG&y3oq2Wu10 zqF$dN!eJL2@%+ji4Hi+EK1Sh(XZf~mt9JL%JkJoFwtSJcFtnRTgu~ON&fT_qYslZ> zc(tIy=x}C~$I4_reOuIm7&*sjoZ4GC3U^W&Y$rB~_c!5xIJ?cJ{rqv{<00s$v*9}Z zr7A@hCFNweiJPoXkFa}c0 zyu_#%-3Sk@#bMMP^-Qns3wr00ex+oh_)rjlz#_Ikgl9F4n|4|w6!5^EKDPq0br{=n z`OT=G^^^?QtE-~H?5Ht^a9@~rST(6-h~ou99N?{^Kp_p=ywrhO3}bx^Wz1(a2Fq33 z-HpP#7eup@kR#p9P*g!a5$vv5YhIc^nxcmDz!73U2iw+UY28QAFWul=(Y+3WOm!|$ zCNPRCP{QTXw9d~P_NWpwG#zG*zW7hCJY4jMNZkC}4H_Ft`d}(}!S|-)NnVCgdCueL zHk69T{XraAiPNF{B>{C^a(71g8*pgpgy}DK;Bxbg6kY<{3DKfjlM;$L`b&Qs7Gbqp zqR^L%$ScTw94dHI?lZMZqfj$`re+r!qzIf&%8w6N4t}Lh|7bdC5$1^`=s*7}&*5MB!?0l_jouY2qHv`ZcjkmSi$rzD%X*qyo|x8xf8x!-z> z!q6}yI#c-?yMf<{WBAfSevkGq$ypGH(8lvN0(_4>eJuNG3xoHasn!T=B0 zE<5gT1L)>d=Uq`^4XJ>Fss=(D!Zm&=a;}<9Xbkm#mAcF3$auOU$@Y}E;5fj_i72#a zYMWUAeae1TTfQtL`{RB#C#8mbmyfbKB-t!_OEKFMDGT?6(;8C>z89t7 z7=o=EU2)Jj3ia9zh(ke7J*}Xz!%`=D)7?#jR0l&eHiXnqY+Jz= z`nHqp*>!=mn8Cp}FN50glARIZeXRkfUJp7|=}eV@Zv1~W2qGWmljI=&YI)QH$GZq* z%alYqGpoNgClrIR<14`d;gnMw;|z_sa}s~q>e_9kpu;LC*8>*S#BXG8j(?R-!jrfM z%*pBd(~m_Zu&@^p(>bq-G}91-#tBc5bm8~3|H}n;Ad6!5=b>tLOTk4uyb;`jCD?g* z*S+GmFM22HKmFvKRi(kj$_>BIA0)+#9$A)rPuXcCqTI*N&6k}14(-ML-xh?&gu{)u=QA(&lon84ig$DY8(ivk)& zH-|H-4uep~uqj%&>B=>X9=pUf)b5hbi&4W@x8ii-&!fj#A7gL*5Xl~q@bboLXTPGD`6OOC{ACUzL)SFb3Zc5MX>b1lT-%|Sa=#TOs zz7+}o_7gIf*P#KE@l_IcVMZ4 z1GMB}V*P$(brk_eSyuAH+-Gs$3o*VZ{c!DmzDTTk3y=YdhfZfxj4ASt`14A^4&Rh5 zB+<#Bf_n9B=GVJ*{sqiYMns<5h&_3LOP3QvNaTg#$nTqpIqH|Q1g}xdb{1p&`_YSY z5mVcuds`8mG}`MEeeGF{O;BUQm?e?7kne9ej#d*Tsu56NbRoj~;Xgq}>lB1ZmK$A( z*wR&&fU2-reCDYzS6{IpbR}!O+HqZ_12wCnjZ1Z(SaHl%#ZdYz3~ijZ_yN6`0v3ME z&;sR`aE~VJSe}PRbWpvnepvS{a`AYfbM6|RwcqgrGeT}IK^SQ;7GSMbYA2Qw&YorW zlgxHztT2&7B>&!Z@5Rz#AJ*4M^q*mf8pC<_hY;r>rlO)nCMEDu)UbAsrGpKehPU96 zVgG)CVaw=G`hdSH*1bB#eb=;|XuQuX--jI7H&&@h^Xfkrv51F-%Zqt;pno;mo5xWJ zUDrD4ca_)nfnS4OlEE>JDI9Tx)wXEifR>9+n`oI8uRkJ@jF|DS+K?OZYxBfOn|+_l zAgkx_I@Sg|HoAn=Lmqgy#g_P5Wp#2Tn*7~w{MpY`g~J>$dRi`M_!y2P=>pwc<=Fda zmfrL?ntcy=I#wb!bJEm@Gx*eJeWGw48c{-udQeS&^?h4Lfg^|e+!)F+(NU)r!Qvw(iO>2BCI)s-IL0!_g|NN;R7@CV!VLqdOau|V>zl13u<7I^`+ z9`W$KJgWp+J{R4$g+}~z$^dbz z4TG&wvg07CIZm08ak9EgDNSOcgae}PfcIT?rXoPC{Bu{bX zgioac1Ldc~J{&pfPRt3+JMBU^u751Dwn!9n4|{S}6P+~B*l{ZA!o@~qgHd;$7~K){ z3=;F=M5|UM+eEN%pp6#QdRX)&@dr=q6ztPkb+MwQ{=L?P6&k(eVi?CF~_oenYgEekMF;v~_3g9e%&cp6qnj5W*zV^HsaaM}` z0y7QVbswr<7DKMFV1x8XBQs_8T&}8S^buBFJ!(C1bG6Y+t_rP-4 z1B{TnW0yRnuZg%4=mFXc!Kv{$i;j)Ai`P}OD`MmHJ5K$;b5bRo6mES2W@+Hhl52*5W~nbjMqZpnbs;qZ9QP ze{#X1FnICLR(G~^92$VdyYOPpzB}#WaVf5uhW*xyS@N1h zJ{Ji^8+!`9d-O<+-Uooa0m$EufT0;qr zCy;Pa$!6th^75jZ#VEV#z9lf+OWmK{Om@34rt5UAW%da;j;zu$&WISD&eVv9<~-zh z1yqpJx;2G43OIIT^O0=`rkpqZ+b{MsOc0U6vKsVU9l^%Fl|{+(n1(bp=Y8?cU~*fW zXF~Fj&nOG~cFk((U!st?jr`_>x1Pn-*#KItVRr{vq!#+ zo!=F_yY>h~pvP#AaZi=&&*&5LN~;{4;O=dw_D$!(Nvw0g{zzp}imHSD50EA*{xK1q zS}%j!HiLE{5l@6{_ebTK9{Q8oOM_?j!v30!f_Pea6q*RQzjdt8&;Hp)*`Fu&QmR&} z557n6C)}TWbXC5Roa|=Jd6zHFoxy#Dw7`Jj!6?I-QJ+0xIw`2%te$WRRDkwbAy;No zR^ioJS&9`j_TecAb)HdKjMd*G|CBhe$P0dCW9JxoDpMNf$+P;L*>4IaTPI<47A3 z_((~DxDU7M!LRgzlkX_x^3g@?l?l!AG4=5?3>to9JihX@8AJsYTMO*N*(>~Hw!Jb% zrB4DjaLLwNl^dJG7punS?)fG-#3(JMq7`NrtRBh61Vex;`3p4Ii!hTI5u2*S zb#dAbkFt*&FnNNRFe*Pd>HhH>DT-nCbvx3T@%Z$7Kri5X`4T(e!H`wVgjpidwR^X9 zG2adAl5O!inKTgIo72$3Iq8Wm0a>SPREzQYBV&RtUPg3`E-eFfbOHUq!H@a#2~|{{ zu7%=T!A~8v{f8)2{)krs7_EB>e!NnsrU6b_&B{<>FDR4k^z_;A(E9OxP%e(xRZF#= zV91V2;KejF1>&0C9vrLPi}M&b--Tk-IZS z`KB;9wVFN)Im}}^LFn6S#Y4=z^Qq0_I9-ruQ3X1LocEKY$6f}qis7b3QcPQj)pIZF zP}!YOsPeb4_njHx@s=5L|D$xM&KsUDv(qP5^oz27dPr9JK1r(fH9IZ1Rx^$9tsP3+6919$(Kp(5W&yk6yl#ti%h}jwK@dN974)~rHUQw zI^snn%xYF(S&$l|YHxJnl%2rzaSUDS9)B$ZK4eIYz&Jc=PGk4{D{8@O! zKrG;W@yzrG(f5-vju2Y9^#IWDt~hyyc;aS})1aXYkrO>p`oWUQ&SOfHlW2*5zcANn zE?%HvEU^qgHm+zkq?rIcaIeQ^ab$!~q0SQ?-tNvpAUk*SblJULnB^G!TO8At7KGG) zfzARX=#HR4)$^d7n{_qX4Epra?LD}5ty({*a0_3>1z?GgMMy7_UVlSYo#Zw~acOo+B3bN(I>a27TsFxqb>bXPrC!Sc8ASuhl0#zhvCTLt zsuS}E^LB@bceOg!*BjXXGDHc1d4V1N2K=+$IH&#mojmkDa!2I=6 zvm_&iM2tyvW33?a!pv$xq5u)|%dc5-!*zP?ieQS|j}%d^O37 zYAE7ghGq?{=kKa)KyvjTett>mDI{3waf( z%mgq(y(0JP;Sb`J+Okqnx%JTZbaiW*KP(PMp{@PTE*$%7)xmf_rwHAeIkmXoKCF8| z+j7EKVM5Iz3*PPeaTZ6vF?>opYtbAlmLMf|lL*bO z{99l7W$HW2IlWr(;9jT_B@2#DFs>!FOh*~2T+4S5-kJ6_xGtyV@B4-D-EV!F*gnk{ z9>3XW*^S;Q_{ZiWJ@I>YG5yd#{|@a+x=V})J7tcfkY=+W7q?gAe>Jt&5VaWC)qiyM z_B!$8CJ8PPP7Yq&v;m&MbC1Tt-zatPONUl{>nl#j1#$k}7wR7yOcrpE{g7+aO`r6G zaRo6nN%+mJ91bItFoaI1B0Nc1wyEPiHw7k!wfQkQ;pFywIn)sTyt-VgYDjj){CI3P z(Q!2PGsO1}N8H!j+Z^+hL!}#93oN%yWL6IC9((8nanX}oelzC2cKW9klkw=>G)=IU z41e0x$}*ebd$61QKbrr~KZX8(xTM_vtN9)Nx8|qs`H$w$GXCG1U+e-3=l}!gzt8`_ zOA2E-x$8fgU?YJU2j|EKvkL;t7d?}QYcYibtNBxwT`jFPZYQybT5W|?gflZ97$ zqa}S`Yie3qIyG1(9&$%-8T0kdq1)|ogn`CwjS18ntJqRf$&}c$wl%Q0+qt z$&xM0M;TCP(*zZ7VmPQ4LxC}`N$zP>NZa4R?_f1||YM$P@4pZp~6#dAFiR=p5XbyX;IrG}J^I{mFH};HpN;PaRGc z#=v7Cgqzyo5Q>T+n(we|S_W_J1Rd}H&pnwhnN!Im%Su`ML2JQO-VgZO0Icl~W5AnI zwY$3kl3NeJT`^-z^HaAg9^o_oW`lPdRE#Z1WkeNj`S35H}>siIj&%CfIo z!!*#t^LC|Bzd@c8=@bxV?rvhBechsMSs$@vu-$Q2swV`uCi7arFoVmUXFzK%D4lm?3 z(8k6xXQPHV;Aq~zG6AN#zeGUsZ|Dd(@47^n^^YOFQes2m&KkS*~JCAcjDLlfIsD6 z^}V6TBD~*H8#ZH4U`SkbvVyYiAPYN4+0Kl?1L}=X*ai1C0TnU9V6vSkPvEyCiUH*LRb2rZ3327+`=X1`dV_`+@Ja2pfie;t?U zBr)Bx5%VKfnUmmYI#T4NLA=3$M*_lpBN0y-4pg)1F}t3jmj-QX1LTO)RPx0pmKN5h z6vcluz7gNcl`xSIP;6vcJ|8UH&~<@TCV9Xs7(5XwdphKjFG`_t(peza=r(Oa5iT<{r!`GUT-^OTHXGx$#)soBHVPIS z`pMm4u>043(o1Ui&+JUx%@?)d5R^xzdwQ^ zQBJYzzZtzJKqy8ju%aCSg)X;ajIH%dObNp+e6sJ%(fPIfec5?N064fJ9|CW!8!zc8 zC==(sI`w}=@#)Hbu--%3MEN?7FsV*;F&lPXa|TC_6@>SK{?vL~?gzQ7+}Dr*s^Ksm zI)g38ODx;AtyBn(*EwrY}IGRiln-@7~g3I`h4 zul^uEKM_-H1O(pjEiw#J<^AlQtqbh7>6;5kd5LoTWAX2olpKd2uXpMiLP&G z;ZyR)f=v;?Ee{AgRYXjKFvhZ6eo1?YXLGro*ay6M_2Fcwsi+EaekwZ7W_&+oMnyG- zzx|K`!k}(v#*6XLbXkb3C05o}5TC;YGfNWVt@nhGeKSBvuhqX+yve@{bMfR6ZEo0H z11$r54D+iPy&iEIu9hr1zir25jfl8b*CU%Hqg(40)xjy<$2Oq{AXXQK(F>S&5+%y~ zu1(~Iw(O^5?eV`;oTdu&ZWRpr*7=8*EXa$RM`_f{6RR4D`LDXfo2*UpsP zr-SSR+GZ%<;@`q_Cl=9zkdy;Y-XI3)odz9rYc_G717O;42L2MP?~7m zqk4JIQ?=7I&e+KPPVkmLf5nz<_sG_gF0%gSgc`T5BLdq|ALlHb?-|7>{KXRynN9qP zF_5Ck<<`{%7<{cMS@_LUkQsAdMM!Nb8 zaag&bFw)w5F(^AUiU7{b0k&c7#Ktlu1IV#Gv$fTrxT!2hEv`6CZ=@S*yKt1BaS@!6 zc!NlV_!KxN^VZTx%NIO4RNNLs1-7c{_IxaxG*?xBpa$r64lz7Qvh4|+DRdJ@2sb)9 z=b-Q-$gNnRZ(o3olZEsdL6M4@$7seg9Ug}9DT8USDx0bGmlbIqu6syHQd1(>5;h6< z7fl{RfSCuclVq!-H|Man<$dmz^L!mq-F%TcG&OH|(X!GwOt^;TvfkMbKM1@sHIt!- z__Oiqq7jXjoG1WnZ0r0)wBiR%LQ7}{_02ap5`xupe_ZFVtXj|L4OAKPFAUAjMg^|J zB0 z=vf^a9O3|g8dKkEVqv@pwu?MEx z$%t=!DQduZWCM`|flW7s9Cy#{K8#dz5s|2la>gs$J>uVIP3Dh(NE zF0m$Mr?WSi!~JoN>byb0)ya@6G>rO%3Vs@;TjxVTr7aD_A*?)e1Nms`rMY=Q$9(a- z`&kanTaa`1>U+4bw1wIXLGav~AuMhuMadLn=(S_eA+!(qJOA^82Mc0rnviB4!<|E7 zvd4Gxa<=kMB%Xc$YbNrs<^mP$dXx**44Kw@578p4%pC+i>OZ*A@fs3V(wS+XSuS8w z`3iSy(l4RfSVnpnHCOkdbmBI_eRqbhj2=f8y9UDqO2#hE_Gl1W&0i1vilL!z?GPf% zV`X+1YXW!0-Q{ygvITU)U$};2& zSK<*DIvLKe>iTj#MsPo8I7?oU@C;X^oQL&f^g=C#}5j3juSu&)t5CAVvE z9zrPFE00^5ujAnsTV`AYU0&xgs0paQ??-oml*r#^N|SB z`UO*a85|3W?L}0N+)|j92HvH#DeFisPV;u{nJo3Avz_BmYsKxp^x$(4PWl?FT&@<7-K2wLyqOf&*Uofx@!(7HGmsA<4NBKh zI<3t+O?YFKwDyVOkP7XID2-|Jh$3vR)NT=)M_St>YuqCsJuKGdxR~Zh*3Dr@@*Wqx z{ciT5$eX(jP>qWST2dfG;vU`L31~n^dn2O-9}Km}*#>bmDodYW8+J0YcxSTne7cQ0 z9TPiZf@q&YX8y!b^dwv;Av2Ue0Q_z<{9u9LT)ub|D;o2$c?${&l}!zY@YU1 z-^P3WNj-3hA|cGHy^}S1%#Xc@=9FlwPH?>1BdppRubo#-@gzSp z7=e7=h1luh*-zP-vi2+2Ud!$~n(H)Ae(Y1eWrZ85Z z-HQy}IFTyexqG_>>(4XK9|ON_?0UNjF_sr8v5fk!Qu$=90Mn`n#-M_smc@aW_)T|Y{b7y+G$9Q8JoSQIuo<{hA@e;Jzy3=i->M> zUzvL(7C3EfV*E2{{P{Yw#*|Q5z1(V}qRX^z5N;ZMT+P(e7S3q}JLTJhX=rp{uYfli z02)z~BB+~tmqN1m3;bFl<(Bd;{Y3cz!PKg9g(Ut1Z?aN1h@za=o=*k_iM+0`+b?}Z z%41mMZ)>1g?5k30#JRrnZn({)4(umb-Ovz%;~00AIlXXP(VEROe%N=+iHgMv=5$-t zb$9CY?}%Ot%360!$TeYYCC;NqG#Ko7h9Js9h+XWXhH&K)=v-CApCQU2tPYYhAV8p-v@|LpcgTdQfs_8ae6ZE*u7_aAN+=P_EW>wa?j7^;w8$UGzLt)j9j ze@W7cxle980ewxCUb_2!{7d0KWbLs-$rDz%SH`L1HhfufYv)p{DU zIHwqf@<_4z`>T85U~w+YG)l3c$sIR6&16N-JW;e+rosjU$;z>*lLbX!cKnZTMB7cOmf4)C*)=^Z`k@lOcB1U48=?keJZ zpdxVBWYqBJ8=)NVFFUcFSnx|09v_fb$ObDz;MKT}U($~Ko_!?sTQ`#mHYUXnxGrxo znd!?GSkiaIR2qOc-JFH;1Ant}-p42za#5sbnzg-}dCy(Ea^Ul<=CS`P(f&#&3(q0& z8<}YD5z(Dps3&e9B+rh3kI28uYnv43FIezSg(3-=JbbC|w&jzz1akqI$ow z4fTpc+~qkHtG`=0BXU0cybzm(Af!fL5c3NI=ql~-M~ zQh}bK_KXyuc7!d2LD7^uH7lO_x{Tg=X(1629uGh9qOSf^C=$0I@vOp`++aL*+B!xy8{`_HGPx9@t^O+V!TZbSyCQIu8c zooDJc7J4pf%!8m8m3l=^f3|H_M3M^dx2NvlxMG8w-2Cqu8YNK10?Be+j(xrv)U&>Y z*?o3ClHee8d?(qg7-v?ll`M~kVGJRz$7gl4@!CbDuw1Ww43PnGSs^(Qh-IfARr;$5y-VGY~M*EqRRlALFEg zED@W5$a^W16B~3BpQ!+aYa zqRlV5&b(JR#hZN(UI+XqTb6%Hrf4l?SadN2MbQca=PQ!`J~=-tYWOg-ThFSs9fDQ_ zNIc#Z2($-W4*$>)ZYi*ig=wSdWLE>V9y#qgM*f+MgD?M&>MAx}gg+s(8M&=MAa@6C z%r}?0g4jUxw?l9ER@B$E|glIp}A%7rlI9wCSulR`)&pp`tXPw)V`Q z%`FVM+9W?vq#gqas%J)Q;Fe01v^Ex1Gp1$~F_DN9VV-tyH3JUcl}SntY&gn*i8@=oyk14u65nawU=?13h`EYlc0d_MQCd=b&9UE<+lUNCabb zQ_DSZElnRDDW#4+>+N2t`hK+CY4M)Ga8=O79bP-~YU7@Rc~+t(?c~fz4uiCO_i04tv~nzk$y`2JJTP6Zm14VNnWZD-+@;5avPYYHGfI zW4wiw3Grfx|NL~{kSV9rDoJNdIGfk#_3!66x!9Gd6`5yWNJ2XN1oJoI!NfP|Jhsq z1PEol8SfByla`91TJy#L6}zv|#<%N0j7Zv5Qy4_&YFxPm5}F)N6h& zlDjPBjrw@$_lWpWQe>((@9}DC!D<(<_z~rcv&2`0ToupTY)7~bY{^EOr-eku&b5<` zS&-X}NMYU;He7YUFi0s)3c!jWCh%oQvI5-PekhD~b>tdnK>kA;gJ7sC<6i7;f1*B; zID5bw z?$90%aQcjVhu*qUUUJu7EME6ZSoX)JLV%Z?)Cesa@5ofhIFrGzCgt1ra=4?==g>A3 z^ksZ!qEZ9OhpxByU@s;I6xQJads87auuI+hQgOsMQa-e0m$aOwmqd7lQnaDu+5>(({MF&n9NBR{=cGZq$$nhp!waM z+Y#XIVvX{zDl%MnT2`J?^QftEreGy#cJSr9g9EBfE`I-DR?`(-Ka}FQBzVF@EDhfi zUX4@D-r!8TwYh0%+U-YxSK7JFIqPLy0O%jT+or>S-13PAbmoFj$Y?44Iy(S33M-*D z&ziyah=SmkiLDq+G4CDANnnP;9!xA>OSFH<>n=^^s)GI1C*#B%9k&Y+fY$O#sOh#u z0Q<^5sMl}1*u7G!)X8!IsGGa(%{>(&Fa1pdALK8-0sq`hAR$#8_589{EFJo(PiH2z zzYdzs5SM4q9>Tf(cWyboMW)klCB-U8fp?uA@vzc?FTV=WpV{=`+?ISI=p((>7ba1sj^A_wiY26??AKsHdk3kp} z^Rqs0blvkh#7}R5noA}c<~K4Oo;FW`aL((70pEz^WO|^I?{{Q{w&tkfBwM?&y%bQy^GT?i=mPF>EHqBbvO${_S?4q%-v z6BWcfk&AdNJhqa>edw?-g5ruz>Nx{jVuz%*=isd4hgi1q6qNGa@G#W>SXVewBsd7Apr>cxlJ z)6JkE2j_gw%%65QS-F&B$nvGZ^Ml)TcYax~P&O8lXdwnPM!^g(X*?lh%v~(9MaHUpSBF9CLcY4O(0? z4~R@+)i?CnWB}XoV7IS+$K$@-pnKQtxm5ohHVj|O*3JIC>}>ldvG}gyp12y#nW(k% zu3a>2*%Ln&OOjlsT2~<(;w=s@V~J;9$HiP{9I`FSG!fuZLMcZEJKiW{Ww-@QE8{nn z2i*P3+2baJ8Ydlcf9SC@#pGvJTo%xGelVMch+u~$>u^u@)|^9m>vcT)DF4P!1uS!@ zJ_>{eCey(Rhp}-#6@&wPfwO(FF!+P;f)*CRpA0jRXsuG@#?zJ_*AO-7w+N|FQ>zfa zs9t)V3D=-81&mrgXS5?ysMex=Cjy5^Y=74p3iG9jB3?pC-vyj7JUq_fis)GI@aB3k@M~R& zP>J<`F8%aQ%1Q*f^ErYp9c2cmJB*(*(_QB|{8n4g>SIPmfd&PcT6PQaLYJSMnS8y)!+e@1K*&xtEo|^4Z0|2H#J& z0`yW%@jrMW%o+ZK!EYIoGC3DUX5%4~=I;<}^qdg@ArO0>MMsmU!oTK*+w?b+TMhfxr?A4HI?Ou*sv0Wv{b|CvWE!0rd76jGlAw zwZ_H+Rjo$Xq38vK;`k3V_yfB;uJe<1$2V&pZM#R^i5t zLqm#~mA7?=XG78Y$D`me<88SL!CWBaOF7QP(ON~{+|Ci~lXe~uuIJR*>q^0F7O0?d zt3B1FfC!-B<&L*frC6WMwbV(aTsvFRHw&Id*d0R~L>Ke55_ildA>RN6eafb$)_S$} zZeK!y)c$}QcU!sr*iD*fgIa^yCp+N8Ulta>3*|^hY;&{iD|I>~tcLPu<@MG2KbZr< zXlq8sxlQC6m{yIxti}vZme`^yp$pUskg$LbWnNg`4v4!x52wmofac_NUaqRCJhM&+ zc9_V><-n%nVVd~2U?%5VL1~B|%Mz{B9K3wEVHrTr4Qb?gQlBZ#N0t^-RLmM5B~O+b zNJl(#B0K%b%R0Ur(r($@7u6#Z_Q?k*Th?1N`+BNBu19BW*J(EES?l6_?Dv1#cD$jI za@zf_ZK@cKL3{6IekRkyTnAn|1FJWQ1hwuh!n+X08uk>5{6^ONu~!QMA#_s52f=2h zOw3LKIvD8-Eo>$_Y@as_?IO#)?V(PQtf}tzlIY1FzQJl0064SoaGnu|GQrkqt8{de30urw+ zPs`DE!}m6vj#+aJX?Epe$r8Zg^((R}B;)cTj#oKpH>rs#r^F}5-8+nPuV5^uy)qUs z61MZ>#r%MYzrNK+8~Tln#RY8hO#gJ3#)xCwg3?sd7$WF#E1zsNPNyFtoundaUEZA; zR8i<$>l`T4A(^Gu@eMRy017=Sygq8xf758DDN$Wv25i1Whb+4nU=SeQQBGU~LSja@ z6k&+LMtu0&)V#N50gZWij|pk!J-07){kj15 zjzCU`q%AmZi$IR`BEix91;_g~`%Av-qVaDr%7oUnMm5?l@12nGjT)0AxV^gva*mpB z`onBSDef9aatsx$D{yKizL-@F#8%jlV2jmAUFOu7>`j>n5f}pf6G@rbk+8O7PNt1t zBeS--$?wCAl-C#VYzqhiZq;AFlPyv}NiNtjq?`U&cfUln|AgD2v!z^~X9%Y;8ci4Q zGh;PLrYtDt1*;tgiIJ8V`D)UdFT2>i7`$MWk-+ABWN&+iA2+h9Pis67QB_wuMCD>X zT>4CsQAnHjjvAA1V;vdvzg}dlxN&{|`n&HLT+h^{Ga^>gtvSl~9^gAR7tj~#nW=hZ&S9d73$U4<5`czP9I@Qwqk={PdD&JO>;jpIKQ00s z>%_CsLsb}u0@?PXL}>vIs)9t4%1h+#7OzwMn0b$AR=|Yz>JoL2w?=Bks5BfwutnSD zh%CH} z-YQMU7GVXM0sOnZtz`yjo7dMXgSOm^yfF!JWYxi3u)cp}J}>|kG7};ynowmfls1xo ziQ*od4h=v%J25{75hx1879$CnY-nzF+I_w%9Kpy%3bVPJ!NI25rp8s-14V(4aSV)~ zWQM(ujBA&`fcT?vLT2}T$Ze*cHJW+Lz>Kg8G+OD?NgG3>j|cEjbWkZwJ!=m_d8l&MBtYg#Y_y? z3XLNNu^klYH8v=uJ<2Qf9nKmCQ&PNI$tyAS+G)!@cQmWa?#}TA$uZTFnjdgoEub#ipTURfi$KH*8B^0q-GS`cMp80jW*eUy2hyW5~Z6C zms+*H)|`?%c>$J|*Li?k7Y(m9icw-v0B&)rD!iH*bcdN0`o4+UQ40pWEGeF6Zt{*=R$nGcy%SbAhTh2$mee0b7_F$YaqC$0w$6(PlKJF0B6?4e#(xf*kEx`%M-q(W^ZanweZ#!xA?(8cKVK9{X<9U>b2Pik^EQ z`9Ulx{8>2xKjI2$CliFxa-j_BY4vVA7z8 z8tI-_ol1ZZSzhLxTG|0MUqfY-p=_SsAkIY(fq4ez-6GlKiFUr@^~di{i~J`VYBi_Q z0P?H#twvWo{3wb6i&UKYNWK%ugkPjppx$;N$V!NVe655q~Lt*U~1$Y$Z z#X+C~I*L!Hg8H4@)JpRkMk#8^iZey*YG(_3+d-Sy9|+ic7Fzi$dpe!Jmv5PwjVFW; zrwoVktXwc|3Jv~U>9e7Rc3ut!1UM7cQ9f3}g~yo{i(N|IqCOnh0`LGN{c%4^xo>_p z!PryJEwrJpl@bM%Lgo*W~x8_O5!qq^_?gApVe_*vA zPs656@?f@99riLZ8R2N`;o?1ep`(eKbET3XvU`FsOr|p+_0}z>6%jzRUaHb$E3LM6 z(XqyQwpn;Urt~O~>Hfgskf4t1^Ai+Jkmp4n2eO93v-o`osOs$8B+9;@0PmAcdZ`yz zjCs^^@ij`cD;`I-os5h|n+euwJAE2VW~pG&dD3oyMV>i%HaL?PeY#PM%0%!5v(8h> z!-*mDG+**uIm&%#7hbS4)?D;Mg0{$Z{266u({RGm3N1m`h9VMzy_AVFlt#2PixWZdOJVN9?40O(`hO-X&TH^w>Bxxa?*p!gQZ zS&5k<6tcOH^afilC!&>Yb3GvU&aw2J%LiLklG~ z-o-`l)-WCYL%dc067T;(?>+v*+HL+ntle{eS^M)JdT;aoZ`S@#Mc$kLxr=h}ABL`E z^lyf){rO*pKGE`ThW#Ln~|pRfs9UB$BfQKG@NQ9ILfhk+WXH5+tCOcoq=;x`b22Uc@AIrkl|7GQp;O zsJED3e%8n$=Rtjd?6T{N+C)i}EtqADDCjxQl8uj<_2q<9xTY45pdC8t28Y!-=u_o| z%QTJoXCmTNtyzJjrgyud!7A{dt^M3yf~r+F4`}p=Y%yM&HfckbJhb9fw?==Yc!mo< zlz?(8H`o76lo9-hMYHvD8W^zPzgyTLoz`{Jy)^JxNN1CTln%<0tS^9wBi&RS{Lm4^ z%ivjBisB3MNT;O~tPAl49dL!8O=T^#Q65n`56__qeDV+(#-b(g2bml%<9ip_=U^4b zz1{@GJ^6V*HEu&V17@z0y?l3US-cymU`}xgm5xh^@{QpLJZdm6kEj zTiWL{KZxw96vL*^23LF8(hmpH-s2LKf3@DR$+Yv4c=}Hx2kb z>0O;SW_Zx&v8)Z?<(P{y&38KXw zF?N67`p}|fZApQAmjeD|nreGmI>ek?x=wPwo50;Zy0s>3MHw`|z{|%~*U!%ze_J zCM5r3;_hv0`Rm*=?5p?}zavW|ebbKsn^A2_jhy~kZBXCJUe8-vc!V~qOCidu~n3TIZ2|GkOxT-<0$=f0Iqb3YDU;C@J*`R1mf6n9CFfI-mI<^4w8pW z??foRpCj>HcV0^Vav@sZVWpAd zYx}@1$8Sk*fprDGFs^lNyw5+{AQ0>kV?T&^JbXS|WOlK9__0ZBzFGB`R0?iA@)elb zv!$teRflbH^suI(0P>fQ3_XH^o}du!p&XSh9x{U0p3DNlRlEY`pjmUXNR|WWJp?o; z0~xNqnFkK+xojY_$r>Kz%R?~>OQZDQxsK#;9;bgIP4^&H!Cg{Wd#835{@bH#C_ z&r8>OE9cNmGPTHbhl10d(3{ra(1(Wj|5`gcB$lWB~}z&l`#^WMcV`@ zP^LdSQ6e|cq|X`h8kHYefMN^$ex0;&Eu0uu3j(SdpagY6ls9st@2xaH`1Uj!%6F7; zs8{oJcK(qMWL^ePR0>HOYcZG;n;Zd*UnDRVuGdF_c8XyI%9MaMuI>esI(XVzFzpCkvp?0xiELJzerD z4oE*@M8A#n6QFYmt{tDPV=Guj&(PmSC&Bn!L? z+ga*h4r8P@MKGaU1RKa=5u29NP}9Jq62{_lzX5beM-Pk(>2j&gFEck+^nxp#n^MOg znl2bqk-Z===w4&6q>^-#0vom+D$Pt}m>jk3#&yLd<7WQwmx?+bILvCGB43LhG-~at zk+Zdda>KbC&Qjc`T&m7#z@Yz4my6~j>G4Z_;@w5dk=i;!5Eu>#z|^P?T6Djb!V!6Z z81&&{UA$mzCqR)MoM%()K~o>ztf^LnPX7M*YM06H^{wb5dYi>DZuay8XI<>`x75;>afP9=TpVr?&;0I*})S$B^U^N|6CkZ!8gIWt2 zr!+4@pmMm^TiR^}#sl+s>oAhC?Eu`uJ>|RwDJh)8H-N|y(ji7Lg5f*bEEzQY$QSMC zn^){U9|nk1^mU4CS`?^Ez(+tGpPM3i;Ba4?a<8Yj{X_l9IQGRTTo4)pK~%i>t&e`#T)_r31n+%>7zP{OuYlf_gzQ=Xo4JEH*T zU~}g0RnxWb{#kg!EItQd$+Es%;kx)(Xz~B*rGk6hU75t_9QV;!VqTaw@ z5BQXI-?Gc3HK;9nJmbBe`?@69V7AYRaFW>hkX^q`>hnX$#FYnB;|g%%=cY6q1^4DX zECeSmi~i4ddtOiygYSIWb=}6vg$d%J9+lUUc3)HOh~|}lN~~_~E46rHtw~ZOzlz)y z_21kWw*(0dB)9hy63(YohqewkxCU7-={cO;3;#^iOxgoX&~t$3O4+1rhyJJ)(L9^B zn{DM>?wtiMkK?qS`W>r>NwzEwW{dLP^3#`$w4cY9(k+y{Y<#w@k=zA-cd$QLULnZE zHB4qbtLh5?Z9v6*;rrNivSGpG9!^is4?k%I5KwxF-TL-xMUfLBI}x z-iJn=i2uv2lziFp#P9-t+eXdhc01VaqC{NI{{_-+p*OW?;XBjqV6J8P$2*Mj_<_18 zT%g_Nh_cF}y^%aB%P^fO?X+ZVL9Iz#DhSajYYIH{@|$msjBx;AO79*U;)k(jRgL}m z*n^#A7%;X+oBfO7VlE2E{F-xoAKxED!u0)C$uKrchB~MR-XA%GCx6lC2JD(5BCPw# z@1CR^_SK&UYy=mfKDZz&y2)Kod);o{!1qOI>CF8W*OgKyz?Z@q7-$Z-ZYYbT(?=1F zFMt_zF2K4`>@=U=|CJk5b**nW0a8i*L~4E?F1{D0&*W>`8_@P?GD?-N=Su@-7$lrU z-HV}1=pm!m_0v0po|IEG0KG58mET7@4Y|W&f#8QP!*vfq;Zn%pi#kQcM<2>w82(yx z43Fo*13?y2;C}1|8Jcw4M{n0)Di1_2`U4j?zcUV%CG{WWC;hAZ|D%iW{7)BQ{eQa% zbD6(ggp6VN|Jy~d{dc21mlh;I;@`}`f1dyE94&N6((pfLiA?*y&k}Q)|DGinDE~f7 za2l(Cj3`&^@bp;VQJ%0osycJAjE;m+R4IeKn1ONHM|~ojekPQ1Y6I)<=*1Qt^3M2- zq6anVUqS#@9G=_d+v*>AoMb2uhY21J>DGAGLF9*BLv}z35+cloH~bg}F(19)5!zj(RT(O$x|znQ2YP<1z^3uF}N26UEZ6t4+-J)Ky?beICZu-ajC7*3BC($~1M zOdaOvk(gOoqBm=5%WXDUAPzv z4DR!8p2Es~`4bSW9s}gQ0l*7Wk>A$ihwoL!aEt2Lkw7%OzJY_84uFg9ATkm1Z0PNS zWIDqx+plb+;tBq9Hk9r&h@(!RzJvu&G|H0|yF*w$+4@$^cpr5!r`2rycey;d(Hh$3 zh#d_T;V3L;aJ}<7$=9`eOuedtn1P4e+nRZrLQ2Ajo=s#}&4~_Pa zcdTDe0yG0okBbk3cS!CPTL4f2bhSNBVq?%BXW{8a<&Ms)jDH@roAedJl0$Z-mv5K) z{>12owyTf(2g=w{7!mB_-< za~wD?FJM`uCaX783}k#d5fq+Ll-Re4QLP6KefzfU2L2(XaJT7^%aRz=pP_!fWN?7~ zJMCmFwSnYD9blSYyT!~q&Z_ji!CM&D9#+6BTer?EW-RE;edvINuMCLNN*rriIn4QN z6w9%NbjS2ZsJsssWmyNO)G!lKL&_#Y(28=f0RC`bcskMH8OR3}wy;gEYMcW||9Y(C<_7eXlBtV@_&=tbTZO=>*$>Y#e6 z$Y!*ET9_^cD+4;l>8GZ%3p0I41>T&~JX&KpXu{XTQE|sE_Tb8Eo~)VDb5J#hxjK}^*zarldq`|NA^7eU zbW4jBaVC%M+>}PP&ke6i;?%YvhxmJUF5M&cFp}~zQJ3?6%Yv=4)*vvzQvEvb*2q|= zpEFgOu1>G2<1KFp*pX!x5aqVDc8{>Lkuz(!U0 z%1YNN%xcr2JM!hKjMp4ldL&!V(ZeVm5_Jrh4u#7}XH9GWr{tlWN6!*_Bqp~)va)i; zmdMQ~-Ie|6iO9o!8^V`eb@r&v+mRpti={w zv*hLk$gnX&=m;4|g}@pjoDP^cf2dH8$TNZz%=$S?~h%bvO zg_Qk+7-z>iPb`$fN`oc|r(;d(dFT7yH*{Cw2HNSEtTH=(#|IB}djVRH-3*V<7FH1Q zz%mXok`2d?bB{KW|79b?-csQWdKzR)x3>%O_p3E zZ(L}}bS$f$XBoFZp*725ZEj~(ceVusCW}_6v1pVq^3nB%eh{CaXCMh4)rU2uQjseE7(Gwz;yeZY92$Z0M zJvbhP?joTKQVFAnwahI7fMMoWs+D*D+KgyyYqx)rR7{?}p%(LEu+}B^{_XcLfY^ny zQXri{0`IQAaK$Vy>9oHRBthK?wrrwBBdMovp^eTWC^Mg)cUm*D3)WX1vC(8F*x|uV zZM9h1?{x3d^&ma+>UNAWW7qNO`OC9eObt4`mkYqX74ZFXPc`HC)NeTUahPeRb4VM# zITFgGs<+{AO2wdl;}2I}(zcPgnPc%XJyqk}RsT$_&7*P09&cQd+5E>Mo@VEmxH-*N z%N%zVCChW2Wg0~eKw$}YCPe#;#wYi2>(AM+K5kh&*3^MAvaSAukeOw;mrrZ1QwvT+ zX&6ETVMvX#w@~hh1nQ(~iJqnjOtJ__q``BSO1eXH@8676_JRq~SNIcADg9+KRUh-1 z@Gm8#H%NSO&5@yj1NEn8sSMX==oPO>dQt&=Qubg^f;4$BTI?1Y={~=^3sVpzL3;(8 z!_Q{^5x`B&yf>3xj(l0-R93YL(UVQ_W;M&ptnR4pBR-_hktX~JVHaPEQXka?(4DmN zYSvR-JstjB@#FB{c=aIp$G1i!IsKJG&cl%=hrZ^Umw2oYBneoC25@=awg@T8hes`} z7>u>%$tp(|lx!Ks^s==G>y~6G4k@~$>L|NI;JO~DHw3ht-F|0r?^on0z0|e`D z)90$fbfQ=f#Q4NgaA*@K?ya=AKfDW%oD_neobtCX!7^~?Kk99~k^dy*Pd7_fPS3*H zTaRT#aA^VAqP|UsPd>exN;h1>fBJ58*U6cw^@U9sWSH)Ua0Z?OykzZRd9B{1r|~#a z?&uQWwN}z3nhjFvWUV>-3+%tsSt~TTtzA3}y`%EYTs0`ftCM#{G(a>v%^t zW0(;qIY}50E}oP-K)YZeue*;aX$N7^fz*Zwlzgv~O&L5p0=gW9qEz?mV8DL9DiCof zI)ND82TVbBO8h7mM_a zBIuE)DHHL8jtkP^_0PrUyYacg&_L+$9o-O5bE1(#8n|6vxoK%o%K}41O_mZ<@XaaX z`K-`&rmM&mGjuul3C&rvuEb1W_aAGDDkztdq>L+x-ZCI@(?N53=teK`$kz7LV;_V5 zqZ(&0UmE4#!?tI%y_&yb)*gK*Y@uY6d|s@H!ap^gNs+h1HAxD}pr z+#gN==NCURyA^1-p18=Rr`7zffi}l^q=Tls?y7Qm&@UXcrP3A64>pEzh#s62Sez6n z;#vzew+e;;Jl2X3zcf2?87pAE+rc>-ig&AqZ1;jdBqkI3RvAZ9_NtxFqHrA;b#r83 z??41TE2&>rM=J#Zeqxpl_q)tqtS)HH;I>@~w{@ecHPKBKKJRm8`~BJsw#;c5j|cPUNu+!B zsI)e0z>f@ic82zzYU^woMfNhA(*liYX!qu0>Z4Z?P+Qmt-~X&1r$T&n@?r6l0d{~y zr!f$F!&pCR8L{$gHqqV#PUY7Mc)X9*G|O$za9sOD`D>Nb%~!nJ{mF#)w2QF1Yq>&5 zFFP8No9oHKeK9Ratn;wHC|W6M+V%C6yA1H+8;mA2Y7M{pxYcbM!ihoefeTDw1RHHd z``W+Ycmit%U>~nOMarQ@Yss2^W7Z-``*FMU&UO~`l#TAy`hHNIkfjq3zN#1GS>^1u z>lNzL^-XU{m{mbp7^lZb4AKGhxOtBdWzasqanVDHUDLmmK0V*VXHBLoann;z{#hm| z1+`LU9A8+ymUDG%iP>6w6{_Vl39OSrij2mg#eZj!)gqmvKnZ|csOg~)FLNk?8L}U>bwkD_Mux47oV#kA|d45Xqk6BxJTc2?^&OM4B_&<6h%k$=sfC1 z3XB2q=r1po>57JP*@S+;j2Jz|q@v}4G;*pdY&~bV>FPCw2Ifl}zB=lAb4J7VAk;GK ztN08;iIz3BguC%}ubLNTp?v+$p~GSfTE)X3(L1{Mao(#zN@ej9yUces%2SDkbz>Gp zC_(8rkeqQRo?}~`&;9py%pXCE48T;FPL+g&jn z?K3+w4q>dU(~9Uo+m`$wC14JP2(5Lr8;QSIy(_>vl6?V})2}9?jNNV!y$%ha}Jy_eG`nZd>+@MdN zCCdsuk&kAf(>qp29I=DcGH&)a#7?$V-?t5e#9_0X?!IFb6TvB5NJVKvuTc)|jQn%$ujJTJ9?owsy3EU;bOPA17Ox{#eL zUfgVdx}`ajtM1oAa@g64ko~Q zB6kjs+9*|6+YWf$v_PuVvU!B2BP4oHV~EdMOh|JI*i}^<#9;Y{@2~+AlS=qOu{}(2 z6_1T@opNL?y<*UIi{(S#Jl$gmb;=UI>84=J^%$WD$O@ zz)R7r&|wmESS_QdwVi|tX{_(THGG~Cx)-w-)0`b-R6Ui}P&lDVta%8<$dLErlKn9QRq`pO8jd zXLZT8(_)nbTm)f+@Q4Yq(p3%9X|Cvf%9~JcyO~V2lCyP$VdG0@@c1ARQjH_19OtVc^A8}ZF3*WMMo;fE|q>cBSR z6B43b!-{e3iH2AiyQOjAex3?WG{8qslmb-_9wj$q9_?;UB2W?uq5ET39nbde5Gta> zB?=bekdY^*N{E{K8^n1NC0=Ae71UiMRydRH>huf{IL$!gPyB+Q;@ey#8^*HVu_y-r zNSJa1WLa=+i~5OmqiT=MGCPz%vUFcy#_qYB5@Dxupm!j|&zyfeyw%~gTX*RUU*^VJlr2g61T39-0lWWU#i$wr85+x5 ztr&k`m<6pFU>D!@Z&xZ|L0o;BeU$A1PrCEd0+jhXOx0Kvh2xDsjw{#&`8{wMN&3wu zBG#{L9u+}Xty!{cRgGjo80oLG40()VRmz~6$p2R1i`8@V%DY(~7;I35cxp|}9M7E^ zx$;{h1ZAAU!NOV7bo3xS&7q^e)6+n)+6W98?+ppHBKi|`vCIpzto!@BaHI$)Lt-0H z1;XMXh7Qvq!}0k3opjO&C^W$43Mqn_uK*S(hO1d$JmMZSFXkdd-|-p(whp3H7;h9XFuRr` z7(z}#rCdkWcqq@be6wfX*G1)3#j~m0wM}V2?T#>1!*cwwzR1s=%B>&Y2!9WL>{@dY zK(c)zi-Znpepqr1dl$Y$g2_#J)k45;maNaFLx;}+GOyZn8dS?=qdx4rU>DZy3JlUg zj_Kcea9Jci>qV!qdT5?J(>N&Zyb}Vj2(?+~9RE19eEeLO`Ce@xoONN(!=|U z?F)rq8l}5l;ObC@66*{!s@-}ADnnm8;fPh%!4EjRdP@m@rlzdQ2(AK?#a95?3|jRY(v6q!3>i_pYfPIw z9#Z=o!b%y0-RA;Kk+~kxNU|14^M$Dr zRrnkKHl8RMWW2=7b=74{=7tI%I+VJdA#})?kn&A4p_}@7xc;6u`7#S!#&tyH3hWM+ zIigU%@9(-0QF2|Zj1k~=n`0m9wt*NK92!C+D&sZ$3~)ZyyZGT;WFLi+k850_#MVw^ z`siALSID0GTJyS!aN9^*(PRUJq=UDCRdcoeuQfE6p1Sr-SO#tyugX+eYwUZL${MlC z`~&=6imu)i&LLkn;X5@Q^9Xcv8WmgfMNehj^;>Q?DMz8Lo2oVG_ zB&ug{gBb8~2j=ig_B|9=jBJ`tyRHGFWMv>^yq=}df`uX^i;EmBo!y$c0O@XU=qsx~ zAf*-M*88=Lg8lw6P@#B&4qGUe-4<(GQPKG@(E$^M?fR-OWPr*ha_z1q*>Er82}@_Z zpn~(GZ4bVm#|o<2%eWZ4WjsAAw-Y6T1+^$rATyIDO-+y7{jSeD_jyeKeBWZ^l&_gG zCN6BMWK)#ZfrijcdqfQRWvCjnx}v946|Uy{!WuOI7SOyM-mxg=hhC;{?rJQyu+I65 zq%)PRs@{5**{bW2aC&g!Y9d$}V7;Z*a6|bC6d3>O4OS2HcUeg1FaEajSEy2s-}IbU z%`Fr=65%pn;&@U0tM4dk2AOW)iIwI%gq2V{>6v&0w~2d#f`f4-!hOOF9h=pI*d1sF z5ooK47CIQ{C9D(hB7M!!fIWGvX9f#M`q-}P3CEohGQ{n++R;!5|vW)YgTLtOWH@+%ut}!xw5r~5w7f+IC5Irh2e^FF3$0y!#GFd1S-Py z{jMEoV}a11b#urbyp305qcv1MA4-o-C%wd6;q3dm_385Wn6_CNwWLiL2YTI!_eBE< zz)Cl-o7_276Vk`M-Kc+e7qN1k4L+@C%iP#~QuA9Z5F@`lt2GE>aB5g?%UI3W1c6zi z%|!i_v5v6W{1mE6xpo!|M^t6^OiL}1-S(C{vdePe1CV;O|1j4aRw+nm%;B7ajg=Db zG)PZ@`Kzndf8o4J4xLuQSX(eIQCfM8WxsjUe0Kag1Bs*4!3cQ%keDzv8&$vN?E~Wd z07JJs-D>uu*_%?vjk|q>s5B};KrO5Ikp{ZGcc+8yCD~ETOn_fzLtyBaBRZD=nR-rSj^xXXVc^^eB@6bA7;_L?q&WzXGw0r|D-(=|Dioi|5pCsK=G$KPZKMg3%q6gApaw(tht&qN+=doc(jc21V_pXZ+Kw%1=-I8Cw(RB_hALJ6iNJQ&b_EunM|EbIKvIDV zZZ`l%DyE8EN0R#17G_&3yeB*EFLy(Xij^1A4#ea4rM*vxHKu5pg&0UN_$0cfXe~IE=pO##Y=2Aa;G+!jJbM23_ye=7z&5QcR_?R7LB``lALQS>NPxQ;IMc$fNenk);DDAN`Yt2_S-R^ZYU4nXD@p=o_{UZ zz5w#fbYpm+{LoVyBt0EW(=sOae5vMdXqGJ147v~4zwf+2kvl4WMEAhw80?LZ(eO_+ zDtKy@(F3I`ZvfR?4VMssJ>TCg5!VE#%YZ>7m)5-~T@NxmVKpmSLIOYGCHhlA0O>M` z%&%&{#X|ktG#f+dX;vVuV3@ZH?91MdX*2vu)a6JAX!oaJ5eXomSD6^wMIpLB@00<(MNv^c7;_tRM_4cGt=EaGvYs6ab zN*c%kEhni9O{$V;l>!IV{rmz^r@Kn_>TcZ&<~^~I_sz+n^cLMMtILi25?{=eZWC(~ zk9sgoFtQKWTR9;XG!Rj|d9B1m8gqTEW4E46v5Ta9QUFYCNUqmcg_xf=op`fZN-I-3o76l&na`1SCF{DU1s;ZFE)RN3zqW| zb(LH_xX{=Nm!F=i=MiW39n(&xglK)V-%}O;b27uM=9LYK#8DT(nWM;(3Um-;X-C~0 zHHuNman%UZPQ79;_Ox!I`lo>i9)17h?g@t+d_gI!JKcYy?FshpYLbAokU0@5x<=|3 zq+aaw7my**;+|Dh;SODgTcE4sG)o#YP+HLqfryp$q8W<2=B5CCjZ%Z3q%8j&3@jMt z^|S#f>5KFd1HL1;I6*U9Xq2TSzRsk0_Cf7!z{78qJ;1`a-<6BdV6L_0&&d32GEMr# znQTqwt3{zaFtNUXl}u6vFG_A}zcwr-mee1b+gQA7ssVM+DHpH84E8E-j@n(D5A&`g zb^J&OJ{AsHEH`XTNKu6bCR)7)|5}II5RTiz6d5}=DeSp|fqMfzM$~hN%9n~O3{uBS zM}rAit8akcqjU>U8y*-vfgJ81Bin9g(vpAcMkWzZ`xJ4orik#oLzX!u?Z6?Cc6ADg z_Sd_(HCrrN9x)cB+?T~I^v0nc&3DEQ65yCNQuxjI2?jdG3IcyMsr=Z<`L>OC%_zK0 z_LaHO4pOYxIO39y-E4e+;@$(WSBL`&kwqOlr~APQQrXmU1o0d7FsJrH)6;cvZY;rF z1fSJZ`1V?H-LUpYX?l5JF*}xJb+@gR1EiME3K;oiH!^1;z#dBlmYCJP1^eK_dpBgSz%V^myF+~#p>c9Erd_cNB2d8ix~ZAkL^xhbRq?og$3tl zunX3eCg}wCY$*<~T5H8uYy}VCu*-VmMf?sae}*f)I0vlIy8(GfF@npSzgh0FgvvE z@h{t8(Sfr#{%9*bkWaN4xtekRTsR{C)ncBU6U*sHCFP8BECK*hTV*~Co?z=H)3Ofw zF~qs|>HoKUHyfWkAJ4U~ahlP9l$=3^U5FUUjL!WU5=QZBuJ^ous^_ncL&g#_jL}e=8#S>@I|nr#zn$@fh!v z_xEKbDI=T5RjHi5MxX0^nD;QcHl8sUfjsfOMr$>CBNN!nFXbu+f!(PJ(h=_jWLem& z#$>cr~;nya3r;%v&@nTZ=za+7Ey6 zCaktaq8YE7ss~{&H4~+?q{`~DsP)NRO(Q2++e>2$fe0!-iM=!4`LyW+$&9~X?6lh! zY_B6uoZp^kQt&i8t;NXsp1$LHG_{!F4dr)u|f`ROqqR0XJxo67Bj^ zQE7J|U*hYwWpj^sjO~1ZoY8W%q`3w6!?*4Ly({K!W+o_yXvu*bS8Nh7b|FyazGQ7w z;R9fPzCCPO|J_@20QCU0q~N#Nu)yiG6ge{8?20Z+o7m}-knSu-kCPl#N^{966|vxf zq%_|?bJiOqWA9-nq(=a+s{Cs%7eyR?mX)y?EMc8wV=3!G7=7eY>~$s}xEXSv9hU09 zmE>SKSJR5RmZs1oFtsRj_egylXeORII99^YL#wOqoDKHYxn6aE=TADS{S*p<14VB3 z7#1?|q}7O|)Zo_9SR2781PVj1JZp{L%I~lOMSByqul0yEjmUBb_ zRhS*=6gxk3D;(jHYD+0@?QJ(~yrv)K&ZsbK1?o@ctI)Ww;4f3&2X%|$c9>uY1gNMu0dr1PRA1_FlxTEwq^D>isDxD^m$ zHkX6n|HC3W&WiQ3)mTR2rm&^%Z|6A;43J%>6^?<$nqN z0uXupnrCnu1=zE*M!K zIP)+9oM=EB+^lk%5T4Ve=)M4P8KZgjvK4||m|a^%X}>WlV$&dOVI_~uS>c#+x7^xW z*8+z+{WgXL-Eg~8PWVJKQa$s5rJsxHg}xetC%u()CZIHF-L#^O)aR0V3Hy56xZg%} zOOB8QrjD-UgSQ}josbXE;Vn0H+l8MupHHnw8e5d(Y&V~grRt4e{5Qcm_$Bh{F~a%Y zy6f4Mk3?iCLx>@kKGTVFp}szcFS&J0)1}K6WozEFhqVL#4r2)crJwGGKp(c0gD168 z-6(v;pBod!p;JWvjU#HJ86w*Pz+pQT_=PajUcKS6Fn>iA4BO3hx?<-dn_gec(1Pr& zY;8{FNcsTC%F!|$ZZr!23LSR*u<;S4nP;S*B{sIm@Xo~=Ta|&0fX^UOc;eQ~AYWHT zkYf}{kun4TUntEu$4pQrnGb3h!SU+ooB`#1IiGiga${7}SS;j%$t-sY&KQSZs=>tR zk!$WSgExvC0?+zKu3;IW2ZT{~-XG^FNip0Px3X@6ZWs%fVLetG5Tbv26xPRdO--G} z5fv4cSR@uDxopC2y9kMmBy*Z}^LoFTh1Gc%QbKC1b~I`Hiw*eIpsz)E*os zf>ft5Evu+&JyP)E*vd~+u# zju4vR_|*WBxGJ%!G|TmK(LLmrWApK2oY`kGbm(bv%F^mxSm@1#I~!y-%!ohQw@w4> zZ)za1O|D0;!@KWK2=%1nvZT_#Ka4beDDg-uKwLoh?f&qLCLXF2D@YTkf=~|NOehJG z7TmF<|6L9FqNh?aYSKk;I{Mg9k<=#^$C+ST52i1@^Zq58NG4xyJ1p^%KCeW~VZb9L zI5a*I&WPcLlX*+SS`f=@5lCsG-3yloA>-IU(^rV`Mq!a1e2FXq(BXn0M+mJh@?cr^ z_eqUgt}KKDSuGGP8s$@8v;Pg`UQ_no#!9j(J9II)$;&c^Ru8`0d*<6~6iCQGbADy? zQVi31s-rT%hwTIUiP8qQwPh31W|?nhxNo4quFTtzmHUAFfa`*U@H8R=bncdDCz?1L zm{$gK5yHY)fTEkDGq=#Vv8pyQ#K@Wrm*?tS>CYxn;hpG$TV{ZZrzwQ%xS+IsfwODZ zH-i%%&O&eTfu<*#e!< z#pRhR>SoSkqaUNr8G|tO9B_*wuj>;)A44f0}`Ax@|6gw7x7zm8YP z`wOO0N_{|$pH_Ef%M}Akd``SVBl%ZWrVR@=8B3Gss& zKXs1SWsjuwFoG%8Sphuq?T5fj#GvOlK*}vlqwM{#j5&NMatwvk zyfN&TSm^Ro2jm7ut1)%;%fTjpF(2QFN_a^hs4>%jlv?tZH74Jy&j5|l*&i;-TkxVW z#5`tleEn85Gn9+N=V_mHlKXO3#Sx}1hm>7J%zBk$f3$AF#$41C{>G4lzL`LHF?lV| zv|8O&Z_hm_mzEsXkSCP81POk|Q(Np;x^@(tC<^#dtDfgc*4Z2@_DIO|_ALn#`w5dE zONZTqq(m*bDyeH}tKkycA|v})Dr3?8C;6NICjWo&{NDe1e)IqB`IDpn@%+pZ|2O&n zdKtFA^ZftL_8s`hU)no~{2pOQ;WKdnR8J;_O_w9i;H(<4U=P^BPHlf}S1b!~!u3f-J)QX?$kH;Zt*;lc zkp4Mbr4JJcrwYaB^A5J`~$S15v$e=Qb?~4nk8l@sB_q5Q5IG;dUB6 zvf>ruhqJ_)SuKX&2aHmjT-2cGm~N|*1Apyj!f~BFQ}lt$x>G79Xj<0l=g@ZOkpWbU zdIQ0y3L4r%+U;>oJBCN9pK$Z_gCoWEWRIrvD9b6FcT1s>9)$gxp$_|A_KO(kAf9)K z=LV6D|HfSnqgI==cPkaA<_BfxiLt&PL~nqsQt`3UYC@AWtspP^{n^tl9ivQxIfK6#e_y%49x%@k;9&R1fsa-Bi5ICbsQB=aUmab4WNninmTp~M-c$q*8#wSF_X zL}OQ@6OgT)w>s%~8B6a`BW<=Fa6u)G+V8Qd4@vG1%!zFtHDwN+!Wvnzj+#FiDY8V; zACtIh3@{xfjSl0BIA_c@3_ZI_fWqH%UsJQ`=*r)+m=Kg$e3}8nC=}jFSrfw&K3{(K z0=Z8|PFHm(%%}_^^Y6NQ#dSA`<~aadK$Ey)3(N&KSh1R4gJ&dzmMyGj>j1M9gU%d_ zDJ9gR+|PQrKj|xsx2!?g4CV4bKlf#-gDHDzjt;-Ys|`&9xmO%(k!l_NaTOKS8zo9}34wX*?YLY3@E0BDsQxQAKj$wP68uxsH)E!XpHkm_Jf z3egwj+f;D~#3_vGBj9okWp`8P!xE57UzB6Z0OnBBlm#XhEUaQ%^~YzRN(N%-_CJhA zB_t7+fu|ypin)e#qt%SXADwCQfrbSQQZvb>rYX=>2q+D-<{v)`B?fNVdS24x6DEM~ zAYtg18#Qj0@3!|dtn?x_YZwSi^Ic&K4I?YtT?c>L>aV(p*z*0{R%i3|u+;JShjw5> zHeM;n^@i^AFR;AF_2^SH9!V*30(8un1kOR_e}nZ|ecw%ziicvGIL4~L(r}Wfnaev= zvgdxGn^AT7R*}f5S+{jm4TZ1d4$-_M2Ez!=ZZ6MG*TvI8H=@++#u0aeiJ1A;N%rc1?u!}xNl((^aXt2 zJ`0~{XNB{nV+7BVRTC=&BZXBy9y4u}lZ-}$RkrI$<>NAP+J|P0)qC<98j6EADr& zn*N0bf~9!i>bh@)7DSMIj8q=W)TTK9$Kd1yRdv}s^|~p<-CNO>U*%k7k23&Mx7u?p zzL*^SYm(G1_`8yD!rzTO*A1vU0}^gEBAOK2a8S~gvYQ1KVagzmqG*#AI^3> zFk=C3tGDlP2K9k;O}@zWRjl7!+OROYK1}M{;?yxnrehVyGd2PiFBX}s5w?Z^1D!uu zRk|)Jh}`VBw&hp3WCK?{u9Jm*uHnV<;%AassuK6&3+s#Aq$1oXmQ&LKdMh&0)5>b8_z2rOM=U_#q0U5kLVWy-8S+qDa)IK#Yy)sr;l!tZ4~+%4x90X3amQ zR4>lsT}Ovd&T2%0S3%!b^~oEV4DTee0<>wJ4?)LHh#wsoi{YJ|an6y7oeZm)H`$9= zdG?i6T){Bo*wh~812TWcm@sqcL(9%0wKeK?448I{JT&Pk5#;-@DYk@j0Bs2Ftom!` zvhuy^zQFIx#A-6f>L(AaPfoQo`ol+ygF_41#+7Op!&<5`o&|qrYvp(^1ld0fyW(W~ zLGm~L-EnHQ(LTzkUJMNzv5lCxC_@;98#URU8 zT_@EBY`+c%F=f9)mP)Y{7}aUY-UXjpZ@{2&=f{79#4$ye)O_8IgTUbGYg>s|Uod%N zV9;%W+4$aiiDWxkTB+02g2lnbP2|1kxVzO-rGG+l{{ZIvkhPZXZdkWQnn~8s>Bb@_ zXd2s@z6F6yPfj+O?)yoc2X}Sa+~%=*Ea*VC{0rznNrd(XUbXA%Pdl!OxFuw**2Mzh zu4i~*y$xpvUqM0PBS3GR6-r_^A+c9LcRMCFSScFcyQME4OYDAlRiw$7oHp+AMpk#a z&+M6g$g6q9?X?FizpiMS45Q#L?CXo{J_)aMSfbBVY6t0!Kxf*XzXH5~w)ahV73UEak|wt;rs8S>jYTtz&r z9AfCcEwzlwR~{V^&PFV0WuKVxsl4j^wh~Y3pI4S(8iP>fs=O7KhK&b6vP2t!{}0&kg8 ziP|6EO#NX1s;eK_)zrCBYDZ@RjHoWi0t2p3*h}Smp7KuLKVVSdbE?4>?1p(Gw-3CX z=v+=dJ1v6)iy?A=th!%%#ebN7NDtF|I9|-SgSC=yneskBkf{;V;CX6x(l6HrYjC&j zRPw^+NA`O&PqOW7&ewtK7r%cbH`p(KqB4Yz{9@i<3b);=I6sS(2&u22QR3f+luk*l zbbNr%V^|NKtW~XRe2cSMFK+aB7Qk@zd-vuA;RL}K>ViA1%)A4^+|2e!8aPfhu53||=|A+aB{u26sVSb-~ncwVxGk@OJKg>^l_y1-7IFNt7 zNE`HDnSbVA=CA!v=Fi*uALbWc|4-(xT&3HC9bYfkxZ>337r>l&!nN}4T<9nfG6e70 zL)a&xq!Z4#Xm5ALA+dYDJ{0II5z^lP&%(3;;qlZBd%SDp*bkSVduhJ+wm-4W4Cf-w z0+4(r3>_fs|MtS^If_ori|jcvJBpqjOvUw>s$$nm6YsP z_EvWzCcd`JzQrb^ydG!fSqG?*~9Pxb&0-1VS5YnNbB#G4OE`o%|QG2d$5 zFx^}QHH;q{vBm{8CIrF5boKHm3#jnMSMK>W$t;R#zqcA}j1LQwCbUNxyr=UO;9^Il zwo;Na8e@xiUCziXX^%W_N&M3M{j3A=Nd z)ENnB))ds{f78gXNnCM2GztU5*#@mmVR9Tx)4eb#UKArMnlCQXdqEK`z@yNW?pLWZ z-S9GedZ(Gsu?8ZWmB$OROiw@q(0t&lu>r~+xrHbavm97bMTiy5;eW4A!xmh_wCQ7s z?X$^iQtk&1i-9pA?4X4v3)LvQUQ^`5(5}dUGCeHg*|hj|8p%t=Mwy#v9iwSEnZ1mN z8?|*NViG~0oZ@T-A)J3bqC;LtEP%JotA8;TEwR>W^QBKOrZEo#38>}yUvPGJ0|dm- z`Wm^}<7K3LS5i1pe%?@Ss_Br9r+SJX*Pwg8%(bEJO+p&4UJhrIkiD*5o-caVT))<7 zU9YIzp!<2j0{IkCN*Dko-;n*JK_O<9v<=aPG=;P-lEU_kMe8ooWvbc!R9jfV0cY8< zC%>`epwc;c=TpvB!zCb9Z$0Le)ol^vMH(|3vh3FB@3}KhaxHS#dUC!WDK=e%fbB!- z+Ef8iW3Qm^a&-N+Ik?fBi5wxvl%3CJQy;GL2{hWW(<1$HdiWv^GpSli=`92gDn0J6 zlU@ttlH(IQ*ICF~(IO*C&!`h+2kE|CA|zNfg9~8Ql@Wl(f&wt$QO(SiRc7AjfWF`F z&7ojUE^q1+$~C%}%qNb&lq$qD`n*(dh(|J@eqTSM9Xna{}PLW$BK z9|3?sh4ns17Ag{B(&QhbgH7iU9}CJOYr6ws6P%M91VrU`eG;Ri_m3vC0y?`wO+-Led1dZ)n(2hZ!5nQ5^hA ze^MsA<^a9F6@CYdtqFxdxs8%&o7j{GyAiT@HU!z6JiR25VWLC2&Er%Gf<2y#!+Bp) zurgZ1*zqayOIlY`$J-9}l$_VSmfRXds;BBRA$e#qm zrqCPruGEZ*IP#A&bnsZd(_Iko7pD=Ya^G}Bq`!MzPr-z05vkkWE;dNSL3$T|6I@t- zWN3m6s$@cvz)v&p2ACUP=OcAX;HdtsLk|rT)ra@{HB#RraJ7Wxsh`RQT1Ww|#WP4WW|3!;iDxM2<-gIsxi0}8F zvDJ7DvM!niwrLj4gp`!UUVsn>q7#x)9Wjz zE1d&VxZb-{`Xl4$;$3rg!xN%XWMzefxKBOER&^s`gMjv|J>dXNP!9TRQ@C6TXn$}^ z6$LCneO@LzTUI^<|DXj}ashrYvklprm0C7;!QoC8ra?0kW^tzp235#2DKOFlfN80W z+9~>nyNcN{O&TLamY~m~#?MzCj9c-;_dqsCn>C9M-=tllg9~~xBX^jRSoqRc_wmn- z5In-*NOPHE5Lcn<6sV~;MG~fzp|og^fFM-RUW#%kuFEBZ)&N1xMo#l|OxSYeJOM#n zOXke`+)R)eFGz)IyE z2@&@nf#HZzdCaO7fHXRk6pQjEj>nElv4EceY~lZ2bYJC!kcoe-M95b1N^;?9N6@v4 z!eofSY+1wDrxYpRW4dSxiN36`Z=IX$kU4xWSf;@mn`49>*lKRG2^rpmtX7zV$v~rl z`J_A*H<)yf?rerhBe*O&Q@DgY~i7BFK7oGL->mf24gl$`!$wnD}cNzu~VK z_BE)t`F&FizrSd|&6BfayrFJS$Z9bQJAr8l&rw9p-!j9{hu5u_*I^Rd%qK&9ymV~# z(Piy?&$4k+`#G4c3C~5QDiDGHkt)yeQXPAMY;WSXz~~J>2aH^4+Sv_!Pm_-PVz`(F zB6TG6XPy%tj$vtPfe!B~YhIL~Z^kqeA{E`^HVZ$F)!dSZt3jhvPMbDifKThlVQUnw zWB_TSg~He1T47KXHTu3Bh5{X3qI-x_3@BDNL{{-!!!5XE0Kgx{u(Ge0ml<>6h+Ej`F=g^$VwfWe$O4Ydw$Iu?)J`z?_6=c{)WwR? z$@>Q(4hZPyi)N4$7y(g9J-=&Lm28fB{aDo;6PPsdfa)auYkL2LPC3!sNRn zF&RK|wqgu~1ek$!UoH_(TQ~YmdYZJJ#)%~HWFOPIRq%M7HGUr&l24kB!_Bb72iY-D zS#c}z?>^nhXW|w9lXx9gw7HMJPo9NlLtYsT^1mZ6WVO%g_jU2MxMr?0wPX;Hx?j&bioS3*M5^QAaz z(j}rKiT%9I66uQmA$0z~g#KTc-}hhUH~rttUq$^7^W)_IZ|27i`LB1zbN}8MEB`0+ zS5f~D^JCHcC-ct;CdFW$%l4b&K2>WgC_PP+)C1naI5a=Hi88og2<#_RcOYlPzvKa}yC09L z(1rx@!+2)wkzdk(qaR{q((*(Vk;OWhOp)N4au~TIC&bo0ir$nLb2STKma(X6{!(Bf zzc9YnhO_ZWO*HdTzPOH@&H=rI-PF)#6o4DS%uivN#!c%+9D4 zS1b;QBAX6iFZ5CC7%UeIT#KO;dX_Tv54=DQP+$ccqoyAC>F1qU5 zSJ+1X48YeM--IOwral`~o%9_IG{m>B)Q>6M$joU2fr}kGk*kh7EIbsa*bp{LF8J{e zhVvkM`-G5i52d#ITj>;&(hj@B`lCA2w&2-^F<4!b^_w718>AX?IKO-<09=Eyt_&;Y z%oCGf7Q zz6tBZ0VI8ldBuR!H|oYLs;+fA)Q0M;lzQug`{_PZoxJ89mQea}`Ga5wEoKgH`Ww&4 zK(cJIJ%e$v5sV0H+_O&vh|-#5cjH1j=vJal9>D zHyqu4E+Ry{NG+H_kWhyN`$$)c@SU}bY1*SI4D?n@XypvNOm~lP_84A(E>o$lm1!{PbE@v%-S_7DAdM}ZaYe#^ z$}bPimgnnP=M4S$F442$3bbFKo_Uz-iQ|FN5^1RE0&i+lBX!#Tfg^vQsav z7;$HGzsh1#jG1gZ2(FJtFBrLZe}4{LpgxP^gOcj&w$AdeE`nJ+$XxNT&)~WiJsuFJ zdI|~=%NM}9F(9`{n%yt8_dk_wp@qI#1{x-LSp~dwL97OL=#)-Sew=ANV%=^v`A@dk zL%1Pj^3426_4RqblMU@{Plmd{s=lUy(t~ws#NQ%b^7_=MPh?;fi+jy6eOq@;P(2?H zsE3)|x@laLh=gA@hD3EZv6C%~feec+0`td$`Lgsb>HC|`tJBGK#l;6g{_r-RIyK3gf z;Iu|%cQ+R15KeCor~(^8rHOQyo;y;k8*mCR><;bk8koFZ}63CJ> ztQVQk2n`m;Z$U_m6_W1pVZcDW;E^>V?xVM8pIo2(LzY)%)A&dtd`2{v5&kJ?ue=BD z`v#_)%52gU0n!W!aTJf>%10hUXZou@hN5qk@LiHUSmU6(>xvVim<4=tyF4l(%q_;; zM^1s^LSdt`p=^vLG2KnMtHQs9<8(h5*r@e=5bF%t=wxf@@<_R7$|DD@-t0$b5{AIy zzMcZcQ5qZ{5@qx-{HxDvvxnZBSn*~+-3~*|=Sl@P`-7?7SA^!aC;KjtyCejC5Ts&j z>L}W^HtZ`R8iVQRJP+|n@Pa~oH5-7ZBO&J_u%)!R8Om$^c68LR6;&4mkKU8oYK&Nw z1FtY2YlOpRa2kf!&O6Xe@l%0~N}Eh>0NQf7VyYdl1Y#xBGT;Hr7Y#?GZ2;7ULMLgj z_Is)8$B3?=R(=k)w8}SLYSzdd3&`_P#^DDT5Uer+=cwmWlS;{P3`Y-@Y(`$&e`Pjt zYNVs}tR60*up&PbNq*;jVqz~}N`VeV#Lws8pp_tDY`#6g@UQ74?a?D&Pa2Pu07)p= z^W1Uz=Pa2|`meTU{$JZu^`FUKzw|%J|K0lkBtPUo^ZY5CfY;ub9t!gL!P+zlb6qDQ zEf2pmWD+qzfm5pR6i-Zo05)9LJb-{1m@%QX^+<4;m#v~iz66)1Hg`T4veDWgV$|5Z zZ9VE|wU!-aH+mG71A=`)H14#A`*f5O?$FS07pzkC{NJ&Gz07 z5kMd1(%;2{-vNmxn%wV?muL4>L}46;%xMv%&~TtEQ)t$f8mZT~=4~TE<~}F^m2!0m zdzh%UWM^U|u?yr7)Jw?k;W!oe;~?@$3dli*;!#Mf-;pK~1he)^6I@*D4u=G&rDK(y zCm~Et;BgOmvc`@AYXD-1sZPR~v<-{bm(SN15eko9&e z7ow0-t8gY5L9vh-35mheuTU<4(6rV!(u7tD<~xQfH0e%W0h#T@hA7)^Fwm7Ri>$z_ z4J1pS*E%!{d;|L3sLRYjshdW-G+-=#Q&fv4n9`*?$@7QglWVS)j0r7Xmo)w4aP}zT z_H`Rd@hs`CS!_X41$3W}otNgZy7zPCd;P6TmyTm>Jx6rHE=k|X?BJVLN8^zRaKE z5oB_^r*_M@y|9@Dj~z0G>yb#7-zx+4wqTaZYPX{oZ>N;}s8X2{b1ht++u1)wakDvB z;;vLS1Cv^$TIk;YNMISfH+sKM%;9R-aY&>!mEH*ZcIF}Sjnb_t&ghr~8jZDsUf9*)dxt5+cD^r`7dR9fSg|G2Qo`NHs^xe(o?JWHk4X|Vb` zv8I#rrqpMOfJN02MJrZBpLy3jC@d1iBu69J>>@g3)u5)g$CZzQ{$rGv`jyH4O5T@9 zQOn1l2-0$N798=HKBVo8c~Re2&k+~?#ag_!kR8~q zByeje)eP%keoOOScvj}A0FgkVurEFg9dnf8GjG#9yN)Vk6+9qP;^9>vNWK za9E_ly*E|&>!#l|h;XwAewW;HgSoiecS7&-)KeGEwj=*Wzbx`9)L74crEIGi^ACkd zOIjDF<+gsqdw&o^U6I4?g%G4;vHXao;SCPXBkI$x6XW8vi0zH4EHW(SLW$5iF_*Df z!C9&jXf-Zj#wp<|vQ-`5-_#E6PEg9Jv7AWR_6_!deL>W9Fsfu(;!p5A7jYFHg5$p{ z1a|p7yB>9-KPeDJn+jS^hz52|n=W6%QAQVUV(H#L)j!o#_4WH8hQm(Pd-poy^!mbi zT^*1MAPODA@r+rBEo}Om|D7;O-MVeWlk6ULRg6`?KZ5}Kl1H1MY2cF?vS4L2uU6D0 zB)UYJ0~Db==W;6aW(mMjZ*~qlZ)Od3#}?c){O@*|EZuyE&6s%+$adb&v~wb>bkg(( zOi_z}oRE6x(B^^_XPAwjlUZjx33FYC~2-x5TE|^Gk z2AP2#TNT1aVD|e_Pzh zZ?G-aWT={x4~H&vU=!oH(cXWR*A!j_#)b9VWdM7;s=;u{()w%-|AW^V) zs3Hexb8}T-dlae8qFsa_)s{fKU~jx_tS*4ULwGs{=0=J?cSRTz5{&E>sMe~jh#a|# zFe$6MzBxyAuSc}5IxT0cKvK$V&|TUA8{AWHWzC9J6foi-(=_V*?pX+8+3<}CH>1szNU30)Eszm=j(y;e%X{spsc{ZF7)xhhAqkCfHNsPF?s#yC?6slIv zc<2r>jD8awGRFx?+@~d$=G$0R(fh6^h|~Sf#LMf~kI{G=nGA?g64h7vtgV@3HmG62X+?(?u}_FE zdV^*H1%6?UtRVYCU@-Fsa@~$l^#d6ch9#7Pvt(MU999(`qJ3+eESRsSM`(KL83LyX zlL)zf%|_r@iu8pv-4qD-CeA5`yh%SIm3y-?SH1(f1Zc}is_FfwXTP%{fG{0-C<1Fw z9>WK`$S{JIj=8Vjb|pgCM}Jp1a65qv3Wpn6{4U}!Q`GdT!^cs&wwrnOk0@5&fLEa?a8eLa6Y*^BJmfj?34ey;zqaKrn?H9^AT2e zMu?MIhnV7aAVnIYwz*%)EcAx}+gUJnh!yd`_9gUMM^KrhG;d!RaPxPUJ$Xro^lPCu zx{&AMDDu;z^Mr+;P!%Lip~tUCniqGx2MDT31GY++>9}Otwje3FVrD2gCELbO-8)r# zSaxyl3L+n(g8f7t0}l2b*LFf1Y7$Bl3##ziVt8yLa}yUp*_u(AwX?rGp>I(gy| ztcFW|2DifWOrwKcH4W52Hb#J&HIGJ-v0l!6dXEvG!z%XBNk7pRYF$I! zPgCB^G)91Z$(XY3i*rQTdKcWCZ@wveKb|DhK5>3O=Jne@ejzwVH}gg=h!2p}HgMVC zUhMv+Qx0-_G>}Faj-y}50*20?OSAjKVh+@F4!&Q>oB=8nz@l?q#56YDG8}<|g#39*>9nI+~ZCn7|;vGvwa0D+0#} zsO7g13MhX{!LTiQ!z~II`EWaY$prfgKygvQ;Q+8F_-L(To2s&=P5|eFmCYxj|tdv#-YpEspbFT55G4M3cH%i3WTIn9G*Tkp#4~ z4}tSdN|{32sC4(ltS-bUn0r&*<^Yo$vV)o{7{Pe%UFlpHENoL*^`elimkz)`8TL8oFeGaP z>jBroXX^N)X%m9lE(LYO%pkhDx|^BjuJ>bMF&PI&XBqo12$7-o@<4cwtGo8^OV`Lg zA)`_-Q3GR?knu`MqrYZi3(cBnP>mVu6U##^P4-wd+G)UIYwa{7o5^_5{hp4B_9qPO zgoNd>o&c^!hR6$&0x{^@G8(E^V79~zVBLSwap->bw6Tza=zw@#TP_ia!+c_N{ zqln&#CcWs*8Gpal9pPkq3H&4TWMFAOBg_TLWKZ2I=u~Gn1eusJ)SRlwE>jI%n_qsO zXiOVpdGIMLzcVH_A`)xq%Xd_M;~}g*PL_&4(l0f^NkOvMM>ys@gu=&|58R0t5Gu3b zpuqKbp=X}vwqlaPzGW=P@Qgl+sqo4Qxh}KV*@&o2ofrin^xtv`S{Xx2ZSZ z_&(1>dQb=MI*jwU2Y`PJS42bWZby!nSo^wxB2YDj#d$cn+}l9wd#F1UJ%l~jJ&2t8 zgmL;ADacM?D=;cGGCW0L23w%iP3FFgVvC3z4(;MLc8ojN(?+ZTrpk+6R|GW!O~8z^ zdFr|N6$y2Rz|*e&_?>cMfvhsgWBS{#twaK<1}xU54aYW4u}xT0p=o2Nsv;0;(%i_3 zr*>Zjj*n`d2aXQzrxYTltaP$$t9GpBCGAva@+J9fK|;WPSlU;$M5VwIxuat@`VsoP z!BCQ-0dRGoS6`1ZZVtQ2DYDrc@9=<#!#up16eOd|uAR+VziQp%D z-!l%2=v>k)klyPzh1BcBhXYJjq!+7qB1Te=*m?@`U-2~Ekl}J%IJ!#Rlq~phM9d4I(3pZuDv<+hjqj%=O*%gy`#hA29n=Sa^4S0p%?sj_TR}h&w9yvUV&DQ91S&xyH99rd_Y+~D zBZuF2jHgc@9`6-41@j!;J6DGClmDD087cqO_ALEtd&>Va`TM8-C;3$x{xkV25q~B~ znp1#KsFyBHwlvx653Ke|&^D!OAL&V7|1RYT#&uP)F~^84&L#NF6Do0g8$m?hQW8#UHS{cu@pbtn zx&u}_RfmVyw`Eqqc#;gr#?nrqf9-oWQ7$0tb1@*H=%012RBxY1wKWqM^#W&F+c=$* z#sPM1OWqnty97-8;I=aRx zd=c$+h<|o~!LYg>b)lHVf9!`CK*qHe>g0EYdow0{ zy&=No@xfr;~iSxo2;{8^@QDLTqv+~alZ3Dfqs#>$(6b>;7yq$QeC=tJc`M|)UL#pz0wzwZg{>))wK<85<=))AkEoT@H_9$# zxsIv%4TSY3ha#H@FY)V6F#$5Y?CfF*feEf86~}Qu16;+lfGQx}BIOY)W9z6@y5hI2 z)wWuhXzoUR!LUMQ@Faw@b-Gr~uN_cHbbQEbtpCH;JvIr}B@LslF59+k+qP|2b=fw% zY}>YN+qP|2oxbOdc_QXa#QcF3`%~tXnLF2_7l-XbdCPw#L~m}=Hy82yMiab$u&RCb z_%m&jp+yRiRp0sXBE=1nbKHUYL}Q$t!D_LzgGB$keHPnZPuFywy(I{O!OE?09Q0Dh z&VcOIT`(OYAivA971CJoi)M*CREso|=QaF@PWI>#;ci_V0pZ z0s*cH;j?Gq1Q}jYDT~8a@Xn!WK2(cg0sz7DpJ;!x>!OQdP|VoPFxO|bu8y`PkwT?XR4~$R4%b-%_FJtG{@-(L?=%80@xy| z<|%A#d720GHr~;GK&g`w^<;q%pKgl8en4m(pgqO*aaLr~lJGpr+B(*!bS{&bjA;!91L07R;SFHBBw zai3QbZH*RoO(4A0ce65#+hk!-+Xe*>dzl*jnRy!9aD-#4)g>{C(-ey0_F+69=mc^HGIG)Hd(8F)Hki%OL2?$KVw)%5oZovb#-0ab~_E~Q8ucy0ifIuHzN=CKtF?Zh1 zu0MKgKI8|{xOGX_N!Pb5d%KKbs2Px;f^dNnfMPTT+^N;BrhfFTa0mmkLiwE9HPY({ z2Z6nB-_Ka_%7LW0W?xdi_i%_3#9qByjR|_CH3BCA@Ix#(gEIGI$K&hgq&xd2idVo- zv_Vs0qZx2x7f@JNVP+(k1-WQ!meqM#sl!P~km$c93RXQ)BM`_!SkREG&P$A+$Zx=r zim4y~eg@iEWt+T?p_)}cA@t(FTH8HPhy@d7apPCfUB*Fi4)HY1hZnIu zrhX2;vQXSh4YEGO<9{O2CDYEt&_E$N?25QYNA{Kr`}T-fvH4<41>a@x##hadzgL*> z`|`~>aEUNrm2|uBc|25EH1_qL95Tu>#{JOHCC9*)^DcsH$~TUKyG?g9|2Fh=h~iT7 zxbc7TQm`0W@$-_l&YIZ?RB<%(wyUvnG86OZpk-GsON{BV`Cepgr2P32NElxcFsNdZ z=3kGms6P{ee6J)gV2#hC+hnq@y)~B}S_AN|%Ur>@Nk5u&$sMWho$2*m%xc1V7Rd;$ zq~K3KJ_x3ynu6#=az=_F6UqE#^qJ?^B%3{ys#j9Uf{>rq%f!;&>=-hu0*K5+DxK- zrEq9obx)^|xnGHZEd#u}<F3K$V)j(=9iuyuo$)7lE!|h+2FAcG^_?q5s;~;Jo>aW`tc)Rp zufi*En$$y8p0ntwoH&WoySqv_f&dZlyP_LEZQTVaV4S>1)t&(|IzqjTc~&pIYU(oP zbHMcjORXK(;!Yc)iZhHRR@`*5V~SAsNW_9$AnQ4-@G@NYdHj57YGDurvZzNhF| za6R2$YjyP<$omi#g@nLeX-pum$qQX~#_dG2Nimk`Xoc&Y(Wws`EE`$D3+7#q|2oJHG|%-J8=jk5A^jNABy&F~Ha`)Pu~kcuP|x}h<4 zhpe)5hR3qW56^}(Gsv*kadi^wW2Bs9?0ymF`kOH}B%>p`o(?r9{0irRnI18bIgM0yWa=S#M^6t) zo?4I+XURi~CSDuFF98ssFtG=#pU01N_fYg@ft?(4{?!6()PGiL13ar4P<)+!Mk!-y zrujOGSJ8|!7*y~BCYh@l(9caBjTl#oR5~m0MUD609NgJML}#c@$OBt;ORp z4^g^D#9)GB)Pki^2orX=`gcsFxqaL&9vgBiElR^f+45lYx3Osxo8i2G&&;Q^)GJ=s!;(nLmebPiWPy2myoCMT2}#70=rEVVltUT zoC(W)o-os)5AT?;TyuQ#5pjiHR@B^~LrT(}a4 zx=g9Gc;ij>g-00)OEn^~(yesU!*OnSaInGn%Qi@8>*^qR2V?0?zlDHpCM#u2$gtRO zOu^NZ&G{?2uDW3pJZU%){cFss1Q)wIHhW2z+XXl|xifzm{uVw3!{p@NTd_$lLvt{* z0il6uDxb#dt`n)*O((UM3Aj=Bn-3)@NnwudI8X#gjhxkKs`5*JYTKJ#6}1S%sO>D{ z##ZRB+Wzs!Oc%pAxizB;f+u)NHAiN*M?6|d9ehDtC;TOZInr|;?W-B2+D&RO+L);yTO;R9)K zxX;ZoOVsAgfdtFQDjqI&-I_!h%Bw@O(2f(yic5|5BJpBReZ}Sv%bSTxg1%T5NH=uco79>Uub@5F?IP-`W zzZ7@(#|L*oo zVgJ+Z`6&N?LjQj|yfF~}oT#7tKh3}VFY_1wr}?L_|84#Vum3dv#;*M)jJg(N{lLdB zrsy@PW6qvJ3MBd-Btj zkKfb$&((U3!L0o@bPZ(BJw^(L= zC3k&7+mBtMvE?{%N$vR$+%m6Ocu{hHJhT4JR5Cvw0(i%%G5xBt=0KWl&TcLJL;L#6B!t`t~R!+hFkM0WPb`Hf$!_Y!n? z{0p^?`~@QVS(vG?3)$)^`QGtK zZui-(<<{$Z-ODra0^sInNrTryiMJWZmis0UOu4ycq27p&f0ksTtxst;L?y^~+fe%T z&Sv=TL2Zd|!^VH~@a1`e2L|TIhrjRh)yKQH&nRyKdscaDzDuv~YZa`dVQ25Xy+1D< z#~%;p4RWiPYVjH4Qp1eC?2ct{ZKKxTHs8m30vwl{A#qXeG=JXUf zqWOglk|Uq9kz&!iS*-2oWy}?^M(7dGFieG6PBB7c*;yIW*5a0Ibd2yC%&tZzb zgL4ScOAb^}icb3Wd}UgA44Xwvrp_cmLm6WRzN^+mBJ+3Y-L~-zB`Lb29dzjIoP?%b z9$8Wu2)DSxCmeFCE!Zrx%npz&J6ZQVx7eY)&{7ejtbJLgk^aW|dkBqKm!sWYQZ2D%kMekj$|zE5SAS|T~Xo$z#jUf5MA z($=OB@e`Q~9-v&6H{g{sO`MW-kx}TtndpJ;;8QcVRYskXv|(+4S3X+BumBU$|8A7) zAMCU*E=f>wtWq2sIiz)QWU6Z6j;aaof$Wr7|>U%;MX7Y|=wCf_$ixzU;c00nmuNm3P*wYF3w14Y>-TuAbO zRC5Q05JCAkXA8yFv-jxT7~eR*jo@+g9aKJofvd53hFFBA9h_2X3HRz14rS}C4QKia z3HfrNDXs>+@=~z2gewM1m(giH_f>lGIbgxb#X%&tvolXf4Q>s!@7HW-2rbr{x{02X zDBH`k%P+xO5uPQk;*cnh_Pe^-+XSoMnr}!T=`Iiv+YFUU-*;JLi3NUdyg9oxdSN(R zRaBx>C;3+ra&-jx+2>M1n<$~dHX0r zf0rg`L*v-{-6FVZ2}t2*zdmL2;h-GFryN174f!WL0`AvFIUc$c7ld9PAkl4*txu3K zcYu3dm!}YzO50Z1@0-;j={z$~1#ig>UT-EpX({x11d}t~A&jHpxJ<4|pY6ZUp&dod zhTOhryH&-USYBenH$Px|TvP4beU{xdLjh4sc3TRPa_5N8F7O9C2`$w2Ki{$nIAC~p%v zS8kF`xLQ;?d;6rTKUJCFze@#W(^L{UdW2C;v^WhA#aBnlza7)TU6vG-GzT-n1-moO z91%yu#qaiwuG&#k?P@aHa-6+z4aAxPj$7!|EZEBE?)4z`*mJU|lK%)xaKdvz9__qD zX74c67YMg#M9PZ@;qq8WZr)8Zd17E)?h9j(se$?{_btGawV~N0cqjAIAcFJf)H;zL zq~h}EB;;e=c*+MQqe34!EE^w+^}OWHR>+Y;cTCIvIz!zit(w5g(u{1;FPE!izn#IQ zS*y7)e&LSKPE%vB=fFd#QQ8DQOVc+4Gg*UU28nN)#xd zJCu?t7U$iUWz1Yg*+lZYc9Bq^E$WMK>lJPf>r#QFJR~zVqv|fFZEV(xrnRgos$3Oh zK-LPA*Iii)>A8j4iI7d^r}|Ql?x`(`se-FM`a`o{EFrMUbF0D9|te_QPbe0T{w^Rjod^5c8Pa0Lfrm+eHCUVSDz%k1X8!zSWuowa4d?y5|;5(NVZ1NgMUC6mRD zDxY^f#Ra^_&Gv9|hnxvv)jrMr(94*^jsO?b)Efku!trJc<%J)Lx|o>0#{( zlbpP`P_(siOxJQH3quBZW6V*V+~(W7uFRdDWwIYYE$gT40wC_FT+^-{j!tjnm5nt@W^gdcHhIS-eV1m{o$A& zN0y4~UA%B_42aS)aPZHTPb*H4Q>c;^6-YftG52mG4R?rBY?$M1O4tnxkFAYu%yuk{ zOfc5*ux3;R zErltQCR3pybKJzE8pZ@ldgIx=gAU7Mp)>tL@?-N?fueRd zl&!@oCdPX^?`XP0cTJ)l@5?c-prvF~;Jt3y4i-&&JY%M-MN7XItkK2y@5HOh2+$7S z;Wdub#hNx_fZpu)^O3GW3*0Cskh@`R9)b!rL1n4cg^I}2BvQF!(!n0z2NB0WYWi7J zB#tVYdDa`e-~w^lYqds6rm_wdc@C7WB07wQe}wM*SLpx4{QmzkztMl2f7R+A^WSRx zpZVGUPI&)ie#VslIpJOX*MwL4Kh3{t^>6d{rTwS*DZZ_cztVrz(Uu$}qj+^Kb!|jW z`JX~6hYsn?2;Ks=?>ZkO>DocVP|vUJlL43m{La#H<6OcekGt&cbJ@8zwWxqJ$qznr z*KMmmBG60USEy<4n1L=mA1y@X{EI(zSoA=^LY*&rn@u3$eD0er;CS|Sh8g4FZgQKM z<762*2GPDeMAEkO8R@e2G?ChG_bwV*YLoK_~P0~o)bz&TP_oCNO z6sO##P*Qy>na)onLx4FPD!=qSd_84uHaNLPajbjG0*oo2gGck?BkS-+8Cl`7{4s=+ zB@sv}g*-v(UVitz%9gEaAJx1tvcqyzrwG{cL`H&-Bb-2&vgT7xqh_CEy+W?+j3Ql> z0%V<_gK#OzSv>viHgW51S>UsW)L@>b_M+LitUxqgZ5^|EY?3nX)8iVye?OoRQ4|I# z)c$T)Kh`7ToN6QaXmO7qcn;>xy5k|ywgm|RrV@k{Fm{tJ8 zn!J4@(I5_F?!>LvF{sj7yu_+2>5@74@#P8+8hB}rQPkbk(gU9j{4MWL8rYbQZxa7) z59JD+QRS~FEkS4{5bVs`h~Q9k_)O>mrydVqzceH zMm`2DIgBC8=1w^IFt}LvY%T~cL}7}7|A78OA)7UreFW<{V(yXdMD|G~R<0n~5pVI6^8hQ{;jfvlzzp_pzqM&0M7hCkjFRfhs(c zZ2%X%cn#WprP?&%Sx+}c?2+=)UdK!y9LBa=r@iNT{~dE6FoM379jh~(B;z_4q0mbqWV{k`GyV`494Pp%Y3#x=-&Oo%=oJyzJ87*+^el=qZLLQ@b-x|D*W-vt{%X| z3DHkvUMfkEh%NK)ngqBLV9(#;qGnrZ5F8wM)h$xol+2udYBjFcEY$>!xeF+s11XE| zko%ah@FPCMxbS1=7Gw4|RuB<%F(k$@3$jMP7y`*vN+juK z#L5X+A3kw@?^(olQp^w-tRsohX7S@5fGy^;F2{pVsM) z_2H2TDKtk~pAFO-X}llr3x4(dY~TrT38@z&K>o?f>=%>k1A0taJp zFRXT8hFWT3nIP#*aao|03I8+MHtwDuH~d&FPMvxz`q+DU@(h59E#LV2mQY=PbSI!y z*^^5iW{}wWkNxVjIO$v2_h3U#-C`X7miIOyegtUTwHRl>1OJZI)IBfva{)^;L?%`e z5GcQP>ila!HuVnT(6X0I#t~8afQwD3=*l>k%no=Pp*p;qV;tAJV^fs2&fzKPVs_fR zqH>|QD6+VbL)%_OyPWZmDt^Pl`#5V1JM*g*bMSiLOjQrck|Bn0^|Gx?E zH!ZT?L4D9pmu@E8oR*CclJu6VtZa}|WlyPBP-@D~=S-W}1z%v^mpXIA&+N*Cryv)M z5iJq70Gel_17bVY`D5uzTfp-kki2Fl#5G0UKSlD2+>F1f2Q#Q%KtS=Pw$wACJ*wzQ zryb*+1vF&=HI#2c@+U6Va2fUxi%-KTVvEx(ongotUgIEYatlRJh(4R$KC1jnym64M zmP+(_3vliT=-rWlq~itBbY&_;mKw^?uT9N1pMMi> z0*ksj=%Z!-j!f;QuZ&MT01!`qhk~WF@)r%c4So`qS{Kkm3RYp#a4bhRI?-T(%~@yj z`eR0;&V$K5Epr~iz4W-#FYsxEV-@WLllFs|grWY;OgfliSO^vah5SmP)r_&h><2ri zr{6ay>0@;hy`xP{Z8yot7Igs5&{C^s4B;$n^XsxNQ_Zj;9Pq7EcP+Ize#BgzW7u=d z+I%<=4cEI+-KR`D$4{HkD?G=RUd*6t(g21;1Po?5ma@*|@@lTl(tmwPF4%sb(AO5> zNn|C5Pjh3{HMgzz$l&$yGwy~mvMHbA#lXQQ_O~*f#%z^#^_1y!Gw!!s0ZKhI^Q)A{ zl1>tBH!lIx4(joHvn5gVA{Aa04>67MVRcfP z%4YBG!<;I|WYyA#J{N(%Cks+KgIZjyi%d{1-}NA4INsXaWD#juqoZ?16F7J>Hn5?r z{YeoZltXG5{a*WdPfcaeO46kmGYKi6ppt|xH`gvtEPk{#YzLZg+s7Z!o@yRb02yzr z#l?jH+AQvN_u`0)nz3mFcC(*qnv94z>3Aa0Mhr+IoDNORIttFF-lamh7$b=7y~f>WCYMqy7aP0^dk*f{iYMn+hbJC< zwu}AAK9F+pU@rJi7z;}{`LwHAy`Q*rD@sf7fsn`J55%*q0n!ew)?vgOuA7s>W!d-# zFMChe9URkd6HXsxX*%>;z_;M04UsV}I_C4f6%X%Ur8`XAB0dh73W}E(*AyyIgf$wG zgztSWd~mW-2uNvQJ%JWJo63T<`?j$Nht*BUixB2TAdRl(o}P;alRl}pf*F3#Ly!pg)Qi%Bj{`zsd(HWEXgF3UW6G`#7hOJ&P=yCm3HWPN ztT8Wdw*oMoA#r{(YXf&(e&+mgv%MEiYfQb{-jDVTNPIX-JrF0$0lcB>K9vD!-J`T; z3=v1GF?T%Tb3#J6nm`{?CsP3lR~lv@)_kc&%@{{QvfWQDEVAz7#X5s061k{n$stiW zYE`u@zBWe>198ydyz&#zJ1-W^=yM=09dV;GfQ=^`UfOMaOc`d_NM1(|@+)e->MSUE zXhOQKC-p?eSr!8d1%h)kMTGJ^59N}xVi??LztFLs=suX^5l0aJT}6Cn{Lfsn{;ymj`JcJup!46kq&MV0tB9p;ko_%g zEG@^nvogP_qZNkWY{UvE3&KL$kM>tW%Z;LF?YE05q^7pSp|<3A2sE3R-IQ>uwA$+{ z8O*abyCqINx5e-}5EptE;PsG+LPSJp&_a}cvuYJFcOE@R^w!y0_+_?^ z*S#J6vnC(R#wIfk6$xAN%3HEF{Yj!BkATym-tBMJ>Do%R??uZ(CFH5m*|_ukTiQ-` zhQI-`XKCdmW9g~!FONk(;*%(V@V z0ny-F*yrW?(=@mW$il4QBd4XV#R6WP6`>R+etNnoiCs+b>v)|`bVl&}`l&^C`U2Mw zDZg*z!lIGCc3bnXVlZ>0vDkH52Adt_T&3DP++p}*wvhb2Bpp>6M+dMWv4c-FiVv6e zD^z--KancS(UoHLyKWOuakVi*Z0GbuIRe0%W3Cv{EJX#uIZJP%UOg^!VbQ8S2w zJYg!Xje=RCR#BJ#%P<~Rl`0J-y#PoQ7Z>56m;rss&MX|a*GUkbMW~8dWki)AyV-#Z z7>o+3GO59^$xJz)^*2Zw?+GybT>RY#Vn zuI_-^k1j0AR8*OpGc%bd9h`~8e2B!pL15H$8(Boe6cx6AkEjQ^D+n8=)sYkb+}QR{X};Z);O|tSj$kbH^uc+ERP^VMGd0NUCa!MnnQo@B9uYU)glq1wfy`l z+Qui#_!Ja=cM0UXz|qy;Ig+lku#T+Z*^od_;hk|=QD#v_5>M0jWs_P;Pt`6Z>w+2+ zE=RfS{q}F#w_rpeg(Tmca>I8s*5Gt&NA-_~m*SA>*x!PxJ||CmT+Z_74NzQZ@j#!+ zB|50yz=1&XlBlcww#!W-&k7%kQK(DGYzTOHj8#NQs|rV!Zk~mp7cow;JGrz18qnf3 zn^et6te4HVHrz0qo;1fjv%dYb%-I^sfM~^EO)QRjT*BG~nk-2>3vePGKVmZyPVa0j zyc--EqrVBPv|@>VI)FEFA;1UAtRn`dw;X1HbzCx?pGh{VXHtv58A!U#q7t}@<(JqP zK<5yH$6+^e7C4lEClGdPq|4(UQ?rTa!#Z@PF^Y8 zswnX5#8&ozLnf`LPF?<5UcvJ0FMoMP)sOO9hF=?o{Zs2_5Z~-}0$YB+XgyZ40*zO5 z6+f59tR6Ze$bTzXm&D3V(N{c?B*oMO@O*a0NCF5W7J4lYrsq!+EpD)7lacYgwD+jiyxc#vGSvMEQUM`IWL~@yJIIQx)YD}1NzLjQ^iPM{t(qK|I(}ITqL&)0_1BLPy=r3=`%T_UE84^R6(dOaaKVh;#d74|w|q*ncKdnnxt#{F z560Sg-__a0$I#zj?kiO*qX}WgZcN@r>5p(x{OkZ2S9G#6=R^6+%a(Sa`+!IUwX*q$ za%^r@O!9k_=rLN@meIIosHcRt)0O6wy^&$u5q^2*{HZ+ADAh4#;cD##D}wp{)oG}g zb^A^5d^_jYngqEMiiFw;!kQN7AWMDxgih?cxUavS4Iu=u(PL`U4sb6?@9#hOpxSwe z)wyevtIY9xj13vdnmhcp&&mlB9P81x>Eh#fA|kPM)}9vvTGG?^2jD8b5r0C%YK}`3y}*+T zJ?@MWd>HEz<7W*`yArrs#v%Xy_oO%t4v2?$K9$)Z9We56#;`Ut7^0URbrcN60kd*Gv`gfg5*;&|XARxoX3{Q4DPXIwbS0sbQ2nyT} z&nqQ1e7AUyXQK!xFgC6fg%3eR3%FcBy?_yZVRzuJDWOdL8=H}ln0310IUuOKWS}vO zUlxQN;|gW|f^H=FOSIwb^K}~+Z|WWD(;^gVLEp|w$Ogqb#3&m^GB67ZG&77N-fLHb zVZ72PW*K5>!G~sc%-9fZ6osSQhJ&`^l$-VgAz}`c_I$S+`#4Py8l-85;hF+X~u&IMUqXFO`Eo6oZP3u4JU80a0>2reMuH`P$VvBgDg2}nxI@OvSrKMf7 z%?v>qd|z$;e&W)HdtJomG*}6UY=O@CT`p@#mQL^5uv`;}lBI8}9m&>bBsv9^=qRbz z|K0j#nn2+IZYQ)ZQ)7bu?7;xDK5%UhbYiqS`B*YfEBe{R16kN^sIhLXf!BplhxOS{ zp$wVvLP0=!e%57--X3#jM!pu(Xc1-+tmiAAHxKL7WVn&X_X-)G%EIhanDcbp)37(? z^N~9`S1ubVS_#5Q(pMADJVrTND)sICHR0JLUCP`Cm728uhZ$TZg27w#?Ezp*(AcG! zv7(g$w6iPM{RAaenjcY5hJk}h5{L>lpZi6bB_JZJ`i~P(FoG(Q6xL)H%ZYVFXNNI5c4=i~n( zm2(6@(QZmQ{z`&3yJ17`y4kY-oFBe>Dmh+cKzrtp^CaeV?@ zh}|xo(xQB11}yVnki6scIlDv2{`LijOfRDQz5 zB0FU&8gG=JT2C&Xji9dw7xab=_G;OHa!sKzkGd_Ii38oPFE53Uj%Hz8URgb%2ak;@ z54Kh}B#16fkf!-fD66_jxi!`8%kVHgWq4e?&`8Wd^>^j`0OF&5gZr$tW4o^}*r< zc$p|zAqJYn-w-A15AD+j6%4V+A1Ci*trrp4Kg*ypRgxD5?b$@#G>Oo|zsk<)U{5|5 z?2}(9Rzzxl#{FO9D|_>yG%%6W*;vq%+wjX_gYQ`mIaPXTEwV~j0K=ta^#c*7y-8jtF=J!C6Y~j5n7^?MKfMggB1S}L3e_91rw>{xVk6asthlvRz&p_V z&79QSK`oIFI=e};dBQ?-bHQl(`b`u}ab2KIv7Ed^By+svf*zDAQJlYtmz@7Zh1vg- z9k}grJn=;9-|LqIh4V`DV&V>F5!@>SLwTpx67^NN%qyc^nVPRBL+At7E76@5pD9>ska#lUSSkHG(6F1>z4 zBS=?sQt-&plbNB7H#FB&xhRI~F2Fzl1%kSoS9AT`<5 z?7LpgY18znADz(kH5v`qvD)@;;iNF=w2dE_fQsc|+pQG8)q^!i5sgOmO#G?I^S?c`&~H|nL&v*dCq0a zBlfbQ?&n7Dq@VliE)npVvtlPPMw7vA>Py%Lw|pOF_+@bNk;bnxyuI}6%PYw;^s?$5 zR{7}?hH=q?VLKZ!6kNC|KEZe3jf$0Xz2#z!49TifikMlaQhRqJQgB508=)o&w+8-JW`}rujFR?nm z`vnW3Q`e^=(DQBge}oQs^FO;if&c3E82op)=dtmhZqFjz|8;vf|2;D%y8WN#-};yN zbN8}9byKEL{NMi$>$s{Cag8mM zq}E-;u5ey4z7@D*@h}zbf1|HKE}Rlr#w3Y|>dxzBOJJ;TH+6sbz>qhCzjqZ|Q}gnr zz)Up}GMB3$nRi+V%ldcR`)XWo_FlbhY2VJx@#KrVpN)AQTxWiAxbl*UBQ&z#wDny) zXs(+pU@dbxw=s-<)DSV-$|`SA{fUu5V}&zfoi@oNIl|L_U1g_KuatWUEW*JCkR!!& zmt1vUh4gn~EgTZ|J*LGJ&nUxLI2u}l>lBQeb3XGBBK5bI|hHodJ8zy(V*l2V}=*1i&WIqGqWBnc6Z}jEB-qb>TSxJmN89T zD+3Zur#wY2@(ly@=#ij!!Yz|$cWMXq35pI{?}uLtji|GMEl)}9f`C|IP9xLmK#U+c z-nLW;LMKUG#y*I2PeVBfuGCcFd_Y1Z2J`|5)@;Bpsm+aV7L$GPR*FdP*>P>zyl%TW zgNBnhtgEcP`JG8==+_;hMEiOD>#-o=RRTJ~8GObvc+0`W`r}&VVPsMxJ^KYeJ+~d7 z(r&jNi-8;&T@@du7(6dNHsidyfP|Z{3R!`}0F;#2Un`0^+5yfMm%o9p36$KR-u6gf zUv%Ow1$-4#0`2sDFI#%O?@m(`G4`RWw_ZvxyiYjVNf+Cw*+_Fs`1LhsApbUj2T$4G z`!IRv;QKVtttb#(H=wdlyU|$DnwKb{j_Mir$mmV&7< z1MRWf-3XuoDphXjAd0)IFitE&u%Nnd3Kna!739#erd2lbDVs@PpqQV2r~83{z%5>N zzauas9z?Udh92jbsL0@H{0KVH>|;B4s4NG%FbJ03J1|m29f-Zz^g`8bUjEZfF0p3X zVa8Ro;pmhxDTjlbUlkMVbIV?k7}a2vYpqs~4$QW$sF>&ZxLi$C&nXx#IN&Ql8~r9_H*Ek$ zMxN&nvKB#M<^W%n=ZoOZ5T`J-_r?a>950`m<23qNKV#()@+2G{QNwP>R`lhjX3b@n(||6ZbWt7R8sEl^ce*Ua1^M9PCn zFhHPKlHZx~BfSSDVH?LnB+;O`$|0vexlf(z4$uQuRKJp%QXE5l@jG5K&OeN>BU*R48IvW~HNI=D#HUSUBj znI~S3!;9wUSfGkb*kNu6nQ(>(BeVl=(el=|qjg>qAlrHc{j|NJ%WZ;0s$Qg8M=5&U zHv+G};IZ)U)nb9s48ff>V9U=ne$OTS$fwt3>S6;%N8r)VhMZ8AmH^Tzc}Sx90M_ zt4Or9U^XmxZ;-4@4fw(3G>X4yzi9=5CU;ZEEXb3QOC zof*=}=tOGwoaWT{QRZY{mYMqM+6eT+Gwib7Rmcddg(cW6yZ>PzJsiSgf(O&d!#ba@XRXzrhBjOEJWyV)#632h+E>>*Rj_~5GU>&2pRW4F2i_T5FgDXGv zI$Ri12ojwLlSKC0{l*n7*q+%rQ5aVW7t)1pR?dY3eiTS@oQ&&nd){)nk2Lp~fJ_s& zp@i~J)J!2OkPwi3>7%e@FL{lECt(Hx?{N<|%$=SAP6WxbiZh(_e)&5?k@(YkKcJn+ zX2X(l5&rE1!d;Lw9XRGZftm)MRYC7%u{PHCCqinS`#nr5;6<5uNVq*M0Kz9e<~@f4 z2~kYHz_8Tp8AL)#P!G7h;L)&aAo0fJDU`Hvd!)E=cU=={z$?S!*nlYpQXzPZv-O8@ zHxnoe?1GgXyHz~FH>OVbqF|<6C&j3jXRWy?dSuzYHQLJ4%@km1*iyz(Jzq7Fpc2ke zv)#8lT=v=K8NfVoX}zC73+F}Ws+JqDvSO^2CbpHpjRs|sn^zo}mRfFU#i6CdMc{LQ zu+q2AJb*2SM@ECF7j#-q|rY9WIG%+{}ovR zgvK}dt#ErkF#D~^>>fFD6a&UmDonYHd1~Oo0#J3! zB=weL8yY**Uqt zbNY+e%4)711uxRBe5`Y>Q{%GZ1idnUC2f6Z_Fq)6X?hF@x9Z!#9ze6 z4H4_EU1o}TnwOwl_pBs3c4nafEkmy0?MP0(gx^|AlU_-^`brpi6ef}PjT~pDWtl8h zQG@jGFOCWb;kg~-6xEo>7# zhfYc-5WgNXahsR!n)C!SOpDLFA=@n$C-Un{xTaqCDtnt9jki+0nY7HqkRC= z{9}H$ze4{X6W*YInP30E%)bNx{EzuZOa8_lHH>fc7lZZcDVSix`d&Q!odLmvF!b~+F8Rfc> zTtU)EdCP5vaW^d_dL;FO&|#@Y4@E>m*Y=}RGzAu^|(+_BSAeL0TPH!Lp^EVL`8#-)`n(x$}1k%-xLd}$n7 z;+aG+en1xMBmBm^r`Z?1V695-Uzz1WxIRhmT|8dYq3E!g$8yuNhJIk!#e6B2EX8iq z==-!J36p!U>j=b65bVpsuE3XF>=puoFGvKsc%{qc(J>}uFGq$rc7cAFwj(v2uz=Y8 zAm8An$hZ`?)q1bFz$D0^%Ue~Z13A8Vii)1kI| zIPI3ho9c^t!LR}$dI z`uq3xrdvhcsr;SwM0pkC+`ug~c83=^y7#@dK@OS7w>l`inmqIW$JaYYceZTd+OeH< zY}>Zgv5k(|QOCAz+eRnp*iOf`)v@^{eeUUd_ul8*f7BQmD`Px0*IV^l^IfP}BIKc6 zt;cS^yiO#V4;!K6vbQ6lGLR_~T$XIRPf+3SQ(740Jjxdh5bj?<{-fL+jwXg6R$zUI18VVpdycfk-TeZL=wFH^;B4gyWwJ zaQrS0pHxi~KIL=9bFjGZkAJ6N5gE~Jvu2ENe!`(om#U_M%nGMFjJ0`FM~%}e;^emX zJG(tTgjOor{za1T+{TqVhMHF(HS^|`#I=K@ppvt+O&&r~7bt{XTqF2>(xA6-F(o?z8nNvwWB?{2M~}jjUSy`9SCHzkblu+tkTz-j8iBT0f&f^en|O**z?@Lus^HS6I?tvf}tcYFl!lwRUFAgBaCOX?3GF!;Mz#_It91 zbbNoL%bzPgajQk32`dO0DL!^hAC3DH?KnBgHpd%_31bDjirN=f-Afi%#sk66(-1W^ zcOiPmlj(CGBzDMY#2l7m+96yVd;DrjV!Dd!4@Z<#RllFX)azb9Wl+|pZ!i`|A{?}a z-E5DVxYe@v+=_t*dxA}ibTP%{F!2HdN+Wvm?}n*vszDuLcechZkYl{U4^3Ka&g{gz zZl6QaPCP5W)>R72Agk;k_qfo=1gdT`pLRLhDwRa$3cCX>aN5+5Av|bs1B} zH*!G`ar)+hYsIGR>&qHUg7%a~F-j$$KM{JE5vSF?XM(3v6;vs_e{wFuXi8)`^qOD^ zqK=Q*iqhy|*{=reYL5@!G7AU~l|k*gXe8J^e>lyuu!(BL;l7#7*^i^`a$RN^dFVsA zsv~t{My3>ldv0YCgf|s;f^S7s-+@d?A_CizLyxINOg!qZa_+seqxv=4##7h~pJk={#k^dT@zh>m zl$~EHvX^0MRk2lg80PB5Xd*^Lj=GTEd}fE@Ec+!dN4Vnj$Mjms1U*tPfcI@uv^JYj zX{lX8ZY^#w%nnjkFO)ucY!NXg+nyT{2}|r05;3AEE<2d;tx(mL+JRYECQ<$mE)CR9-bdHh6*7r-753v?Ou_kw>a+R zdSfc9Y`B9`ki`r^mkFtjC@03xO3&99$>IQ~fw$GV0zgB#zv341J)lxxUg&$N;#_Q;k&Q<~z$Z^IffTj>GvxufgKW=t zfUwSqYT_qDNah+FkJ^HcYG8kgW&P2ZOSQ@QMn2GZ6JSCn{pBVBYzuP0DP>*Z=qljd zbL3O0{XSB15ZRRLUV3Lk)=5iN!C3tBn8E`hEs1w$Oj)7l@?H85?5g`Q=x>Ws_1^;% zR+PW{j1_Ps7E+*fG3&f4%RB_tPId{A!(pB);1s}7{HQcWBWF>%rfEK6F17bacqQn; zUdhCU;x=OK@#H2KB@sWD|A`^tH~&K3Lm6Y2eU>IK;nJ7drwx%$}z$PXx=hQ^gSW_JlN!hNol;|AdV^<@M`=om~1s(fy60M_-k9=QY55ZviIYO7wa zZ-CfH`Cf@U5ScuhVb2S{c!@NXXRI=|Jz~U5`CFLhex1jZQxh94{aWyg-{wa3pYX)_vl$wV6bz>4tLe?+csx zu`+aa)%QkLV^^9V4D0sfq$%&|eg2CG7sjL5n?i7Dwt2~LA%K}Qj0s#YqRx=CeF-ja zvLA-@3}P&AWj7SU6Q*oQ-XsS1<=!=yiOsAxCZvID^+jWfr(%$bUQgl2^|yP~P1;=0 z=3j^}5{Hg76p(kha&!%Y_JX5J2B(bM4?LzDbO!Wo*VPZnb_k%t*9>yrVse3!%!}SF z`vy0!m&nR_12@UR1CZlHoh|6yN-#kf+#Y6?kP9K`DPVllV_R*gBcDST45EzFY`&$N zXs*$XtL1;^xEYc#<GEJ0WzX+q!}GvviHodnBZSNv z0||ny*)5G`5MLs_YVzwBTg{@Rk<XgDbb%p^tp(TM;FkxXWkp_;-ZB`mQX-c+^Q_oJ0hkvju$Coc*I%Lsi$3#uAmP0$@Z;{;OZo%$b zcsebby9OTi>dpy#j`m=P;Sbcvz^Q+BlC#3up%`>LjY@7D7DdyG$Lg=b64z$+Gwp}z5JV#q9&dk^G zOoY8LLj>w77BQORTZCS6_`c2H`uC?;PB<^MsaNqK-TXj^A&)_p@gDTnu+IQpBPGTW zeO8AREKO4Jos=AWvA?K|)1EunsDj#Co5G0!M>8At_;8 z5Gru)r6q4@nCt*F&v+E$f^g-D4EJP$`##;j3&A zS3Ys7L}V8`KzI2*l4%?CL;g$sU@drIPkJ zR^MU3b_VqEh|=$krO$ekuwdDwWLdQv7mpYaJ7t!lMr|>k<%TSJ+TA5yW?&5j7 z*uW%M!IY4+V_70U^^&dqV4jGfuU%3FH8lS z)?jR-M(p`{;Y`lU4@=kz1!9uLs4#D)W@U>+8rG9O>62m~VV9hdFG*`C8>TxELODBQ zY1ig*DflgaIE9h)$|sdOE1obf3N(F_YB*JGvT43>K`psc*@=E_rJrsru9r}|vC)Oo zH8@xcBpN%IHh0d>T+f9lp*0nrZBzY|{RzIgYp5q9v^q*fD#g?b{n*NCf_RsDp6AIK zwPl@KuL@#%PwiUGK#DgKXf~+2 z(45<=V&QdIy^wy!dNxofPKWU0xxa~(nAV4lT1s9TBG247*hpU|47*bi+}zR*v*+yC zc1q=Ygsx)bZ;nfI%uIpJw+6iaL>;0e){&ZSf5S<9R6cicnQ22WYl9RA_%3_5}O?F&b{8SSF zL1+;>kv46U%-nc3?pw0q4ql9KN?`!c@?&2TnOcd!S}i)M;u;<9kC z9Bd3{aEUS@!9%C0k)!1aNbz7|*wE;kUm-gkwi!`?=i>{}-&+w)sX40P6D0CwZ#``Y2ZihvG&5q+a z8l;VwTsD{`MH;=H+Wh0Nga?qhT-HI;k#Fr9^fk9B;VYW;&#E;W2Gv(qwNT29duGZ> z3T+XfRbunR9tBJe&zI;X<}u5fSHlS-nQxSfvcIsu@o5oPRG~loGVCmvuwhK)d?U5R zmDK=4Kph2--eG;ibFP2LFJ@3`iTJVlybjb>(pbO`q&X9zb z6`|Km;TQF({aew*-9!kwxoWbcwWS4yC9;fu2|>b*$=>a@ffMf!&tq{veeWlVjm%c` zK0|ezeE+qOhZ(fcVej|Kpk2pNn?#bX$e3s_&L}@7nn1*aK!*H5uqwb{3W>s<5L?x$ zaIM$@vuOOcFR`em3=gu{8Z-iY{3Urt_qho}`yHYn#y`Du*epZA$S;dX%a>pAKU>hI zFVAsKSzOW|daW1rVU<(N+b;lWbMk9OnOq)8oo<;H34Q$}bgPc^2>O-z zrxL`4-OP7{?knw+Rhtul-oZ4#Br?kx-^CwzfCp|u;|TUAEXC3H1lTGx$w|}vafS5z zs6gWWclSANxYROLgN;%am{5}CSuh8H=^vio|J|Ygi{}sg?fG^7>G@IfKRkcU+aJ%* z_5N)S`3KPf=3hPk_HWOh@>kD~n*ZPD{J8pm_54x7pFbBLc&V*A8zNIQx=$i>N9A2B z@R$P%X4NtjQ6_ge^5Q0c#>y>gNRIYSe!iiB>s?)&=MPZL9o4^P>)aYmJOZq*fZh<> z7r!!C-RYny?-D$7%vdlEy72u$$?2xm%?usJ&DWfhq6AsBXBKA7WK6qcUUw@1QDQk( zoz%kgM$)@VP+B%-kE}$PolKw3NJfp@VtA&W1TDk(b`O8Ov^Jg2YEa)udnB=1{)mHM z@=0V3H98h6M;rFC{9%6hE%x~PyUp`>%mWO zJfuS9l&m43kvpNA!Q_kfD9m`OVI0^bh%<`IFTe#^Q}bk$5Q52ClU;m%QJyQrp}}GB zvfO+332ocLXCr0^g)=`s&$|@mltKxf3=!9}EfE@c=Gk=V>ya%i$YF3juKr7mdL+30?4xZ<=I1_?2k!AkmmjI3|ddWxq-d#B%7Uj@lZu)D#XB1rO*-jwLEt z`9KfkbP)A1?PQP6HMhijNO6Ml4T~ck= zl~ao`fPfw+=`p$-LHko=!|_**T}6Lq)#nxA%kXQOY|UAU40sxWlR0$%{zezJ*D$Kf zUC;Ge#Z~%E|7~1R)u@xEWcAz!cbavN^r&gaqh%hTUy|v8e!IWI9Rp~sqQS1;SOQaG zKZB&47(Hz9F@X0w-&YacGOF6%nCh}Oj|*tTc3XP+=f>;cL?%iY%QCaARgOs1EA^QD zS3_>|&&RHZ*UW9><0QJ=oyR+u_>*j`toWKW?jn42-IMwEMWSMORtur)`!02Oz+pq< zK^@3Ns;In#Kdugh8bhlza8gJSZuM}zK?2w|?fjw!`sOn0o~-33znzZb_H~BBThY7m zjPoXi8-L;lVdWCs=jMs)F?}`}20#PrNbuQ0<~*5Zp}^n<3jwOO&ic-Ai)|;4-Euwe z_1%@j#kG&8rP50q-(K7pjef;6NPnI=3A@=e^?K&pS55;56D05kY+(KN@8BZ_ePtX9 zOYKD4>M6iZ4O#%A#z4hE#pHDi)oJAOBxXpPT|W*zSj^bx5zb_z_(ibzH3lwQzn6Lw zlxcyN2zN%iivnM(2ecExJWdSWj(W+&mdLD-e??$U6txGSiC$CRi|#(wdYn?92&lls z)gK5bs z#fAe@ml!YHB@-pe?w7@_;eo;w8KK*jFrw!?kPP5YKz+wY)C27WDvfZfVX9p$Bn12Q z!sLscUJ(>Rxo8bsR-4Z^D!~G8gTV%fo)o7rL_80<9tkxg&X6|C!`>^cQB~Dnyv!Fd zMWcdeAmcXG!qf_p$w;&qzAt9w!YkTcZ91oT|MJX28vPQmpM?(W%(X9e7^l+bQO@V| zQ*Myt`f7gEhm7dCkF>wmPeH49=6T^q&HS;=b6JFI_zt=F33VLuo;O=@S!E%`DPPurkg!x&F*}aF_7Vd+{KAw%=$^bNPa<3o z_^j79!vpi9wr=be@2O$@wS+5Grdg#U#DNzi=$vC^1EAa>#4fOG*LBFfF7cVu%2AI# z#TJZ?`<(aFC&Tw|ca3wgR-N{!(fRTxA6qoaJYriFdTb+8uRsAOzFBG@y*U)xvl9=# z9|3Fn%skEU&1Iww1u!rx#<yflrV?uO`gd%~7K&!)D^wNXbJb ziFKtr$N?RZ@leDci2`bKbSgb*gvV+TXfKciNs}#58^2_lLd&y;&wqS|e1DxXlgUY< z4x~|OWL)Xr9+Aw6#TA}3ps02vfveX+SJ@2zR+Ul*;HY^LbM0lFDlB6rTi-rof;tp+ zQkbI4q8g{e!6tx-(Fx$0=_SuTxib1?d3+&1dP1*6csvAi&ucbSn!TV^9Cw)3CS5g5 zakK}Ot=nTzPS!1i28yI|HK|&^))uCc)aFv1i z6*rBBv#u)fW7`Vx$#40hi3oJKS(8x02Hz78u;ML7))J3)&K6)nTU&#{V((LBZAAw* zSUu~-PfU8bzAy``U!K1|&btOcV1^x8I|C@lbam6t)eD4(K-Wtu9ORPE_~x0lMb3)v zZc3-^sbW98rM-5iCc~^Wdb@DItfg4q)v@~nzP$qkNyX>`)W~O{-zI!!KX?wQVJg@cD zIe*#nf&NqP4M|X>5uV*`g$`*XnJpsR&KE-g8e=;rq~gV#)vx(mx%{nps3qs~`(y3B zz5#2FhTVJBx5~mY2g`8I0*cLaBr8c<2r|5HZR~j$kYP!N5%$_Q*3q9PSxaB@Zmes@ z)d~`?DFG)C$;@Rtj>X^TP$=WYtv! z74}~}|L$+kpY&JHPjLNT&renUSI_^QjPS|yB-20(?1h=Rq*PND%HS1*m7My*_U7Rj zxHeh$;r^=fP9FUJjQ2iAG?`aNm%rECtd~sD)$*@$g51$#Q2Sxq_mVcsvgfW@6)# zVZN!_H3Houx9b~e!6K&t7FYNfC_q*6mmTeV8*|XqIbGuvt6|b;KbFBTmO@!0fp*(+ zNX23S{72_>X;PGSk0-aTPL!3~0$lsoi?j#$z9b?v>@Shk9f)ld&V2eIB%d1rNg~%9 zgMQ|{zma{S#I z?^n`z2!{5-LGr_wFY<+gO zIfHqjDp|YDl5*R|OSh=^WP=;fAzWeQ==QCt>S0ak9VXTLzmb>n)RX4T_bdiZ0vuw) zbl97=iQsML%}qo`S8$8$;6?8|IjYy>@${ue@e5jXTXN?hgY}0PFbzLyf7!Hswb8e+ z9vUr&uV>^Cu*QDe%>y*yv2&Gl0RAFT3t{ zQ09Qhy9zdSgq}^R+vi;=*u)BYErvt)l#Ud+Z(JBV2O}%?%PMqC?@M1Z7)#TTKF#~( z-!kk=r_jpnUlnDnX=yqv;F?)gxV)L07l&ddf$>FmJ+}hdG8YthEY}ZpVO_M3q;|A* z-TjL`Hb1z!XSgR_c7K<}W*CMj@aE-L^#UHDacR;>yfdaz*?Aps{Qw?}^#yA1$&O-9 z!@zy+x=^9;l18kXWl<9#qdGFu9PwwrzTpmdg3XuWq;^t3b+YK~iUO!yn|67a@~Ia5 zH$c}nYzS@6FIhvP`H97XKSPj`WDsiL9|{hOf@N6A#^x1A+!@M31~B@WP9u)$$akYU z3DuxFs$@iE#;ea|u;@^A>>`B?P$)S{;OD^f+uiRtIrRuH0}(9U?%Ei{ec@dvT4O&TRT^m0yR-s%Wl#iS+o<#UO{`KRpn$0@MHhbST_(D_0N-;5WW+2L9=i6f?P;as6|W)r{7s5p4Rd?~_y^{Ai|H|R z+sp!!f@-V7Yi8CVt>#~J2mBwlqr;`P5}p8&b>|v|CUb_C;3rVk*pHFK36%Q{rU{nJ zB52)q%dDROx0}n8#_YZ;eTid=pqzCFY#6nJTRx;!xXv4)N2R$23dehYsL`mi@<}zC zQp5GEWV+(PBNO>yQu5n%8FaB;$?{V#hsjVTfZ_sXtC?ugY6eelfA5?P5NMTvJlc79 z?>VlguU5p%fD|8hbLg4OY6t}lq>AyFB`le381TZEPqIiJjC1309HZJsaJf?e=1qVB z$Q}K|4qU^kaP0ZeawFUP_Tm;p&<9WDepY20P#jTIH^20HBFOGDDf{WSaf!9B&ywrd zRwihF*x#fEmjQKhZInRyu%x@D+v``uPy!T=-g1-*Yr)^p`NbkCKsFpQkx@M3*k~jF z#HvD#Eb{g0=D+x%P7_jD9Kwv>*Ju8e5o;v*6JfwdzVuh~O5e{fHCSgF&4c0w$^{ah z7B~jI_M42opW?)brH?$rt*Wu}4~zxiw)6^sA8f*DzE`}ifa+f=bQBt?4aU21hV9)h zC}(}~^ry#I-r9+Q?%mdvV;@tFS(tvok2D3ym4*N%01Xm(@t{L)2IgoR2^(2D(u%Th>@P(GS|E9)q;MLw zDTMDk64*84wg54ayKbNblzNoT7bp~HAl92fpb17?;D4%p_EVaytyWu%5f)&cY$3%p zcb-prcqO7Ip#q{DD{?CVHnbEgdEYsM)^X2LNmh5gI}O`>oo#e~L)RKy2(aMOxs3RF zmz-P$x%~CTu((AwN_ii1J@t&0eymS-qXa*0G*K)to*Z&=6bxMdB)`(8Gs!eFKS}Ps z2LhyYTIZb&7$Ql(@PHqV_8G`7qJPpSLTI3lobei)W+W8EC5ut$BWY+@r$&{b71$eL zAXJR*0GMdh?HwzccWY;=Q_5Va0{!JirqN3GD5!3HF}O8E6GF z1v*16J%C+UtUq;YI$pn<=Ith68`r;vlFF!Q&z<|yS+5ZyGhI+OdyU=BoZEi?{Yi`} zNg6+%&#GT|ln6IS&jGl^XlBY?Wf52A5YSw1wx4R)D0(e!sUEBd(1{0Bm2a1itb>9O z8nwXPRmvy*mkB$!x5jDm1zo9z;o)^2)7=Vl^f$X)@4=^orN$~Mf3Xzhtc4mO)Kol& z=93n;GOt5b(jUBCJXLycF-tK_vz|i_MfwFRDMvH#S7Y^Oh9zIB z-UV1?eE0EZ+_`q^3ogN9oDq3OPu20W-sH=~=KtIZnCF6ieR>pT*FJ=jr%o7)UImPE8jPZ{F12*!@ zsJ~?VHP0K}8r9sCq@-ko79E^0Ik%BMyNP?u_k^+@_^`BMv!D-{np+32Dg zP7dEV5hn)cx+~tIa6Sq5Ot+Lh2E$^)lkj|lrSg)1%&vLHen~uzV+^Irt+nh^Zrm?Y z$cAM&u(;ettl7-;ZGgb`3Xkrqg8*;C@_gxx;s^>axR%#(IaS+2S{Z{z-TL~5yteLH z(IO1-EzkpTa7XwGC?8DPSTam>d55zBUUk4&e%1+NJN1qik$SE*(EB{#!@0UX%DyUA z21B7YdUlHl`&K^f%*R;8_z%xN@$S(7#q$UM_WWA^^!zl!AD%x=_n)4h3LXmJ2o&IV z`}?;&peu3vAD&-<=dYfhM)<#;AGqhQp8p1_nv`ra&xEF7LUw}+?Lr?c-RqR3MBQTK zxMI*c_U!3 z!Pzo*kU^1;Z!(7KF+vqKIL=oa|?^k-7eP~xLIMwXiBB&Ql z@9NEZyRZRmX;MC@9g)tUmoPr^wok2P6whso&rKur-1JvfXx38;XWdx9_N|*lKVgz_hnb#!(ea#@*P0 zD-lTWo$+MnFo#9*a(jDqKSGI;sE=r@LR0hzs_f)4MOA*%dn-eXIX-t1?9bI&Ri(5e5I#L z_M3)avQG+ILU{G4^|BWHg`!ozKv6uJ9=ZIoTA*U5Q@THvwt3M@M#8731?wN7eQ(N* z#o-J_l+-jRqWbcJW0VJduKWalm`ZG~#{^%vyNYq6f4 zPfR`=;thWIY{v4fr=M)QLOVY1bU@Wyuz=NxiE#+3KS=WefS7iiV~o0nHcE}Il&uTZ zrXSDyJYKC(lyGR{n7!mGL94MBF;eM2|| z!?exDvMUFiTyL5O2kqWQfpM_z7~#1)U2fPfyGS3aBH0Rb!gw^XSa?v$X0b!I`iM(# z22r@1WSn4juy>}ctgenvWT^`Zg;R-oMZ8l5%u&mit0W`ncNc(S7F{zt6u&2hc;wuw!U>5;3La zJ~l#r-_{{XNddow>kFvq5m)gY=oCcB&T#hg0 zRTfj$+ZFqoqNNbnxT7Z|uii9k>=b}13pN2)WEAP82uRXvHo{|^$u()+s=R}GQ;H

0PpF*tFWcj>J$ZVyJbfmNWW}u9q(^MIi5n5&luI`bIIIB&s1YMonz;R@W4}mye zbgWh5a-T1kfn^%Z@iZ)Mqozm50lmF(*^-F%@E$p7VK={jFZN80X>VzS0&7fq@$ujO zN*C27aG;{KRGyLpP&+)2?W&!kHw*&$Hm^Nk->X;4+7F8xNsRJIk3C0`H#0hQIIoqO z7zopiOOk*H#r;4%Y>oA!kTf_JM}nwa%vMTn>QJroBqem@=3tak>OOxULA2;t576_= z4dsSj-6I^xrjOSquT^#YP!dyfsZ))(Im9u+(-!Bdejw0W=o-K$MT+Y}`KZ z&U?ZR;DuK*ncyZeOu~AvDTyV6lnRI)ws5Lw-b#l$bnt_UwN>^_frUc&LVbd2a5BXo zW!J%?fK?4C#7r9riw2u2ZOVl7x&^rRn{mNuvzRIyG746JhYkphZ5gLaG!JcYq=%ge z+$N@;tF{{PQ?W}8Kl@OwbIVxmQWBs~&WL4D-`$cF0SwxtNP4T;%~UmQAzDoiD7ka(~o$2NnG>MEy2cdZDv7w;lP;v5$ zCY&i#N4a`Vqxmq2n2`J21_F1ICAW`7TGs+JU@S8w*lD2M8ME%0tlNw$)&aqj+vl9c zq*l{m)f_hyhif=cP?VPAmN@A~zv<*m<{W~|5HqA+yqXoC0-0M_3TQprfWfG_;m^+< zy0~g-)5Ltw$4cm9ra!^#m_6*zGg_ljF?r%JC_j@yZMq!5gTz~%g+29V^DB&uxm80( zTioSg4awdcOo3-0L4Io^Vm&*Q*)(ChP0>Dt@y0k_U3C&Br|kjh>(mStaT<1*f$x6HJTYw&FcoBr*h>=3K1g8%lNVKr zthq~E%Xp8$DnPr1MEun|Z!ckP95=?|I#S(~8H*}-3j2<4qJlTdf+*|i#d&$@ZIEODa1r&%&_4^r-5Xtpf6 zhl=M#(uW(NKN(6K>UuC0d80|#qsu|ZMc_twhL-ci?5LyYn3T!M^kTVXO3Oeb>1Ceg z7=1k^TN4QQiAAW49;3@eL(f||QOCAA{UFBwrchOG0yhGE>+00D&73d|b}c?P#^o1&iLEaHuWf9)3+O z`skN=%Z z-d70tAN~|nVHeQtb?cXTZz9f%cpqy(Mon(KRju=7DFQF)OvgZ zKUsE-QU?YI0>T|lc)e#Nbt3P+)CwVBOF^Av2f7sy2pNKaxp%};FB;QcDC_rmxQ9Xz z_sMEPa>$kd)6^I?SmklIcXTHy7{tFd4~D!uB@YZ{lDpVjrjWyg@coDCK#uJJVCvf| zFjiCAlbU3&?zzNvGz81!$Ga$Vj!^$9-OlDi6wwZa7u)WAA;}zfsTTS?AU}KWP)p=xf4_F>%4Z~zt42cw)MQV^AQZar>mSSR z`Lz+$N>h_vTq&+vo4{CpB0$JpQx%98Bwq61?5Q z_3HPzDRra~)ES{e9uOJ!!?!Gr<)NXwE|O9=4 zhRu7%A@R70m~{dQ5kOr6TA#u}^osXtH}XD(m`-r~@@FGl{UL9_?O%JyY8_@>w{Pt% z>*j@ZGQ``O%-!67=t$B_hm zeU#Zngbq6kc4`RX9|M6(AQK1Vu9I%jXwF4W;F9PWUGP<*4Z>4}X>b{edQlKana87I z-CSJn4KRwXCCe@YPEhDM(g4Y9vObmO|CJ958a!vvn4 z3KvO(H8^U8EMBQMYV{@e0v_^)CutUY6`+V40Nktm3rcgVkzhQzw--)@=X*VuXmTDt zb#ASO@9^PPtyZ%>Ql`L?+J_#!m>Sz4EkA9U@rF1nrBlE6qd3L(UIpoc0)8?5GHUja z3Y8ubhcdXmpIRF=?FU-ET(l{)l9>@=Q&^&^41`5!%@$~EKFFTFw;c&VLs`=t4MecLze!_-42rYz?+E_*5wdh_zcAD0H_~ja-r7=UpxAg`n_Qdi(kA zuIXKe{J{-l3+GRIOZs(gcnTe%U|Y>iLqR{e zD$L^tAk;VT?##Oj&fCfy5L8{pJs~$IU-Bft(2!0$Yy%dOCLu4lMJu^|d zQM~CO27aTd0@Jc5k~NIf`K6hC|9U0k>Ew6aJ((2Ch;jCvm$4B5K+t_7XlzWv))It4VWH;O%5BR8BP$e>g>W-$N&y?+Y|T84u*Lv`cSVOC?RO0SCms^vr}L zX=WWP&ez0$?Tk-%s!*pzmjcoE`Pn?uK)FgZEQ;%hXsTC7D^|bEAh>y)EgAAlRfhX# z&Rg^xPXpI}G*;hM2{PL~gmZ_wz_U9UW59(s`E+X>HjLKEt<2NgB#g}i;EyTREh4_M zf_#H?6Sqn;B(JUE{G_jLhW%-ExdAA5>v$=|RiP&H4D~qM=HYVbyZg^D_zN}-No-~J z>zB#*-6UI5b$Cyd?lIiD1P+9XPW$5iwE*CH_f^3I$*sv8?a2!F^29?lahHX7gc(d9 zcTXYj8Sh_mXz1@8s`1Yp%E$bXLqq=0-P3!v`^cfRzn|^(LIJn}0Q_$MSzq^`O!~gc z4g$cEF6=jv;C~X)fuxCk{CT#=_d)E%UND5z-b|J9%o;hA(1u7|)EsywEDsl22>^9y z!@Qsg&mFfj&dyo(CjLf>fo9pj_1)9zqUq=(lFtUvekP(@8`!?>+EZ3aE!?a2nS@i^Y$&(Mz^7BxeZq2_~n2SQ?8&^yE?=D zKF|Wmv6$rHDVVA~d*JBH0IlxCMV79Lmw(C68=}kXx4WX3+1t zIE-XwD4;Omt*`Fok(Eyc%ZG?2ZL#>1#amR@yET8ng_?J=E8m%~I{&Sd%&jcyrT`h*d7xzx{}u_C4}{ncI=S zHB$MTMnmta&wR}7AeBEFsmy+hX8j<3eJB2l>QTRmJpYsUu6parUx_#d5jI>11K;zH zUmlyxnG2=nX&_Q_okc!+3V83y^KLD6ZYSF+WZ~+dr$W_f9+|v8kTLJ zjeN0#q2e>ciNYB(nRXI}bzK~N6S-#VxjG&1hEeNnr8FQJpsXyPfm_;R^Ur0#>D{)E zNb3Jx#hBlbDE>7PY>eNLAik^k{!AVa5CZCb?Ek2^QU8C(c=H{FmrA`>({a-^A5_60tFV z6M_E_4gO2S+WuGK`ETON|0E&;5C;FBwGHoQZTw#%^Z!Hq#~fh>0QeZ0jh(-Z4CedD z%zn)8z==O2qwzs?)U8ue?FRvne4lY2?QcW?0B$?!52AI_A0h?-Y6lwJ`_5?q0NFqs z5Pa`r4Fm#O4+8Wt-tNyI#{q$X!9U1Q`k;Tv{}^-bk62m2j(h)~v&Zn7OL=;y*JdNJ zN2~Duhx{>DOcejh3OA0+=(!2{rf z{6V}n1O<3sKK{G?Lj?&t+26$A|4Bp#u)qHEcIrPwMMZHMMp}9rSsNqk_rG;nY1v?Z z2R;P^_9yUvNWyIR^dU*$ zCbs-fB02#4gZCdI+z0XRfwRyu{U`9s_ip}0ak=06r2kEy0k64K#1F-rhyExIGVA;T z_Yrs>64;-&cYjwLbj42ogJ^p7|3}0m`YRCt0K6Om<)Gl(50G+TO~NYfLVJmh>GuJh zG5BWZXvE0E!oWdeZ>rD8!pd)H_Ql@bl=iEg3AK@dq3Q3#G}dPJ4mR)q{re#%cILky zVqs*UHZ(IfHZ!6zHL|p{(zm8DvHSYXhQ`R*z*OJb#OVKY^#8H<7eIAvO&chT2X_zd z?ry;e?k>S0xF-UI%1X`bncb`V z>0VFwS~JZ2<4MeHz@z^Q0snjo^YgC(wwnP=pm%UIpf@scaH4l%VivRo1RKyUBU@{_ z-wrbU(?OtFfZqc_`Dy(>OZ)vq04D#t69Gv5^NB$HOpO2V%6~P$*wOL7|N4I%{MEYO zmHpGFzgYUGQ-Apm=+*zB*7G)?6F>;<8kjgTvvAQHIXTb)H@R8<+62h{YZG{anUVD` zKm$$&p7HzFfFJ?f&q@Ne|5Eag&1WTnn}0~7b9ifEV{Bkz1^k(ym8+wHldS`T z)mvuK82o`2x**3QJ*n3;p=pAQ4siJtqv*aj5( zFUS7q`DX{e?E)ETcAh5^h2kbn|HYyTth_c05?X8ia(ff@aE%%&2zVPU=lNJJ_7 zYaajpfeSEZA%GH-0TTbqiVX;ejDyOvj^6*MBQ{9Ldz)W$1dexfC=w752*3tBpb-HY z@B{40TIU7GA}Gjn`(1a?VdE#D?g8xopnC*hoeU-Z^-sPr1n3R}*o%cG1pMyg;f^dqb*Wuh-a>J)cHzDch9>X{IR zyzb$gCtg9pGV`&N9hITSTnf1$ww?!5S8-w{PG(WaB92yn>xlC?3|D`frkebjs_7Bk zRcRySWZizC7o2^CQIf72CVMHN<=TcG@aiPvB?wsl3$ssTmuA?5C^~Wd(NAuNw?&=X zLK2wN;Rm?-!gh}(r%`qNIVq&!+*&50ba3&!*G%NCQ*pSIFP#JrT!Omrw^>yez4khE z2Mqh#T+sJ5%ilEwC(YaOKYlJwG|+aSfo%khA}8 zIGxTCWc2+@EF#d}ZVe;oNGJx%Q6>*X9+$w}RD6|>JFL=ZXx3l+Y4orj%#`S2duz9mD z$K@)@NcispQ)!`+KTjkH4(#hD4c~yH#+OL>2(b(Qm}F}n4LsBJ5_41frlnItjC?Ci z7GtG~EOpOrQAZj2p4%Erb@@Bsj-H70LLT=QF_uLAP4r8+Fz=u@edrcd$@K%{7I)Xm z4XQlxq1stqVM;CAf-^GLlWW7i4YfpKkgA(4EYd=LqIMP8QWO7%mD7o3@A$=lW|tjw zP+B4hBk~MSd65(0i#L_JbwhYjyiP}8IR&*ApSC$fr;`faY3uiy&AQOOVsT78A%Db8 z_W?btO}e1v+N*a5HXOV$(X|oLoSV$O^;#Rjmi(2H_WBE^{oGM$Vx{Qec`<7Pf%^<~ zX{|d!CbB|r>uB5ggf!2@)Y5RgZBU%Q$@Bs)m#+b70`LKPSe_CZ1QoCkY`?Pu1cV6) zkR5#Qe`SX+4Q*K1gaCFxzXzT{s(M=KCgs;G}M1Q zSNF5e+xPAZ8_AHbLdfPg#VcURdC&^8_&RKkf0dI`J>)iEy0F)QU&yt;)SjzBLyS0m z6qi2%+Fdk2zAIcLp{#3slT%ge&EC035Q$)yMDVGA%RWMx@iSybq^M?Je*7Ijg0r;);%L9? zoa9QHn395RMk&8vo*5ev7yzG#$V`1={EG8ccRyQM8fI%XcS|0Ffi;;=r1kSk$-SB~ zbMyvg)~w?RoK(T^m-lwX^R*>)YmaqaB+>Wuhr6$FR?qhd-m40wTU6nVIRF>nybT_5 z75-xYC@N&mt`=!st)x~~~K=9{&F+(}TBp)<+l$tjlrb3AG!7YxDK3sLy` zbo*%RbkW3BEgqZl_NF#5+P*IEMQ1{VG#?TtCyF#!$+6?FMGKKm3;7a}xweXonXgp8 z_hg%I;LtThS@kN{c1kGFlx!AIo;5UL<8i@$Ey-2yi(0FVP@k|Rlk6#xj~VOxm5dHAwH^|{55d7I(o*dyka>bgGjo~>olfJyy{_{Y zbSgogxG5S_IArI0k{0M7u(fBN)aDNr3OOl=Ba3d+XAy28Rl4rpVF?RKbBbg_3m~6%VUoOL!Xkv(E&CWzCDrNCG35r{(IwydZY`?Q1bopvsvAYi@;%l%-5`uxCuBvwXf$;mpEtZk-PiLv zoVp{nm{QVYig%P_J4cy@)@*Yw*9TK7Npb82gE#YLiHwIO`H+_f#ghuUlUSbVnCh^Q zMgxPx<{N$zoXHslqkO=wr1Y537)mNt`vX=X)=1WVb=tpqHE*?wUCL(@UUvmeKr@T^ zyqZMwC`22dvG}FC&}q-^!?&Vw5!X+4gaw#W;}vNFcJ8O{Agy}KDLQTO-G;KIl1(%I z9Q+Q%O}&BIx7yxQ);)#Rv{f8=M4Zw2066~hfrkZ--9JA-hVW#822ld+1KaO807TS5 z{W+@y{F(!>3B6`BLjVj>oN@{P{P{YI2Pz<|!~=xbn&pKQErZeMTI&W_M)cGY) zs@o?}@;7pqJV7=X>Wp-6q~e-q*ZsUXaS!YCeQFTQAe2}gkoQUg%7H!CQ~l?<^*`7G z_H4`GKiHxUv?cf9FIygQ0k*sZN>rwW{b|eJBB21 zD+kSI6#sJ{+w)ZyY;{2I!0Xh-^Rz!vB%FEwh>L<&C3I5$B}A;g9E7^E&M|Wsro^cR z{ICw4eaGs|yev%vFJB9ittkzLVYo@ut|Z3Lz+Drcnh>ao;qbp=0P&1L`fsRK03rlf z!=ev~{=`58fGVL|o$v{HpzR0||I@NV;kZ@Y1RO;1meRJGp$`+$dF)MO4wvX`r#cw0 z=NLfGg@Eb@*nYSD)%lnjEf(O!D%BlEMK}&Vd8df}RLPIh33wm~5`ZxP;*A zwYY~`{pfNy%Np%(Lu9=IyArS}slAPH;_J)GpU#Y;7s|TixOA)TMt1lpZ4!k$?csL7 zM?3m|4lFBueB%8{Bi7xbg*4-?`tzpbfusG5b#th$}d zSSV92IcALo<5V@)hZR$6Bc?3Qeahd;dU^IWXJ9Btdy{_7#0-8Ys-Cxf1E|>pJv@jO z7~mcWK>J-YFc}jlpl1H1ziO5Rm`(nn88!b;&AtFN3&<+Kr&Z;{`8XpQX`1HxWjBGz zwnW)0XfSfSY-Mqu^6@Bk3EsAt_OZ98bTyP5Nj(woP^y)GlD#0&mQ}ANcxz+?0VF$Q zZi*Rk%+;hLS@{C$n9Og6tFQ>%gkZJ(9Y=Y3)Q_n6FZWrj(R?coqhHJxdKPq$^TFdz ztThoQXUuc51Y=u!@to((*9JGx2jt~tA|YxneM48kPV8m|6|hmWhj_i3O1y>9*tXtl zqb<-j2!2^$mJ8MU>>t*7k8h>!o>F2!bv!!+NerfkFBpAWQ6TxwBY3fWdV%V$NL^@j zeXn$Vo}2$919mH!(6R!)9P{fV5~D`|gW92O;jSeqbuQ$r0D5(QwB8UuwhK3_MltH= z;`dM{jNNlg{vZ45Qhy9$IL`%Wya{SHp2BooeQkL*g_h(ItQhD0way_3B{)2C5@l2K zl<`3cA=&RS&)RUK|QN{l(TKmmPKGI~Q+O$#U3|VgrF)1t#(2J>ph3 znJb~oEnBHv=s>~?L0;E+vD}IJK`AtiZDpFH`X5_8YA`|?h_|lq`Cai#ocs8-Z`r8m zuvxeZ#hJu8ylC_r0xR}%I5U_9q}D#?Vq|-+9p%CJTLX zx-AjrS-D;6dH4N$ngLS6O)!t$L6lV<#c?V`$!(cy3P#%-4dFGub}6$YqlRzEug8dd zfsqEy0RL|@LhWY;kNTCpaIU;&bGQN7s3{}yCwtKW*vkbdF`Ne;q!AFe!1g;If)zXH z03}*s|D!}~kS6c2pAzYT5`z}hm6ocqvS$);54RO@lJT>a^3mHyP+v?>-=z^FwRa-9 zNypmh7aZTJH%ogVUuXN{=kbm<(>CN~_@=dV$3a)e9&$+togA!t3x{?8fJC~CJR(Cu zqnPozs9>lF+bj&k`_3F3({$a+@{-V=UGqZh22LEsf&Yv$IUGy`j(pOJGpl!T6$YYw zfvtr0ymXOqR>?$RE$qGU{uy{$BsB9!B98KA|Ceo&%$iX$%O?;Xp|zz{u1hv^9>q<2 ztOlqta+KE%Z0=`0YO|q}7H9Oqg8cE5e41cq0RduyF=3aaXDxLdD72p7S=UONCt}t=__n=DIuLRnxSK zohY(2w;oqw*Kj=Us>)NHu@5Xw`ZOS(uX8Z1@k%sciTqxdbHvgbfE6$>uIm8ive@s} zH*y&|M8sdu69&YqxM_Xl`Fz(^B$qn7*s@JWdx+5=#Wly z!+c(+Zx@3Yzj^ykGIVD)gt)?X;B=qHI!{?D>{Npi?u_}nzi=oqO_fvfafIGX({PT8 zOSgH>N@qt9$B-aTCiOh8Gwf82tm)|Ial<9!YhWaAgCqP~et7YmA3T0#;T-NZEIeC4 ze!#8Q`pLpG02ZcyZFT>qJ2N2Na4hm%LcHR{L!W)$88sf>L6ct`D`>;J+Jo#0O zAmAn$3V`{Nd!BGpIPZBO|DF(cetRtftsBIG$R4j8^HE^egH)`fd*<8 zu=Sf}K7VPZ{<9u_eAcY+!+S*Y*+zzBRI!mRBZ4cN+Z=f(Wr8TW*Sx1U`r-I*F&5W6 zq4@>BqT=hXD|4l>)_iZ{%qj^tG;a3iK;pc3B{+ca{AQt-O zrkCkk8Lk7gPCLBC#)n4S4_Q!83G^IVeNdLuTQ3f-`8|{zFPMLKuj0_7O?%!N`RFw-DjSQ z_?4CLY`tc44FEhhl}TCw0dY9A z{qv4V51{UIrIYEfu$t0H)!t~XdUsh9^VfjqP=}hSv>s0;UiIPw-u>jrq>0?G5L5J2 z@qQePysonkVc7ze45$fp7Q(;HG+>`?PWsJeSAflVz!9N)^wZ`CfXysR(RpIsSQ~4p zQ@mp=AnK;xFZ1bcp_YyxxXP$YgSP^h^UF}kt8DUsJ-Y#VP6GH2*naaLG)TC^n`aE@ zfAe1+z<(J)4730<)<5T%8~_X+@a_RmEr;k=RU0wc;VKprzliiWmK1_Oo_6K=qV{p; zsl6k`j1P};-Toss>i)pX=fS-YXD`xI+<-Aj6!*hY&PCH7-quu@-+0wvvVVfASsZ=)2L zjI}X<8uQL6LEsPn}d++Bk9tv7dE<^ z$l!|6(|{|QmmzdUah{Ob?aE6#|4Qr~z_JPUKSnfgRR0ZYHWT<~tlNLXdc6$`KL{|Y z@ss~tc>q`itl)Wo5<_)BKyCrTfbDM*4@?lACBFDaiP#|ckgI=1_>&h@%oK-!b4x6Z{i;7gC; z-xM^;H;Cisd#$|{K0h>1Ajs1k7^Zrm?-QTqGYuk_u{ep`@n zKpi>vw{hK$EVg4cA2K~5fcLYsA_5{24?w~K00OZ64GA3+#AhVpe?=lM@flkH68nEL zCIDM+AQGyf0wH=t+s!LjHKQ<#so&RLI&iuqP++S{k2d(C$a`}w)&96--N zj{@7@;+4(8;CZb3{Ti?ML0+?Y9RRN`CINo-XS|94diMg_G7p$#y8)yD+utNwIT$`m zl=?@B*dU7!H$Nqc0wwZtz!I$}m?&q^h-F(Ge}CHdDuGldK_bTpZoAJBD?=4s_$bZx z0e^~;{!=t1R5O^uF=9rh#hEowlMzJFpSJxCRW=i(XH;8$L$w2dY8xVQ2Xi-G>EkN$?LyMxg)s@%V!+6M5`E`V1Szxw?|RT9|y z!$)N1`^d)n8&;#R)#w@fxi8kMg zA>I>bR--&(a<-Kv_S`5cMJY8l0W~}O1`4tV@HMdg4drDMlxIxPe#2z94U6CfKr?*% zuAi7}0WgtNY}dtYJQIV<6hvv{qJZ**@@Me9jq-34g%?)f8w@vJHScld&rnuP0VUuF z*M6IdU;{ax{_YgUS$!aj|3%J4Th+k<7e1WqQFO3~zOt)&jXssIJ?oE{AG+@h;{(X8 zxqAYu;rLtH$?^wBQ((Ds4{YOCc=Q|A%ts9sV>{1<8_bdwTQ5CjRV_)VrkPpj)Nih%oBUqR^3;pQolJQ}O9W|cwEsINV50_zDKtg(%0kk_i zM6kfdr)-WS=KdbDh7brO3=q2z@wUClz|EccxKZVvmqXbf;AEy$-e&E2umsOfqd+vP zg_SCtI1|M(-2IxMYtq`)~OO+@Bu)Gb7sJn>DHr#&}HfyjL)1^>5^iTWHfjlafB zeiR^PjsYW+=rj1AG2;pX_-hdlS)jxuXNaHo2LB#~kjo}$K#4vm|4m}nUzLC>NH|cU zEgZ3kQ@bH0xb2!{L1=8>pn27yx0RU$|3?<`bzFF`WI{JcVZRIicUy2x6(?_5 zs0%`=4r{HiJxa--8L8J?MAdS)7+V-O=Is5$&_iT=YQBPv#SDf?c{_YNE1o=$9Q9pVAU}Z~LeGYPU z9`k8hGade$zcAy6CLV!dBu!Y)HZ;dn>N;{ubq=cYlZ&@!&&zol ze5TS0>FbOqHU6+Ut47;d-&q{roIS7kDW?Y1)FF5ZYG~`4HbO#qQ8jHIobWD#PY$KE zU2%NxVoz{l00qZ4+jXT$QMILST9gq+(Xc{gc67sUI4SsZQp(f^1b7+Se0wNL+-<*v zJQTO@B$7~DEC5~#;eSaw#a!=mtx*9#GkV^nP{2Y$PI51pf=dv19&AFZ#P7cIh{7u* zHqNoQ4&8vdTzMGLq&abTi=?V$Nz<$eUN>jw7keHe7dsyBLV6vYHJN43B!3(zG7Vv5 zAmtL`F!5l-Yy*vKQ(D+QjD)380Ks$A0WL>fiW+*(X+Jug=_uqJ`oj?|i?R<3gx;*0$hbi%k zJpEO&CG)SV1fsMv=L6JP=z}`AS5wNsRoJVPrAEuGu(%;ZogTI?-(V*nDnyZzD1?2a zvLrOJWhSg6d!uY2QZh>vDU68&$>=4^9x+68JBOCt@s%yo8dd)zhlS`p0tXUwt^!xy z15^K@>dg9F4@OqTW>1f3eq`RKi*?)kok<*SMSPB(w`?uayQAOYP!RQdte4cQ3<-fK@%dvs z@ce`BFWW&C-VZ&R#GW+}ZwIIwLx@)!9(`t&af|+vZ zF1y3`K4Wm&U~w?nncB)#s{U|AJ*q3ZFq?bwQafMdMG7`>=6!*De09%pvT7zc8@Ms0 zPf$C@nq1~x6Ne0$Afp4aLPzxz4O zUMb_s2Njmry>>LnuTE*@-)D5J<2=r1=o&$(B)K{H^mRgq8WuXfWW=C9Ng3%}gNRuE z?wC69K)Fk0gO0>Dkt=|a9x}4oEGMSt1bxL3&k0GfXO45@sP@&y44$rPb` zzY-?@uFW-v`F*W>YpI9r;;kHAM=OH%CF%**QOkBQ)y1-hprADRsQL%0KI~70RQImz z0{$|~0*4mY-#r3{tWG8h4@{ClE|N&DAx7~kKGK41!wpMtIwH{ZBlK*c@Kq@3rNX3~ z0-4|3h_7Cg@tpEe@i6w;r*Q4dLeGHi;-}rTstTp+@22iOjo#H zR-#hM9HFTqYuA$BrjruRHB|J8yb1~eyZIVU@!RdFlQW9!FVpKY%%ifS=NI1u zK;9KD8xSM&E}ONJYAU#BH;-q@kt8Q5d2hcpQeIVa!!j$ydHd zZaWMS`?Or=mHQk!=bh+6;58jECDreI-K=3dTd5p?u*2BMMtu!sh07U3_sC|Jb>9UE zuOytdiysV!0%K8A02$Z8$&q}LVAU^L`{4PKL3z(<_w}C8VPl$9`)t!Dm8gH`d5Wfj z_X#`T5l32ry1bUOU?D?q2rxo>udtGhUocx6`Fs#-+1p&@g6$QEg45|isqw z>n+ecWYK&0*!q)lQt!+9&1&fBCXDQ3;THd$`4r*#iX9(iM$xn^qm6t|nc`__y4-yJ zeF;l=r|5O9r5gE4gSD>6AB5SDVbUil(P(;QWK8r013xTUmQ&F$8 z+8|W(^}s9_i~tYOXxg>UQeu#z?$_u=!xV?7UBdg6DlkWAgzUVY0K%@GTp07F9o$L9 z!t=VbYp&CD@$3uu0`^@tc^`8FrV}Le-C=@qwP(7K6@2#GYHh4q{2i&x$sk|oC1s7$B|D>NR$<;|1UR%e6s^-L#>e)|>>sukp)CISJFs+PdI8|phDOPjA@iC9 zqET$`1E}z#ZzZ$=4-}$lui}CuFi9}2Poyo0G!ITVB9=%wIqV=oVwI+&ZkDO|d~qI{ zAQ(qvcM@Q1A3%<^*1$vbEiev4x^tP9daQCCOFi6Ghch`#{c{_{XkS2NgfvW#FV;$( zWXQ+5&s)UnVvJ?Ml)MA|q<6KdetT0hI>A)-{CTl(S35(Y0|b`xOdl&2=TK#GRhg3I zIlEic+^a}mDM{-Z1cXq1(bLQaNy1S=W(uQ!>5NRr6tadhOcS02qv{&IUo2}7vxgVw zM7`rZ@7?=w8&npTNwsw0y(yzQ<=wf^PJf0xB1tx z*K8Hw?|DHn!_pg)b6R z%(`~&dk2z(G#=%+G6lljl`*#Xb*AsvQ-n9lq*dk5khM&+&*<->LW8*mV%Q*-FzJxk zF(leaD6CsHXQVo3i|x|v51b)KaXmzuglh)EU*Il}ITQ384r(%HcqrTq9!aeVU_fVr zD3w`EzL`u8`XK%aCwX9pgE^()3SulAt+0DWsgEGiioV~|Ilyc-K%u3^H|O4R3)Is; zwGlo6zBXbX;T03;+Dzjn*LMT)?_*IcQ}y@ha?4%CWtxqfkiA+jxvjt5>e$1%evRx#gCgU9xZUgUT=S%jZOPKR19VsDG|BYxr1O9|f zyUN3Bcf5z2$!WdUJ{mM5k?+^ax%58;3zSk=GIpxo+{RN^7H}$ zGeE81$%)?}o?&Oe?P12Jbv#3{Sie?42%MDR!`!Pg&&Ds4Dmfh-wZ>Lxi-Qtu+iN`C zgC*Cx8bMnSD_{Kg%&#^L`|&~}W8%V(Fozzgw3V)MHv4jA^IX7THx8AJG=@G!=@*@G z?Is|8V-pUoC}k9Z&7syy)^{I^>rCA`1EDR|2Ju+wZuoKPHDgee#|H+X)?;QDY;UGR^oabcw?51ECl}}! z0aznuSY_DxOQcL!6n4>2CZuw{D->T48mEI%X}N3dmSZFL-7}6g9KoIMShr0d3{8${ zX<`|BzTiUth}R_ zki`1ouACx^bA^a`4!z-|_8csSSoFp`4q=V?=0`{{fm9xmpYv#a7ky!e#OT47s&RWr zMte(#AS82v?)F-Sm^V5zf}oRFq3GuQH|g>IF8!*gY^@kwH&w@?_Qa)Aokyc|P zgdmv~KwYd51WjGsvhh&-|(JvuDZ9{S<8~eLU>-l74tl2Mc_4?FW|EeL4oh=8Ha8R_OC3Pj8yBhfg(I z;QhR{mg-7kODNJZ7^1JvhWT>W*0RUhmoS)kZ9v$3qG~*S7#|_Ob-?lF4%cFeP!oi@ z%=gS+T&lCWeG%4E+U69g$qim8P1-4|67$FkQ*e6qiXkdqS3Up+%n}v{!+KiD_+!=R z+_h{yDzW(eSJB6f6oj-CrxDljQpOSLJuZH2r{G+}f!99dY9K{lNA%;Ok`=QQcaoRz zC0@ol!M)U(=X(G374r+m0RO=#2?YPGy2^xCdRR_-bQ$6EombAIY!t|AkW!#7kELWK zb030ZSZu4k2MCM9;w z0k!!DPTcS$=Mx#K2x=tXBL~ao<-*W=Z)G=!UQQ5F!B3qh_Jo+|mKrJM6}`R0V4Dhw zIyb?afeP_Hnh9lw*_Nw3+VniZ!}_=f+oV%jxwym=TYjn!$mR%va^8qPMuE&<`tDz6 z5tz@+kN7L|HvsN>{Db-9Sbt^yBY!Wq#ipXNQPCFhxUWqwA=-q)Pgn-;*@|tiWZxv>wS16qqF$dKeLv^Oixr6hLZSn93qJNEY7@Es5*ITd8B@AX zt?z#KXfFvdJ%;uN$vB2`GU96y$J6!~23!@|jlR+X^ugn%7#`C0FO55W>!^1=3l!ra zagj`7&sL5leQf!vviQO|w_{Pt`4xUqrsG|i?|w+_VzzDP<(5hOeVB4suUNxV)T@{d z;r8}8Fg}y&unk_GRBkcTqNIj!-4@@FqWo!0aH^t*ef;*sx1Jdx(yFxZ{h_U+Qz$(p zmL#&!NGE!meR3T%UdgW18)^(cd?3aXzg?CvuA4kTaz02R`zv%fai0r<5@Hm`y)LK) zolJ`^(sG6SW}|BueFXnC?tbC>Oozo_^(bh(!I6$bzjKal-XOT@SEGi8YT`XBR!pUt zkP%1`-s$)4qB#=OHrHa>D=nUNg-G&E66$;FcfjSn{=1Qj7vB2)nsuA1A7R-0|ef zt?X)Pjy-}|@26^@)slQf+->ujIKa@~p?4ic%}x5aUmbDiIu5-+5JDa*7@Wx{fvncD z4JN8R0ue=+Ny{VH1Ma+gn=LXs=ci<4J}srziz?ec+Wbb`D&+oBd(xPb58Lk``Pw~E zt%G{ZBQLe$eKTiS!c&Gfb(({@y;Z}+(U31KSMTgW2)I&!4t)O9aB*7BEu_>Fr=w(*=q}$m z>hR6S#bx}tc+jeK&8RCjD|#Vig9r#2u&Hp>^H4$ORDpYS^3f6fD-y*@VKBbb?Webj z2Luq#bjwSnyAJE0m=-}1@bE}wNQEFhK*)|(7_G5}P!QlFR*aJx z(%zdE${>dK zu;>VgGSldR{WG}&R?EV5DAvUYTdmRhkF=1!d&EauB&Iic$^w<$DACK1T!NoYUv+F^ z7Dl)Qhv=NZ$(Oy4aT&jatc_Nu6ATt1B}8P>OBIhb8pB`AW3EsMyl7O(#wmgd{+e{( zTZ_hoE%O1n?&W6-vDYKnD~xbqbEx%1@Xa!an!`#atEinGX*_O4O@tqPK|{vp+`(!3~-gZ`a<5M zxhr39Pgc=&%&3vn0rL`>r-S5&!mcIjC);F(#ZI@o3qezZK<&4>YU3-1J|LjRKjhPBi6Erc7q(3+vf9| zH8<991+gJ(Gfgb+FHT}_VPPG}1cA(72VnkxnMIgB&muhkK8t8$2FxNvz2^Tui)aT( z90dGr9Edr+51Pho;Jm`PTC2h=qXg6}Ckh6Aq<^k^1Ao57*prmXZ~?2*F0 zG@$J?|Kt)?A(Znmg`7i!3UvH%_M<73-w#j!8M)pTrC!_I&vBNB8T&MXtdoAHMGlMz z83o0xQ8QtvN9UYjn&R3;=WyC1(Bjc1!nGqrpWbn_UuvjF$1}&=%Hj%NoNr*NzKLQp z!bV6x8qe||=K3KH>(H+?wmW;Rg7D48Lji2fr9bCU3*yWhD)^u)!S5j(HHj@^zXz7> zHq+O_&rG)FZZ=Xzf$)Hr&kB9mt#~S~m_i1TboJBXzzhWH*@n>%62E%Gn=4re4`XMp zv17z$X-K+v-7CIpQtFhND!4~M4u%i!yHh9fS*%%f$5VS;r*fQj$M7sLJq7y)v};=M zIa<8@uc%8TY zNXN~KUB45NRm;Kq5CU&=D z)W<_T**+9*QcEGUiF9X*MN2@@wrfK;iFkED*{GDW?XmJIZsM(WeT7)ZVcsI6zOW-( zvG0Bj4Us>csY|;dN^8o{xrV!|>s4}wGQ^dq&_kZ5xf~YZCBu|&JmBHPz|9qH>PB-| zXz>wQXk<4#IMBNTEm;eDG#dN5(bBG~IOoyHLwUd+-vtkCzCnp&Z z!b)sl95(4%zLUUM3SCSTDqr~)XRpi>KR|D{8p$esM1X-vT0WR!p&Gw0jM2W~A?ZCA zxiUg{k*JwCEn1l2n=*t7`svHeK)5#iJh!b?Oi_RD;v_=ml+!HoEBiW^E{*7ABX4%- zWqFfbavkaVF)qHM(&7?9EJQob45c}FTc`7f?2J&$ZBQ;Z4k!xiva;oKm&z;EH!*uM zjV`4F6{ccaa9gqFoHAUW7K~o^WfP>bGvIi4>Q!4YR_8>3aJ`Dm4D>lJd_4Hpu{NGq zfrV8;1maX+SRM!W(4NPLcW*whTfl`X`2C_V8!1P)Vxi9hU0`xHv3DUO!C&1faT8p8 z=Bgw-f5Iw?<4ImlL!HY)Fl*zh>0TCEpb;W(uk#pFuiz6n3<|F_n^;9S=ZPbq;S&uxdAn=Vacm~X^H$q_WR-*daZ+?8L7h({cSY1Oq66FTPZ789s*1#bv zhD!@Hf$=gY{E*-ELb@=Z*@bJ4S;fxup(#=mrvHl;4E*slZE_cKgZ$j?Sy`+OsNOp~ z;_-EmQ#f1AlVu`0DvXDh1g?zmuF0xo6Y1ni5{ELioctsE50Wk63wCJWR|Pl|xp)s~ z_sDSZ5Z<+84PwjJI0=1NTs^2{b~I<-Pw_Ez0tvp8)mecu5wy+lHmH3bdR0PKcZc^8 zE7cj#ibAjS(^EECzDCsOJZPNDppYUQPYMgmK<+MW?k*Q2NK1XSL&cc?4)}W?qW6<~ zwI)jyptIG5pNX<{p3Gc#RMgx1X*RHEsW-+(jWvZ_>h)f`M>32gl*D6Stkr#oK$9t9 zYzPCr#X;t#J5;mjnGck;oT9H`V#42WF-hgUZy`gs(-2dvovw}{6XnvK`9kKwu%BqA zpZA@AifP!0LTkhYqFUuZ6dyb|QET42(hB7`W8z8yq6p1P%a_~zJ)7pShR7X`Keysm z#8r%>b7JPa7dgr0<6uul*ayil5}VrHswp$Bo(3h*kbCLXB;>||G_HtZ)y2$WMGwNI<#d~|otRW;WcCyB?{L;Ntn)^?}dmXr1-+T`UQ;nf`McD8}!7!))K|{E^ zprBa-1JpdO{2jXaW_fdEutjAbV>S4lUgm>|B#UK;8b>LH3cja>r>?rf=@OliHFoL1 zM{9SjmyCIcZ?yTA4q+8hwF5EPNC5BFDgSXUb@N)wmi5@mr670jDmm4xwWN3#`=!@ z>WX5N^673#Bq+tWkOL+CDXfi@TJE#`d-AU@#C%pkMI;PNbxZH5kYT^@doVCkb@D!5 zh2AqYnA^M^Zq)0I3a~fZ)a2;;Dx`E#QmLJX2b2Cf3D1L8d|#VqN+bypu$r?;H`^6} zH!$>B>;@V8AaSuGiWpOupj6(7>J>+cax|}JASW(mR;@@y;(?Y2GK#H1x2HfzVu}>C z3~x1!$o}>B0NuA?zFa6_9K24IZUf$BO`)O&rS0P}l>HNY?JM3%VsYxSvbg0RK0Spg zB(udC2q8)Lbhf#H!PY~nP?T_|x3MG$i!B>k$jPKcGT0;WwwP!m%|8k3<64AO)y#(tX$BPW)0M^t%r`1KvIp5kp<; z%Pa0>&UU5bth8?l^J|=Y2T#p~zbFZQa(BeV8GW}Du$GLbTurc>?@-*9Bl-G{gkX)( z(tyogB>S+eCbEZit6TQ9I!Nsbzj`E}XsMTZ+HPVi4BSEad)9@+(JY|`byA}uV68at z@3o@YbFJv{_gb+Z@HhRSuU%yRUMt?d|JQW~oac21xL<3<{)WG5Maj8eYeh=5>uKrE zf?Im-?C1@1Q;?N3o_5RwN zG;eY^ge$7D7gBoyaI~zZoq`N`FtT-hJ;hw{13`_>d zkSy7BRCS13>7PB&iL~N4OHoje?H9d6zZpKD*BRirgF7L{z|K8-9op!%TXGxd9;PMx|`bxfd56zR(DX@N$1%CMD|_$7!K3568~cYepho&5X02H-6yWVIFkIz*`^hrp9+zUs?0U_yU>YkoiFT>rX2QQ!m*o zEGepCrxD&vuv8Mi*d}ktoY(DEFW!` zN|4|i*002DyRLAYN=T?^XNO?YYIzS<28@Y@3%;Dqi5iZ+{Q}=q7Ez&ySc;Pf&--?5 zw4=`-Vwm-sG8)#LwrNqm=C-LK#a~*l#Qo6PzJ*$<#*`z@Fbov5Lrq>SnkL#tx7Gjk zy3A*0BD0abXi&BNGd(!vwJexh+F7ZuQRgGhRSp?%Kiq<|j!PA_y$V8`a!UBY(9Mp1 zM%4GwyZrpbjvJ@x`bW;^%GNLej5pxq@51glsS}$r=Xh)LgX`2e^8iU>)S0gGHo?*+q>0=%Ok_D6BuR3o>AI=oG$6g+I9%RVmmuT&R3 zBx@_-Odcv}=K=XFfOi9og|c2(`v!wbC-wEQC;Y%^{@~s!bM3heRUqQdBtO21zLkbe zJ6ybXNyd-DRiCMe|L(#n-hh*G;)nX~gSDL*C#$@|3F}?A&W|5rDEEVyi?vf52!kA7 zA8+9L2VT^!g~CkVCN;UmrO%O9t#+$zo5|2KAcvgnL|CaNNQRL6U-fu(N3tW8`O>76m%4_@ErCF(<1nBu8}9Efe!A!3Y7vpE4&WJ5g|~6%>wkMmWIkM zLxiUOgp-E^Px(^;+`68vtOF;=03)Qd7qJ?#J)C~h@x3>J$ZIO5bEdOujmytzs04%` zD>L+j^RTx*D}eVAy-O9)*$6;9b*cOjftZIw9fg7wrD6p;>d9+B&9sNv>qoxd5TqcO zEoP`BP$4TW>}0~H2Lan%f3osjbejQR{-2 zR`{gWct}cCtR}-0w$6gf)YvT?gP?j@SPRFlZRW7o`_iS0BZ(i>KWz)q#`I}|E zO}5m~c~Y*6f6)+GTj2Y}9A_7aq&!IXEk~qtp&VA_y5#bUwwEm|5hQ7fwQnHdDa7!S zm#Q$a!_AEOHLiJzIJ*8<#rZ_!~V~kYL=vK|i1(hk_=_J!$3|)NeAWkeh^1{$Z317AO`k(|Kcd6o#PcC_9 z`M5up>K*0LFXAUu0&f41Os5{IKWYeKL+p;gcXjcLWv$#g`H1zYRvyv^Vi$r7u_8SJ zgg*QNQ4dQ$^mbbTHVf1`)vCgQ4PS^tC_{HS(A4+LF!h?@JxuQ2`K$hZp?6_nh~Qk8 zY_S1KQ-gZ~c!Ikm+|G&Ffr*Wut=$^$}a6Dk!~en8IR#guZQ(k$ZQHhO z+qP{x=_DPyW81cE+qOEqz4xtiZtZ)j_QQHzPpiIf{$tJYPaX6Yn3qbH6bS_s>(aLN zRfJ@T0x(JIFYhD*$n>_t4IkQc$*8<8QL7KlI=M#Vm^>;!;ASapbwO0B*0)>c)1xQV zuCv=>sSmOu^fMPg{@K?WXb=V2y_W$-uH=tGSz*nmO$3?j(MQ z+q^iX%rLG!hTfZ#=zwE_MKO9aR?CXmYOxXP@adoj)xH~DVSYf(CvIE!9kB0TF(YaGr=Gqs!V8&)L211=Yo>5_7HwddJ-;NjC3ESR$4;{PB2|p3=;^1%Q>xB%(gj1s;S|SQOnBt-y-1vDAVVdUIYM^ zLv9c6>Cc{0L~c87ucAU%@Yr{} zwwV>SBrrX27d-G3j_B8yRUaA5r-{{_=^p$spS!YJt^|wPdJI*%?lKTYJ|WZGLx%gB zkAxYp&=KYu+DZZ|Jd+QH8j*zd?n50?%1(J%f_Gwx%|)Wi`IX`ulv-Ud%=g z=p(A$ZWwV5?*)et85x0@M)wWRRGwNmuey9`xoW;}&l_X;qm2&N6NIOArXggZv%gX|UOQc9aa%aX z_`JXu>Q?9-g}HXm{I!Q|ye5Cqt{+V8s}o87rVL#UB-ZxEwy!Quh31QLjIo_nDh^Vt z`bpuYJUn{@{hHz)S1A<~p~?Miej&UXL9%*}o8BeRU!xOzZ=aS$y0w|3{WQikt;{HT z*?D=G=P8>TpT{%5*Ep{BiI8v*lzOS?KCR%fK+qY<>rfWF1j@`S`&t&zNI~=(=pTXM z`#0R!ni;+s&4Z2CMRGm)W3$3cV@T_msa;@hC2)NON7BECoDO*VXMs;?7un<>`NCCk zkYq9x_2asT;)T9s9sBad-ER$HO$2+^rYWWD`cmEc5!6hWsGRj9TCKk#j?$SW_eFk_ z+8?!lHk>oqN4>w83bgT(&t4bdEcZ9|(y~}%x_T{7J5w(6=X+hBQ{;ag^oe?oj-$L? zYk-LSkOf%P_iWJXJXA@T^m1sBTs2XktYiLUsBl0$Z(pSXKcq!S<0W_`E2>y>l$8Zq zHs0$pA;*9=>{Qoj>w)i_m`225*ScLqOBBZVU--gV8@2v=V z{i{o`|8@!FKV7m2`JWWwk@`=UJk#BWw=Yhg!rlOa;#A|eaqKWuZBy-9;{{HtV~w4I zg>g-+47Q8=#E{#)|3qx~?dl~Wh#^@aj;sKMBCzg<>1e4ER|$M9q;epc*=JxN;kzee zks{HLJ;HMHEH!yhRR@U;#HiTNswaZ>2QCZid$}LR&!8J1K$E< zl*+^SBS*8rfoaf6JvE*|HItEqwlW{4Yj?hbxh}-ZdI}=FNtv2Iq@8 zG=0&oTeuY@ zfSdJ_5s9Vx(91AwCGwc5R#`>!J05lx_L(0(T;ZbNv71W_e;ffjYIsz|Yu(|p$EI7` znEdV87>PgZ=8~zegK&7V@ZIW1oU`F$%VdwULjQvs(SF!$^&S1tFUl`9iLKq*(&7*5 zC~U+qKv7~EwWZxHXyU@A$i`FyK={f!*^HMoeW@J^W|w7xetnl}h^rm*md&ft$Z97; z(7;$|dc2*(#5*cCfomw?i*XtV_SIR)iHYw9Uy!#oYRD|L-w(XjyaC70-ogG*S+VRL z*uF4_QIn_!d-8W$_Aq^>Syd{#zW88~ZeM!9M^DQfr-zrs*V-6_h}#kkuBsei-348$ z1V)%0>k`aJ(PK(rquo}6^F zbY21S>9aKYm9hpgJK*3>OHVf8rpalLOxDQn0poOXS$~?lBwc%NB$?I^Hm0(C0ilLx z0z9jcTZrjW7TX4Tq+%01m8cH;y9bpYY>fq@wDE~>)VEXCyeCdK3!}8#+``+fu6Ruy z(>7DcL83LYGo17J6kY;pQy-OVHm?t3gTo$=0QU_F*d6fr3@m^Ac@DOtIdELqHPb6i zY{Mi^PFwKsWk*hp#6^kBXA^~DNO%~K%daJcUm+%2zZ^L+6XmO2TjiVx*arfTA(U+m zR(_tpzdl15k_^Cq%MI}NE&Z2XBRHVcI6*okscN*FE8#**tl}HcYwxL4$w9$^!lG1( zyG5=beGjRHdTz2TQv@jN$`@g^_xzBi*6pz0>Tg^a^eW{<2s_8lX2Ec{e)(oy24ana z-+sPpP1=tw`~a})BSe|!8;-m{g3cQvo}xH{h0a*iFha6>#?=7!`bForNPCQa+{1-2 z{bMpi-#*P5DzK>}!yyVUsk|7Fz7it-__SiQG?@J9%$WjACPKBV!}3UO-eqM?+C-RwRdtp_qg!_NXsv-%K&l)ou{bdd+H*dK-I7Qi z0O}nIGYfUVWFjlF{Y;6{`bkm49nLsXKZ0F=7jud#La~}(91);I&ZMyva%r@!`VR~G z2DAG?F_Y{C*++D@92BJNa?`CO^bK$-nlei|PMvQtk2oll(eA7w8vHpTh0XuT|WvWiqwUGhuGlv>CC$gnM43wf56pjeqSQ2ef@gWa}IkYL&~x( zb0xOSH!sctOiA~%L#PS#Ah(kgPw3;TsxkgRcdX({Kn{8Vy5MC}+)?x*)!coa=x}}I zY^l(m>RL*Fc2+4gDyv@rbOoCqA)I!n&-UDC1JOkLMAAC!N_ckrmIGx#ABI*NoNS8# zAxRZQqN=7fY7Gd0dD9~f9i1)5x-a_Vz2Kl8r7!%Ak$nL6Vab(HMEWzT*WY{K!%flu zV2l+t_nF))639UBX={wBZPP6)-+o10$J>vsvre8|4tuEw9*(JfidjbJbPUJ#!uRS6W~`y)8>;NNjOv(frQ`>>P!ShA#{3{GB&iDPV-=8(@vz zIV$)G;OwLrCUQZx0TxBHwCvny^l&M##$1%<4eB{&#q|+ej!d zS1vy!l`wB;BjoX=_f-I?^nHBTYuw5E#k%1Dr;E+p)Q;SH8%OE*Mp%hVw;Ad=j*`}| zTc0Lp+NM}76B-4s{4l2I>jJ#o%svk~6g0t*^}iO(2Orj0we(L?&YS1d#XOjVXn^=+qJmgbaP%fR;=aBE=sdol7REMM z@=#G}0fiy*-+~v+jbYokc_@)chm^cOU6gA2WUviy8mpQh6|`2xtmGbs;jFLH!ao5 zJ2z;_miq`Rjks5H+7s9-D#Q^!x?GhCwC@Jl)B>$sU2~rog;ua8mDyF0c?uAE-1stT z>(|#iyF(!Gj~;?itGx+Ty|F$bF=60OqzSuUjLygf9zn|lb+ zs8bPxTey_vlubP3B;VP6K;*8uU-B~K+YYiokqe+KugR;Ob{T4 zW}HrJTeb?L@5K=ilahe|j{JC#bgcoSPm4v7Vc6C*dFd7u^+K5LMp9&kVxOoQaJH}N zP;lIxO{I-3Ngih?v8h~|DJ;(w=k-y`*IlRb)-pj)>|M4kHL`b$@y8QgNI)%nT;)z3%`u}#MFbx-m@-Fhl-LU)bntGNvl z1&l-lKXH&m+D%hK^YiPUcb{aoYE&8?JeYxu*RE31LY;zamfpr0kGVBUx0?^!R2^+! zGd9blmm`9Gaeidt^me>&mbLm+3bBrd>Xku%h1Sj^Yjkgw{6&6+Kjiv+erd6rqd&3XlK|@b~BczqbM%Vv75hOT6{}>5?7I|D*_Rf&aRs z;jeF1lvTsU)E6fH>`Q`{NRQFxCi*QKcNX{gu&HJ7Gjf_ur9Zg|5VmI(v@=wE$TiN7 z(r+nNfTJ{95?5~%W3pMK2NoSraCX~_|GQ) z9OUWpaBQrS=6QUqmv+8%cLY|8w@e-jt7uUjvGMvB+=R01%oO)?F?pY6+(u$D)}pMx zTXh$`N%)IFM3@z|AtsmyDe8h+2D&)6*fwDh@EY~E>p>OiJnsAa8(Qy6Idbo>P7H-jdi$(xwCZ{zbrzlVmM6f~<&`cpj$Db#^V}1Dy6_@lO z7M6O=GaId<5q+zo{Nyx@23;2R8Ld#e%ljA>{4v=Mf&Wn&gb*(zZK9b|35E{;xivIk z$-mJa+rF=emL%h`u|y{kw)${kS2vo_Gw8bHZ;?K?MDYglo6n7YlwY*%K8aGQxwxK2 zK)bCNx+4bZy>7~!o_cZ$xy3ISBN?W|_&3SVIi4K5EBW|=uHwbexWkOG{Fqp>lF-x^ zZ!ncpD}!zhcB%7(=?L<#PA{_1ry}KJ+34O9cyI6}Ni}b|sjn6)s8)Qh7Q8;eXY7Rm zhW^Bd$7=B4xrQx%E_rEK(^-48C_nkq{Cu9DNNCvg`FXuRcmUBhG9DnkuU!VGF}zRB z`U=Q&M-+*}Du`fsd4Ryq@%vBB_IGc*_2Q$Qi`;gT_(lm}iw0eww{~Cs`Mj4f(NGI{ zLtQ$)iyxyQ<+8#z!wY}2ff;HI_^RXG%ezZq>(U&s3rBkb@X|$DAtc}J0pQQwGFflq z_e%67NLqy+s?rQ0f5JU}rt;UG5}rUix0>)fE6zFGZ*1K7PYVTT6>i#*CI6{R}$Rl*I3xYEkJ;j@O}oQvf#9b#N}82{TrCJ|YoGcV3@6B?Ba&oZwfRFqIw# zo;o^LjY!}OLo5Uo;QOW&>3H#nD2<( zabp-PlTRx@L1ozRi_T}DqA>?SdC=!xQXM9bC)8r^>I%6z!mJ5#sRkh7K^xVy5YStS z-52?a{CUL84=%NM8J4d>_iOz(gxwMVgAt2-s-Izy%au9w0U>C|F}~e6Y#@Do)ye0Y zj9zQk7m%@t)z)!04)f{KVIhw>{U`~bO#)Z=K+AXN@ut+Ypy;I;k`C@qV>Y)rv-F0YLsuJ1VNm;?-U@JHg28p`Ws}ZYIreky>>hG zbt|GggSjo@gB>wwk;G-a#dgR27So#Y&7B^%$NB7O4>8B-#4N_yePsW!wK)x1P?%<_ zDtj7m%J`zej*Uv=45q+vu-!NRXlSo6*25HFENDQBfZv)5^9O?p6ZB1HMQLMHjN>lH zzcOcF#2k=FC#l&6x*{L3T|jV4TzO=`TEfPwSXA_MqcVGmj`K+9t*#z@l=xj}v-@T$ zWi{%^kD6c)uNO>yT#U9>I)!n6_mz6Hluf*;lc#dA$Y$gPnfa#%6v(UUu$@rq{^D>1 z-`(o>{f+9elKsNE+%^=C5!aW<;*i>BXdZ$rr!}&VX@C;6PAXg}$o$TFPOY!8$TzHX zb|o2DK7E>Z;rP4^X$7|~$h8B^zt^+7=`^DH{_8Y+_vlf+7dxq)BJ|Xtzh$oBtQU=v ztnK`pbE+?jy5kq~Rx?qE4Do9XAjiIkz%>6V`RtH zo4k12$Q5&O;cQ)Zk!Uo^o6<>-uF03KRXmxQK3YD#_w>)~eBK+CIciu-*1*uNs`P5& zQa1F0Lj&B@ot%;0t`qIMICz>aSXUu7M!n~Xcs!i>$wYzffEN2@ao37 zjz67?aDmi0TY}`_S^Va|Bo=Fa8_+2*T#a3LmFYXo`dB?ljE66+5 z-$7jYb#9EQJZd~#r%oiZq_Viz2%C#x?9s1lB9AInAXofQ4+<)Nw0_%yLm!J%ab}tZ z!P3wJ8Etfd&p<}*-cka_aIl6g>b3$N>)8Ft| z#RQsj^~ntuG#YngY++o5H^JfXCi|vBI-=(kb2$1mCXWjxd~NXL33y+PMy(9*0B00qPq47P%j<=TKuy zD4gFKsEyu8mt6sDK8(Z4#R&Rfo5#wR{5V1GC-5D6CeQ*^!xQKz28@e8`U^Ks+HAFH zyamM9)aPErwcv7y<=E{9(PhW2?e!e>Z=2UlwbnvmsXJ{G#zby=TdOBchz6?)>Fu9O zOO=v45u!ivHqccPB4EwkzXy{$V++W&8HyH3=rb^vMfEJAT-TV2VjRm3&M z`b@zT0${062uut?=Iv@a$bNS_|E?`DtmYseL;7XfAf%-U7glC%vfW@yI+)2?gqp^C zG~tOtRoUL)`Mk^#y?D~t)J7qo(-mm^{;f-U54#ezg)lXNEdCA`-H!2anV%@qCnBQ>QLym}X*rW zi7bY7_JjBKIjAWRICl0}W-9S8-m7Z_9Jv`s0-M5aAa0gaqfhJ3LoRzh*nb{r$xm8e z2cDQF*&DqK2zVt}rWFNhT>q!3p~uZ*TlWYWMWP-*L0v;)ae#;D*~02f6~TIGPNXfB zWVcI&-}S}$RsM2tsb+V*b-P-k7sAPPT9$eZ0#qLAz8pTD9e>k>v^FFH=;{znMlkJ2 zb#*Bqi~HM)kiSy@xVi?mfUM|a4ySR);ZqN9@57{hh}4S_a9FpK@|4{f%wK1Ivp*;F z^FObQ{Pp?&Pw0PIZt(w}_JIELgnnN3pJ@+^*gsF`oJhzYl%+5LA8isAV@%RFb;Er> z8hLqz#YY-v#{e$AoA-Mf(?@ZgB8f9r7*#LS^G7CFo9$O9wt-p-bi1w!kF_DkYPZBn2Du^k1lPmTyf3;C3lgWVnT*BMj>N;OAMxM zzQsb|z&?oqkrl?+oSDBUjE^^a=fWMJnm1j<9*%m5l5eHl;ENyI>N7M4rh0P1#?(zJ z0@-bK(N#fzf+nQIqJ+vDIExL>4QK#kT|P){ohTUYDmhISfP~i!L2&ulIFTAsi!{M- zq@pS>>OjkJc&g@SetU3nPq^BXQIZ$AJ@UP9a82f$?C6F1QNs;to zj}bFUaj!m9a^CQfQ{xnv+HZ_T1EjVJ*3DDq46{x6A>>2`9_g`xn#Zzj%XeEU)^Nsz zI~e?;oi3)0KZLZl)E$mf&`hGn+@7jRI`I1Fvdo{Tw9Z}$Q1?)c{;_T6V_0#H)v3-E zNfNG9N!}i^qu$KkYnhJ?i1?Q#&JS{>Sk0PMr4G- z>76CLiXP|2DnyJ|L))+5rJ;`*Y+#>&)u_Q2+k}YI3RQaHxTjw@k9`3=2IJ}mXiv|1 z_^`YMfpZNq3L)K9G#*nS+;9ha^5f}ZbMQq>nT;DW+8~APDZ-IjQU4GETDuMLO zB9GI2z5Pbo(H#F_P$H0iZbmV7|1l%<5oLay)vLj&n_BeJE0O#Q&{hIE{g+)oHEE1w zBm`=RaJI*Ml=!WKd)0A-|MlNK@XG-#Uc{p z3iz=kigPvRAt?|S6trA1TZ$bq!H11q_X-dVoE%&K3MsBxs-rG-vgMv86&2J%zQ(N| zS5tp771f`{YH%|7`FI^ljsER6JbN%MJvW-2Pq%bg?0auHt`-m5!p`?X_iY3UYxk$? z)=$Qc9H<7dXN&zpUP>^7p@D4AHy4RrR}rTL*G_`DCQXFRLNZXX1Vy&I-wC`@OpZHE?45glOOthV9R=T`BrX^&jk zf2Tc0f4UAD{&EQ};=j6t;BS|J{L>}3ivMv5N$fvef;wepa?>U>M4cop@wlJCf!ioFoGF7={qzuOZwz=IICNjxly02nT+& z=OoMpjyV-6>c$0!k4@*)C~nR}%z^-7HT{idFcBh1gxK;_`6YpA{~^jcb&(-n8J~5>{~&*na0Ns?{HBHhJ2U!S|i*RsF&|r6BwGiveAkb)%e#oVf-!t zH_PKfl^$4KA$qLRVu}2y^<$I2f?PkfU46bH8S?sx67mo@#3kW7 zN-T|3xE5?&A>4l+xSLV_py%jmY(lI&fve@f#X5n{<<;b;@Tgs2)b`jvU&R;6NJtAP zd>eKNRNUD&kLx@0%dUtpB1gn_Ei zN%ct}$+ESVHUrjtJ#j$9G7)&*7L#cZIAe-{;<~0QkCzCHiP@p_jN??v#lH_{7j_5VW2pUH-|)#1sMk{ko)5X#ykQ|1L9-t zoLW9aTc!&MneSp2xA)}}cLL*i9lhy5PY2ZNu_Ex79MO&-X{xAzBJ_GHw&?q;x95;9 z7wEX7NRimuC>k(^Q77exYkUHMk3JUL;df)US_;1zrE*XWvL?2_59=VB)ICwj2ALLt z`3ptF6A9O9O`3C-!BXxX>l4QmvK(ARN765?4L>mu)Q32m%3(&}CMkUWR%@G#k(8I% zT9zZO7_LP&>LTd2Ifx0^um8)aQ|+7o^jh>l$zjod0z0NON+sdu3q2M2HxA?&4 z^Is+2ae>RS6yy5bwF*vj4;N+!g%+n7rOM1l(9?j)2aY%s7zUa1BGY4-)ldOPaV@A6 z`7*pVcRwNU)sNAF6-#*atd%B~PCJjKB#RmG5HllO#kMI3gBQS05fXcI4Zq}nuGh4jn;8*h)s z)%3a%&4G`z-k7+8hXTH zSq*CtX;R*=83bpWu#EPZ6~*PwWIS}X0}76YOX_b|pQUW!E^q0!z`@2vV}mv?ejW~)@AU>#h;G3*Va zhe-TtV+Q$Yb!2$w)IBQQOj#;x_z9B5S_-NF=s6~155PkXBblsPdlgM@wZ}#PWIItx zl7TtCP!@^CZ!Ax^g@TUbL!oo0QqNVxdUh!phSYa!2LqHB<9sT)MdS;FpKxty?oS7U zv!U!mqNlC~CAI)iDPDZY+g^Y>$zlNUlT}mNWrPX-xn`B!fgUVq)+w@|z<4EBOikCO_~$$^Z2GKjeQ({wMjV zyiuN);?)eWc&3CjN9+F749|`7G(240WSc_H`h_%1BJ;0szXFh(QzDE?moAQek}wp| z$su>LE1hT$ug8&p@0l<}5Hz9$PmuZ?57B}WS4spL`FsOIeD#XPcTRoKcbLi8$PqCe z8Uzl|e36~DGQ_)rM$Z?_# zB7;AMDA03Z#;++l-gl8{U{M2FUS3M2!bddw!{#D;g2M|WKUPzg9@OKLgV^!RrW@BY z{!ED%pkLmjqRgJjDBO%6&$lAwcI9cIF8x!?e^&{QC2XDs-1}2M64ARgS##@Z!tD@0 z0}*K04iS7A+8nZMTQ$_S_f`86rZF~@0Z{<3{2GxYG$93#d5cnprKh&CL7q;aPbMb) zfLE9x5IrVeVHYrl1DLGW;$56lKZ4tmLslfOs$GKps(_#Ui?WRnj6S)-VVu_>{2shY z$do_v$s1KK`%B~woB8BMGmVvmV#Jtve|25!y72OO>IHFeoa;}WY*eT;mi--dK46kd z*X*d!MOSTqOl3{W?2TNos#gGNLxTeJ7W<;Hf>?F_BUuWQkg$oK;&BL`^+wmIgKaqB z4rSx|3)Fgtkr+R)VB=i-9J&84mhrbVYCbgWPx0mp{V&$VNH5K^DD1RlrakO3ou*}+ z_3qs10m6q^)Ff zt~AdZvk_0zIBmAii~+S3X;t402oL;hhql+SOD-Vc76RHmymlI3zdS9#lmgxh+c(t1 zP=LIwYiaz}1%ITUDal#amJTifXLrj

mR4%E8(oOIP_dTbM~~aqsqG2PsMrLAHaJ zcT)-Mk-u#40*DAOGwlz>-~q}3cAtVxqvLc_;a3ciFGC?*5LZefbQjW>J!ygZKZK@issxO?5~Gj?1Ht~F;-x7I7r?Hcm||`CRN10a1yVJrMI%=#|JXd2KC41Mapzkg zLkVcJD}(v#Yev+yD0cWGJ|0)Olgn#CItd(8#f#~+t%Bo;*w0(8TV9n#ZbkCo#U!rT zrB$_*bdcQcvbXj!3p|nBMD`2N?e(nGh(PNH@N1hM&>7P}PL!{$C!h@SDKhGwwi7}C zWG&KewpV8%X7Yf0cdZZ%v1bm9@G6S(8h~`DKqwA0Zn!lNjQWAW=*#XA3^Sf)!h}$b zBO9Dny{l(>KeYeV!_LpJ`D6lial3%#784S?k;l9zei2kR`E{=5u$@b!ii8iNPXR$S z7x$k%m+{4hGeC18&epo39eJt6>wO`BF!hfvuS2jj676i6+bPW;f($>@yz=!JqP6!_ zyhw$<^XoDa0bU|4-W~7-$e&t^M$AB)I253p0U)$P{PnRe`cG<@0ufzf-*~pfkBz%K zSa0isz?ZM4@-=^fV+3+lC8cXF@24gx-m!-R8zA0{E#cq3(&Mre_G0hJU>uccvffez`BNEb1tdLXN70RTSaW-s@ANooW3d$1P#&?q^Vg8H!4u8o1 zFDb(M?-b$rzbWE9@2?ag%=W)2LL2#CT|)G?OMw3AlJ~s7UGk@Wll<|YE;)!^Q2Gr+ zEf?_<=f~aX83`289a5a~YoB!^hbN7CucJ`X8FhryMN z{*&yS;M(*kKiC_UjT9HB?5U*!!TF(*~B5}8(6^U`GBgB*1lqp)&# z%YAFe>q5A%>d`jE(s@0l-LVs+0cNQoA$y(OAy=`|EuYS~_s%K>BH6@&bt6CqM|(z? z*9vc0og8;{T`ztx@3{MJWYNUjxRJkBmXgsDK`t)dlixaLYZpps4S zNcO-tIY($+xe(z~k`Z15zi@xO_+wp8aGY7476~uG6@AodZo&!$5K@z%O(0|jL z{L%QiECMLW1x!lt+@`qsgec&kThGbBgV;GY4L7)6N@rthUHL{NWK2gai04?WScPgTq=I`b#>8(3TCdxF0LqJwUpcc%o zkm@pxT-{AW$c4Pq7y=Rev?L*l&L;apnreWm5R>2z)b}9-Xb=4O7S&V-W*>aHb8Xlm z%f5QIjLepXt$XkVAwo-CjjL&dhJ@ONc-1un2UobpXW(wUe7>+Vu0vIo{f**YFihxd zbk^!mx>5F9)Y9moqk*N&!SyG#GEi`s-sCcZxz1{^gT0vE&<9$P8+EFR+bUDX!VkhX z%;0{4pR**AhNQUV0$`xSbl!=BITzj{?}f$hwQ#eEy5kfESboYWf4be5Tqjf&^wvad z`W_a&K$l)6iz!k+pgZC2O7#*>irDk#fT<-72S|o;&%W0R$9=<1?Gfr+RuaYz3J7}x zT4-6MmLs7G1C?`SDze#gcfWz@uClIVVF*al)w>ht6*UNDQCe}Ql=E-UE~3K38FeEo zK3h0#O5>N0WhW4&|b?*aEv3 zGwetfTaA};?^LQJGs0{Hso&sp5y#qABzrup5kwfC<&!|?!hEiHir=t_QQG+i(8YPj zn4%7oC0&>bLdtl*SDBN-eWmWUzT;3|IiWFIa=^$oJv^D#8dR|H8@#wctw>qWxT`N`@~8D0eC)t?qgz&Hp-sVz=`0hu2$NAm z3;`yVp_nKHTR&GzJ6!>38548HK)6rjX7lBXVfdqq+xr8@Y0xsQ%d z;ERE-Nu*ZOz_)wj(Cr}TymY)Tlf(_R)>ckn#}rk_45|$u0=Kcx-^~LS%SN>?6gUTu z#a7VcqS+pBTC7y@p4~A(6kMs!hQ+yV<+MOXxVbcX&_hOVjoD&(;CL!e_?;n2b?!ry z8I=0ADS|D>tU!bdpU^gOfDSxv*mLsLe9!Cbl(4lJC13LWu)G{gAzH7429w1W>+=PY z34$qQ8o+NZm1VCk9UZ+F-p6;Z*pezc<_>@u+&O4Xia%a7$Wp$WJKMe>o2|v8GWj&G zZ^-e@@O$Eok7RU7D;B_|_!8NqosC3zTd#Xob-(QRBO?6b_M)Kq@p%TOj~K~a%56x6 zkgsrMWD~Vgex`&C!TcJnH`L9WinA{AFFNL?f&=@-oK1u5 za_vbR|DuTBc-P>C^dQLoFzLf9?OI?#Z@-D%o)~`r5cqCri9#9e5S-x=4s0_TwvG&G z`rR{*L_yj?SCF1s&kCb*AskE^%8Jxz+VtLyR^T_ zUDdgI6VDV#nsbAgw|^XI@|vPTfhs*xSBrSv#lR1fo-L~H_pRS`$$Rz3Jen5a=)WUH zl3^~_Bn5A(swaYO50`KxPZD6h(pOSCIn}Z&H?I(lopEF?v3KvX@97B0GCZJ2L|)q< zNFG@`j9AXBZ%oB3jRi~uzc3)sRM!?ERt}k5)9Vf{BNSt__RD5C%%#U^^-y!%44x?1 zd_c=P_<<(tmc_`e1A?`*kj_UjJws2Fa^ioGJM(eFa~gSM$f?tcMLQnK$qGfFO-o*+ z_erzdCnc9335vZJZ{dvz^;$1&p5Kh6yUK+JxSEq$@NZdv&1~JK>x|-|$D*8o@VRiz z`Z2tRE?%BeOL0SO!(g#v{O(bCPe!k|M83({g`(TUFDoDMHH@z>IY;1JeCVUTgP58) z#4!VNP7|%gRLjC@D8D$3vW3vZQndxldOE9rhU$(fi6o4gE?YHLNE1D-3A}N>5w_r2 zur8%zFjHiU9)YgD$P5kj1y&+7!t^VOcQ}85-lAvfcaFMyb3+> z3XW5^YqRy#Y>J^s9NT;JA@j6gQ4$&!1C@=0sm}>9l1Pps3?jjqtXI>&=C?lhqcRbo zPTB!~qnlx|ZCq@mCMT$R9~vx$pR?X|lc5UB#5EyvCHeG%+=lx3t6!wT5S1?}sb|bU zaZ`S~dl@ArBymn16@}J2sY18*Xc{jFrT)s-eC>RTkW0;6vaY*JeS`pK$14#sGdN*;{h~nNr)C*r>_UX%yUUND=4v|OeSAm#A>$=fy z^M!y;Nl&o7nMflgsFh-P%^!f^lY+F^;ElF6TE@)yDAP}L{#bvywcc{U+ypSgTBaUh=@nI}U= ztP{cY2g2eor#9zian489kw|cJ*7Pu)biN&$$hcB1Gv#aTwp;eoP+Gs#&l% z^h4t3vJx@~Ead@KbbC}oPxi6k?A|XV@8^cg4S3w}s#B%|C#k=l zU#k(|fhBoi7eDf_r~D#2O5xrw1EG^Ng3V!u{AK7OXOGJ3U*uo;L;inB5jKCP2#^0s5i4MKf29cam0vmd1IS`W(hmh>I%Q`|`0rVS;RM5&27p?xKQd5@7jPBNd|$LqCH4t z8gOfZSEzCgfBslybc!#;ypM?Tin{Z_J>3I7pDajXqNhL!Ox8r>7c}Mj1@|;8oIg1E zOC_np>B(eS)Vx2E-C3HeRiv(wA0F3nc=tJ8%l#Z72{z4jgrP1_CB(yEJ zsU?>=2}QODZgnh2M={QZPFkQ@<+q`%5riPA61=3>8qk z!V!Q3N-#S>m;`0y36A~RYKEM(cY!(%xn7htp(^2@WDe)7cxNXA_{7lDdL&9&=DceO zgh_#-j{%3ksPcJ0f|WG$t~o;S;J)N8K!XfGL~t;vsPO{9!5pQpRte~HohJYaj#dJI z1{)u@s>&sDbhHtLcz}YKF>p4=)mkuF-U*4Zf&Fok@!8?|)nluX4O0bTMv*oK(}uW? z@L@y>2Jqp^+{rGu13n*cS(_J1Tx<(|EdPP9kuij&gwfAhtF&gXckVMAy_aRAd3TM^ zMnHFe)g{ef^J9+&KxNvZv~^lUV1uN*`V;DX=+xcWCL~&2&uPu>Q6MnwY=Jg%GaKps zq(w!YJTEqo>>WgKttuD{(AkiRnbAij1d3pUI+S0x^mN7C;E?e};NVa&;E@ZKA)@^| z9mz&4La43mv;1X1G0m%rFWltP&?^xfO0O&jf_pknPkbY|gb1}QEF=&n#loARH&oEQ zF+DSu8O$mLt!RP6L*KNR1K=oq@qE`ktO%w|L#KcC8j#nwwTs8KiY%tT@|676p|xyp z7KfXMY;%c4325E4;GcsnY{>9&ZmxT?^(M$20Nc0OTgB&|#tS!9Y!^T@L_5-Dh0T2* z$ObBhz7HBFoZn{7_0GQVK4hs`O&8_rqjR=V>BTbdq<#+qrfV+H!+{@+u7&10jY{sJelOFik|uG#U^cFlkl`BrejX=3 zfk5T>cw2U96;Hv;Zmc_WQK_fIz#gL_6G&vqumxJEQRRKMb@^UvJ}F(a*!H*yQ`zYQ zz~fKSJQ3{!&$hG$xqE0@&L_(Zz!xILnSN}=Db!3SP9(K*Ci$tO8vFSs&Vz)5Zog-~ z6xHRvSZL3@4zOZW#XkvNK>G9>WOxPZTeX2GUb9CDs4P3MR70;g*hl=(8F!xBRq5zb%j2 zoUz_r8_#O&PS{9hmPeynjytxx+72Sdp~gt;i5L5frSm|ye3fP;|Gi?@jX~iiK2Fz+0PG!Amyw7>7p+(r7~FSvF{`zMLAElh}#>#zRr_ zFPHdZ{OisE>0jjcR{tmYVbcFY{ve6}lE3kJLH5XTHqgzVzg8F5}L)jZX=L2 zYV+WSF;g#VZ?$AVcsG#Eq%Sv=qfQ8{t*AO$?RDea4588M+Elc~h#^?0+?d%{0$>XM+^n882O$lNlK3Q}g9* zY4FXD1^$kSI2L2k^Bx~d2@IP?Q!cr2(>7v#1|Jk|#5MW+vQAANd#zh#x6i==D-+kg zV`RWsXZUo>d>hG@&1X7J>?Wg-V_^H5*fbMDNz2@{(TXI!j(mY1C9F{jVWoM(k!pBC zQMY~vM;OEMrFJK#>&n`*0!vBom{@Tq*T%y);CzJwp*A?6yaA6mW+GN1Ddcg_$RR&V z>1HXyS-p&_vc;x2tEDl5K~@V$7YY476g)ynnfv~<25MD7c5u8qtWq~B2Y|mfl#Ds8y~~joy9=;;Yc%HT!fU>ShOKK32b0$AbPf{RJ{1` zBDROEb>~O;fA~7bX2F(q%`V%v&8lVFwr$(C&04l?+qP}n?%Jp0cE^qzasEI?%n$RO zBgf2qo^$Jbe!l4IUkWSFhk6hm+=PS^(%>)t02;1=fZEF*wm$2r-5*zq8w*1g0=JWA z`!@?EcUYV^^E}QNpH8T6y_xL6eGvdD0Fyf}tX_V|-O;tD_XAg^+UOx)gK@-0BG{j< zf}{w9alXKtdHw7skI(X*HBQZofsE9hLE6o+j+<3%0#dT7n%HefUv9ZV=v-_eq*;0Z z{i46S^y}OaOh#!Ke(pvI#_t>fAWG+6Md$-KoxOtKZL%OcMd;Xwgh)z!6wiRWl)nk3 zy`Vm6lInzy-tgMQa<1Td*?&DZjBSJ~|5D;~I!Sw2<+}*3@KjUZl#fKxz;&6Fg9Gnj zLe5?$>_C7iJZyS1Nw4|Brde42_VrV(UfO<0YdSsl zt634vI;r)nyl&u+68e71R>_v-XrGA_+T0fej^DDC?mB)jkR5={Z)WhWFHV$DmT7XC zuy_Dt8W%<6_yyGwJu(P__r@SS>|X%C2n*Y0tPo9u5Qc*Z=rgmO?*#eP5Z19V1_8IW zSs95=jzKaT5Jo*VU_S5=IbUjeM6{|iT0f3*Xv^3Zrz$F#s8i1(Q)((k6j# zLYEfsj4J>}AsbQ0yksxx_%MWz_O&5OtMbxX8RhV|1bWz8dyW0M0iDRJE!zIi#Yl*4 zQl;NwaJ>u4r2uGipR=0pMIH;U1eX>tJQyz7!-OeX(O3U7>r_V_hz>%|`Iyk|?%2?a z7`&ACgo911TX}uDt8<+$JM#TBZs(&bx8D%;tO1hdgq%ar`iZh^>~Tm?@e~lCG!iBF zCYlzLKfkK(q>)Rw+aWXZ_|%?|0Kp_&luximDY{?6uk^7d)5YTQNaYcm&uJV0QJO4L zutO@Gnuf5-*te{cmZD{dUB8|)wl|dCbd&}_9jOrmxSVMGOxHSKHv-yQj9ZWI+UBFT z9FYE`H5TOQVjPBG*AK-0w;QZR!g;!Nwa%rc!|`jrE4VL;4kwkEZh{bkoCX*^ux5V$ zGVc<&oU=%or0Enq$@=LiqDi&!@ou?XYege#VX4W2&nW9od46a!EaGr`&GLYOQ^ON2 zlO=yv?V^E>YhWvrJzwNe z+mQ50J`8hJ5=yo**Kp_ViD%&S^7}h2he25O)Ym;{`+=X^cZ{74Y_8>kBbMcs49xf6 zR3_5ZLt0A&@-@^%G!tsWh>75`|`I;*Rh6*C6W_;Nq>r(%u5o= zzn#k`9KfKEmXW^!2XE}xvtC*8hkXUdOov5dYVb$%766Lr<WzXM_ zRYIN~i9q~#CB`N7$=RfA)4{TDetaes zVaHLw3R(KqMPc!P=s3Va7v%E$J{E-t_7(duEd=A*w9PJ<$rtgTkS-Jcf$oddMJ0fJ zySaT`ZaV0aXNwa^@L@qnrW+iZuD$pSQ$ z6?`2*CQY;V*Jcx@gZb@2_(Bv!NbNg{6vW9%CRpGieuHEqjZ=u`2cemufTuCpef&Fx zp#vXMbDa#b@%=n}0skqS4;%q30b%Dt&lhLxNeQ$W_lIBo^Ua_z)e(j_RNUXcWX#An zFC-U{N&q?BJ(nEv5LE#tF)-P;OCCpI9ZF{NbLB^9f$JFCLxR4|(<+H)M)+AfEw@(z zNg+N(X-k`Bw=R^~>fy_$TsB>v+Dmll(KoW}rP_)}>BqRtBuX6y>JV)K}D9}sw9k8j#=QAMvV1Er%kF~A5h zymli5{27q2r@k{_%w97cjMO$=PlhZjozkimy)n!d+`yo{wRnM35m>T)r~x~ns>%30 z=$kRgJm9ea0VN|t;p8)MF9cs%qWre2(*fqz7TXBO4(?hwg+bh-z=2ot9>?4avow1h zi-4>ywc6|TNTYqO+vq*(zZV8(1P!-mx6A5B_>8(l7{!yt`{mIw7EmY zU>(x~?e_dVTjbexS3?2?Cz*IweSihso87(WJQppmFEoZs>^O(p6(!;_l-ek$&KC1G z3XhBJ#)d)G9Wqim+I-#5GS`8o!f{|Cwu83cw322OUIud$i!Ave`9?Q0N zB--3C#QsLL+oL+UH5XF*yPd8sm|1MfFmy{U*FI6vxi>y@^k$5S!c_G<>86879_*?8 z)hm=>=LnNDb(q-#U8U&`q!=a-hVBZ&rM8H!m5VXWVQ5M#PmNpCOeemfKUL#T}Bt4Cc7{e zm#5<^gX;PWg+2Du?3(>U=xKim{lC~A>;Kpu*Z*yM(9iy{J!IGa+xDp7{8#2D{}1yk z|C{;I&;Ez`S?&JK{5h$}8xM&2$<{KrLvtZp!zMSr_~m$R<(khJu&{GZ@`%0CXP#db zDC)k({f)pC*p1>Lz-PZ#SNhI5mWlSvietakP7irvY|yEbfwxb&G~q6wA~C_V-Vrr( znPO~06E;+)RWzmjR)D2fm(uPh&~N(z-Z?oqn$j%Ua+1)qimoP_JH_~ZTS^*@3G)-e z%G%vT%Q}ONbnvQdrDUX;XJI~Z-!K1YxAot)}ob9l3YvY z*&Y0ryr1AlY$iDQo0kA?wG<-xEnt*MLqET;DZRyC-tYaL^>t6RU+sagLE+l{=JVRe zML3!nnK>gkn=1vdy9yVI+LH`m+K`Q*F3Wxxg4gz^#urE!DQXn@i8>;7+3ZhKdka`X zH##SQ;n4|E5u)wr8lBGOiGFFW($w{Ulv$YeOvu(`XuCmsT*Y1LnfH+08WJC7|8a&* z%N8Dm>Ik5~a89o>T&#f%V%R!wmNGuvJs%XSUmn2cU?G9f!#P#E3Bck5N~IiX+PR^v z8HzN5U4Gf%CSp|!s8VQ`!l^I!`XWHxDy;rH(GWBI1QEYcacb5FEympzwzlT8Xs$F5uy5F zA*NxItSyV&i>xr5Am$56z7DygCWzbKN$$&7tA*9M&%sMWfj4A|JnO=B+eP|WlL~T2 z-#K(QAJ)YBU2n*|Ti|8&U=(MM@n9b|$l7|B3E(+6?egnYAECKSA^*zOZE*zm z?`NDW`a5ua0SN>tP0c@m)fTf@8(YUwY8}LLUv)NMo=TGtHTlu>X}wYh1kxsAC(#0-rp=vJ@iWn~q#%s) zYdr;d2+>OiSR|`FtzVlzs>Y&LV^hhgf<_2ciRjwHSX8o?Ts&s`@J5?g4xudj&P6vW z04x`f1!c7?BnDp3rv`@UOuH z9cOus$%`5pwYt&BUWmjGNl#60J~M_@bSD=~1qw@ZQBZfdskGb!9Nu~aWVA*Hhc>?o1&+2typf@Q$1 z%_;+id7*k%s&S`Itr2@3$cUf*1n`H?u-ltO$%Mn*o9}j#YL_H!& zlwj&2Qm;Y)Z=Zxf*hxfA(A5D%76AQ_@TAU-i;Op)B(Ak?@W zy=D%nr}}rUU@iTjD>GH?>2GC$zR`UL(SzaG*9ZpE0FXwkTF_Q&#&~Vc)Io%VDC+yc zYNs27mQTrR9AH=76x8hh`<4ydn=KWZS2Qdw-j?47W~i+^W6D4eJK`j6&3ub+f2~*2 zt4>1`9D69Td){$Qnk+rVP1(5hX22yIx?O5;ve@hQac)TRBQAg!D3%aat- zlT#y+xkv3~TJ`hhmvAJ&y8Vlx8~#B~SU@DuC25#)v|5?Q)%Nf>q!IB$jNz_Q`|6mD zaarXY?N1DVYP;G^()yaR&*Y`!&(f(u)Vm3q{~eX_Vp;=Dl1zTv8SLrDL%echl$zS+ zcM>aEZ1_6v#hM@V-ngiWl_SUodZOA#Pn%|_9`Gia~FsZJ*@6!r~O@crIBE%XWvJUzvnmBcUEDQnHC^tL|FbIm~E z8&fQjm7_Lg1&<*|>i1K(@r7d)_>SMXoyRm*fH!?_9!1V?BQ)C%LXx8rXSRgByf0j` zq1La|4b?qrX)vFYVyCg2fg-2@w5K`0!Wi5&fqXkGwJtWQK@Rn=7*w3n{4r7CQ#XLQ zJmv>v5)?R6 zXb_smNG*F+V~FeX*T(S@6b2(XZGyQc;x;-&<=N*4(K0S%Mv)!2AiKr6cwTGpU*W7W zZ!=qEgk1oLSC-R+FxZ)8Vi&M7tif4@VY!SX$(nI3Dj)}nK(zx7+K}Yy)d?8zh^jSQ z=~=$c`v%^>L9Lf6#b8u0*-=fQb1gZ%;Ipn)bQVQTr6`>l zKu46-G^Bs_B~FkcIx?B$%M34kkwLc-k0BT1FjV-!dE!i9CZ#sq(>4hSahtUG)aM=3 zSd&nFiU`H13Pw959i$g^GH_lF2SL&KG~&>tR6@8V<&PFvd3iZM*DN3DcP4*&glqrN z|6_PfmOvv*L3S1p9Fh5_b(6C?FW1V$HGy^wR@7SEjzotOZbf0*C3 z;{P%K`d`m)Kv6;#KZ#66`EZKczP&bqU~1s4+9_a^N0Lo2tnUMY?>4hbR^u%FEGH^G z1m+FL0w=BxeGh8b_ezvNGoRZ^xe={FVfbv6ur%Gpom)|9tncKaiZM-G!NB~`l?V+A zNTPN)TB#&*@ot8Tx@c6mddk$MUOWZaf;dnKI2iZQ6x-d@NfYJpOmK zGhzA?G4nn$1`gD8vh_fko^yOite<++{LPl0gnO%w;EC05Wp1J_Cu5T}m`4tU(ibi` zcuTOV7_c3YJ>py=8U)0Mfr36RB2!3;HJ?~}D&e9|uRWHT$R)0EN^fZu zbnbT#GhVoM_KCCN07(p@}S3Cx?}F;b99Rd0$iNwM(f+0m zgd$pQLjD^~8$AiKL{Z)8Li(_M?h{6p5bmKWWo&e-wq(K$ZZ$UbvmbSzL%PKYCv(In zo(Ejuhj4a^<~>aWBYTK~-o^!^06mCJFkyA^WqXOPKL{B7#ac9Qu_VYvZecQH)q@f= zj<5lz-o>~ZnWxni#jqHFn{kcds%Rw~IFGM#|WpVTd@VJPV`OrRLPJlfV{@#aQxz3KU@Xr@z# z%J3t5jfwysg$%O0OOB6#twXKQouZc-XbfuEJBRR6oAR{k+>W1Pta9CU&8l`)i+l!qQH>;BZD1oKMwCaK0*{{$n76NtdeSJe_*_nQx3&;_ z6r+P7J<8WMZG$f{d0I?(OqEH?Pwl$Q+1Q5aVRld}uZag4#R=*(<4rP%s%vP7ps0VG zxSZ+Q=HUtHuXj-ne0-m`oI--wnQK=%X{_6{l^i}ZQ2e!Ocvy`3K~9QOPR|D0-8U~9 zYWMgMBLyl$E!PIv;MLZMwV;I}lJ77zXo4IrZ6Ar^9|a`g$eZ-6s+MWwLGG&gRsr6w zYa>tX>U<|W$}Y*}r$m|9=LMHzy?Tw&g1&`v;Z=eWNKS@W-kbj*dRF1NIz^XaQ6HpWGmL_8ntZw6BUA~d&Wkn%?@_$!wuUuY z55yoUpotdl{34(+4?>nU4^o(s z_0&11Mmgb^A?3EByz*fx_bY{)^Hw)CMr&<^cp@~Z49%2hmPM6AEF+9m-$j&dfCqKpi?NtBUbC3)3@5vw7lbN<2#oRxduji{uJc3DH6}=Al4YR>nujf( zGOLFq>q@Y4)`m7Vldb;3Csh^d(D}QPb zHvuTpFu-xxDrO=B$>vOw%}sz)myH^s586A+%C26a6WMgn07J`cnMMGu0irMU^w8$NOUa! zi#rM&7YF3sY%vtO6JZa#H0sbHX$Xl=3uJ(yA@=iNOF30*5{O119kng3IbQ2gmcr-6 zpUfdmq0#1rP#!SPu@1ufDZx&P=@owf+rZ|?x$mC^7yAMYX$`ibx}v{<_G_=k`=$dU zDg5h_tb@}pfVSy*lDhk{OAV6xt%CB;%iaA0k^yNVsiO^j^-9tWr-f5KjSIRFF|gA| zB^ywVq7J*Vk{!F+{s9CTIp*?}6wd@KG)@-})H(7?;L3c8dXYroeX#8Tb^!^(BP^fV zCro6uNpG*RFo7uPUfm%FNy&9)88RYVH2CwI5iou1-~?qLg>KlZ-cZUtMUiB0Fenwg zP;a+8)I%vD!XSZ;hI*u0(IAqog>jqfHwY3Zk3=An{OO1Keft3JK!&SD28~HmZ&^Jp zyjbvmcuW#$yOBxA$?`R++vvI#hEjdBgXUFG8i_fmO92p*TIE-(<@0>{HOXtRkf^}f zb(jCviC(gL+xFFBFfdEjdO@jDd31WIm6iA%#s zKd*Sy%mEdZjcnbEa#QlqXLFGDn?VDcPk-B%C__1&`7@zH9ccnOW2=EtgO9v74Ef0Lk{ z)F#j^>H?;- zdS2xAp(U1+0_3}LYC-a+P@i^bm)71EWxo0P#om#Y8&v)jNjSPmOSGdln9H7Qecvsa5kNQaJ)t<%1b?+h-Mm{PrKPQ=S|p zqQ3Cdh_NmDeRxZkvfggt#KzjIn{1OX+v?!_%GeFNhPonz1W;mL<}9hMqX8y@be(6v z4r?E7fBj*u14PJuQn31?Gh-P6P7twRWY+AEyi*NLgkM7|6(N9MW!sgHSMnBuizZ6Z zd0O|9_-I-BlOUn8VQE&-g)}^ZOWzWb;RpHeH6w>}EaD2!2^h9T+PmUcbYG#7nbtNM z#77|3r0DeRb{b0}D>??8EwA;OVu>VQLFsm32@^WWy#W4;aO~UJUK<$P^31?dleLF3 zVd%dX=Z$^=sFvB@DjQb|>26bm(RBK%KK0&pFITs68|E)jDGjz^qV+=pq48M2wFvZ% zR*7XUPb$IT4L@whGMY`(+vbGQtB^jCXYOM3@?C=}Pguw}{8c>M4NWqtE?N>MNqIMo8I)bmoL)3M5&&WV3EwNRP! zkBVi8UNibE$%BP;aJ%n&RQ20G#QCkc5!4U%^JhsIqiuW&cCovFZ)ResCr|a+=#Cp17cEg0dbrOk-nqs1(4;`rm^YZx#aicqMUGt z>a=hFqlG45i#MGxY99+Hll5$tuXGP2$&gD|+5C^i8p*Y*`>9{1a8pu7kruW_UlrRq z$-e=$n)1v-(Ow?{c3sZlKgejUtn2wA+GOkkerQ-uXf?=m#t%J-|K`}iw;h^p>9fZ? zCB*UjZC-E+!pK(BCsJFziE>TW#h$nhB+>r_ zq#Ja6S93B%#&eS_+70f~)aBMvo}z>sDv29g=Qr3-tkgS<)Db(y?;g&Oq7%1(YT`sF zy#twgv_#cf{G}%JYrs9}zL;ZMC7rWRh>o()k=$jM4U;OHP6x*Q4;uQ3@PO|qbpIA5 z?IM6Xsa~70OL-ted{5s|jFI^vosr1A4W(T9aAT;*BL4_v7bto39d3&{JV{Y-PkI>6 z2R!xKfyl1=JD}Gm7fpHTYmouqF4MSsRi?zx$+>YC7yF^u-^1near#pXAebb{8%!!P z-SLHARlRH7bxULIY>}J@n@r$@z$}Gk*h__xVi7&!`7#G2=z%PUZ<7%qJ{iEn+{BYl zN{*!{FtdW4d&Lo8FKBi|fwMr&C>g(v-<`Z~Lv*>{@-RX0Z9LAl4Oh7{iUY#iY_eP> z;vDZmHJM%8b^7dgKpj_W7IS4zK1UXAtudGS8zoari5ucjf;>!z< zkL(`Vs%7A1W8c%jWg}1h;A>?22@2O&LBE)|4+hoxszmPeV;>8GDtuvH+bI6avS3Tr z#}g^f-&PP*9T>i>-sF!VAAyl|g|t2);j^j?j6)QSJ>;!;Q%rgnE_9jG9Rp!xg7ble zoYc#0Tol)F4z^$~9>?p#HZ)LYlz+#H_LT`Ghm;&h5h3>81KEMyUWg zRu`2g3Kgca+}{z&J$yvV%N!a%0iEKq!J5r8lB@Jfy#m>O`GdyZ!})DY6jJHqtp1ww z!1}Ky_r-6EVo^(8mmXGh#NXj$ThCPT7%PmQ| zm&`EvZ^_y4h7ZX7D&WKinO?;b(eVs5KF?^Zc1k5@p1!Vx8-nLwY5VYkta0h}n_GyM z3LHnb^rqH*UT8$cRYbtW6^Q*x+1st;(<*#_Qht{9sMiEtN*Nro<{trRXq`SwN9R&S zTS|Xtdew4!0G;pcee}8&tIrMs@KZu2$F@|q*i&d6BUO{pjzeOF=Wq~{uHt~ig4jRG^Pi`Vo@rk8)at?Hq>io_EhR7=^zA=4V~<;^=iv4ZU3-92jeQ>j>#j3 z*J9nHmLET6IvW1>2%W~%fGQ_IFk86i`+I8HyI~`&)BZ$Mca9Q-BeIN-82S`~tUwi) zbtGSS+_$Iqsuk~9J-(wISK=w%RA-+zsOeO->{wQvo(N&99>g-79IT4j2Zw7*GrobrwY?$<|o5mHiSrw8tCAxibAMJcGu zGpX+o$FK{tsGSUb?a(fW4<70w|HYDx5tUE%wgL^yJ3G~bdo!?f-NeFIN*DhC{#^|@ zw+vSt5}mQ#B}4@d^BIt}uIm*sPV_3HGC)`A_Fb^0y_~&ua{U1L(GH4408ieR)IJXI zCrRoacHs5;dH6C<017bl9Nle|y~Ku$WWmep$53wcq;a1sz2iVefwOQfWGX2p2(H?+ zKq*OVURwU|eqTFk^&wQP{dN&BV_ItIok>%TZ|al-Kv135alovh#n0<7Gi6JP$sB%f zoo*yngs>l*+Ufd6`ijc#Xd??j3%JMXpUFQ_`Cn}h?SE{K?7t^J``Z6_{txbd+a53{ z_12OQWF^$Wg`ewva-Y>Sf2L)b3vK5gF*YFWU3WuVgNY4CRFuiCZ}$v!-2LQy!bO0Vx;2RUO=!OW`Fyx^9GPx=tCxt9 z!J10e6aLY`rFUi&j|LHdl|!aVpdz?;)BYA2ZY*)$JAu21F9P9ugA;ug*3Hwr}OA zGXgUtu8mZ6$V;%`<8W0c zC#;{x=H7QhMU36HYSvzEqFjtv_Av6PZ@~PwjYY7rZw9GX;4fbtl^|(pVEqsilv^Z_L2M=kR{uZs%$lqCZT>3&?Lggb0PucvA2{hD~V|T;k=^@@;)=Yw!mRZb4#;qRj@WoCk>& zLy9Ihs{N>oXwed7s&#DWn+lq8YL+M%Cy+doox?qae^~8$r=BD|_i~njR2HmF#%X83e=bv`Qfg;89}m8-1|++S{=Y04Z8hrY!Vv({OgO z!B(*JkfoqkEW-7A5fY1lfin-m{EowBw896l`K0W%Ryo4vVc0XyzcQIL@F-laFUtcR z)J4_^1h?SfxSdGmqNdOdd-D+Jw*DLuuc9CI{bKz$J$V%*VlQ2MD`k+E^Q}x2gFSvEt{=|%LPnRR1z~Gdd8Wj0t4c)&<{Q?7Ts~uB4kw#D5 z6lsq`Hy3cpFtB4BKu(Mztbds;XPAPxkaB3XUi?x5pM))Xjj)%RhdQI#eY?!mYH@xF z@eTpFGY-e&do>5c6h(Uv-*65h3hVQZ?z3lb01@0Jyta)t@;$FT5daeuSnRyxi!Wb| zh-co>+mQ{_EzM?jjkAcYSJi*u0wJ-J;?%7F zlX1l_U|xYtA|4J>bJhcd+afC>Sn*IvKcP}?F6xI;SeOFCj43Uy4mmQDwn^Sbw^aT; zUO^bDk@cN+!)j`twd{T=9OTz1aJY0u;X1TH3-dQclKk1%Z78-<}n&3FzKSC^C!ts;eh7QQ6p0U!a||FG zVu7&P8486LmR04#|H3q`0a%KvW@NrTjo>qo}?bKedMJ3 zq9EV{Of||A!}6>1uD7>^r}D~AUYpOrGhR|rXFltb2?LT%*DD2<{yXKXiI*Dkpq%5Z z2K?fEnk{oOM-j+HWJW^H0o+th?!}*k>vBASgqH4@2{De}k79A3I&?Jf%DX-Bb?6$( z0#WoyErSH%%EA>BiKWu{9Glv~a{G51F!*n5uB*wSSiFu1b(+EiiTpTKM=co6G;Q+K zxFSgcyJ9p!iTNZ1*dUhAz6x^nOTY`Wl&(8c7MP9Z)MTazkOsX8Axg{R#S?slRK@AC z7Rke!#AV1gFlhOmQxF(9HUl-))9JT986E3Gb9wbuw;wQTzP)hlMbH%0&(#AFD8kC& zvJ4*;g0`7G5P_1Aw2h?=U9u3ANE0PfLPl6I)VS}D<8zSKQd*jJ%`~5|J6~JaH>l7E zD!(?OPIDuI(!-@v;TV^&a@4}`p=6Y5qJ=Hi4?}Y(YJqD*UUgL+ zWSvYHd<&pFVdsNR5kC+!QtAJGVas*DQa{RW9-^g2QY7b3mX+9h@~aU*Yo1dBVT5ji zxCgY>@GLpH%31aRf3z-yiwhdrcl(Lp>|nHPcWjWU;ds6;k0oQu==erZnZ4{Y<~`p( z@8T3fDYd1r_MpXHbLUD^?CztX#eJ;TpO~S9>i7#Oe!ceE@dkh+RN)4&+^@BNFnfTV zL1!rG$a-0$x!)5lo$nXDx8fkS+yPcQXU%DW{ zR?&%oI1<09e%)YEo^YMj{~m& z)LPX9p8WajqnD%W8j-w!IIcw&UjN*2uFOk;DUGEwJmcS(wGYjV{PdTIo%uLzb#W}- z2_6R0ByRQXalD+aWR4GG*PCp@tSU%y;Z-RX%GHcp5u5gGlL~#`SE-j41)D zfaCc}?H(8vhVm)sMZ-)8-bWb*LC4OqCJ%HDymCo}3v@%v=5T?i`yom(yvB-dYgX`; zsl_r_&_1957_n2iWT^e4t>0qV)dpVD~+I}jS6zOL^dc{AnI91=90c-BpdH=!~Q zEVcBwTtJjk97&Sa&Yvjn*S0y*%VYgG+AlX`mLyQ6g~HdTiQgI;nw01yoZr4Cv*qg6 zkV-742SAW1eCt!3o(iR7bLf+?yN!#n`>|yLV%w1U!JG>&U_7g8SW9AN&JRc6mWT7U z7{n~R^C@zQO5D|?ZVA*guCyO>PEWIAzElqwIn% znDU=YRU6_MKGQ*Fy(b<~2|~QFg}GG>@76U?$IAx7QEK~EBOAYjfQbOdamf&pM4vRl z4kh6`LRKViY~8GBz6`F+4+eh8`uK==!NYio{t8Xe$kaeTXLz201&a)cQdYm`o zr{2cTKbimh(o~#hKWG0ypjOEu_))(uYa1GkYZ-LE`U7%>-2rBO9w0N#uymMkAol$L zbp-3m#j#B7d22*w+kBW%SA@!#oSZMGFnxg2#tn-vCeGE1*1c)h>@yUA!)PhzFWLn?WI)2J!O=zE4?1iBZu45gO z#R~=q&B)Nfp{m_mhoV2tE8LL}Ym%injlRTyrLFbs?SS)yb?0ix<8c0P1CFa|n}cP& zxNQW^-eodp_5m#I2KSqNa(OAAk0W7Fhka>9nZNR?T~F#X>M$^sNL)2*m8ecLvQ27Ys%>>%4(;yq)+w&O+}YBV_MWIT%qm|x(1$j#)#x@IU>kV`#t+ zGva}=d~L_%JsTRdsmh*UdCl3v8l%0$HZdULslVMBbK3*CHYt4D39%YT{O3c=SV#GKsz<5YyL3qI zCc{LaI968~g%j>L%%v)zz-YjT&*g*Kes^V?L7=}Xwbx8?Cy zPr6kskY_>!u-HMyrz7_;^|x#>l`++bAnR(`_Q=_1N80H**YGWoU!Ra^g(5m@kO$fv z;P8NFPB!?z)5}CuM(ka-M~f;`jAt<8>VbUK#dRKhiDy)AHpMLLL`FeaW5L6M7)u!= zuScqWd%Gy*PH3kf0h1E$xkb@CLfQmfs-S=|-LMkB5Tl?&KpT2UDdT%*a{;x8{kWb6 zb0uhm0cxkVNyz>Rc{i13sDAoeI@GLV(>o<4<6h0{U;Px2^{+8R=>_ z2QWPdrG^Nuz?B^7&Z*$OYwJYq=jw){$jx5^xX)CS-OEPjdcODf?+8N7y%N$G$E~iS zZs1{x{~~GJd3^KtThRgk&@btB;l0z0$d7$j1n5&*_B6mVv7`2ZHFYHADPjYU6&e#{ z)hH<3MOP9R`t0NSZhNS3qEF8FdZnEAn|ytfC27@&0=1w7G?xrE&1KFoKI)_HMb2LJ zCss{8-90%DCknj#3daqZEkWvc9BP*^S8K%L-I`gAt*}j9w?tCjp1TrxO5DfUZ4A1u z9WyI%IWa2^s;Xj57Vx%H@``a>Yne5v;yan@4WP1Si9-0JaO_Z*8aL?-gDxxJc7;z9 zHuMSdXNlR~_sPc%Ra>0%-GlL?uHsZ1vE_rY0=e$b*CIyTFv!j5+E_^~@z!XGiY@A1 zFai{1`O3^io?-Vddpmmc_m+aN9ZBb(WY2`?@t-h#u(Bi`z8=l61pib2CNS0UM{h-- zvX&k2>cKPb(jHyva7s=DZyjN$`Z<_jWxAL>2jYn(ikOfg9mgwlg zS7>4BT+b&jJ`Bjvh|GX@ZFvFkAU~F|g4UR*{mnj^@|NJ)lV^9wEo$ORj$yPqDQYF# zqhN9%4aCvuuSe#rNY;hM_+!c~W~^Nw;VHsUKcbkGIw~(o@3)Trq;Q_|F_qIj4hVrC z)TIy7LNm`ykj_tHJJtwVE&ms;{d^}r1dp^uOV)eV`Etrp3zH)8WGLc_9Jo#$R*935 z{w%E~V4$qHF=z84H^mNDjKo*e2_#^;t_=e(Asng0G5A%u3DbeU)i0H%FUI;WO<3nZ zvs=z-Jp6_EDY^Tzg!b{aW=x25$K+dhrVP@o-$5A(hFqZi-nuqORB7TWpy$x>)Y5Pt zU4N^7B{GvP1O0$E9$wTV6#^MPOIq71?QTIP+vtOOuW<~q7)2wY#1uR7T*$wwKkbh} z#@KYr{uYtynsttg3P_2_8L>W=V~oTl4ue>6^0dxF#8QzeBT};JUB}T8nY*0fc>g_g zYSQPDRk){tEorv&jzbYJN{3aY`+xYlrzlOAZC%u9+qRvRw#`ab+O}=mwr$(CZQIta zG1^)Cw7FMn^CE8J?*HP6{`Yu0r0D!yEVA;A)*ffwn|8su8NvxRFgmepTk>dZ*=)?j zHo>*wn8WV zHtrU~w&&oA@IsuSvp-R)>@6Oihmwd>cU%XP-p0)4qG=q)D<5NKxo!NeVtj?6+mdX0 zj+U7df+ZEc}{ZC9aFA-@cLZh z)N~-uL{`SH!bTL%LT6i9ihBg(TR*m63u1TqwLFj{dWr6|3!3#b3sl2p%Im_E!)BSZ zlHtfYx!TUhz>zyVEgfoWerVTMtfMyEljCHFGwud0rxYTbE$@Y&WES6YTO%N4=|7}S zE!|or{O^*IMH5V+kVM2;AjdvqpXLm{T&2KwD z;sYcr^cc?jYoPDO&`CjF)|rzKrryRdJ{skp*d_j#QKbCOEc^kvL|!?T@4vTIPJXQ5z^#;koW%zz3j^wj=%i##{v;h7v=6!A|lVUcxFh_wUM$hCu(aJRVU z-n%1*E`Kt!!h0}hDI@|-Y8As7b5Hx(w%488-&$f!JN)}m;$TQ#OO8L2hK|=0=ff|P zl4w}Ie+v@G-BuB8&4HW z_GJ$jJ8h#>RTOcl!r5zffrUqc132|lJ`(JZZYY2gNMQV{80RlDE;c z9#BttYs^PlKM^?LikhO1H5i)cabOa+r5_7DXidCdJSZ>77uRN3@p~;=0%@Ve!m47e zaH;3@(gC@C49GOp8GfaZ<~k^rv^e4Q+jK^Noztp}IDa zKDF#6!IZ#3Q%{s`XD}&*(k%)IC&T@u%8zMd*}wDRSw5)>2EYV&=@iQ~O#oYuXxg#>87w8Swr!5O zArMC}$D_ZVR}dV~ij~3n)7o(0nSZIW-CC-e7*n^UG7zC!YF|rx6b~o677S^D$@IOu z>X5!te;k{UFxh^*0P$>hM$hT00v~sBLQG^^P<=}p_IuMZIp%|X;NKpkX`>995~>RC z^{D9&XD1ZdawK+q%x>u(lH^CipN}(Q7cx|mePhsqF_P)^X4S8RyS1&T2GNMf3>q5Q zk5vWBxC-yUyOE>pt>GhWVaz)OumQo_;-Jxzqd_{G*Vc>+jn3D%-RBm0WoLc80}>yp-;?y$^l`zoBRo- zBLen-p-$zEPM&spnj!DL0$c{0U^}@|5~1{n6e*`#8MNemR#nx6D$WMS#{C>u#|UP* z7E*BxEwswEUr34M6A9K`lD*KLa-+Y-XuF43^LzHvl=w+ov`zz!^re1khBq=~{KD>F zL^;F&xtn{ON9Mi0YPvr=$=MEX4hz|%H-5lx0lRirFkeg{i`1^zmiN2)%|HLdu>7Z! z4-C?(TvwN~7E@2Bk@Zrx==a22;(greP8sO!md0+fcczd(8ZBrCi%C#X%}6GC7;zzh z>rC`ITPUabXiwAr%8&d#VsPKCt{$Z%BmnMKoi9%(;w%*!D~Q6bUP`u%lJ>*bkxzTe zY7TX(4)IeGYp-HTQg%_{858w9d{#ZfjP`ec#BITg__a)VmV6kqxF}$X)OE@z2uEtM zmkInCi;K&4Gj+Go)^Wz#9B)`F$j)^|dXg6;;qxO?G@MTk`~&MD#;j3ry-G;v=xydT zHnUf!K;>!m!-rd1Ju>EGv4teZE-Tq>N4D8kdL%;Kbj04}N^mj|-BW*Jfum3)s>g=T zz`>?2g=?0FP%>DL+J?o7r^+shFG&CyV8BiQ=Frbo+(86>c8pq(b!@E*#bjQy2siN= znlr2iks=^z)B)Hg3RTSVm4p(Ez*z>=(+%dn*(--Xa7{ zIQ(mSW?J~i;opgL6VK4x#+s1IAi6BdTSqQJbAVYXtpOD#h+rt4Eb_j%!t63U7u1L z1z*!*%h0+}Q>UimkreNuei2-0A0}Us3NOUT*=B;8CiXuC@J(857atlGCpH|Y*zja$ zusNCSfc4hZ3qvV*J>YPMslLEi808%5)U1JuJelq$ETD(Gi11knxqW>)#GUI92DYIr zrw*JHETOdr7n=n2zqa1I@4X z337qLu<)Ky~IEPs;twJq?Kq?yj3rg}K1 zm19E*e#QPzkZ*pw;kh#~H?l1lIj2FLOA!W>Wb5=84S6<5AbwRsxczR5(8-ikL zega9CN`ot&%I;HPotErIkMQx1<*UZh@k@ThW^m2+NoLlkI6bpYBME&G5}R*JOsP>F z%ozJ{ldi5XOo`v2L$p32RFB|8wpN&NdFLg{h!?DDmkW27LLKxe5d{*7P^gbM5}r#S zErQlPKnAfR9Ji3hG^^oR-r|L5Rcw!WM_M1nJhUa^w4I86dQUzJ6Z@^^`Q!k-Y{WG< zjW!R13)>(J%KRo7lku9dBCPN_Xz$f(!NYzEm-gDlp8bFPLeI%AFQ@K{vylmhtD&kb zUZH|>-WwKzMVQFt6_$=tFKYTs+Ytvl<3rS7f6;lwU<3XxGCb?g6R>Rw^@z&n?2C_4 ztt*-TMFDywM>!0 zn4kb)-TS%EooGV_azf5lDepBVQi+fz0*g_66gqgwxf}meZoLPz;EFV{=aK6h7AS_O zKKHi2PxNcTibGQqC~V9%;Kt{*Ji`pudw!pk5A0xB)qLXnV>K(aasO-1`p2CcT8#n3 z@%fRm%(-^ze6FG93`B(*V~>u;*OaF)YxBl7jtm(g+pXp!o zOZ=z#HOBtO{B!@`^q9XrqW_v-p3?8BB&w{8(`Ec|P43S)1uk-+L#lM++Vl7|_HUa7 zOqZTwsMY}xE-6#hm=`Ymn{Os_9ky0yAkNQ&K@n}8g9Tjp49{}DwS%!^vESm4D@)0z+246dZ0qeL6JR=B#qY;Q1ajQElbD89N{P5yi|Gq~(!4h+CaZQVY-k^#RU^zkgjF6=L_8(uR3RsuDUY*uMzxnxPbMbCE8#$02e)#(w#4E08>-h4{fEpjAN)Gt`7W(RMe>8kGCz%nr}sP0Xtz1%2%~-XT9Q4 zehypsjX&o}Fsj=OP&sI;it9yIT4JPJhShD%7)rwl_Gh|KK|SuTBY?GjlpX*g4w3f3(z&os^6bRp|y00D>EBCJW0T(8L_ZYPu@qG5U-C1#0ACC}_PnUD@U4 z^YcJ+;>As;IrcTuq9L^Dn?;M#>w%F46;SGRcfqjpOkoW@*xU#?W<@bGcmK5>&X$qd z=&X(b>!f1)jQa}@t}if>X?TTw#hiMq_c6M7%?JWn*Id19k>x&FN|B)nrt4B$FN7N} zn-=hX#>xy@P!eK|9}&t5dpjpSBYWFG(&ZPukw{nE?QJ7KI3Gj z;ipp~Amdv$;Ajk1@N-GgvvZ!euoKcAp0(@j^#~+>6gr+#`&g^F`xVI7#}H^9IIWPq zG+z^kDtNFeZV!_(&7)zj`)DEWvc0L|t@5g4GqKa3vf;L?y2pGik`()q5AstO=Zb4) zOAxVNF*!(Y42)c|lj(nc#&*^P15F8X@tN4b^?@mDbkJKZWZDd1*}EB!5of2T6m`{y z?Y2rKvi`{TSbJ#=%=NQW$azbBS6X*F7+f_QpluRP z7;=AXGY+`hp+{`NE+o#{>eV)y=;v!4|4bbJEPR)aMSfPKX4@C0thw@YHupxmpT4#YRHk zx-0zxOK#MPe`gJjYkS||Frt^9QZiFUt_8NhIxL$w->{B_yf{$!;`}*bhXaK5YDxH8<LdIXbUwkcxO~@^=}$xpucVg41X5!*q8}emJc!bqZEKdVyWHeh#Q6ec zLX4|OE)LT1>0&UtDh~9?dNNyx-0kfJV+IaaDCWI3`n$C8Ee$06(e9P zx}R6$vdGxuc#Dijopo)I;IfciigHqPs6F5yZu|Kf?uQ{Md&T;3A|UQqzE3_vD_IIp z=}XcY;jW)Y%&#`dBK?jLLB1BbkWq<0b;0O(ja*>zC*R7ic)0%8UqO&Ob*jxHO;E=r zq`#Kx+V?YPHXy-azyVER7PMUZjKZ+Ygo4f+)Z zEFKiVIS8S?%$#q_nTguYI7}~|kSTbi<499Diw?20yW57YA_onZBjK0m4)3|MQl_!9 zCj{{!0qCiL3;;o89&)1jLy1U+D%RYd<{pL<1>i|+m5gSy-4m=5wPl)@s9>vzCuifuE6D6v$LE%IMxlG5pQ020TF9 z=k_~2PTr-^e}w+@SLpx6{0{$`-|l~#-vsj?^Dlq?Z}V5S{8#g{{A+%(|1`e|=Kq)< z0`~v*_WWypxrIU}H2X<=@sLT2kwF;{4l9|19`yw9%BpuHk($P4=I0yo`V^B12~pjn zJf88B1gLmJPut_D_erYz5a>BbOs;`kM|f2Wr(76F_Y6T%23lK#lp_=8!4rGOWftycw5XSJwW?$K%eR!HS;H*x0> zmC8CmVx~LaB2f;s+!P1Rqa93LtEQ#Wc`|5a3LU9^cxqL~b-b{!i>{*7BUx_&JlFvu zL;Rr%B(wK`#U_fI+ibZ4wX2Kr2KZ?hUmS3GK-1uOPdWk%wjIMkiiLZndu-E<&cf`= z`R=b^(>5Hxd(&)HtetPfENEvCqO1O5TxKjdzDNwfFCwNGY@1a&9^-A zkFDYWa3mRdCdB%wCV zOVohj^z*~`v1#o{U6>6Up{D7s3C^`x3LW@_j(InUTy2~DVuZLyvMX3aIO`^TikLeW zjCsXxRbneD%U7_Pd$N{NUq4loXAw*Zl?C`Nu(w&7r-o>G#{|N_c!(@@P?#VJ^1k3FQ)) z6(f>FmzHH{JVTsoVw+HM53h$<_XQ@WuE~sK)SWrULrOBTUuROTRdv$Z6`mn!0!YpH z8B+1Lix?~b(ow^zpLl`xOYkN0eS+mqdW0T1qLyqdG$5n(+Spk`*E%;j9cYcQ>6+p5 zA_7a^0Nwoqg$nwX2`UemE$tY2WCV$aVlMre`V&|UN)A%h_79ePT_@64FP7flk!V|p z9-{QJdxW%bn7#?3Rl>&0s00T$dWmwVZQICYNV9VJ;=i8_gpSel-Q)5!FzbQivt4A+ z;s`-1P;Cjgw7l`}6htTqwJYdmkrYazvh+JaZJo-GOJ-C8V0k`Avw@Xve6=Pl?F=qY zmH9eOr2@=|fZh33P=1jk=)Ef9x0o;EPFUIL@(x zq0Sq+!p^932p~`rqs*YHvnR17Ay9|F@+VjlbVn%Vq01~is1+L3ebdBN#U4Y(RN(Fs zvPW`j9_*xO_25W5Hb!x@zDSZrFttidf#Pmn3Z1O zp6~Af4IG0;C0}>*M22;w;!`Cpo0IaZb}k?l?IT8G1N*T#U8OIECu+$X{&YNQU-|>| zaxVkN{=I5viki|Df*9-`?jdT<(z<*}`^5CVwAa6wBvUL*&#ZY+1-B~L?~sjtgAMRlb8PC5}--P1r$UB6eXjKG==u8HWH~rCdUnxg@ z`Da^G8vo(o<;@a?&q{NO0XG3g?cf)%x1+^fXP5#9oNT$9Nl9Q5jjA|WHpbNOPUe1h z82}%qK3J9_M`|YqsubO}O2o}<_jp21_oEcS;{iQI$!#wa-3>&u2tz?dWiwujIRPNn zG#-wD0m>$6v$1{K_|-MG--+?C-iY?}cK)s&bs4SlSLO>3u7H%9FbtYb)180V7$bX) z5S--%^=imH0{Jmm7>!BQM$Q-DxgaC^C8;c)0y&7XlW$T6c9W7eq(g{|5Pi9bb%>G?LK&N;n9g&LuP>=6gtHqHoq{zjI>^vvmd*j+Lv%!t8hl|~=wb0%F%NdD+$ z@RF*csEBp%4Sb3b65)0ac}=YSq$>M))@YQXiSHH)9Ot^Ry?CgV-lchBCz754?ty=U zCsag@@NSi(+(p54KFQyBn4#E@s1LV;-jcFIDa5k#QR}barP8X;t8@6!5=h&~FP1~T<{LB*<)DSHN$#m2B>o3Wy+UYnwx0*e3z(XUTWJJ41rLb= zgNO6SU9?kkmnzMKMpq01OBVrhu8ZlQ%9afps2eT0Xy9|&@Q@5m;N>X&w$?J3?BJvB zeP>#AyFhl~(cIP>&h5{@0+SalU+bhk6o%x_((=*Y`a*&XpfOqDoPNdgq4lv9179~kez zSOiJLF}x%M-yDDvRpp@H(l3W)_P)yjmWI@nzx3>o)*d$V8}vF8!HF%7l?5*Nu;CEN zN+^EtL4@0E${;raW#~OoVL_z9rb&zczM@^r_)fH`{pC@syv>=p3UrClRiR}Mjtuz& z$k^hp41lApB6l4#D@*3y`4YI1wY1YrnIPh?Y%ssqhyNs5cYjt25MPM|8^r*?xzft# z(1O6OV@L9EuO(3rGJRpdFJi2QV)y)64zBz>$pOGylY(~-jSsb8#fL;F4-V)~k_YO{ zSh5leT>bU%YecR?)*b`g)rosL>?0w#V4Gg#{c*5+<*aDCeAJq0v`z1)Ml^G4So-L+ z`186!K_O{zHBPMDrNrD%9|@IFsZ9@^5MIiEM4_;TO-kkc{Ybfb;%xh!PSs+3=a6{l zV}rwIFsvBmT-t*t12htXQ_jiqw16gPqxB97I4Q`BICtgI57Fx{XXt zi^ft6!DTGE9Wl>+a;9#>1Ti7#jw9BURl)~oF>DKMJ9;{;e=?8iDg%)ps{F)1=I(?f;}GvlyQ?=GxB z@VsD9h{12JgDt$2dG{eOdJ`rw6CK%gP1N;s5-gqeuas_HbpgRjZwdf0gh^`9SG`Q% zKsVL}ekQU;qiNdo**k7+0~*`RRyP)GYZ^A}i@OWZ)+v#*V;@L|27X%cOHpM^K*{EV zu8&@r$B1@802Vdf!u~PuEC4Xvkkool4txpPx7i&i2Ei88A7$`sZl`>7bAm6pL~0*20BL36qm{ZP zd+-+{G}<^|jc4M0uMXOL92&CgLPn1(Dc{pn$hnm=v=ULy?4*r*U+G3rxn<~B)TSmb zuMGXLTfgs(v{L(4r;)Q_QaD5}B80h+M%zax5x9CkH00|q1c43eEUlC*j2BR-%vPfY z(6v(@H)IVL4U~c+mF~inkL5BNvUoawsqIUR1mHw+`0y+->IA&5o}cFr_8Wq+aio~5fDr*1Mr+#e-}WnXXkB&YCgrrf9a zQ?p_4w!yJ&o{FN{JCzzW-&v}e^2oWZw!7#w%$bBGq_rRJ1>?;9Z>(-{2`XBx*kiTE&_#PYQ+5wnmyVlFuqugl zYL#Nz6Upp~FgIrCw8!bL);u;16|o?6H>j}l{>Uf>M~mOP0kk;aC6py=B-q+u@DX=j zv`*>^RN*-XH_HrPL|LS$)yU&v3M%u}U^NmM5aQ-YKoSEErBgdJfTe&OBG!=s==E#o z*UVj~;hgSrR`XhCG7@$|JDKys9(n*9X%6w-Z2e&`YVsaA6;gh|mjz<8K`)CWHK)Y9 zF$nZYIB6_+a)4x$*L)0f`bl9Ynz$pl{W*WhW~s=^)^V^dJ=5*hwvBuG*xzKX7@RFyPOO@-d0M{c~^ys+zJ-Wy|0Q zW2?*YeJ`CW*zS4c6Ro@7j_J|*0J=CiZ%-JZ^FqV=sT;Tl?s(^htTt9OuZ`Os7Dl;h zz`r%Avqk@m|1_AjeB$YLYATc=p1+q8Izt)Wdx@0t2q#S}RL3<#>HveK9f#?EO zCUmp#LHym5(Tc`7;M_C1+^nLz6TU_%cLj?dvbe1YyMQuoO;w>22N+1Vu!z&6Lxqxd z8JBxLyap?d-6mLdco8SRdu0k=m{J87NAi_J+YeMgtD=815t|Hy#uzrV7g(2V<*+x3 zH(g4Izkjzt9j;P&rT(Ypk7IR;Yn@e-^TU8H>S27pP9FEt6zkg28`d(9fW1#>%a zv#lsgUIhHRVQ4DiL~)`m(BNH#pcj?`O-bAJ~2DA!4C+6*{78_ z=%}CV_C*B5{;c4sRiv3{+YBjOQ2ag<%eg3Rg))!Y3im&`bYjJvQ*J+6+4%#SGW?Bh za)YHdSYyWl$BaEa6QCXd6Dh-5w~xDk7>AJH?P7}Y3kW7X8ZK7nmeN3H=lX^^oN(ac zDOvdteLuoe;^eLPM6^&thi36d9+uPnK-2!M3oi5bw3TuDVo7ViziLlZuJt~x;yG1k zvgg(8x?xl2O?P%s}cN_zdav_53_+k4k+FL1i_W1f<^Uo1dZ3^brXi3H^W`P>_x zw>}G(2wOOh%VzfYJ*(J-OA&QjF1;(>&Qtp#`m*~(6TFwlQz9~3BOlyG5ZP3zx4VzK zKWxA$szra5TninEBx-KGJl9BV`zYZ@z1`Mu!RVH7pi$m_I$s6^5nU&hIIX-7Sf6v! zfPEGfe9hlPsihCAD6xYK0$ygY9iuw`o?mLPrd*?)pq}4hQsK1vhOU|39gNk|f2^(Y z$2iYlRaupV(ETWebq+-6|5bwVbZiGgA9d|=LRvq8Xa0azGs|joyHlcC14PLV-8`Ke zV=+nQ_#>9Y3 zd&;FS?qV^Z3gt5gd3ud%|AmmrtBAsL{Lsf}|3rK$=6lI0&yMKF&ce>iu-ZM6rM#ei zXH+RHIaNmUUj7=%X9$wfyszpc^g95!Bq2mWH5j$L77lky-$Xc+V78pI20DjJGU7uN z{>qH@SZ@UD{nOWpbx$6z)HS~@QpZmlijr#}sbi__H9E?uK30s3l{JJ+4GZi`061kJ&@I=o7nYfEM`hF_n( zYdTQ4W|8<1FP2C;aK@b-CAKYGBDX=FR`CpE7m7CxRr3CN@x> z!J$=nBMxZ=6P~Io3bP;EdDf)?L}kPW;4UvqzdK7NSIvD^IOUkmszhbn9|p?#)2e*E15D6ScF;eWh@ci^&nVtzhlM7q;k5sd z4;dP(og&L^zY&Mz_(2Um;ZU`*c8?6RpUc}zbUI4WeJKi> zJ?tmo-PyV$8HhuZvZf|P`vE&^3*NVH5A<&EW`-23EJT}0}=LKweIjnMFeH}wj_#JW&(wCR*5Lz4!gV)a2pluPu_Y2 z!Yk7qI2V2jyU5jSEo348BXlqkFo1JVfPdHjD|FCJBaVNB?tAf{LicL>pQ^lT_J0ap zj|xtSbAmI5?6-RzwMF zXb7MyKjk<*p-cZyXBF^?zF1XPR1T{1NDYp;SHd;cMoX6ofQM49(eusj-Yt7%Mfw*bRj7 zY^Lk${X%38m~gfs=6X1^mL)X&Pr$U+ZQ99peg@7kdKr%(7<+Mav~w7c@|&%gw`Y2M zuRYB|4cuHgiJ353^VmfGT!h(gDqa75a*ETA2|5a;Kw3KE5X+i7n^k;$3S!>lsDV?m zpJJ)=8{lGvT@I2GIHF(vnh0|le_C7|(r(P&S~^lZ+N~(awpZ1LFV8}53}NuZ3wo!d z^5BCKD-#-rCF6q;HC;2*dlICBQX0r)PXud6@#&OhPV@GX8x~1W8_1 zf_u9MrY&oN_G925P7Z}_cY(#;W!gwK&-~}$nCUw{;QbAO-OFreNx?EJL)NL<94j`) zf470AGamh-Y=$t7v2ctU`6-H9oPaiX%a}u+GQ>a2Kv^7;l47-n=ky08&v21Jky+PX zY;52?wz*ghNp$d!wqnf`qzf_*$9)G=K3%=yGt6xgt0s3)HP$E2J3K(>o)p{wAzV2x zgL=jv@e`P!V-u}a6Vxyl`4VNXbO0qig(!APKx3$EyGz9NBOuP3-Tks zFJ1ZZ8w87dbJ(TZ2rnMRJOJ^H=$s5-bOobeRq)cA>}Z`cGM`eyT7^ow@7d;Hll*@d(=aVWFnm@s~HSo){De z8}_0}rWK9V7TE`b*9{@D5W|TVPjP&nlT#))tXA%${oY>~pBkPO0iF&ogIog8i@qq) zH%91_ceNb9vpz-|tOv5TgW1O)F?VYA4rcEJpHm%N4DwvLw0-f6X+(Hv<2FJ3_smf7 zk`xSH&fYHhC_g5Ag1J(8*fFt!&mmalq2_FZ09)3oHZ&izK<=>5tMjL6yuRFqNhg(5 zbNr;{lm?!5)eK2J$~a$(Q1Zrq`S@97>EjeYr7}VrP(NkY_|^RaZKvaTO5r|S?jorI zbEi`S2y{JLFkI%{z_A~{42LxBFDnKD&Ypi>RU++Yp(Dv|5 zdk+5t5PKf0RJ2c7*j6J`1WhIXOTS=iUb1g|8F0FR-UlGCfGPFvda~=R~+X5&Y zA2AQ*(b9THqFKgO2m!TyoK0Wb1x#9j!8w-55bVk2ruud7@$R2mbi(kBN}Fx5M3mJu z=pahBzP`fQNgjgz+LgKvJkVQb@yOK&5fWj>XAY>fO``vN`7!=} z`Txs5yiWgCdu;x9wI@LDpK4FL@Bgj#m@l~j0{ye&)!!ZW(E$Ek|L<9XwrIrp&skz~ z|DR_`fZqR{B}fDRd6on{)s;|pEviKvCI5P)JlJz+z3s@$UZf3bz=R_$f$=sKb1CfG z*>yuphODSx$JO8k<=lo6Wskq}B_}Dl=IjG_vJ3w4E#g>LM_1%K8L3)Ja`2vwG8%!O zo|CQA6J|+cfU)CSCij5d+*iOUF!bOWR>WQ60%V!hnYutT6p%o)eOdwOh5A+6^GAmS zdK%jvdhyRkvA*K=eF82m@v`2lBc-G-T=AgIV5OA1BY=wQGzROc+P=>3)ETdPBI*|( zrG&_UDGms+Mn^XSuG-XX2WN;ID+4X1?0$zgcuDHPbT@<@=JIcyx=ak1-I5EGeT2+E zJ+6uNfJgEHy9qNz#Z1~4wrqG6Mw{^nM@0R8h?O{Fs;m4FoSD)N{Q-?NRVLfY9@rIN zh;Y2LLa09Zb2Uf$K2_$iswOSJhVISoSMQ`Y8G)X{td#$z6F(B$uP0K^LMV=}@1;;L zVx9L>pb}8`CTVY=R|={1z=Q`AZCp z#NaOQZw-(AqCD0HtwT&6HZQA|g{E)!SNjUz1o|KY6<`UGm2QQI&&S?7wh{;?S5tOr z2{Wj5$R3nSkQ{{t`GfEIR175M5y|s8Drs4}tNB*c7Zp{>36~FOq7#@uC_C$|IlMl= zTF6*$2xH?BVOzu@gL!;CpBk>ME-9}19Ri=3G7!05gCK-hR}n#qsx@u-u0Nay>ur7( zGX)o!?KZ*0rRuGkDQW^J({|Ozh_71?CTfnSGOGFVYNu9QS1>4W-k>Jo5ZvJRUuL!; z2KWNKWX1)Uxo;zhr>OfpPoXgk^ErKI2lAWM7YbFbT+)4vaogN_zIo*nE&S6)IG)L1 za$j3@jC{kZ+Yr`SGXj*|(*5X`otHXJXdVTFw#yxrJ3&#=VU8gE9O3f5kF~Yccw2Q6 z5xtdz8ZCnjrPdn<{X574Z#&B!_n|_1(Vr%uXB2-9l!b7Lxl8lRH-h#{S50#Ikkw0HpCy%Ksk3eFIL#g;rTe6oVwow=+&{i@IE z{c`ROZ8wR~layW|hmrk+g;b#P`TA~AKUA^-P*wwHXd|f|>ML(Bn`xotgI-X5R>MUK(2f3Yi90_F7DNk>*`>$o_1rs$Nrvbze>}BTr8vd9#Yl1neJu{ap zDld~jTqw;ATtNESN*lgYl;KRTU?WKB#OW>Pq&8Q(&T4{^&#v5QawhXP#+8^BIO*Aw zf0gZTYi_~ddo*qn9sP=7=syRfb_#z7h;}Z~Z`+$5;$o&UvCZ4l=IQ#)wxgZ|ml8>A(&@D++|tH~!SruoekM4*XYjscWP$o%(#zh^{4QT(|j zi#N;CA2B3BA^gwqpkb^YUip;xO7Dn?(G|H>41aHXY#yL_>NXui&0L6$s8}rV#z|91 z60o0E2ZYx=Ks$|meh+zB)OPcX;@GG=BLfL=ptC}xEY`ZoM;k`RXpDG;i!fl(4;|z6 zOLb#?MRi2tB}q*{t#XFq9Y`cTe6K7+Y(sU6-*?FfXAA4FddH~R~*?CC_SYW z9p4<`C9rOi{q}HGW~c7QUD<{7J9m7TSMmJJge^;sDzm@UChEzp=Aqcs{g(RF+(p8* z#XwcUys+>_ital*IGe>FwT=9;VC=+B$d+wv=qauh5zUt|{%rL#Od6I?%P2F{1S`sp zr*a^}{2^%mNRjAe@3xy3=7PGc)IJ3z8bdvD#OOwdD#HYww+Ph$$nJrp!B%VL+REYXbD&d1|J*7Uu9(+NW~SjI(c}1?qk&ke@Rr zhTudwK0Xv_!JWqLC`S(?s70+jhYE80(T$Hto-J~->LCld{YGoCbyCVJCB}8|t2F6` ze`8rs-8Uqsq8r{6WsEy}h8VcfRd`VA%eH;Wx=#!X@$Kch?9@_6bLY~c34bYXyZ2!p zzj1xZ@#>ZhA|n*fdP4k75GJNjMg%zxKf&^#FZ)ZKih63Yu9Z}?}fD(!ool6I*4iG;c=>!XUI6VV+R9w1=%JxW2P`Wa0}ao-b< zJ9PXzWpctvm3w8G5ymUFN3-|M}MqQqJwdLR8R-tU&Jj)SugcIoK&`kMkU zMndcG9T9DkhKU&960X|9JGSBz)vUC4XwrJqz1D8Y_a7;E9uAFt0z{169LddXcl zk{Z~^mJ!z2BFDRI-j2XhGb_!!0H`u%wsei~A*6!sH=1_{)d%ZRMu#F5ixC`6pWh&s zsrFD&og&vzs(iW&NjjYky6cUn#PrBs7m&Pge|*Gg&y>++f&D0_#vD}@R^RSo%k=$D z1E9Ql`fBW7A~vjTaQwMHvG+>=h5R_My|pfYYV#2H=drwWU~F-V_&Z~M%GML1pPReY zykrTsPY5o)<^dW_mBCS>UwYpu z1y@J9B9}}MnkL7b06n9`YqyA#pqBO>alZ0S`yZ}3Thyz-F8+=fQN|lBICEng0+b)* z1#__pXW-iu4gm)v>SyEwkH=qLzMC)UNC^?2%{*5%Rf2 zX01#p-IZxycp!&(LuFZdsiq=!g6hnlHf=P~rXQG5OsO(j&VGxCT zu-bXR;?JCCLqzEOCuO9)Ey4h`=RqaOP(M6HI)*G&Q3w(KQBYnWcgFi{Z9q6^LS;MV zE}A{Yfo9v7lyA*v)%UObl6JXrao-?G)gzMvAcbd_In5Y*>6ty8@s00s-Nj+bD^|lh zD?|&IA91n~1mT>-PNql2^pp8-ele2UYc^z1h>Ow8=00Y-;~G8OmbFX>s*bhBf;U~U zv33&1#1zPP>wwG=5F{1`C1fd@QblV??5xz`T32U}D06zMr}cAc8%F>gUk+~RaNsUDl1UiuwO=kM6g5Hx z8r+?|XfXnus}{O=PE#q&HGV4nZw8A>Y5k(E-m9aRA&s|pC+^T#5iC@t0h7Ow0KA;y zD55YzffMWc%6Y!WyysKxH!OA%I!bFQqYdqb#9}6FGbXxgf%-1Qb^D%G=yvc%8Dh$E z3^dI0K(#DS&8X%M6F4Mq2U9ix?3H%AqCziZsWnXzAwE;PrwoP(_!tyAF` z*aSD4s$thIXvVz$Vl2L%xYOa!hfPL6Ya*gzf~5D6XUnj_^ar(CrpA&L9Na^${J25J zd-C5_&aLwJSpWX6PLc^Fj1h+s!F0)`TROBjrJzZ=C1lStvIIZ`4d*&4>!4d`FL;MX zZidnZt(@pUUVpz1f)5e%V}^q{6sXoo91-X1zdtZRVtCdiJ2%xpo(8m*zPWJwxrMT@J z8T-b_xZedpx*HQDOe_P{(|c3tFTA@#uxw=>Kc)l<943aQR-cc%7=y{aEic4;0gTPA zta;s;nnGBJqVwI;fxTdNQI6PaqUgc*O`bqEzblO@Dc9$~gWX@(c98W`HwW+E+hqy$!?FLT(-jbrmb4FcC~=>yH?MTRot8Llih#*3NpT?>1mswvQSae8jR zivknej8R?nn=A)AybADUIWfv~kW2CS$N;~(NgPLIj2yJhn~BP8JK8vfyCQS9I`J_Z z4K4}$JkvW6#+7kl@sGCt*tA8fHa7s7a3V`bMzfEvSjHIY3&(8cE&gF2BQi*`tHruh zDR;iiH7>rFXmvZoM=i;8K4NF4NTeJ6_~M!ZOUa;1fKF)t&=iC>?A0)(f|_5qt5kwv z0k5>ys)Tam>w$5pNJow{*R^UOu7)F1D}N9_3twn}bVgzkqW*mvBTElC0Qi*lGO=wK z)WneDN^n zQRS=9ZB`K+_RGLi%HhOHL~OJj&? z9E1?oO>rF6(s7BHUqU#d0W9*L@phnWoT)v3*f^))RR#mVSH;?;SeDdIYgy@f=zT+ur1YqK zCRwg>B&>A`?b7{Z9+ube?h-K1R^cnUpoHl!p|@|9PsqVPtKpY)vZ<#NehD#BZW_@b z!+#i3nwAOt0r!Vlztz&$(-IOvM9W`dqr|LpRaE&`gk+9#AS-4F;1SU@JAIMAPgt`Yx zEDjFJAs<4&{Cx|PQ>51Na>FN%7puUf<%|Y%s7>sz&hRrp7SnSaq16(aErw*hKAnfc z!nnDt3e1Hu1?0&mssp%{Qu#f!PeajN&_8m!5Q)KcQsNMkMe<;ZV&*LLLwq)vZ7f-4 zbZ53o7-L|5)CEW^vGH*ZG{z#?cFvSmXIO1iKR-ly;b1Ey+II?V8Xzvw>a#<9&j3g! zVvHBQYBv3(Uo+l4M8pbDcxJqWqanu>l5)5Yp(SP}gl8ffsXfeUB3r-YiKE$CNmfAK z0|YbBd}IZ02DxJU5ze~}F+fm)v8Hom#aGNTq|5w(R}YOwxEJBK?DNknis$!nw5p^*uNAa zOZ#H|mZ}^@?LX1g+8bSj=fUwA0(1TzG{5mn)?_HWX{JF1D_irdxBWW5TS7R{9V#v< zZ{ab2taX8sS$8$a8#_{$(5!R1V@##`(aur{X;<&ci~}IFkC)w*Uns7E)xlzlJiQMO zl;ksyOk~B>P)ZeELZ1Js;m(1nW*TvDHFv5} zo}aLj_>L&9|8wp)dA>|>o1N?-4+=#%B*q~JLrn2@p^RW(WHxY!GVt+X-clmz7$SAE5!ZJTE#|1h@gfy&YIttla4=K^oW zZ%b=>0Y#zyB%^FQ)u|WXI)J$%rw`Z0DC}E>ghZVN8Ewr9*N-o&IanerK3tV&&<;65 zYbQGBDXj&4Tp4(gWY>#?WJ?Mo6cNl}O|j?zllhqa+^bn*T22pQH&AK^23-7W`^89+ zz@8E)sI%ID16CQXj0O}h8y{Tv-xzRk69vN7fQo{ zZBA6;)Ef0cC7zG0yR-7Cf4fz#5j`K)dAk5mEC%>OljS=7-YuQ_$MJ>|{huEC@Bet{ zw*Rk(o(}krhhFf1_7(rlHvV4^z47mh|KmTF_dox!$N%=w(*ghMp&O?C+e5dmH~&z= zztjX)$}Oj`7bsQQH$!~_fQGu3mylbp2n>S^i=PZXtZrhwVFnZ$dZtUdT>mOuv8S&H+Xt-SL!eOhpxbyo-1;a_a*ax1Ba;|m2uBjnWFjvUm z2`Oi4Qnzd!g!1S9_)h447tF4y5Ph39h1VoxF;}U?#=hI~z75X{v@d#=?}vn3W(<)Y z2HQK_TbLw{3(MLVKDejv-Qb;tcOB_=`fKQH&^q_JmA7q5Xyi;KeQvhUvo9#`A?_rw zf38gq{qA5pr$Vrt>v?!_2Ry=Ayh+KZRSKZO7T+{;c19ecRhxRsXxwJ2VTJ8i{fH)B zBvE69C13XEL_mYf1@RTM9;kfmv=tcEPx>%Nz|ONG2m5nvi-TYy4}kwYL8%@~l(;^g zk!!J-)(%&-_5_n?H0VyW()U__YHAHSh6^tln)qiVBdxf=3vU+~&1S_^I+Rv1Z?X28A(nlvN~yKXoz8F07@BvNR8Kk)o-3?6C;|_dRA1KG^}gq)s0l z75?RvH(7Msr%%DSrG^;IQHg1mvSa{7$#m#?K@b5V<tajL_IlT;+Pf#b8RloeP8x%+r(8stZlQuvDDe1ml-*^i>Mle z9U9^Zcjo)&8xS{Cxl}?@=h#|w(-$m2_=X>OuY%yL{RXP*&@kSHweso~=nOAB??%Kb zs1EUM%2Q8fCn|(4&*)M^MFOq>0!dwnwF32Cj`e_)8Z(%|fsdwvZ0U8u#sxBC2?jGQ zcoraK$3NB+8nY?)m3WU3jd~67%Kq`dV0YkyjoFTUb)WWJ4H*k6(iT}`=t!6k07seCcK@v^PXLYL6!s77Un_sj z8FR^dcS~Rumfc2~t(%z{5*CmKHw8nzdxjW+1^Rr&RBS77?^lQ@27-a(Gn{OU8|2U9 zq8VQ(IF;8$=TVOf72ySBaJ3{tS!D%M=G@+}gzSi1YlW(d>WTNBMgUJXtMm4WVrwJb z#MSG5eKFkVD*JsB*x1d@uFBic;w4f!ivfAdjLp|_|8SJIX_GL-EdIwq_KZr(72RB` zcv;~4l6W2(Z}`tk((xG%@10(Y!oe ztLXhSWAz^~B*#6Sw4xXKB^^UcrYSlVDJUex1*!yEu+uW~lnUM6l#SL;d%B95tH#Z- z?dROR!QvM;(VI~u{$yG!arG}@A$U4HT~j4`4U?eYD<0CTLH7J@p&(TSoJaG+(g$dB zC-_KAC6}+83Z{_Dpi2FNySLr09KqUAJ5eD{G(mrj_O|D#`o@xK=P5{vid0e90Kp(K z>uxIOy=T_L-`oUjAW%^G;!7FwyvC^ao%3F zo_~`+r|iGv4_*E@`4tldboYQa;UQ*i?sZN?vkWEcVlrL@Gou@Z4{>LV;*!o`R>~#e z4;%!Vy6~JONg?cJe_X;^s^)&ir(`eBkfrdp14P%*A zr)vE(0&=6Wi;?91;u=$Br{r6jah|kV$#s?mA3*B>h}gF8P(z*4tWt({II^4netvDr zD{Bf;J2uFK-H|?-wg#BDz%>L-h?h3f-<7}P{QNb>6#iuaDU;BjYK*jFuS5f>T(UAy z*>k*F8M(=#KjQH63*F;Tz$PmdOzwSbGuL~)^ZcK*J>a+=$DbA66LgM?3e}L)f{h-n z1X~vO>6Jcu13|%qtBa9=*(~uqV@_TclegwH^74D=I@h*o8taHN9kW0&t#jat01Q#* zYYlj357;#1#xaVg06f4F^J0}!u_60uf4z=tL+Qat`@f63U8YOr5HhGBVAwJP_+#Wj z+ho==#NoH{h}0i@AHC1ns| zj0Hv9*7;1#!LPD=Bs!6gxeQ~DQL<=$H$`lw$}y`Ih*VswA>{atVD7}_2Ri8Zn?SB& zYIpeVA{$-mtZ=%wlvv#A@uedgz5hvw5*qSa?{|*2u+{Rz8>g?QjQurry2*x9raQ;V zsr@x~5OHcBX~3_zT@oqTvtWy@)ETL z6?oRo8AYd1(F89zVQ@Ai5Vm5CU_uXf&DSizVs$7JYHM12j&s&mtZVvkf}CCgt_bJ^ zkcCckU%^znzO+dS^cfYS$YSllJ9JN#jccJiSOKx>>tD{P$fL?5*f~!c^WzG#x0P78 zeD8a#Sb=V0fxc(Rif;t-=)ZipQ#+2f)MJ@|DwXwtY*kwVwc6?!k6p~Bf0qn+(WD|- z!jjQXCG?|IwX0)b2JlVwmL6HJZu56{_h&gl8I*AQFRA)Mwspr+RfH>W07G5<}ck8R_V4f)??NZzh zbxK1JNh~_}qemzYCuh&!RQwQQh4oS{@bV0HMmac!<=uMFf#x_dlb=B{EQ2RsnCul^ z=Hzy52PzGfTp~@iS}64dk80SM+;8%gz!vCu&_jacFu;;eOAu05dgsbq{0`~w+EDLO zxI-)>>*~pdi!{S)U=xhBDH`&ORgI8;FOFFofy_wP@y^}y%q)Afd!r~RHaAvO7tG{khj^W}f>bm&3g z()u0GfY$>rOk#dfSdZ;5{&q}CQ@{~;O;brb=fqOpk^d6KU+U7M&3C*FyPW>js8r1L zF+_EE>q?zlC{{djtDNkx^-(6RskSgX7`=ctID))n3yA{@sbqB2xhohm%pC#);8v|R z4tHy9`voWOULF0$m}^%Fu5d)sLLY-?9pE-Cr^o~z280tSV%>@Rcm;i53iYx(dM?oI zY;pZmp4KM(cPKk27|YqGf9bFQ&uo|iUO!P>83Lw$_Jj_fNMkrpoM!fZRe@_Y&rb<& zTG*V7u}=URK&3WT*EZ14G&HfNcRy^4)5A6A1^w}6y;J#ABL`48wh zb~UfMgSpb~`3DhPu_L~wK|ATa*fc#=mp&<4RA^hR*qO~W!SByBxkWY3L3%m)T$SwD zgoI?$VCJhw;=y&M$M7-%>jnMVqROzV{Iz3TC*qXrIo`rOTQg6o_E?g_heAzdH`)mT zjZ%5XKvk3`(GEW3iMr$8&F;S!6Y0(?$&^V?aLS$EUr$$8B6LBT6Q5nKJZLzufVQqs zqJ~wz@q&;6`HSfG(LkfpT>~1}JjxjE;48&Bu`5(*U<2r#KnT0v?MpZDK2+SDZ08^J z5Wvg^4xU};pBz+_oB|s@(t4r?LpsmZ*j0Uv+m{HP?Kl1Q$+`kmM+)x#t`H34hInvO z$Ckpx=rs1@SHf6 z37@gk;u;i56S6RXQ3mo&F2PfE3KA2_o4bGiU5ealavtwbX%<}?_KP7SDS#=4B^D4N ztL&C3Wu{`>+w!%Lsg9Ev__?d!p%}h|Q!~@6E5^SFgPlFJBf<@nnxWU=bnoID+M$Gw z%xjODT7koWPJnyAAQ!=DM29*!ua)g>Li6vk4!Qi_dJiNeGQX(~&cV}0UxpCVNRgMX zt9B43<3gQN`!&{B8^A>rYMQCmiY3y6DqlNR1|d7R2AJ}F`_ocD6qw5ec_&GHP&G77 z1-|?f%xy6`PE5R%NVkoDM^;-GPbII@>m_Xe7EFaF1LB`H6}A2fnsFNENRDF5jOUV% zZi~CXB=W`R*xtwj?O^;69I|C77h|cau{Wr|V$IR;?_6?+aa<>#E3$6y0*gzSs4$%g zbh)G|$>gXUAicUV+cDkCEQs{=dHlC#V6)*U411D?jO|L{t4U@7B6hd? z&T8UVu4*v%tUR}48VeiMUdntcOo6UK1gRsNcR}$e9)eW|-n*@l@gQ9EY<0orPtf>w zPe{Ns1DEgRG$89$owjG8=?IoKql3`$d|dzu3u zN)uyKyFux-`Z3a@RZC55f>Jm@7K20c(AEOd&6mcz47+YCPfWfps!)ZN{?VKV>}p{s zf%&j>gDVVp@b3z}{O!LL`k&%|SLna({j-*yu)kCZTT!^DHJOr8;WiNE zyhF=GgV+=)G)lN`t|G+mCst&AupLmpl1O{bYP8y>y`ocSse~@B{mXpjH^}3e zSzFCiuF#YFGIdsph_@I3ZjJ-Vyzd6@UWlXm3hfgT8+88E3?CuSfe^YmgBI-I`}zkZGk&5Wy#3|E{aG#^>#Y#{u}nV!T*?L#Hx7epPG@*+U6 z=r@cS=Jb zqF6fY#B^y`@#UuI)Qk7@QuztsC;vSWxGyEu?BYZq9yt$JcN`S$Y*nS^FtH{x2BkK# zTk-*sd(k1f9n>w;fv2nWAwZvBW$LT@Pg`jiic_o$Jxki%T{k%KfP?urc~)V`NH&_e z{vl#wl@OfR;blKv{~|h{OeI0Vh%>*zIHvC)+W__QF#Kpe2tH*<;xlC(VxIYL&cAzv z_-$l()HsI$0D(~5i&F4D>x{2B%K;;v-B8Y&R)ZNe>YQP9HSuW5@QGLmT;ZRxDKf3) zds5`xG2M2O;L2JAxw;yRAMYjT2F&SmCx$ZI#IDrY%Dz;^#EhgQ!4gR z{b4KcXsS7rgV7zi;XraW3KN~6{NmC6A^)Jn|0KWQf5^Z8Z}QjX{g?b&4gV%TtL7y` z)0qfQ9YSD=Q{&q8gAO#PIWiO+QT~VURv|D9flU+ z;ueaH(XH^~q9+%=BqI%3M0#IcdzhRoHW!;T9o4kJ8WUIXi7e+Dz$NBMy3wO~?U#hOp{jY|2z$_;KCPPYoB6??6JUPjLymL^iPn9=&wFSi zc|8DO`VjME-HgBRC!6xA_kLwkQytT*`VVlTLp(2WVNGRO48F zb7#eo4{g~#&jbDWW!cPo{WWQ9&+A4>X>L}V0lqK1$BRyp+Yfa^4SnS1gcq`gD$aa-|@p($z zFfj8Jey=~%(EKy3Gby^nCoL(q=vB=;rJelQ9}&IKdwTV!rKhc%{eB1pR3T`x+8KGH zWNA(jRkMjPQARs)owj+mj&brAO6MR+kN~Xmr4m`Pj%*mJm z>!`xKq7f1~NY)S3KBN|>E9e>x4|;Z>fiJaB7;$-+eSG-~!|~P3S*^O1n+J?bdFh{L zEtzqdy1?Q5v&g&A_iy|SXK^^;bdQQID^|j{f76Dg`3Qt&%Ytd0RL(~cc z^Bx#`>BUvZhMJHzl>n3#z9kquZ7{B`e{$oou>AL;Ed1}5rlZlhTmZdEJVc9Tp>yhZ z^Qys2+Cj#mSO6McugYDmyV7}9PG326%;)GE;o`Nc2J5uw#5u@6+M&=LPyivZMMWQ| z8WaSDu~&w*Qf&sC9kyAIB!20YC7KU*|ItXn6VYZeZ*dXRq!ubmp>vZ|LU`h~vMxHI zOD3-N3@*cX%`8N*?Dp0Hh=i=cEp_m;-0$Vj5k|GHO?*7Wx&IdZ%~$)DaATcoJO{u@ zH+uxfaaQuw(gmz^();#JrnubGdMWBux=3q%;N-&jLXB1N&1?3QbP zBXQusvbUoJoqW3(U_=u2REY3Y;^rvLgyXddhp$%9js4|_K^A_}f^u;U4~$X|zZ9NE zv=C;Hm?Al{!C+|<3f^11c?~SCj61+!M%!jC&!RjBW~4^z`*<+QB-PD4Uw&{1QT02K zAOXM(_>Rkh_yjajBzd`WopU@3w>dWrdouD}PUOzG?M+$GOT-GuMy@@sZ#mvvq(^Db z7|C5}n>Dl1?H*I9ifA4+M@9ynck06bmV-BB1CZUUZAcn$)Ot2706cM<8gd0p1ch4+YA|{VAVh52UGf=1!q3uTx>Q91*|cJi)u*wyu=57;IUAS9~1HjD(+@{8^N}|hIRuWYuWfr zK<;Iw%`}=wyUxTQLDf^MRt>+=xzWCQsSk>1XI;NEr%Y3;8sRtB^5edJv)K|ev_|Mt*tIk~96=96@{W3%H&V&Xr*!Xk|_bE!`$h4?+d)fn~u%ibTnmi?x9|x>vCZO>lVwj0_1f znspl95z4U5JKk*=k9BJMEE@covJ8UHU)6O0lG`08&>aivBcFNa+dyw4Z|O{|Oi6F1 z_iNae^&Ja6j&8s7HG+qBW#(W9>rR@GBg9&=Y?+h<4n9KDNWh9vP z2nznW)XYv#Rt%a{E>ot^pqYI`3e9pY9j8PbgM-cn)|=NuLCx2n?Vs@+6?td7SUfjk zM|=w53+_0rb=@js`F9A=yj3z%de0On_=@t80JS;GE`R!itf3SZ)|k* z6GjLx*!VXF^&EN-brUTzS*gdjD&#)?iurX#cmIq}nN>x0DBiyjt}!zi0W;oZQuJa8 zJ6j@pb6Y{D$yksOeXl${k2UsJx`6UTa*GK)`&mCyxCFOoL;M1`ZnLbU{d!h!oH<=e6HU^U$$%R42Aak%@wrNpmIU=I#)3r z#NB9Jjm&bLID-osi7{5zfddo03>E0Q@(nVavI-5JFK({68de>~vc&9zI9eYsH8Yd> zwehmwpf1Gf&qaHQEjfrc!V{t)GjjDFtO44T8^beGh|lQ6*hK+S#_EpANPg4faphbO z=o%LMOJfQM%eTVg1k~-%Z3I@UBsJdP-w^>G*~XB?Q_85NdZ z2=xu(&m#wzj4?uqAF+_mHg#7MC$yrjIwwNd(BiGjImCeM87Czds)xFK@FRbqRODuf zKDom(QXBo^$gW*EpgbiuK==DH?Z(EYHUG6S?b4ZZMB_}{fBI^LrsD|}S~;pDE)ci} ztTDUIt|B>a5L6?`qqJLsnBBfHMmrcQp^P+Nv8A3kI$b&~rt>y}tYZ`;Jb1PRw%uTi zt1`II65X?-WH|rLK8knrw)tn@7>#i+?Mfr70tTh_mc;`Rrk zj7yVYP4}?txwRbL<$uVpto%R8FZ>_!@BW+o9e4jFKhgES$qzCmj*|ha8~8(OGcGt6Cz-;q@{>hVMeXIt3KKZ`mASHn zr)nhlK58@w4}yu*y*z`3x{BF0?LGZsW+|J)ykElLTcfL-YYXayy@Q1*l!h%+Hi{<0P2V#~xi1aJTXjB%95*#UYYVDq0;QM$~ zPFEwci5DBV-6=Snmj|;b%I$hfbVG^<92FV^46M}K$>)dZJ}BS?t0Z(M4dX}+@>5R( zT?;5PA`1rgIMBV3EL*NY@bf|d5UcIS=u)iWatCn1;K&lcR)pfdmwxnz?)bN9w6M0! zx5N_L&qurshH$}iZIUMqy$Nz0?kIQow>J$qa@*!L z8C){4|idUoU9>EvB`y31@ml0HV)K0GBwU5 z#>gYh2x6A>=e?E6U3;FQkXwsw@6_uQ7-Lf~`h5fYhng-^+z9;D2Rcw*bzApQPvh1P zo}yl-CSpjX!&-g~Zj3R~a1!1ujO2BY)GaD(nHSFfywK~y5GJ|@CoZ0cmsR7T6KKTo zkz8=*24&FYM4ssv$*oz+<@j@JVs zXfp7WQ0RG^F}=&0EMV#kN>7YZT+Ri^cW*vA#q*GTq8*OMHm>1`p}1Dqpa;hp*u2Zk z6UrlKgU;&TjF-#rhqa5aQZ&GG=)mTL^2P;g>lyR7k-7D?mKQzzGKl>?^-{^9Ru;Gg z9Kz+pNK5|}j;mV1XO;b10%D+Y4a@&o3s zIUR$#2=|#JLpJD3k=9L3po58)f~3$FQBjuBu4@T=C%<<880e@M>j6E@SkbKKu%5(+ zzT?t9+#r&N2HDsHXR9+p2euVdCfa6~b2D|?u*t#%V+i23{4>&#V@JT|1c~SH^O+6E zAOneAy^7YoQZ53}UNK!kuHHwH#?25n#BtTI%ekd=Yaz+j~29UsG{Ov(<2w` z0G_r5u&gvjAiqk(g)CQ*>6}1%{CWMhl&1-P(5fz_|cRIVuy#%rby<<96)fK-t7QLzkA!55>Li~jibh6RWq(!bOGno zm%`#kvL+4#6;%h3*t<-rr zwG`vx+LM|n1PVjfnU4Mnu@ZhkPA?$Njcie zs=$6)&0MTSrM6m%^U<93LqMny-@r%3XCAtDfx99-t3OHJPD{&LY4LCV5=l&Z{qoMu z`3`@VE86sf0^=p`OzDEUb3B&Ot3r9XUI@e+EbBOvgOG$j-ihCcY_PuImbI+OKLGU_ z@(GefI2E?y{aB^oLKASl-IX3FXDRb?pxcMH(Dw2FL;ib%|C#D^{ZFdX=KoD~_NDzz zb+&rB{r}|uTkl)_cQZnx<^R+Yk^gAP&cC&!FYUitqVs<)X#IT+=I^U!xVV4+^gwt0 zBBuTOG0;OhZ;H;L1U*oN+U>n1=syBcKILov1VLj%eVktSC|6nO!U;#phr1et88U!I zM^V!J#K(=acnYJSN5#H8Q}iX*IF3AST$1=iWHWvdZwLao8M9&4=xE{tj!9yK;C)f~)>-paz10lw>Xfd%C_i^H2&KQaIwbQj;{S>2WC1= z>yQ6by?{EWMT_QAeiB`?o-^+=j3*08miaC2(|a@uXBNGx!155u0A=cK%1Ji-kSm*; zp8vjp-IB)pwP!^tr8O24y7ksa@A@*g5u9>b#nI0UFr???jXqxHxQ}aK%G$6>mfv+U z)KBg!seo9zz8!@0V4+-XuvuV6P38PZ_IryBNwKUIgxWcxt_go+6vnht$t^*>PXil= z%V)%~gSFC`{$3AvE=dAj+la`s0H3fN?md{Cuk4`jnJ!F8#;t|rp&~NJ@4r_D5(;_w zwA@}HJ!6P?;sM;{9nsBwDqz@9t5hRI#IXoh^3c*jnPXcZ>-=0E(9-C@VG>ZuFZg0) z=`g}Z4sp(;F8Dr^lW4$B14i!Wn@PmF@KZGIf7fPb_MHc6f)tE~jkE1+9t!A?`1^-ei$-<^1Cnpt2|Kb6k$d8nTb0)>sQUD-<|A5MnVq+m60+H`qK=wr&X1c|8-skPXngtXH^$Pbf#|1r&rJzyjUiQ4(eFrmSZ_p z8#{6Ne_a56WLSa+7|;6uZXoho%ug|U%}W|`%fKc8OD$K7kH7NURBb}ixTmVZQHB`j zqy2joMkKZ3WMY>w6hn#|>846v3)j>=FMzL$cMT}{ZHL9qsn z=al8*oF-Amg}A${`BN&#nAdv(n&j==PvT+)M6NFM;tau_`JLBrr$$Kh67_4K#fUq@ z`9$2aVdjVXa!&>qG}g=`p48ueLP(?$edkP*RKrD0E_;udtnyhsis6IQJoN)1l;VZ4 z!yL2n`2ln?zZ0cc4d*CNEYRU}K>QP*Cg7V06RfN{|~G&z7>@F(NQ_o_x_0#y>}+rU?PCKo(?e5vFYcW*^dfIaUuGUQ}Y)O@?E2hT}1M zMfda131vAyGoHqlU$CX0t;_AJW-cyjPey@==u)ayJw(oTK{1ZZ_CT2 zvhMuu$o;a_seM4yAIHpuJbm62NScjRXu(ssHhS&CXRCyw@%D#pIF15(_y%yQt9en6QaN$r?ja0JUK0p#0cC&* zHO?quJLT-FU*hIzY~rE%Buom%ay$nhLI&LH_af|~Lfcms^c6L=^EwSBpOCG*+|LVr zqK#%E`Tu@RW%QIfSd6uXV~k?F>*=(oZ@f%k6erBLi#n5jQZ8p?*=`1b5^owL=GC+J z(qxC~{S!x*XV+fg@aR;d{hYq6!sjCLl9mP&@TC9tmDT9#C&ql8y0VElXg=s8&Tm)> z#Cukvw>Bdq(yt-)8>&Z7xh^~)-cY{M;Btf{RnIz!fDs&yxepam0 z0!SM+#yo;}ew8_ubMOE~cGTvy5Wr9E+y=wCsB!1^6eo`b-{#EZ+DM-YEOjW8> zX$bPsOq|13j7J225%8Ue_2 z!zTtJ#vTyZQ;++IKmt1zP+;HP_I?@Ik5C3?5mCkRCsoNwho|;*DF+t}6&3n9OWUDQ zh$8g3wG?r5K^-TR5i~P%XF9~EXD~C(U+UO|la&BO*_M%@-UNvB}O7&H%lT}g%Mna2Gow~*0x z4o#mAzse;r1P`kzgG!&4mlneM+%=?9U@e>8Gax^`A6(t0o|k)~!Kpr(*V7iIo3*K2 zu6!azivzLEU7W#n5;8D8SpX>fR5B>H^zPkj8L_@OK#$y@2uAGSZ#Vj-ihD~%i9q(m z17UOl9^0ugz#CdZ5$GX4r+H<7x4Ayn08(2{GU%&Jo@Ibrww*0@=!Q?lE1NnjduA-s zqzD~0?%<`;0`qk%q=pU10Fnp%cPhSkBl>3m;Z2@CKYL*t8O3&{qQl5yUF0AVF}{D(Cs;@h z^$p1I$okrTU|)#&j_rs!oB>Xu?pPyBM-{uGQqcaoFQqyKXthC?^#oU0IrSm{j75|> z*DN4`HSBZ1t6yUGjht7gz-~zg%)D(0-F5Kve6L&{rvCjDXR@Zu7Ifl(u4PqI>Aw6e zVH%O$nPth;x>wx@lc3jn2!eNOzVpm7zmj1dL)GTwOC?vA|W%ko*J%?Jlo#2@uZ4?fYu49@MRN6tD> zk#{RB;4lB6G}4+Yzi;fCFip(B)*3_K$H4{t1QLw{$G^*uIEO(6u^}6@7x+U04u^=P zx*>8-NvND`2XDK2Z#j&E{QvQFPrBC$V6*swn9-qa_gd)htBJn7AeEiQ317Lyl6Ix%#Lo zhvWY7F-+T7ay6Ly*ZU`T%TGo2I6ZJaU8=`{BLMBi8(t>Tj{=-9XZd;~CAWi{Qs_0y z$}iXBka&te3)ewsbS-_gmmI1xxehv>fJoz7)FBm-?|iu%hGw+^`QyheS0Y80axjSU zPc-V0SgWuScM**`L~0W`nk`SmejIsGH!-S^+||PtRSFLF_BT?o!vt8e?%8EO{FFBJ z`gAwgZRln3FfwRInSc8eo}`+rl42xQF;a*Cy>y;v>1&`tBK|JB;+aij&Z=0UY$9wom^ySUBpL?+(D0)4XWxme zoH#_Go{-%0!eHIgo*x!OHU(dl?1DlaIe;_RtNm{P@mn+q|Gw9opoD;_21t5s%i-c;hKZ>c@rq8u*qnV)6bM@`c^3Q{LnhAfEOs?&Y(p@Ix8j`+b&hT;3p?kke z1j(fbiF$L6`D9%pMF)TnQ0$I^Yfk5SYNzM45X3{b#M|puK5dRP(|puHSSUyQ(trA7 z$Q9p(6D6h2=FZ-f+crM0pB&>*L7FT|A1#Y;Cv}F8P;51ywO3OHbRmFJp2MjoGnAV} z!mI(EfZVA$%ui3Jmt~hAk6n{}YXF$86AQG3xM1jc6f}vv-3?It5gE5j>r_yx6C;LY zl6Icz?_uMw#>JK(BO~*9dDQ$`1v=*5Gy$LWHG52x{BaL(5i|gYG+aVB5)fso@v#~NPpt{vuRCN;tDQ_0B9cvAbiMR1HesCV0^t@ z-Pey&AG+(|?Q3cgc-HUkFXeg(5nVuf|GR>@=80uDw86*;;7|b00sj;9uqV&3KL>qB z6A>;7#Db>W?F#tEcH9&&rh^*oc5|GCBXzYI3pBbAaZ~Z~yhRi2REYdl54Zx)RIli; zYqy54&U{wV(uJ>lHzZ()gOjc?*bH@Yvf%Y*C!^ADV(WZ4F8w5&+|jE00_^cAfMNK` zAv84%9bNH_Ppn9h&(P67%TCzt&y(S;?4Z3*VP?qP_SgnSYi>sq?+A2WD_-BwkJy{+ z4QuG8l(Qd_G}jCUyR6`cHIu^qw+jx5vuf567N4?pb=xh!qG5_HeG6M3;th<(h)UVt z-J8uJ72(8z<@x>`YBuUg$ia|MCC6`>+{IPkKZi~a%rQ?#tM|Oh`4~4jx5R(eI3Wpd zToKCUlSjd9eQ+GQ;ETPR{bYUjIFgbIVo)tDTmdu8spjoD3S|#m7%PFrNhPxqI$8rGRP@!s z&DDHSm`=I=3R+8ydq*Awl1)ih?aN+jD1S7F1*tcXUJ< zonFo|4@mC_k4HA3$Hvme;I$}l36ku?-XJorW~Eeb-mpKA@m>!?6_@7^m)cBaB$}3k z1#UgqHH7t$lLI@8nr9Xsn4^ye{{puPqh^B52Z2ZexMbgpO)=Rb<>KSXx(w}sqV{ZU z1KldzaaPrF2;NPz`-#{tq<=vPtO&YS`(kxs|Gi{go!Oca=1e(ucWID)fHF*gnGn4k zd(+GFbc)6x0o%W~wy{=ifec%>&-27p!@E5CmRO-1A6S^*@?LE?jUFUb+2~lH;{?>+ zW53}3g-1&gr7Gs;1icv{|CFt7fiq0enbWZE=ge(3VyI}Kb ze#I$cG7((Qr9!q7HxPAkX4?&$J|`3qS>H+*yX0V^$)I*sn>lXU$NMIWD~zgfPQRp3 z`~ePSNNU@UmoDoa1L22@6mZ81pU9cBQ0dH_gU^F}I-Ok=BpI~ETJG_*%1NX*+YmEJ z)(n3NV6+ttkm!K)j&foo?ttne@rNA#?+a7qqo{Z!o4_fUVZl9hRk~?h+i-m6mih$m zz3|DkP`1*!eUZi!wOFw^LygXK+qNARgVKbN8LwP8-GH2C6 zsV0|YsvDeWd^elp75Z^#tC}C=ss%vSy+R)5(eHCL^8F@LDdE5cbR+Sys@{j36j@5} zC+q&L1>O6&_kC+@tcyd|?4P6`s(|B@j0-+zIp;#iiWMN~>H^mmnP0Hf*SWPnaGaC+ zFbA5pXgUSWNsqaDew&={A4G&XhJZwu>ynkKT4oo!6Q(PJ%qabd#^+^tw@^T9U5;lx z3e<>K%KR8DyoqEc5`b-xD|AIpd!JKoco4+{*Y;|U;dbReb0h2pvcMlOYj;yHUr@4! z1HIkBoy{@!LwcvJv`6lI&q`WybR5=nDi!5l$R+t%XjGt@Z_h*iu3s7%fCLINn6l|{ z@MDQQtiw-9jWTR@-$1=~W!AVXi9tuNVf-1Xyapn*%I^=KaX;d;{aK-OLx~Y*L0JeBcBPgY(>+2GuJjsuIB#RIGxl~LX z;xgLOZ+~)O_ue-4o~Z0y&QZydH3w^D%Wr|SaZ==SfqT55zsL|6VxEHftS7fcAzu2u zJzu|9nM@+CQNtuwklfwW;GR1!o|Z#6m(Nvt#C&tFr6P#Z+pS%SyYG>B8qRAMb%Y;uip&W10#jI?eGJ25R$B!h@MCePeUI>Bs`f<{%3w@hyC^ZhtOQfLaQ0*- z4;IDk{&E36ME~;TS)-eFs;oVME{}m=+m?tjjF>2w*z2s}mijafdga3yX?49sdN=V3@Bzn+sk-Wdc^RPi7 zA^xz1$xBM?J608J?m$)cEu!+Ll&Fid<<)k*Bgfoh+uWEwXq_SKs8n}_gF4Ks{G!+D z-?XRduh9QTr?SVt=C}H9^RIFI(+6SV{r}8w`#0;S{Kx!@yZ_Vt691Z?=|9cC#__ND z|1M}v#{H-Hp>j=89KJ=B10ncP68cQY`W6|Vu@u2e@~Ri~J+`cylQBSly~WzL4dW-^ zYFf%Q2_c#8YPHcdHDAfv+35@-djAN;JTT=og>@U~5VoT}xqfd?%4$><^UgwU z=cmv(dOg8M6uRE*v)IMdq>L*EtyD1JGVs%x7to-9_z4dxF=RKP+og}a?(vc9v|Ax- z+-pw0R`2+k{5|uNeOASN{dB6p0-GCPr_e5trc}RO()eABJr;qUFwM5ihqk83=4i7#e z`uC0A7lF);=Uc{|q3sP32HU2=JG9K{zH|PK{faI%*XX@BZ>~t6@4^S9dbkDHGLM(L zyu%$xfEVS#ArL~KK>5uI>vf2tL!~z+3_&KeQUzdE0EG`iCn)E@tcgC@E04x5{dEi9 znm4{L(Bg*^wZ;Sa_^05o;gS0>3nz)Qzd5tEbCS}QzRnl>@er7=6K&7L-`q&#a4Y%+{52fNw_HA7NL1oi)PbMl= zzL!l&v03s39GnPc@1;RvVxV2>H-r6MNhPrH(tP=9DW=-<*oq!5Id2P>dO(M(zVUc7 ziM2c$3bNuI1bIb9@L`_jB^J%M!*2t|((=>zQSxT!JR8+wV7?h0GfGOreS(woo057` ztt&$N<^yMPKu#-yAi&DPBsnGibPn7V0$IMTB9kGuoydCHT{{l`Vx} z^vYQY9+Oz`>#pK7KNLDg0+3PdU0w$WuN@w=tZR{Y0glYei(uj$EWGQRO+d=PAV4?7 z$9P$B)K1LM_Gf-5C2Vk!4}UdzF93$+e4b~JUJo%C`(s^TcoC-!8ki>NYCi7^DT;G= z-E6|MOO&iMjPwou=IpS#D`l0XeMo3q0K{6)HdjC^Bc{~!;_5xnC}SzuUTd4;P9(>1 z45zJsz;fpcE6mK{wT#GX2ilc}*SHL0{AMTLw-s@yQ4z{L0-v+#O(lEemDjcn;Lvy{ z7W;~Bj!#!rGa#ULoGXC)a7=phe2GQyI&R+ODI(CwVq_b-L{vb5mi7x8f4tVp)LB^O zMc}y+!cN6Xdky$E!Bt|I)`DxjpsSaXH;E`rd)Tf|?_=ES{+dxN5|dTL+8pLsagu=3Lnbq{~*WbFTrQydN^*1}Y-b`F`&3XC2v!BuLX=!p|zTO-7M z5z_#Gd=?4vcOxUuqt>xO&#GB{Q zbmFGJ@Pb1~fXU>G3aS+W9rlq497@r8lG{5;$_`hBJ@=Bk2KY$EQKWuZwHlPSk1HeS z#iO|6wVNG5X2}LVj<|}@ldp}N!nkHxc*l*TftBlhiU|83ewN_+$)>Wf~38kcqKEapgJd)k=PJ~E*t4|vAIkI6J16h1uPE0`DjZ-!1 zyZO)l%-|MD42eag=VO&}|v~f~)A~W=!_p~TRybg~I|I6<;x`J4NSl6*Mwg_jrJd9F^;%kAtt$$c6>Ph7)uqpBr7Z7yZ5Kgob0bHuP0 zSGI*y=lB(w0jAq0vV@ixo09QO#7EVkj#NQmuc5+GuO*uf@Su)V?&!^*;D;1^<8*bNu*P3(1L&tr=eqK(oCdH)) zgr1(?3SC@OCHeB&wI}0fn>;j$)#Rcv`Rl;zrb$B{!nl($xEkt^YGfT07X-33&os$a z5Wwjor^=Wnl*kz&rl27d0?DOqw^8PP)Deo%;!mHx*~*+=_ZrI*OLBK`WX3n(8^RF{ z)G-g549ne`lFP0%=xJu;Yo?ShMNTd=?jGn!QgfxA3V}86B{iuUEW6svJ4>=j!Dd#m z#hnrOjn>GnE@78I?u>cA;TB%=5g|b~9spozBdv<0bwYk}(VDj;Y<~ZW4^c@vc}bbx zsi6b0_FM^e2ia092nLd^yAq(TEp2qPE2j}TN;kACjqJa!h;J&S8u*X|kgzH#FHi+m zxB}K8W8}ElIZFw~-Y99OEUW-GDDmQY*ku(xc}XlaK&N;qf6F**q(ZdOJvR zA#gk}iAGumR<`KjN2&2;_G6k_vPX>q-I`hwjRk`$dqpbHc{L1ef_8#=Wc{2xLx@w9 zkcv1_OXvJSaUAgtR8I(f@}`UGrQ(QkO*fE}3K`Wr9_ zrijpSvG9Di*Vq`oQH$S|9GMYFz8PB{kmsLKqTLz>(NOjAy%r^&q zcN*;3ddeM8s0$VNPb9FxpaCBNn`9N{y;DBeBdom1x-MIQkk{c(Dl8VT>1@7@`8$X8 z{j5nMkF8tnaaK4DW-?H_jR@ef{uo?1kL9qo?|LxSY~ z@VDGmyrfa9p9g9b1GCto{vE2hkN(hMyNyAg0Rq62{CiPu`1Z|@q`vVHR_>(ge}sPa zSLpx4{GR`s-}1lBe;DzP`8BEk+x%Gj|I_?Z|C*oSKh1v_@qamgviX0SznX=@L@TZ= z-MJR-7yHOg3z*NFg;V*+x}=KbkRx)(H^DmAD-l{xk?6C#y57@-xyteCCR#`nLKTlRY(DSLkHDm_o+kktqa!i z{w!_R1iCqTKaWyd3cD7ob&D24+Ks11G$X(dzTyIp?GI5%+pHqG8E$P_RgGSm$$G~_ z@wcAO@>=r(?bL%D5+|oP)bBy|c=4ekUJuJ_6 z=)pT?UN9xny_W(mJimnQ`6V*6>7act!vKSroA_sv zUbhLmzf~eQ4Yyn!ccOFzUl>|A6$xFZ8({B|NH8m))PU9%$RS3d`csh{;f`ok2jDm- zWRl`7IT%IN5!aAl)-Q<0Hf86J2(B#S-Wl}0iJ!^O9H$WDH=&H%X-c+0J;_b#S4YTd zRbd-()yk_E%FJ(Ii%XjJ5Pnp7HBHdHSuS$;jaxHXF3M3}=dBDP=kbDosrnC5sP?Zr z2;2zR<-`fhb+5vPUbncFK3QL({Ptj%i#&NWxu9H6H$*?QGVvt(19s$}9l91_6Q?mW zrjkdahxK-C_ z4SkLk$8#e#_cq{A9XX`cmR5mYF{<3^@S^NjRVw>lu6b>^vVz%pQjFOaZ_zKv;MD$@ZbZ8V_`hjB2CxE)WgusgAl=^g&HNw*#y3A*qPby_x2F>OR0}d3><4AE)WN4+Sh+LOO6&aU1@ZpIMvwM|FKS7P7N-(7Fz)8~+#kV8n3 z_UfK^F;PODAm1Tjby^ELa!2~^TA=HJ`0@>&>yUCvWbgre;{~(Y$JV}vP|Dw;nSiaW zBsT{FPhOib^UkdC9MYGf!MN(RbelfMMAk_>lTG{K4VU_}g>U_Xvt4aK`>6eG2{6Jz zq7ZhX&R8aW`01?ml}ZlgrZcFeK=2Ok19zPHae6tHHwn`vQ81l6PnKz5UidCifm z?~39DzF$QG*I>V1qxF(``ii$0m)HX z+T&9Kd8iGShjmaoVq=I$&8Jxh)}NzlWH>J8!zg;XuzV3SY~1Ji92r`-GOAyhDv=1d zgK88RmcF5>(k!|k=}B>H3i`%<#TB`T%0SSzU$7p9#T$Q;Pu<#er z57C=()gavAk=x=#AE~lSXtPb*FjqPlLrPBLEubq3d9p?K zo`m4UYrp3FYnd`_mulR5P>89BzJ@wwgfa$|I(#DE4dWNj#n9hQ#Y3Q^LHVZ24)dQi zVc(%-JTdg^1m;yhzZa$(jfBde^6rfhuLf{XEki*Jkce90$_Ksmmd4Jt8-qEVT zT{`kIMG)o?KV`NTFM*xS?DjH!<5|8ELg>-Jol$&nhRyuV6_4mK*Q{70;@oFckb-Gk%O0W?wd*L}}m>;#Fu z|3yj*Ym~T-vf&zJxm+!;9ixsqAI#-!Bk{g~Z0`sm$Wr(?_E4_qpWhU^BRB@hCiNve z*kT_6Yhh%Hs(GFF=k_VOK!qHAwGHKEnwZ&4E#%QybwqM0sU;*U3Tms~Y>3WNYCcp) zJY^xtJXytgssxanz*EPPRJOq_7vefZh`TkV&A>j86@01wJD>^3B}?qub)g@{&Dz6h zwJ$j>VByVp^76KH_0Zq3#p)DF2@0nTo&HsqXDNQgaefnyN{r5ef3oiYtQB)DGbH#ppz}XivTW?ni;-;i2N_D5~#2XLq0E zk-u`wKoZu+fgb0{wmw`AC(CdWLf8T|x8z3Te+^cuS5{3+E@Hmy@~787=RmLQ2(INJ zta%DcUPc$P`kriVl_-CZUOrVhh@rl*Q_bb+G6D_bK_zE z&7B-^ruS%BIqFyAERZ^6_5D_^C_(t7l;g|r_k;lx!L5pU%5rK`YxPTD=YpxUw)U5Q z0-@gLt;H=mexCyD#_Q)xCzNNaX8pczZ1z=d;-U-K68Y3=){kd)177J%aR^n(Qug8Tf_dn*R{VVkUVScZF&2RDF=D%70 z$NaKe|80Ja4=?~uM1X&P|NreoL~0Y6f6VU^_MhgzS^q!t%jEn&^E3SO?x3U(0RcpS zZ#cgQO4Csgp#sbF@Da}bpxU`EI1*=iF0rd(+y3u1sa1S^zYWuy?NXKl%xS=|lVETf z>JwD|sr0MN&6SG5bc71CMdWHdKBSS1jx9%kx{LfNr(0H=oZNd_0y3=m` zJY-#gKt!>)lRT9+p-qe7vE&gp89dy}2BJgGWR=#$b{Zz(`Z3?C7OQ_f^S&DFtQcfN zXf`_ZyK5|lq%FDJH8(mYjG-IE>YE!V5RVXp88BhLZ%T}$V&2~$xs2;A6i$F6?Ar-% zPWp+TfRMXO3@|R9Ox7|o#BkTshL1|L9&3ln1Oxk8#1J@66!7IXu**vpW4*W4f0pJ0 z{ei}LOzOk*bAZGY`4VwRnybtf~hi{T-lY8-@)|0%{HUhB)yr$ro3PfB`vq! z2|nQ3`O`u*gX%h2NHdyoK>+#oK=XtvM{jYPee*~9chLzkDNZ;s+ICYY#`eUIQO}}G zI%LN(N`ymR=MnnuTPfm-qc7r!O@Xc#^hrVNoayqrC0_CR zgHC)gIOdij2kU?;hhN636Iw&j&=B+Y`t+pjPSlhWLB17EE13V|JwB)WJD${;ux+ZA7LXaMYTWTbEYCwX zzwn@bCyL}72o{s}t->GO7+zWVLzo$wF}HKX(6Mzw#DdSV*SHaji`aX6Lq3LH9e-B7 zEWY(WBLsfbl;klzo1*|I!+UiHq{7T1j`BoC_EFB~TTGBn%(WF;RRg5`Ag$cITVF_<=xSN& zj&oMcz5F`!lz&g-VF@(8ol#WFPC;U)poSK!X}U}JK}HQpl1&(< zSkigXm|_Z8VlqQoR7`b@hmL*wNSJ6CFsjeexe+BdiMy}@QmW(PUpG2igT{-=?NBC! z#hyQpAq<0>#&Qarkvak5jlhivg(JWGF42sts?D9kL5_BS35-ijxPIX70-W4k`yT(N?Gz5Fz zwT#I;2$7oP*s_Ehf=%B;><9O(!3&bGV&doYk^ zLO!Zgas?%3-q5s6iO_I*VR~5tf3e9G$}I~7qhas@GP-)p4l4?FOuTOV}&CW#Jmb-zowt-&k1R)Xgx)GNF^jF9`8fdpq*> z@kuDc*9O4bSDnGq{R|zL0!ePqJ2lztwd0%KCdTA|GX-bwI-iPz?w#wWd+ z&NzecSx17}Ds=>CriR0UCl}E|~K>1MR8D>gS(89o1VHrQLx(^}02$mWB z^-zDr(VB0k7ujH0FqOFyf}~t!Fl^vuzWu zl!uC(bnYwp)1E*}AaMpDmJe5%K^F{KWi9FLeI7dyqei>}Mr~kbn~HNW#hyAm-SZ}v3TfH?;aMUx zKqm{TM;g7aeCe%tv%pzft2ImB7p)oXxgB{J`IwqLb{0?UqjGzDh)> zCA)|Re!P-haisQ2Z&5(4P#3-$u=POTC%>s%9JX?~h34N7{L+2Dq8VPhDuEW|>t%Vz zLv1)=JlL2Pmj)xYKd=+uClUiEQYmKk$y@;JwVwRpKpgZ15y{zZk?k=WX*eWG#XF9a zp4yJUe;~6YkI!kw{w>Ww^Cn}C3eOfwwPRn$gV4*JSFEXI;2^ZkAEa^s7aHQkG+`8kqH8PD9j8P( zF0=(HI4(qK=}CAhy12N7?=8Tn?E^q64MIe1uFIVw^5`3~Fq9d zY`usg9pL_ZH*xN5Jh+kl%BNm;1q1ByP&UzVr4g`-2q|S97%Tg|oB??#OGU>;p zBUOC>(RnXJM|@Ga-FL`k!Ci7$R?)3Z6zmzbD&UQjtIK;}Ystr)wa^pp9*5?xAE#L& zv*hTpUVWH4Q6fyG3nINS-hRPLwDHcMH_jupT;RB0qwjE7c(H4jSU@_W<~`-#S`}gb zq~9DMx^Zqcg~Gp27;(;Tp3XUtRVw18Ky7YIcRAPFJ~8QwAm1|&^?uX zm>9DpEJ)MBozQI$2ZYz5Y~(glU0qI>z8yzsXB)#63iz}O{zX{9c#v(QRegsx&t*mg za9-6uDL!n&gsq)%VX#TLp0RJ5sgp{3$lQ2-%P}bOR05n?TKKpde}3qS=3PfHq>Mb6 zB5rvT4oDm7^nGcPpHbJnnVz-K*iGS)62!!(l56B!%qtp1X27U9#QeasFX`H3!lmS4h$x^Zs7F-qsp55#a!K5fj6dh`a(IRk_aU(Uq9b zcW}JQfU1p~b-@wa;yNkEQ$m+)h{cRmV~6aR5G^x%{I}o3$93Jx@o!3IP`Q2lqh;0R zM3X4V_&%}50oXU-tkxljh%JFR&)2cw^_U}sO3T}w_siSDns~A}eceed|fC*!V zQ^%xyKBCi^&$=c6-Vocp%t$Fmgt?4-0|DLSw3i1yMg8UhcDPA->-n-UygJt7Sl^vN zFx8(|;TO2dql9Zwyl9SJR_VMj=@1)}1rlYlXtsXfMo-DAk@2~)72`D$Jwpf|JE`AE z{Qj9Y&e0ADv}N6{4155Zv&F<}Gu(oYV?sVP^%wiFG4E8afjo#~X7s-nE02$tqMh#5 zoCTbfQ&d!v!vd3)Xq{SZX<3>w^f=sByS;upSe-ZUrp8deIyoMn#}XH4aOPDa{yKU+ zA{otw^TXB*0QHwnW|40zP863fr96hx94J3YV4v{U}%od!XD?<^mwU;O3+=y;O;<5W$96R%r(kF@){ z4_I&GyN?5t0=Ck-QQ~FAi1r1-+_0Z+sICGcp^)L0_;dX3coGEhjbe>Ccgoa26B?RL zOYKUetUj*Mx6`^KJ8_teI0dGQLuYy-19NzMUj0{*Nt)AT849jv^g{wq59*^?!cVB? z9>5#|7o~2lMW+-^0VewfH9Re(csN z`#H2GP#oSDYtUqCZdK1AEB?Q3PyKb`4-t7LzFj)ur_9k|YFk-##SyABW>aCmqZS$%~w=U3#@oZ$zI%GARp z)y!l_Y>OU03nRRQ8E`T*h@rC59Pi8$LS#l%A8I84j4D+W=PwGM)egr?m8}HNX|dI+ zw0&)1rbP7uGg-C@i#0E3OC2Ze(hbYN_Qj1XCI}CA1+fsI)$ohHop0{f*sz+p|qtd76=kZNVZ~tMoz1nGjPIk+3st+pk7UbLZ zGgy{OKuL-H7XafJLMP6e%VCi@mM2)B++b<|D6bp9>cqyBoH`m97u|>%!G-20TT26& z$ZL41Mi7_c2C<{j0=JT+=uA)-p0#;T7Lt9<^`_YB`4paf(!#$g-@c=?xuZ&GBl z0Js=EQ7_5Gc3R8dJ+Tvq)1G$eK@$M?hRtJY=exrnG=ZS1{egO6B-dw-8639s5UG-^$XCmVPEGZbnv;@F<0x7?K&1Rub}0qa z4(;U)Bwd81Ln|J0)?S%t#mkLEN3=PP)((n;RZHSSGGj7YxIjzoa1mpStC^z0=?Ka( z{^&l=;|#{Fd_u%AJK09Fzl3vqBMCJlPze*bliCTOq)NSn{!}*=o6VAV-b5XAAb$wi zzHtP&mvyVBuIyh)BTQc1-sDS6Yj1XAJn5+H9_D~@-)_yz0ED!1>R3O|NYAZLLf3cI zMUeKEt`aPPNs-as-)gms^z=R7*&3uO)o`dmAJ1WnfG{M%*aCU)m^#Qkg|*`nuqpZB zj0|fJnp7$L4e9_Z1E&f7hezhZhf&v2nD`%VKj1yI_chg2bRKWXRyy)t2cq_V4p8^d zHmEqw7;z93&6qX8LyxsdHiC8bR)dh{I&_GdkQsD^l<31jmG8HlUW3G+LF1LV33`V4 zLXlQgASQA!JmaZ(Pf}GhVJQqCrI+)=M;%}_p**ami*z8Ar5BZ9vZ#2hpqc&rs_7A3 zrvH2p{~ZQ+vKc}+-%t8Gx+==5%~u|9MHle{C&xu;qh3CO6>m#6TKo3M%u7|t=JU+i zA-3nE4>8ruK|m~_!;nP<)l$ZuiW00Zq8UqPs=j<#u(|rxUS5G7Zh0;w=TGe0RyaJe z9>n$s!KGYtT&s?t_tk_NQF=G^qbzT~RAM~|EaeC4(QknG5Xo1JpL(_r z3<~YNPYw_J)OzRDZf%8g>x~IlHkocYYfb@*0&as=O%r_~f`Wvc#N};{={QdGGLw;% zS}L?!M{%5+8W#R82y^frwZrnGw z5U6#Q8PbMGI&|1jr;;aKw(jkF3#K6Lu|oGToSd#XT~L10uI<);uWg$sNYBZORCLah zfT#b0-pzc-%FbCz@d|wNe+>C$I2}(+GD4(b0fr{f;WjNQ*||mXmHR48@^cRkUpsF! zQiPF@m3>p*R%NPy^<@ce4jPcRP`0yBCHDJSqq0W=i!GU0#OMIz1aY8P?w3QL`jvvIZ2wfndvhek}Qfg!m(mRKtUrCtVz**u!5!l#h z;goKquln>DTMSD6bu#AD8?Op^=YT=m5RI05@EXDHROBh;w*JMHHMd_ReA)1nt5+m7 zu6@zM`Ml+j!>9l?F*=H#Rn_s}ZHy%0Vu}<{hcD`kyj}AAxT`g4;giHXM^;->6+3b^ zuRiV0-7tK%I+y5Cj`V@Cwl11PX<{svU1J@joz&Z9u)La;#sCHpb?cKBncU~o58J?C z{H+#+!<&Pn>HEnaTbUw@!{-fBy)f~n_V=jO(6DxNUZ%`uVxbR-mZX~0h9rsMXHIxf z-4z!oeVl@(FW;iwb2y2{$B!#Ww!I3DWA2NLt?~sTb21q%7!}%na?PV$y=kJuTt{~^ zkBB1gi~;}&i8$|=iHp*6ti}gmtQMOG$KT^|4=s_;Oj5P{y!onzwZhbOgyA>Qn0|LL zc0tN1xE?2MeWw(-2d6~!G?deGA@tory~|P&ZGF4Drzz1wpmPgp%Cx0ufVch7A>^Gi z?~L`I!Y#mJu`>gPSB*7IA-5jC7m%XpCYRUyG&J9m%=3(Sx91BGC9~|vkO&TWP_F4C zh>k&o`r)^JYbcATl}@k~qb%_zXIS^V4y*GpE}AKw`~hhv4)~y27ZWihJ$J)5mO|`m z*kGNi{v}u1x2j1GJhe^qcScL>grm%Zpd-)A-b-AbH(a8NK@3p6+cxc7f^~w$VFK6@ zSCg=n#iyp9c+ryA*Lxuz43F5H$xVE9My&FI$RdW;?Py-)?6?2kb*>mGsBv%1pJOP3SN}32OUzwqJ(XVJeuiVPCKGrpbL@`ANfdNt=m8aeAns8>9t z<+FUR9`}HUDu!G)Ss_AxAtTYWdps6*SXH-wArPW_+z&DYhz3ZL)Rw zkof&;ZKB1l7Rd@+=svr3DS9}n#PEN!NL18V%B298ILI-?$ z?aRLhvXXUUi>{Ko#G}h?a0e{G5>4~L$mr8h!%Jp45Ub3bJeJMMM$?*oJAdC_tfOrQ z_)yJx+aq-4Y}s%+##EyN)91MJ(DKt_XO2*+3xDiYC_>+ z0C^3{{b~VTWCje!X1~SeK;H@{sWer9HpAd{>OI<44UMCZK*Pp zZ-tVvt|Y*NQ!s{Rby3V&)wBG06|V90>t|H*x%Qm$&*e6$O2pG*B@;JKB3>ur+N=y{ z1ia%0fsWC1nrNU2wlCyvzL8LrQ?{WSEPQh#w)dI?492v;GY%5Iaevn0ppR91?eIuk zNXVk;@d6!{aDn1WA;Z!@sv^Pa;6Fmo`YZJRVSb-~&2RQ!=3j#*_{aQ=G5>9Tp|AgG ze#L*yPx&9_|NFK7Ge246f0}=A#I^j6vuiRJ%+}$pSu5Xs!KFaoo^9(D$3!+Mju>}r z>IAP{2uvz5%gkG9UIV}T;sryDFUC(jQEMY+lRt)+QD|}51#0n_SWrUkRfz?$XK0Yn z$a4gB4n`@7q21378)>{5!62;1yoQ9{|2 zDoCVywapcp1|s@u%rykyu>Jzvc|!lmSh7wmzUvVmDdf2iZc@9lbxE*o=rKfA+>5Vq z59(Sz7=zD<>q?&uwiqRV>!(5?l_F*sZ>xEt9b|3ML@Z5=9Ts0Abk&`cQ+4|#LK_6` zN8vIkbqodD$?6qb-?idPNLSQ}OlIk3nsXT!`o~4X0|l%-5@MVTp+=gX>RVbS!u2*= zDTdh@Oz;ZNLw%KY*y#X1?{Q>|i0MENaSr=NCP%@qS(=p3R$a$~u3u1-s0hO@WQizz z=V_8elHQ87dADhbU9^>UYAlxu-Q>k_OUBIvrYT^6g@lDivst5gn~dd>(R5#}sxWZpcZ+cR=Z!mAO?yA0%jz(+XHHR#MLi#_k0wwgsf1#BbUW442nyU&L6vScgyCs%R zf#z>}1A33_mNa{Jnl4m{d)n7ZRN#YItVNe-5czYjk9?i zEr}FWl@qkDq$@X*XJbOl9ig^e5(~^5tj-R2IzMYHcAzj#ZqS&^0#ZgjhvPau|wW1c;`*jxZEAWI$@5uIqW% z7>rI6P|=*{(YXC0J|%`6(%`B6^k=w48t+sGQX~IG*FfOU7qdccZm$upKz`Lp68#iT zg>g#+-06x8T$Vj1*t8HzMao-rT2I!Vc$I2`%#(h9<74YeMxndsK1$lcA}6K;?tZ7H z-ykRO$Pr!qa_J6LY^bDVC8k+D+*>)fC>(TCY>p#nkvzDPiLmpschKttP@F5{J+Hic zdKX%jETSCgz&!XcTT99B16KJY72cqlZ_}D^o(p~`Iu4-5O1^)>H{;fZ7nA^=>@x>(I z*8Fr%{l*951sS(VaSFnG_*#WZpJ0`~Lbet|zif9mk|`oP#?4W?IEoFH37s&o1py>0i-tv$XH;G#Rov+HB^Qs@tqGOWM5zQ}p+6o(-&i%L6K0@wU3cF`?hcoduLby^B6$JJU zeSPYjTI|k0ML>cdCTO0X>KsXYE}^x3lMUVmB#&=#-z^R4}AsYtT)9yUYA9OfnWs_j3Tc}GTHRtm3V%ZusaM+ zg~kwqQ_jt8)D_T|Rw(DV#~Z-v)IUF_cfH4QWtm0<2Gpw^W~u#!FGNPwOtV*X&l4Wz$nUP-Aht+{TfQCo0e|}w#3%srcFV|` zo1$HZz)42PEk^008ROC4PnxkM$O>{lommAEdWTh`Uq0E1yWJ~f)U3XYyF7A&?HX?M zrU0&lG=tbGr>4w;g*>6ii4 zvzY@4>`FpAG=;J3-^PW4S5j?jjfG^?vkhk0YNVEdIkSbjs*VAJgx`TPR#oy~4S`ua zcx##_!MoMJTOKb`xM3^We}_vuuOwx;z;mTtXFa z@7HmOiP4Xl4Mkd6o{uK&@j40B3NmJ87!pFoP>k-bi`S%2LN` zBN{4H2NvHg>5X6c#sF@?kElj?uW^Rb5^th)kAoev#nkalGQ7F|lD4qwryg-i{_SDJ zG&?pfnF=jLnoyg8Y zc0n`9a@ehwr238jO+fNKhm?hAWGg4IJS})vhzA5~MUE!aHvQS9^k)luFe714;RH>J z?&86onp35gFF3Zph|tq8#u$y3w1?V>aJ~~kqHCI|fAPePCgYsrWY6x$yZ1@g9w)}` zcjY_C2mc>-=b`1*hC@Xb_qi5KYRWtfE91hLUJF|pw~)?-6Y%UtH?F_--~0geC@4nq z{j0H-2i&A+wMeVK)e?en+fiKQaXBGO;5i<~0fdTo1!a>B>Cp3NyW)w#75Q53i{(-O zwClOH$Z;>@adSOgw*D5eoY_rs%7fXbkZdCsKfeYG_Z+>HgxRf#qjZ^)I^z>n#wl24 z8~B+eaj*T_rXo>6a5G)0c5}fvaF_Z{%+zv-eX(QmROkhzLMaFG5%DYj&VlqgHnZ58 zND!&|T3c8!G0Djr*XF~f6<=R7deZ!>&SWEK_p7%19XpSbAgH*gbW3!f2HC@6w{NH?l&v)Z z*6@j%l#m!Y>tv~tKFXOq61?~a69r}AFH68C6mz=h*hR>f%fy6tn^iWM&+6A`rQwQ= z`Nrj)?#%o$mUuucX_{5yH48JFOWVJs?PMPp-?k?L#TqoGG0@=J(zjLOlJdpi)1#{# zBMd5oeUksJ^9z6dSD`EYD|Cwg6gryy{|J5O<3EM2#(LP&zu~@jw&b4|^xd;`0Rj!} zCUfffRc`qf)=BPkKxBK_&($1fXe!#al2#WX43cgy>`sb67qtocJH%o(Y=C$c{{<4G zE?lSaTex!jZ9j`2L7hLmj<`PeIm31MTAYxD-o_?Xm_Fx|&C;aK8yNCr8w3;PwLuKB zT|AOTcHE!nFcs&nsRL?8OEV}+*e0KIq02ee1l z>MY*GVW?Y-EH4UgvA|~zXnfl@^HcsZX2OG7Vy7MAoMN^eEB~4TGoyj{`+#; zE!?r%ac^F3dI#rwp0U4r6YM*vFXRrCH_|9Iqly-K-GKn}KCz{QRFwqRzdF*JJl#Bu zlFFSn(fc5+b;R`s2lIQAvIGs?E)7iMvikX;PWd$_t`d-XB%aI2{j7pZKf};BLwT6N z!#iFw0{=3n7v0C(a2K8i*;)vk&XPo>hcpSdI5!(3 zR=Xw&x!u5V6Q`;z$jcOFX(#!`#%M6B7kR%^0)B)IxEX)3dl=z-hLjdlfi8Ux6wr#9 z39+4Z#9rIkk{g&SdXMVhybc*)n|Ejf)RXz5QJ~yEXed~;SANwtR36OQkR5zz=Qy2h z99TebW~1)3*4m59e)zktke;t#Kyi$q&Un6s$E?F_F^fxP;;Bg_M9w!Z7s%u6^J$Ce z+w7uIa-9V^P;-t>jaSH`sRbyn+=)lZ>#@7>Tppo(FnAD#tOF6d6*b9KmIx2|z~FJ_ z))~4EhUL`?xk3>Jzl76p`KFIZGS-%D4!kl!?b6nb<(ixDjhKR=DjS_YLd{<{PE8yfD`%&z1!thHG5_nXnpTR=#olim#us97Xyb%51b$hKLkN%ND47=# zG@A#Si3~xrUro=Xb|117i`#1^4SwhXi>^1?!c@~_j|!#Y2=~8kAy$S>qy7e8YY%Va z)Af9D>@&DRL;9y4f8xnh55v9ooUKW;{d zFt)ni`2{*!Lbx}O=(~E0g>4HCn%HCivOqbW7WU5j@x|FNrQ*UXgv>im< z>4;;ao+i;=2|Dz*x>*1KAE#oLLH0}*ca%1+O*@|>Sb4DyQSD9Vj@sw4Zmel zFeI3(OXTNhuH3RgGNb2nmKFnUf=lm>IQApo=k`n6?Y7AaQ0;3X1kA4zaVWEnWcMYx z={Gj+spT=H{Up4K)O~1iBpJ=Rr%%iZty_m5_R(PrR(jLCt9BpWp$Cg|Qc58_6*$9}Z22&}x zbs9MN%?V^PaD_`ePA1FW50V2h=iKv{$nME~p&Kd6HaaPb#LL2_mmxsx4L$fl0*JRb z<7~M`P7TyV-03TxZbN@uh7kpOrBaNZij5agKqHRk+`d=-=#ctnL5G3F#>WMJTm|HJ zefN8tvnZsW@tMwTKR@+0uP-4}2=su$ww|Yp(OHo>svgN@gt|NvgV+41_%EyXW%Z|O zqlGae-zI~iobskjP1>8_5dWHfygSSsknOU`m9@c5FQnVy2V`Cd-!jteWj%rLM_f9w z8=A*9|05~QaxM-`jlW@>^bv_QzaeCsHt?bvEiT&D65z;Wbh6qn+%NBrd%sMtIi?+i zEP(K-D6_x)d*g|j;kG+KH2588v@yp#z*ZfZQrCEgZ2);*f$%I1^X7m!Xc-q~GJ!5S zXZM-beycoSw0MSZ=-H*~(6&H*`BH%wbvB1-tE6mNlwvqj?t2VH5S|UT8$KyJAwqv9 z@ZYGi59rVx5p(t>Hm#9@?0uE9{6>$5&lZ-SqH>?q4#%>4?-$T6o(Sh)<^zciHsQbe zox8G{ef#RtaojntuDNQUbSS=Z7m&GR<&`_m^s;{g%{NL6|G|0X?faD=yY6GFAsqn# z4%$TUSH>#o9!6p~Emj_4=q=uFSEeFs2MR3`^)hUG(eWW0KOJeZ z0kj=gO%->nK=^&J8-A4}E%n<&wqGlnL8_GnoIXzb+78O``w`;W}C zU{~nEGVWlR*6l#L!{Sa{7lxHX)}C8;Hs(;?_bRErNlYdCnl4Lv*Eh{3(j^~(ir^dF zQuv|R$tvY(5cj=BN~bdtYElg3?j5Ii>)dJ#r|gN0O_mjvSL%+6PNiy7#?u?Y%FLJL z@|)Yn4J#}-(@Q>*v%g~4Po^E*o7e^n-1#~;1zKXK_lt?gs>;!8^%8cBwOGht@U~c2 zkDg9Xvwn{SyYMjAM)47}=S#09a}bbdX&^u?%HZu8FF=cX7~rp9$4phz;e&yQ%oVOy ztxo+Q$+8MQ+4}J z%0Y)-gZ!V5P!rn9wst2iWFt=db?=>NPu%UqiaY>Sb=p|HNia^n7+4Oa&}OK4+TNt4 z19ZS-4Od%x>*bZ{Tl@QTQ-X1Qn$hw0;NH=;)v&)8(W}_LoA+!N5KmoKA|5y|u(CTI ze^|n1w|%l62o+x@N3XD`T+Z$);S;P%LyJSJ(5fF4@u|U}{Xsmt#^n`vM1HqbVEHz$ z3QpMdaM7qNUOO;E;znlz%ejZ5>Y|9|oU#Ja(&8iE41SYiWq<*EG|O+|bC)HADKA8svR0d0=p@>GFKOZ0|2q7f?3E9k27X>ff4dNE{tDbVY|08wDi5h@v689<68xr)90ZqOQ9QS@Nasn)b&?!zp+Dsyu#CQj z^_gJj)@!}_6W^h!AaTtm2_TWvU+T%C?mL?SuZdC62%ap@LC|1)Ou=Opwu31lm2l%h zu7YW3yhuTa8|MCJyxkrxZP+}i$~a0dUQ!=&5kC=pyv|?56mp1a{zgYr^M6)sg8mxFw1l^Wj?vk1;%O@Riu|X_tQU~T=m&B_|&{6n^eGtjmTE;E4^2yp7Q=4*ZrAs z#f#i;YoV!Glw!GVg$ylp0ySej%=h$)?b}dXhs*aj^e(QRejj%t%Pq=F^IUyf=f7L*kCQ@Qm0%9yS$o(k6I-iQldRJP`ISVOxcNHjpGIjyqM36(|By zn~9cpNIxNyc99ru$qit~?Ox~B6<0a@K|v4`nh&aB8Xj^Ij7*7GkE$}dlNX3}uA54K z{}okSz6j-_M=mlU1(NOZ@-on*_1qVR10Z?s*v3&l>1fBcD*ozeb6a#^?F935D;JZ# z$p(Qy)4!YUV*LwbLpaPqV6Adg9H!Ou_}s9c&Tb_l0DJ)4yVZ}kTsdhqvha=Mh~qW0 z;M8 z-#pgj|K_pe=KtieXoCNn$J+hO!Th%ebIlbTARZdv-{=2-KNdRBSoPm(59xoNCFJJ+ zbCxJ2|L<8M|8qaqW(cD7O|t^J`!-Skl;MuCIAbH7?0V|UPYJfE<;_we(ouOeC?*WB zG$Ah9znFN39+z5rk|-2QsRcSw0&wCeE7#mH&IFH1<=L=pXbZZkg4k2xc}hqjByK&~ z^}(C}6(Y&RGW>X;c5*xX(v3Xm=V~FR{OJiuI_J*irS$Q+7l6jl7Php0JsCzjun?Nj zp3aHB#dr00S0mH_h-_QsOl(&SS)<9x0fn6#EJo9%-06_$Zap0$3IEs_3EMW|!R0Hf zvRa&$N4`4y6Qq~P=fm~HWVD;6jin2{Oy>e}_+#XBxIdu$c{1uHKbbmhV~(J1OIJ1P z!0&a#WU|AerSX2#51Xe9Bdlf$2e|Bwmz)v3eW!?fM^6}K zq|qYtBX{xWL|U0CgsKI6Uw=udvaT4~UHR~Q)YdR--ZGy%g?MV!<)j%A;pfvk%|sYK z$-l&d6%iNJ*JqCEvx^nv_L}@*oAjlA?L&@RheiRa#-N8SO({}>eYs1xStH9>x~-GP zc}S~RI^R4g)V1t6gOu^xP$B02s$nC7Jl2^?O^`~AhJjEE9+hoMoNNKs+m7PJgd{>C zZ(B+M>x8{OW=P=Z9A*!UE47EU=)> z;m^VGkUbBa8EZN~5N6@>lj3~dHC2ycW$?hecc|&OizY8;dz*dj8>Uv|RCJ?P+rVN< z=(Cglw^aCfpt}ot<~9RBm|5a;PP}a3z$nEmq*m#hNAw3A9UE+?@6;p!uH3IW=*TTo z$Z#p>0<+7`qTODr;7pmO(d6VE0tp;E^eg@%if5*WyFF48OoxW*IsNP9m1Jj8gg@>$ z;aH&st@5hq+Z2SH+#5jTcl-t)=IvFYLDjod!>8mHDm8M30@!TD0!*!P zROFCR6au%hRBf>Io_^z)x-?73*?bo4o3W-q5h-)4TXJ-Y#lHF`vKjUM4v{oqP2tKY z{TGZH?b~1{Rr(rakU`AOfWX(C{(j6b;*zQvc;8{GK3R>qWHMYlA}F>yVo%kN4fS&R zrYfH@gd!gZt;Tl`R#*bek1`fU-n>dDi8g|HtD5SHMqJ|2fZ|&yY_VHq4x{MkLAd=v zjv5kdR0yjeX>=GBIuWO>OIOCJ3Z7@4YLd7!Qlk>1tS|r?MPdVWJ9bsSKwMu2f9_!b z!g9^&tymU6)?8dM!m^Zm9evHW=)uxbiBYAOZw@!Dt3-Xdm{ccpti4dC#4TMlC?D8@ zL`}eJne^ieXj-{U{ovHYA3;&_hpZ=o2a0Z z~+WA zlBgX|XMC~>WR@k3{uN-F6;Bt-;tdUYG_4*)&TGF{=uQ|W~~Tq(Cn z(j{nr^l1(1ecLtUw+8m76-A<((Lk2=JRfzEzw(byYV3?F-)(o~6iXiKZ*wF7i@5TX^NY=ft)HGQmND;*$grjC$XcD}pR*3Hu{X@w{oAIpB0Oa-DUvUp{n$GG+)?jvH$BeY`r?NNRF0C{z@z}Sy%65*3fXDo)juUTPK`*kS*$2WDplL2xx**)Do zi$>|XBgRYUy-V#zK9AUw1;Dsrptr5JB&WU8zTqJz_FbTuNu+89&`%C6kpXRl|+~B z^V!=Ws4nswJs{Pz7bu*cnC3)r*NG>!z~*@N&1$85JA4$jZau+FVu9@#vz5;Uc~( zy0ly^UC`0R&>)s3Is|zxDvqwGl@KM*utydP09J(oyuYhUFvjsAG_1&ppZ>cNT0Yoa z^SAm>)Ey)I;mG6i)CjN|W#?9TyG~A~xS5V%K&f!Wa`V%499@|a(24*%y4s2{k%t3Qa|^MEBrQ zlAR(JHJk+^r*x8{L3G8&bMT}28zph=apFh7iAJ-rbeiOfy1aQFCsol=RO>t}jhkvFV zV+5s?4{TC2#tHqQFl-}*1B7RN1?$s|10&TvF6Pp&sXMDebrQCOS(XNpsv5DioVM|0 zh<&{wWzTKDL))2czLafka$a6o=~@uBhP3J{>PsMt5!&M_ACtoW*MRA}A>L!{onQ>) z`>pSxZ=mKdE!~UBSQHRq_*lyLI|T>7W#yx3YbNq-?pNNy5_k&O3x05wx)&d-PfCGD zEvE$=zSf5@m)OoJvKw| zAM=0y2>rkGVEX=Re&hdZe#W+c%nvpDzvg%NF~9sjzli7lU(K)nulb4p)BKEW|C;}2 z_Pwdof12NHLE=u_`Z=>(0r0&ynIWh$BI+~wZ-H=+kw|8TywvPL8hGOGT!`1OTuPQO zpyR$UCd90@*}0-|d&vUD9iayfIVQ#yX@BnQ-i7AFfcP&?;a@Vlu^8JnCsAridlYry zmuBBCl-sf|8Buc7(FDEyO1b7QV_CYyR%2z1=Y`#k>ck)iX03XfLcKZ71(U2%b59kZ z636r<(3#@V*}&ACYP?7A5q+(JcbvGz1z7bLKIfv@8)os!aqjL|P=RRr`E5$7NZY-y zq7Q%6UO*Oh6#_D;96+r6Qb?|lWEqL>rQ`uL8K%TMh-V;DD0M*IYU>U6 zi)&zAIfunPG%vTPOPE0ZdKS$gV))W(=B1@^F^jG*xloC(P75SMDOf`;p&wA2dM8hK znLEDv70SlOwp#d}j|HD}Zz!vtMs{=%KL&%5Kk$C~3%_2aLg(#ROVnCKL&z|R6uwU;L}QW)6r@u(cdxZY443AIqs=n>(Yp0K?o(oDke=4 z+o0E_YzBF7IXuu+#{ot?bpF;nxQWKriApyY$}NgRJkVaPg};e&;%>CdJT-P|1IT~O ztkj84*+UJYrE%?_a;K83hxdPx6~w657UfA#7Q?%Pq!_eMR!_Wpjg_+v-?V{i1oCH55svZkH*b_ z-wyY|%wX08hn!WaXiwY>K_&7;*w?6&pa+VD;ZMg7M=%V6iPz>Eiz2U_Ci9|xuE(fL zfK-7uFC(+v`4h_>FkoO~J1>t(6~}Lg+h*bElU#q#xV`}3SjFb8#Q043%h^ap-V{bS zJ$TX2XU1U3uZe)W^JDw4;hp|X7#hBzT|dhD_7OfrRlKUtX%!YR;xjLI{xmg5~Z1U;B~!l7^OiKya2KDQRAmOBcq8mkI)MzAcQUA2pnwaN55 zh{T4mU3~^)CSN><)FL4^1iM-zI`&dJ9Qz0~HsbgdPTqQ6Ay9&23&R2>8o(r(flFDYKvml}ILA9CJ|H2A^Y4kg6}2b%>=6w#e+(9-(Hy z-rLr_lQ(P|qQ(3AnZ>}{7O}Eq^&!PIObbbNoJG3wf4B=@)GPv0KyW)KMT)WJe0kwL8l~1q$OyU798uy|3gkjK;`$a|Vl-^bl z%R#;1O7DU@%Uiq1WVyZ~{-7AzBJ&|uY=&!+6?Q-Z(x`bsw2C`ucVc20 z?5YIqs(`azU#qD$ueU4OO`|+sItIr$AA#gKw zEXn53ovZS~O{f|LL0!oLDtisw6K%2U(ftZm9HqLv1ub5{F1e8I9Q~GaM@Acm zyTX9689!lvHndwWcVrLBJ(T|=1IA5T^`eCyqoDP4c`jyVXoytOpd_8->Bet5oRK2- zRM~C5Md}Cu%c?5j6lHKQY8!S`v6Qcf>A02cl^nGw+twnSEN4+KL7_%y?bvR zJUH*#sWqzqTDP_xh$qvt=q~x@ZcUCTT3-f2La<@(;A_quito9ii~ETY{lKWk_95Hv znhfN-4RTf)e^m!ZQd|V1@f`;%0thTe4V8AwfJa6HWU zXi3&6%P5=qoAHS;C-ft#QR7E@cf6FwMZ~Q_ct@Vh$0Huvt8AXmWzp%=!_)6UP_Kl` z0O5B*S@+$`!l6j5<+$o^HfE#EWO)yS@>?j2S$N-%adfJ}$>XJ~uRsdP_s9!vwr@;p z*?$X&saIfxhUQowKYWiv$D32(w>z$C626kiX{ziG+3h6amK#e4usHG0AS)f%p?A|G zO6;_n1THF~fX$sJ|cb&Gsago@{o_A3?#?SsG9LSm99Ne6*{r!uK57hWwEn|^m67`k!+CorY$Yg;p&xrD0 zppl z{lA#s?_cv9{a^F*K>lO?Z@>R*eglvHYJSas%}@BB=I4R@pF01w{ePOD(K^Q(1@RV# z*=*^$9p%CgAf$$sHLAHLqZ~MfrNf0x(e<0zBN&3A3Op)>Y0{19C~H2k1EovxEhrQ* zcm@I!A_^Rn4iUxN0IKs&xqKvs#_+lXx1VPBr z0rVWqiXugdI(&tCEtLGkMY~Pj-^Zc`{eA5nt__pbIYN=q-WAz#kMuBE{Uc-W&xGtD z{yGK(#{qs@Ape<5B~ew?%{9+2BM_aVs4dH`YeW`Ro2y2`JBMvb8(9DF*43}%Ql%{~ z{6Mm|yiHYVX`Afn>?(Pv>BW>a-!N4TR>cX5>L?$wQa`SDnBIM7gh9uUi&yAq)70WobvdlvP>YWT)itiCZPmMRe!-h5l*a;D^;HZA<_rX>1K(0c=tKR zf!TMe=C@mP!8P&l3{(5My1IE|Wg(`;F=KP#5$sPiCY+{7W%S@ ztLWigoPv9SB{!8kzf|+H0c!V!*tJICHuohW%gjpF2qe10uh`+RFIzT(U;Crte9WL^ zoMb6V{qieiLcf_qlXNslv0M3r6YJMLfclajSSvk{F8L0KB5kGFSq*onbs&*Ef9?cF z;??&wB0srWJHXSM$dP2il%O^EZ)_ZBHr+ysK--!)G@^DsC7JU3@d*M5^;1fS4fQ5q zv7Oe21rL^%RmcHKg%uXzj|uRGnP42I21NP36Wq@VBntRANY##;jzeX4f(T%iFK>isH@9GS@+UC93{6HlX5ljO z-VsQ>jv+Y+!x|gqLwtM;b`YsUwG?PXDWQoLo2ON)&ps@n(TE$Ab)3SeMJ(L%yrysy zn*?&>I_@+&biMYONLIR&W--1SpIVGs=#@pEND8FXvF4*8=eJIEmUBchdWnX|%%ZsK zQPE>|S^2at#4e>_zvS?e(D?UGFB-surs|;_ng?XOw!5C~3MU_h3OZo&!z-4yoj~Ik ztyA{+J#m!~JrPj!I9@6DAKu>DR#|I_x08oDp0!_zO3ftM zI*1%OD^CIO*=r+f(y|w-evvrtQ2`TXV!VqR3%81g1RBpzSndACgQPJ%=s(K98uKtM z6HYi7NL?qGzC;8#5!yTm;l(aI4&y)|{G7pG8Z1M9O&>VrLAeYvMb1}ge6@02@lNtk z)+FHrTAqmEFth>W!;WHhg7F5R)~@#gRs0-RCZ zC__R0btK$O=>2bLqPm&geLh)epT5J4`HrkeE)q`nMl@HUu!kTtxv-DCN`PARxAJC1 zr3|(5VwzU=Rgaa#`OJzo75U=^eoH>?Df=N=BFSH3{l9{OoLNMPcoL{u^Vo@wI+FwP z@TP$UkeD@=9lY{W`Q+Tqo)rvzr6Gf-O{a-LjYzl+bTury>u2(U@r=b4D1{C24=HUA z<(`(XW?lq65e7$N9qeuwtPFx7&;X#{2tLLbn(MS3Lv%g3gsbSoB1Ww%;2{o%R2p9C zs?k6gd}4a~fUBpG^wR~c`(N-H*DFym2jAv+Fd$zA4*(QP0>lPr@T{zF2aP(x1vP?I zj>+P^p}Ld0Im>Y?CCus8jGr0RUN>O-n>c08l6?kk_8o5Of0ORt^?I*E z#D@Hq^i_JGR4gwo7)@}!4cy!UfI0lR^K%FaDe@B8T`7l3%UNLt_J^}@w*0`R2qPD# z^df+o>#qRYTNRimWUTn|cnv2s&u08sJIAaMT@tu)uW5ri|B~pX(-9bu7V|pEBdKso zG)Y`Qc`e4_ss8hyCqi1UdzaN`Qufn(;WmaxJCn;1i?{XHC>P3 zGcCLYjTHNu81*ZI+sD$eN2!Z|x}Ub%T3p5MTj(SROIf0zr_PK~PHPcATXFjcH|n5g z6LMD=3*ZN7KnFjh#zbfTS)!iEzh&k0>L?A~>)Rz$O2>jS)*w;#t{!Rx!z-pMChdv@ z@$wSslIxW0D!@?vF@Pb+mx4bTmw0#cr{)5!(ep)yserHj%jBwA5+lH66CcyTvPp3n z998ve{?4z@O zcaVi#aolsXo{p@(v({J~PqxuT4mv_x;=ye4E`ka842M*RzW$e@B=)=%<3ZBE`HSDs zhA)Oc9hRk;UQh;W2len0l4OlOw+2s{^jD34;Cn}l?qItPRgfZX%&Nz%37Ba&s+2(8 zw*E5B5n-badxGr>iL4+1wkWv41(M>J=x;u$i6w(CaX~>G3C`1433$P0YP6QOSeI%n z>Y`%xSRqz+Cu!07+4Fq5y|=NW@hZ?^5p5a|qqes%>?5iUj;n zCm~pEQ7cc=P{*^&Dc$|wR@$9)3q#yH21l=xT3I{d|CrzHN9g~>{Qm!%-|+vMUtIkk z^FRE5U7bH&IR9Jc2Tl2}=GXq${P_QAesT5xG5@3J|C(R@pWdFGoc0|ZgZz`J>D1~n zzFmR0Xek#JJvqNSvv|t^($+-X+e;%Js2nef14>I8^;JOyUGTq1mjx;r`%741!`ZBK z(clR&)m(awE*l{=M?+uO1k-N|m(WUw%6yj1t9)*5zw%rB3?A6we7a~ZeI--|O~dpy zm4%7q%d3-@j2TZ#)(+l1b9w0|2h!|#Z=tY-Q!AXeZsOirWUSJCaJS;T7KPF@Rc-8s z+)&Q8t_v5T;gS=nBWv*hALv>#g4VE50T2$^ro$3&n@ z^X;$!#klXJ4k|$`FI!SR$uBMxfJWxfK@iDXVY=8u=;1_K*n8N>P%p{>YU|}%6{|3Y z0L-$6CkJP(1BQQNXGoq+;;v)^om0T^c_=_q(}cRX6}PncJgR>UozRHOaUn>fiuV-n z(7aV_Gz|A3#Bup8V1T-&f{|(1^RN~NH_!a;2A+2^9AZJ zIyt5iKy9vfj0u)pwm5$30&p1(Y7>lpj}zPRQHQX`XX@ZVaA}DJP&V&G?2)VUe!k7D z#3v#brQJN}lnG4!Z27@C?0#HHfG;ju?`fsARQ=cB%jg2{8n4JQ_Xj&YLzc z*ur8?T;wx-aFvXSts&%79I(Q(aNqdr3aLyj&I&5|ev5gMA+&AK?|k{Vaw~<!>PVrbuCCKl# z?G_bvs+-r+n8_Un;CP)tNknF3^^*CvsF~LqR`*lg$3BA}10e(me3?`1i^0LzBOPA0 zIm+IiDsIq`ISxXTt}BxVCd+*|jNyHbhqe#*sh;e}O-&`fOqqrBIh-B0*3W-8g0LlqbdMr?{9VQRe1cH~JdrdYnYS|4(UAqZo9VB*U#bp5LqemJzj5SDOq+}MJ z(3A5Q57#Btm7Dfuqz&rC0Qf1H6dBT!W`MBv)|Wh6)g$q&0@VBGqIq1&Y(0zwg+Xc6 z(TUP1mgWEB>z;xH zS(`Obw{6?DZQGc(ZQGi*ZQHhO+qT_3eP*o_dq@0dpZG88t|IHIBA%@J-b}ODbLmmX z(A4I7OFQKR2!qW&!*+uH$46|AMbRU@+<4V7{hCrgTuTbGb<@nKR-*X1y?n+Syo)Tl zC#r^?VDKbzW;O)2Cv)z(CerlX?WAL_(w@hP9uL##7J5?@GA4O>z!VF=bx5KoUuKC` z4JZz`o6qD=oW;Oh@SS4A%oYMX+3C)Hz{7=x#bRh+T|w&QKN>#z08}$ zG71innP`{+vP`&EbF(4!Z6}ZpteMZp0ZM;I#L09y<>&xcjK1C|YoI>&U-&`u4Xo;^ z0|O)xF@q^kbXrt~H_sFUUA3j+E@CmnagbRE6RcmEZ6g&uF^BKcV*(cD^p|6~jhI=C zzI$6DW}W3(Mv(KTrRjW)9yqqTWZ+C{#O0eV_a15@!d&c220Gt#<7$=b0Qsw9@b*e38koG!z>j%N~3nFe7bIof8Bc{ z20Z$c=`zd4?Wzp84W?d`1upj2w(h z;gcjw2i2wv8O-Vo6clc>3p~%{Wf78T8O-C1gHpPJKxVUTn`^rK$t0AAgsJ{yF8GexCX#BJ2Sb-Vp?Kab-qX}B zN%V>`Wiegf~quMr%B_=D7+C#$KGSqHMaaPiCfX5aYqm+I6X#uCB|L z1mW5tLg<8q2_4ku9UL8Dfz<*eX7F z(*d|DTTn%`8wa93cpYg3h3Nd@*%nRP0kDY!7shjXZlE4{%?k4?c^&@a0k6BuO*9oa z(fBI9ydJ5A<%*h*6Pk<=uce)Y3;g%H+3wQvXG3m#VDntggL>N z^Yl`fgFq&4Lc_+<(1LW(H#;;Gz}1#lzJ&uDV?}6|vC3fAzzA`J7oO04#brLj3~HE> z^;5#RmbXMVXiWMJO+Qh@NbaraVq2DI7O43Q^qiqO0!F2hUB*L?Gr5l%?Hw)9tENtK;A| zj+}O@IQlRXxcY?5un29hmc9-E&ZKC1M&wx2qN~|)9*J^c8#2`C4G6pSaZehKE;4J> zQ&DR!s5X^;DnGq8g)8k+?knJC5$D$Vwo>R4HcmN}P#N4u4N{s6W!IrmfkvOG|70vd zYNmuy-p|@rIPL#@@@c1aLN~)&qXa?9+%caza3PB{kurY>I=X>_KJx*yAw8vl;Mw9Y|(qCk(sLs!~0ZJ|^)CJg>o-&Gr?E2q^fXalHX2%ULrNiVlV z3(l4PP}iO z-AA8lfulZa4(lxY6+^>^z2gKpA|0eIek+0sv9O5~@thO<#vI|k7r3=3-aQ^64KN2E z^ekZJDtBH_aamOeo<<-f>f)+wJZKtAdOX>_RlaN8re{*n%^hawz4mt@1Zzo43fzMb(K%=_&StK?1DgbgzaQWj zh)|&B?tFe^CcF`aWsd1*x#9i7*@ch*1B?>DoOXLUO;!=OTfD@NL&;*4vkG0VMJ_2qKz^W(jIkjn5!&)8c z>TmAb!k3!j($tjVWXMzs(uOe2U}4q3IBl#L9b4eHt7axAVngI0wIJ6;6cN;v1s-RDPEv z>G4C2z{o~0;Nm5!~ddrxSTe#I@ zA$}Df_O!yKf^^Byqh&JCniB7M_jpgYibq#qa|(2^Uqy@Zkwi@aq`-QTac}q}L4b%P z+@d<;E2+vE9QjX#kV-A~PGVpSunpo^d14LiJIcCyZGi(L3sL{CBm(VE;wCU6Vo+sbnPm#?X~^?n4kKu(Ep411OGL@;r}(iO8GzLKU@2c z@BAA7R2=?W(GmdQ-;1P(r%~+f|2@?Y0U!zipzRp+Z$-}k--;N3=T`dvSrJauqz0|MH3L>`{vzSsP8eRc;}dsxLudD4s`{TN%clL;ZbR?iZUgr}yA74{ z|LHcasQ$Cthy@DWq1NZSm+Irjs#qXSv!sn4JEs8`*X{NB+-&@c86rNB0TJ<@v`ZqB zD%@xF-rEwpQ=>*~!QalyigzAF!1n%>qYmf?jS)i@@K|S_rQI8DUa-rMcL(0~t#XX6 zDa;E4*4J`Zfx>BaHw zKuWzPT?wlB2tSTtil!s&Z;F&yacXrB#EI#^@6J?5;8oUAJ)m(H#m)2;D0CV`K>ge> z5n?x+v-v>|NWA{9;R}U?ZP|Wz1)AhARoW-k7r2x<`*fMV%dsv5zs>^7A{?w&6>8wE zC)VCwyT?BPoU>)CWJaS!r{mMjW7V`F#L43jyl=kZfe!lIZ(QX9Mo#9z683zOyauYY zX0-F7+$)LjdspDl-gfF{oIJwsUIm+dgWo~VEq)j4O<=bCYQT&AH40<(bP{QhGh*X2 zB>E5=Zh6IihWq51LKENndv7^0A+VYV6>37-sa6hk^eW%0-EOeepS4dNyl$6r16@-L zX>5)pid(qvDN>q6kluSp_xsdU9Sm&O8bWP+GiLDIxZaTaG=`Om$KBv#?&;;AL?a`5 z*wd3;x7quAL>d`dYR&6RHQ>lu*oOnt5~Obj1k zUO~VAPs0A^OT|V_?H2hoh}_~B$>+Ap$b8| zM1qsiEosTPIym9##YD~7m#S_E%bd}I(Q2JT5Tm=Y1N^PNXFe(w!pYq%gK9RBR}AoIBNyf;$r-jy=Ae?HZ27@Z>am*QL~pSKXmP+4klhwz-GruY!K(yLbxK#y3PRn4L6?7MyB{)h zM5h<{ zw7uJWW|Je$#xLOc(jT`1!?)k3DDk8&P0PJi%joMWEtRSPFd9?>3dm#B;9L}_Q8U4g z*_WSW@Jc71lZyZa!Nr(Fok_duMlB+nc0ZI238%t>s`n67FTV}=661+_4Prpby4*@N zj^LTs5bvyF9ciozX3hhm~?m==2G>S~4PkzFoR=ODCdK=gs{yd~(TurbViW;Jy~HalFS zq@@_VJWw9Tb4s!vs>KEjIqRQltB{t*bkNK(K%LH@a|~oF^!>eWjds{f6|@*0l-7eq z(Cf4#kLPe&EM1;-Pn)Al_Uu{P{3=4UBc(27nY35H1Y4dKd-*wgoJRFx?9x*B1YF4D zc`4K~6uc}PXJ3AR*;gpAKj}$jS%r-Pr;ggA{8R+9rQ-3LMUX?)mpL_1?0gwa2g@+N$?MHQ9V4ebQv)UHjg`Xfk}kKEosmjTc}D+(zs+y&L^vOaD3P9gtZ)ji1(5_3yzA>t^S711Y5kSB zU%)7I^t6q5A|wFy=)&4V&__Wo0J^6u0a}ToCwBP4lO7WC#gwJM*%Q#-@0zLcJ>gk&O~d;zzqhyA){?IqZd{Gl3mwzBnIkm$CyfX# zcS-%mGy2#NrJHdmHox;1D7)t$o--i#x3Xj+eq7{MH1{$mR!J&5uMfA{Bh&0+yh3CT z2v|V>7UM{kw7Xy2WWZphUqvUI%boj}bMS^904E4NTk^i4->o6Po=3b^`3R_Zr@TVp;&`Ade&^qQ7N z$RPTTfdTp9w0wQy@xHk#tA*f&$b{Y29I$Za9hE}-hhR`?`tOYQZ(U+q>%bMQ2V?u& z(Eyau6UffS1dBUrK7g(YHrf)spq{)uGyC9+K3cpr?q_iJp_u` zJXE+kn_pzM+3_sB0u458Tq2oi%^olb+74ueGP7ffGt*<}&eM;lu(g`VP@ zOXS>ziDurc#OGxzg6fRi#76EOnFB7Vk-E=fvqUf)gfV1n^t_?c=x>nn%~W-g&w%qS zD4!&ZYU$Z+9^IW!qtXS^%U;YPpV2_?#qR`Oc;H5(6gUeS88au2>Jo<##5n@P=Yk@= zsa&;RLsmDp9Q!z_4zbm;^YCHwu<2*3Gi()SU3c>)DkKG5xV|g zq5qd|BlzFmK>t5`1AKJ9HNE$Lx{dAsPjB!~#iaEAYJP)%&5!+`=GS}wAM@+^{HOWb zUP|nPWjErYT6`M#O|Pdb?Wn5>6zNu;=3vZ8I84KvO6iOO{L2h z!8tEJlJVJ902`N#3y+CSoDfB@ z_F#&=mrXn>cYJd=n2ewN8$c5fggp7 za16V8_hlbpM~P59w3V(?oPzr>F)7=;h-kf$DX0AR1>&(c$c^h(3qzp3L)$r^n19xl zgrv#6G|0N^VgxxAJs0(IKSejffn#C~S~@f3;RZxtuMTnOzo;ej(3~o^ieJO#ZM5Y3 zNSG)O%Pc!^`OQD$e~d`PIMS?<4N_Y%uQo`AhC}KMaZoWsV`kHQOiU@$XeMnI^f67; zNOSHtCUS1%Cf1Hd5-3GCZYh7up2MeH#$)LU6N_4PAm@%mERciiz&Y^g&OD^ja%@$R zqz;*PaT6=(S#UqN3m|6_^jX!l zV@=E~5+Y_z@3Yw4G?CUe5zD|(Qgy|zIj;g_`T|qRx$k7=U7O<=%EO)F0weHHByY!} zW@V?8Sc$`H58iOSJ+R((iwbJ(h(!B|TNR(|pa_`v?4eT@OXfRd%jdtRBiO`8mzbUX ztVWmXm6Ig*tT)8XbPhG62h4=K6q^GdI}jKsM!Lu(xGKBtQhKO&ID6ZW22$=}Z_$gK z0~k~7Hk>1^oB}Nt0-6F13eGPb>FU9#Y-h@`g8L;386Rk!qB>btQal zF`v;ZB5(AwtGp7qfm3*i?1X~A>RYBnZJMBCz`bnv^&a3y-fEs0ZtM=cv8AaWy;3fg zmJ=&Sg*gw?jPDHArSiQ4pAGVk6r3jPA1U_vI|m$#*}n#mWXIO=A^DtzFtwl?y}KMb z$Pzgt`_BT<(%(%urPl@4lKV%8BWL|U>;efftQUTg?1vTn!?^2=cc6a?L`B(sdp|Z% z7!;k^9^|JI3_HH-0mWL8P-;OLc9MEW(e3!}-CyI9v|@pwN!eN@=}Uro;Dfi=5F~5f zJCnWy4Z3y~a&%jO)sLKCy+lFv_2^X%9{e@!VCJ;?a$HMK|46(`Ne=5~lRaB-uV|Nl zwixSoL_Z2>X!O8ZA}Nh%Fy$)rjLU5KK$M~w)s&2oo_j;Q-@T-sHkDGxb3g0x<%0ll zeafUYW$*0t(d`0!1V=}&9Y_NvypSnjCN_IaO}={Ix(k2~HOGe{Fe3=U{!l8kGRcmR z=wWqxsSQB_@}~+fUfWrDI$xx=XTS;0%=lpI&{URet0LGyK22dwPw|o9dS1B}Cu2dE zLNiY}kLPpBGcUQ3U|;>rTbzCo$vlss2uMQbg0`XbqbI9{e9%Es0;3|zYN=#^tix+v zddOithD+ko>Drz5>lfY`Y2@Q6Hw(? z_3ku7aQsSdbO=DJszSR0*RuDWjmP6eakSi=9K!+e51l`S6M6qdRe{!HmJ~e0r{-#<&q~Ea0AskcOjF0y)T4f zO20Szr5bO8yIsM1QR_GF+}EH827-YK@CR6%zs5xx2EPQ2czB^pgAC=8?oTUc3gPJ5 z860mFmQ?FDvuM0_w3k9FVKb@k2qIv>6QxT}!H{0(eP|;QNGNfOc@O1M&Hv6wFbYc_ zJZATS7Qt+wx;UqSms+e^tFJT^rd;l%IRpp==>U~NC1HC4q!;aMc!{Qq*=$q1{Ii|w ziT&&y*v#x0H2A3`NG{zR97bRQK8x08BrD#Mz4SF!?}Y?M@eIzOr(2G_z3RtIJWE|W zeOXh!iHE7Guj|6<3+)}_tr2X>#h#v}P&Q?h3^ImH%MJ7-+@RR?6Q#yW%e&R6yllQX zcge!xog$4wysE7p*iwaJUE`_g^rT3gw=@m9rrdS{JI6%ky=j29Dr(VOk5u60ODM`2 zXSs7zU5maj~F(*pvyZf*0`EyrmtfS_YvG9$iXNsK8TT)i<_3 zf0I=;AWV_hU7wdJOanb_zfOUTEY-c4ysSL1Sv>_J^;)GnuCigJTlN*N>q#>P3w#Cf z_b^Y7xYavj))EfOH6&tJp?Sa0rDocaubXpm#Kog#0))5js1dE$)5VTI*a;jRPw>U_ zT(FBIpX71VL*vh_<<&?`R7!*YnQS8@WiBZY%=R#^CmvUQrup!O5MYm(b&|g1C(@PO zeq8l1PM;dfxaqwttdsN)M`eZbgXNZsg)o{? ztl1+3=t+Qk^dg!Dd=ou)WQ>2qme|t1ww@96t*#t-=Qk+-u+{f91o{ zQi%xyF&lVIf3;g@=pz8BrdFJlvNADLhiP;m^Irz2X4?`bmUihRu^62C(`P8IS zryZ)eflkBPGLV?P&2mRDUV)u}-WdM%V8G`jJZ<(U2!`%3d+=v?oD7{@<=ZLkq5OBs zWezJY_pftQPwLM-g!1V~^fiA1Zx*YYa_Ojds7L(6wNuY$b_qlb*(lXu3I&!?t+6_e zM~JB&6YOPmawi9{AntXufJsnAoETUUH26fMRnv*qbzG)5fjP1=%ROJw;2m_a=(ccv z2hn#E&)GB8TRG9w`ykrfgi}{#JXH7d6>8=pY!65c>9NaSGoLrAY^@(1b7g;rO6yWq zoP(1Inq4plXuLP;rn~1-34lRu4_R^4+(sV#BiP%g^;>Za-aTmmQMr(6fgP` zyK|0Qb$yNp+7Eo+<}&wG-z%Q@T=G{lAz$fO(05>-oMkdGlsu>SdF_Qg>AG zhGB1`4#!-=UlnhU+02iHlc`U?6`?vKC1A}*i4aOyI!y9I9hZAz{z_4RFN!`y!3K`= z$fMVRh&&BOCM!4qgry9d4KzPU0hX2Ux@R-m7<)`_0Ld#D@V;J+UM0zu_ElPCH%;W& zssnl`mp4v?Gv|`lt?8Gex&oK>9W3tRA#cai4IEg59-W#Vf|69JO}5%F07B;~2=6V1 zFVC^+zk@E642N{~i2XykaKP9f@}%>*eZ1##qQp=*%W!!Q&D{3_iuR3pDr}ZJnAYb7 zhYCD+b0u<31Wo#KvRw3Sx>{J2Aet@G579x{5yY&Hn&Z*vf(=u|T+}l0c!_zgNi8Et zO6192goYT%^%M1oNK|+9K#EhzN?St3CYKG|H}`ifEIhlM4~Dh!s?+$4kkF9YF_Lk` zr3_R3-IF3a!F>0HO-&Op+0)-K?&kzkW~o;~6RW`kysvcRS*W5({9IX-_1{ahi-|_f z)MY$V4_RE8A0P;5k|b06;=Yz04i~r*qK*&w0i1Wv-)&HBK9PtG!C3s9gSeA!CkOtVN$Y|qwhQ8vX@?@k^f@Y8QCmc=pmA;yp7 zQcOEN*kZF4Ea2~yif7PW=LQie=?MpoSAy>k0fAVK^(f+H9={-mAhsfPoRfYQ0)4$8 zd8SPAh_{QNvY9+SD_{Yz0*6rbNKMYKhQe?>vV--VMhkkVxtW7&@hQcS+tOBUD3wOhv_MC{g5L~-aJ;xlyaAt7tN z8J(U&^s;f(oZ(~l7vLW{PIG{8u%-%QSu~IdvI+6g!#9AZvkIhhfX|HBazVYSdZ~e1 z=j<$hf^t|qLOTuEl`MZP#vs?^=K8T&*5SGAd(PY`Pj>WShgo?M6|9zi;oA zU`_m-rwpX>ed#T((KGEd$PI1QeJ$DQ;NJ6LJ`%SNhJ#JI@PMvB%8(0i31=fbxbaD5 zI;AN&=gFqU=|c1-`SiYlNT*d>A=d8kFV%AfcQZ>;I3&rbwXqx_WC6LF&n zz`3CZ$9`N69Nj^zRIvvucw|o#RlVZDSJdnhVU2!V z+kj<$n;bDJhKjGtdshtzY@u${?~z3RlJ3E*Eo9yuW?6*kRY}l8 zKK3DgsOrMn4`GF|VvjA#TU-l6E$DUOR!&bfkDC4L5Ul$4I*2U9O|DBI^Z`fcJ#ieN z)L3W2j^;T5enHP}DCz>)%kP(3aZlJSJa$iBe$iye0H)X6u4d5;rETh;v4rc%v3cuf z_1^kZlFaTEW@7RpymvIz9g5Mf7-O01;lU3O1l7pTk?CZ>e#v2%>C?qeO-yYqu-K5F zTfZzt11o&_<)?LBpjCLVpe*8%=O6^&>?)Rn;#12I*|1!`s;z^=R%esMKtmt+#4i_+ zTxqrn)6dlsLIy3lQ*7xU=9BiT`0@Hwl75XkUD;H*X4V%%388@n`zUKC9@6-SO^1o{O!84lG36Pc>Yk~*N}cBwrUQ3 z>3K|_cG}H_xfajIATA`hU*`rT&!gtE8kTO&G14_127|EK_o{1`dSHCpoONLc_Fk-g zEeyG2E}A$C1`~x_GzA?oIIRJne{Q_XC|+z6dkW#0$JIntUKS_r**T&9^mp`?!2b3R zNPwjRIdPM$c0Ge)Iex(LTAM!K?eB;{D8 z4)feY)GTQKrQJ;a&7?!{_w1^UdYT(1?>(3^L47C5^4f|Y0;}0 z26oMK5DZ={(}6x!b3NG?o^cFQuqj&MFL4n>0r@HVWbY#!pzR*(2!@{!P>|qy(CS)f zV;;(5`q;^O{rBP*ORgW}(h?#jp1?3XLpf1850x@7C2ejq5i>_i2zyElU(Ll*<>%`e5M4K`kF`Lkfg;wMk&d z7k63bTOhdS#%6GdUw@80T;->+`C=oBmTD~R=wK&R0VS)~DzguY2R{>A8E+FF1ym8W zD@7MPfOt(Y$Rq>#Ild8flidHFNi(Z+RoyD!`r}ET3gsdmPxYf5de;=IZLB9r^~@6; zNH%Jz4BcYiJt{`m9{^iRFX@bb;1;3nO%A%G~!7navNQYOd>oOl_OnyND9VN z#c6yWs2{`&o;?!GljyiCd{^}RoLr{^St|^T)@ykw z`Hf>k(ko8d`--=48wkgGWAw-3fKjTa_xIlPW&@o7quL&S5O z_Rbzk91gM-*t=ASlxEbtB?4TFgaF>UjAMMM-0LiU@!nrs%DkCczb8P*W8<++X6JY> zfzkqV>!d(w=izIqRy(Zr-+|{77)#VIIlfGE_`U=*1@0Q&#C#Kx%z9-r+8JA#E|hWc zxUaSy#L7F{mqXBBnxtw zE~vLQsNT06aKoQ~h;lOUQr|AWw9N0s8b982*|RKEAiarm!h=Ksp>b_Q=BSm(IJ#*p(csS7^IrQaSutJKn0DUD;>Zm`2bCwfu1bmX?jZ0#m7jl^I1j; zJxZuEcsxQx(m=3hY)96C8CA3^SlQ{7Hh3B#03apY4jVS(H9MlT?*jb6Y+9#m-aRQJ zRzPI?-5m}=B(FlE1P~f=mb2P#pl)0I2H_BwexsYTvGFXt5bqHwiQ!%zN5P#JK1uI zVlWg)sN^D3r(kgN5I`(WR)-7=7zmd55%D< zguWyWeo2(e6<=Hn+S|80M8>;F?mD@S;#Ij^{Wg(RlXUHH0kzhM!5Ra+VLPWqucR8v z8i%THP6sJiWszz{QXs*|261*)SD6@>ZHqZODt`NKs13j$@W2q&p@KbqoQ8=KWEIPL ztx^mcUh&y#gC?gOphZX&ZQdB(u|OVuZT+^8OG0hbksv!&E69*NMvGhZ(-wV4&kwb% z;bRKPGLDT;^mANK+BJ{Gi%fsBLbsJ+_v{Z}5VdSk9EHAGt^wR^cn}oCE5G>Z`wf&n& zI4V>dt_iaqD-$Eis6q$f#*I;(h&9n9ecNJC7Uo0zE#lK#z3*vj*S89wa1ofx*?6{@ zbUKJpBj@Ni@fg)1k1hqz92oY1$|PMqIEjAV*&iLkNQbc#!V;NS=?&{4aWEMIoAcLG z>ic05D#o73X@DGKpF2;p6kSqcCU)4)lfpkJNpZp1O?5G}GBsruiL`m@E>w`UkADYs z>*LHT+MXm0J;<}xTa(zV139~)^JDOx9*1x4A$ctH7ToT{8N4DcKm{f#CsRp8FPxaW zcX{W_#fbLd zmeZ>a+e@e@{b4G{CF|)PkJZ1uW8_4?=)FTBxbg*0>-522RSBZHH2_+%i*(kvl29Eh zP;m=ZOBWOW8L!&v<}5AzsGPjwN(i5Ej9+&UK9VXP-6Crv%hL4idcc9F!k8P?CV z0vTH@vewj)fCEQGN4ep=hfs9r@k~2h#<^v1F`QueyA#-M-&+rw*!J&8Q{=7+FyY8= zc!uZ$40c~fX3+Xa3!yrD6MT@mS{(+=}aRJDLZiP|3(Cvqt>)5Q{V$0k9 zd08wblD>Lx$6B!&bw5gBsRSfxz8^yHAb%PB9`^XVcWL<)_wZK=;ZHluND#P}S*EuG^ zbYrPkrW?v=l3)qQD!gt$>Ve^yO{WdTHcuka;L_)mb7r7(Z(3L;re@@Q zrO_qeE?V{G$7KowlWxl3axxBRx;&k2rGF$87-tPa$@!L`1*tkr8XKvvUtP>Ivl==& zR)CqU4Scuh4@!fT1WT5fsq6lflPOD79o!{efKikDq7ZsP(Nqe}<)a8oaaXE#2p1JB&|hBq!<3G=}j$^OK$SoFAC1ZKR2@4UjEx9 z;#Wb$<%lg#$6$6z^FIr{NF4jklgOMiGzJPhCqv@eD)J7mGH;fBX-9;{K`^T zIYN)QzA3s126GW-Z*MISOeJ(bukd==w>_)ZK~7lkI)_t<5K?Ana^wcZ!Ffr2FOBgM zWwRxhaiX*F!99}r+PCwcE~N}X_9NoIB?tP*H^@tplvj^jF=uzJC0R-p^u8nN| z4#LL=lQh~UPc$}|Eb=@W8NvXNS{N>9G;I`ulu=wKi|#E8|C$B?@^q6@_p)r{?qHx( z$0k4mD`np;7z-#*d<1ZZoZq+<09e|5C)ms@lQ_ikJ+9-$D1 z;T?80)76&yD29ZJ|EGuRSaitLp9`=iyUB&!%=6G<44!dIo}xhqhm|`Ht-iW-+*SEz zGm3y2kz$4^&!2gqoC;J7DKv9vn|i=4z@s4idGbHm?}5BTPZM3guc82D-4Y^yPp$`v z)fCS`D%i-ozycu;J|g#SJA;*U@|r<7txWCO)|^YyberPx+a~X*V54kmxDs$j6n;)a zJLNN*%~s=bCHCljYU?~J=N-+Zs<_MfMj>AtM3!k94{W>pxq)c?i3NAKo>zpr=O5~_ z{3Hb`WRK12omAl$x;|(ov0Qhu0GP!5VE3U4uK$f>HH3jVe9c4HDSR1cq~16q5+B0j zqg_+7(5&h{9pe1RToVn>2e69`G>uuVBB`&VT=HTAhKH1Yd2#OcN(VJ06u5kv*rTZ2 zFq_cJ+*v)Xl5`)N6zuzT9iHRmR-%z} zqyep;IFk;P+p>STRGvD80=-{&Ifhe#-D1UB|8#=h;c4;6eR`dT|B><>A3z>5?=++7 z>9IY<_NSKpZ4t{T7$#R>%#ZwV^)=-mp^N_&`hPKh*uUo2`M>55IRD4|oksuH{P!pj z|7|mX*}vvT{ZI1;od1vc?}Pr={2u>gk}E=u{a45?PY9d>CX@rC@!Ep8f4LKJPb_#) zMNEp7Yj%k7puLY6i%AIKtJMIsR-q<6s1rR&JaHTK^%PoHPl#g}6jT6~h>KFyL zp~6pgSk$0IMcv&WMy6A;z{SU*ZS#_OOf(OGH7)y-G7VHc**FD?@z4&|SuJz9mRhoSo zdEI^2B$|lKdJx@PEqv+k^1B{nUUy9v{_iD6?=-s;&3 z%od~EGs3ph9A`2Tv5ZG~ly@mhAM~>iR%J{c{;B{J58AFbxo>-X#QbPIk|M!X>^o2E zaC>HC)#=PNjZ89lLbhtS(&WyZVrC>(jrXHcdn>A+1uh zVn3l#L#RM{2YnDW%-4V-?^3H+rYs=L8dx;(LcVzCGSi)aQB z^<4Md9I+{|Im-)5>QUqp*18Ms76byCB>BthWK+@5XL)<`-;(GV5P)4Iu_ktT7xkK( z5P&mB@P%C--zVgUCkV(h2hks!hbL2oH-SDV9QOC1Q6K`Ahh1!r2}xGq=#bJt(KB9w zxf`f(9g3pY-Zei+z%v|ca`r&+X+M_@e^)`x1gNDQ3OhrMhXZ_;-x2m$=I9WP#IZQq zpf0A_HS>Hu-kALsAL1bh*PV^rZT*})5F7c32EfqMW8zhM035N}7JEst7r=7|w5*-l zmKHj{RX-jhgT5bd#WMIEA_Rln(&a)z%U3p*)mM`JU*) zK<$@%1>1x}n%m&g33X$9Q<0sA`-cz>6P8gUUDp@N*nWsE{ODFhvhoXrLjr*}H2mGV^;WjWw(iS=jdH;Kl`eAfkeD5Hb>yf5SuXS@ zefbA8$%+Y@<3{v$nVE2+20`7gqtQirf4#FydTpyE6W^T(xl`HbyqumnZB=>1BVTfC zUK&gJ!|ZwR6`&~A!Kv-}NO(McS->3@EQBn@lYcZ^ zSg2gVwWq)Ix44~d@9bC=8AvAwt84^2M#PY$_ds$W?*1mZ;;(W{zSA|=Q}MgU?hz~{ zzO2Hi41!8(r@UN6ss#-^r_<7gsfH&JFqVcAn?{d<-Ychpu5Xh z=L1r)?XbFd-p0&QP?XTB;H2Wf4`eDx5&c2%dET=AI!;zHbMD)ru2AWx&in&zU=7IV zapQ{5>iF?L{vYNyzTx9r&8y{&xl0lB6pKw~bx2MTU^VmQ@MOFu4snfj^I3bezkA`Y zxMR*d+1b-==M;-d;V-o#O z?CJv%vxr3dh!Sf>nC!MSA*? z1d4z!?;C8B$<0s+uIHp&>PjrGpuL}bz(qBHf`a6Jvc!1gHrdB1-E)NPpbN7r-Ti`- z0nDALnNs%KXgX+MT_bd-z?hRoc`Dn{OJEDhgfWW*G-Bpq3(QAO#>G}iYLvy13}9Ex zbK5Y+piRXD)?OXNK+l0{G+=X#0xLx`|FNlLz`34(dmoKsSP{r2>$f(<%6KE`62#dG zu-g00&JWkyy<_wIH`_Y!$1~sm8Cu2+t~quE^6kRJ_lU=Z+HYPUXyYYpST3u0OCYlX zTs7pNHG-e#s`X6qgnHt6{6ovLfFGjHbu3Vds&?jOaq=K*rp|WpEksUNhVDkJxsA9l zw*_DYgvVA(Hh~>L?sGSm<&m2@D40ec@DJU_iXN%=%p@tP6hip6q4Jlioow!P81L}& zNB(?+XK3YqqOU&WGI$!UXXPk2oAjfN=7SmW3w>SvZ-^6kcTF*~{e3pKZL};N5)zG& zrdV(tMa#0XSa)%eQ8_`>gYFt9q4n8Gd^Z#MB*Y66Z%8UE5`qB_Rzo#3gP>1sAz9=^ z0!W@K44tkN3)G~O(MMk&MkBg)Lu(vv1X zB0W@#R#WQ9&7ky+m$Z=|xei9v( ze|02%9vuJ zVQuL3`D_%i0~^SdulK;#s%8IXH$|V9Fo?*KUV^>^y4!g z*qWnmYM^ilwG#>;Gqv~C=y`vsV#E`Iz9?m3OFF9AUfWnGcGVT5?QZ(=sGfNm3=_wq zn(D!d#KA8gCE)TlLH(n`v}O9w;py6o`J0+nG(j9xt=zZRp>0T(b2|j9JPx2^+ZL~C zlqnq*7as1^!ayr&wC~byJxp9439-1l``+sQ4a-J5J4tK8W7~=8ConV6e6H+MJKp^X zyPw7}U(N7C9R)UEqA6x=XjKeV&*+v-C`;isiK{0ZX=%=Nh8f~Gq9espcXVoZe-6@; zn1Nbxq)RsHYqBa~UWkDIWqx#2i2pKw*x%;Y{+nIh)x3hk(%~z9wYcrn!{}?FHkH8V2Y#60D6Bw4 zvBi3emwytPKmHK<^zg4(S@q{P0*kwoy15-WBB1oCy`JP?2!_dvPq4;D}?HexDEkryr*{7>1}(%D=SgbTC#G6^I7=8xS{-i*U?S3gIQ zhefqVEI3_0ep%qXsxym%8gZ--liK3fK|YJQMXVp9(ts&dL*ZQ6IeOa@%CzH6EspK_ z*w!OGj^XU3VPqnyBW1FRr(G7H;iZ!O#*c~HR%D??e5N+-4;L+1)rMR0XEeL%lwC~k z?25Uvbt`8MCsodqpoEaQx{6)LsQN1yr1k>fI<9_J(2jC6HAwEx}e)_ZI zd}9UDKbAeXgSr)}c7EGAGw{&YUJ1Q_$gl)gK0X1nFD!J1V)M2?M!MG&*RV-bpsDsB~~X-Y~pg!*+B&Q;4S>Cc#pR4hXU>*=pO0mHM@m4T@Bw9h_y z?H4{r1DOb8?e88Oi%euYl?C_@n2`on@H`N4;EAW)AB1kDlnvpcMpMRaf@$5J^tQSH zXWNtg;wKaAEzZnm#|~fZMO;|udy!fuB=00W(_`rjnD2eg>qC)P)cc&7k>vAUiP}fcA zT#4XR1z>bP4hOi`#LAeb24!#}q2=9-O*-)*le4uvK00+PFuHtTSwdB+A6pW2fn`}n z-Nd}uoi#z13l}N+YYE-s7;^gpZGpcu^VsEM%!uJgS$r=t?~(%W|X!t5#0Uh&L zZ5p*XQ2dFDxc}#{5cnAzNh2QMHXe6#HK`JU^f+MWE~6?NJgc(aD08Cy3xkDtNvJ+w z_NE@`d9>|g=9wIZwWuLY4Kho0YY+$B;6ZOy&AfKI#QY>{a(d5O9wcQH3Bb<`t?ime zw3=m=0$P>3n=S+aFN%UpzMu2b+?+&8-?tI{>oJ?z8|SHq;mfUnbt$h&d#z-{$)wo~ zL(%Fv1zu@hAv`2( zu(Ey!XYA%`yTID*eY{w$SB6#|?B*~VBt?+zrO1uY(*X3KAqVox_I744X3400sF;Xx zu%g&h+=0S`M-kLDw>w2{Wsc^vyC?!MuHer6G5ESuey$UP0A>pfk+uD9)tGhQ{t!eA z<%B@w26|QhU}r0!0h6akc8%NX8b0Ba$y_CxTt>ZlP*=7GUXsZKjykJRs8)P_iZr#* z1J!)cYLg=KN`5mmVZR0{t)tfi6L3A`z0+Pi9Z+}K;Hw4mTH_Kn-{?Xhf$y%Mo=iJuz;jj{G(YxDwR0%6%AhYp);$LnyJ(Vgg36}RD`+z%(BXK(ii zD8wLJE&t&YRQH}aSkE+kxxxKoOg6kQ5lt0sq^2Q7h1?<1$1~OIqy&N6<8v?s1}x#5 zf6Y*Q)g6yylnXE$({#Mpv&h}aA-A^I%epy={z*U?fl;hm?B)zM2Odlh;+Q_z%{EZ{ z*@o1noH{>Vx)68JQCx_7g;#s7MQ}Ayd06i%0W)*x?%vMviBqodFpinmT{YB>nSf^?P8c(1OlPigCSDZ;RtYHv?HnIg4UCMYYfx9Clxv4Ltg&Y~iug4*cEU zCu_EE?D&Icu>Zk;PQrZTv1VSbe;kzERsw9rN3T&F0sbNivyH6lVW!(X!=&Qys|l~c zT;pbWt=3x!n;kJ`x|r53&y@}#5>)QsoYrK)g^)`E`AQNllqvPGg(yK9qrk-hYDXD^ z1344DTjhHJ!NmPTtn=9K{mez`E2l1(E zR>Jfa-KaJ9XM$X;i*TBl&@q9f{^rWr`e+T~SSv^vuMZT-V{{$bvjq)oBQ_f%Y^D1X zr(hdCqtCt{!T^OA3CwLlxm6Z{5Eq)~sJg*W8{Rv2oXkQJ*~(~c@m!^PjwV6dY<|pb z;4cH;NY8|rtI~2Y(8-C)p9c&Gk!JRm=nXTx{Qfq; zi3uE=78PO^7<;Y?m_Api=h){91L?iJ0TYaIUr~e(x?S4p^y4d;cD~uqRd=%rX(MAS zcw&00a0?=ZUcY+}H9Qt!oH3f?wsk23fMsK<>ox`;=lezG+oBnzKw+JL=3n@ zt$>Cse%VyeOpBJFJ6RE&2-5PV69U+IL5~Vg@J8?~{lOM@4V0ymkqIm1#Ay(jQ>`%h zt3!hql=@W9?EQxKXq=-L^5KG){g`g5O7YK@YVZ-youuH5lM zgd#+#3+psW#{`TRI4{4jpj~{rx*&?0LYUd{%M6WY0-~S#BIT6I?m(sT&BJ+o5y~WK zXqPKC%F%Gvh=jHyktk4vg`ZjU+fI-amysxmN8%bU`rc2;>6_<($X;$!smAO7!x)US62dv#kfs1FPz|q0G-|ZJEVd`*P zxwTpiGS*3FIHkJ+&XdCmF(EV`t881pJFCKK+00oqd13|Z$*mps9a3JJSMKC6a%QA{ ze!jc`9q%8$G{hOS6EsUXci=1n!#%px+g5(GD$T(-4z3{CPX_gap#LTiJo7=VvqXVQ zZ8A0+vX_Opv?G9yG)Em0Y4k4$KTSagt+Ek@o2cE+f}WKJFJUY9oa-iaW_KEm^_z}^ z89euN9)u_)ACLlvnBi_+8;jC3{;lfC)mg!%C%xV#c>U-r6P8;wDZ5e4K>@xk*sRCn z;Hmi$Q47R?g2L!+s|uk^V15g$IZ#gXRVZ1P?q8_}3stY4QTmdmgu&ZX3;3Lsz=}Aq zF$lJ43?m2lm(ZpD2>m~D{_wxeuk~;9r-lDz{=$m?%lZG${66UaX@0A}&5!s`^QVRX z&-{M3|1>`@9Z5RsLFJ#?qu7SZ5)vft1Uv|Z;=wbD01+J=ha;nLCSz(7%#0y5ilELTV-4y1z*^td;U z0+j0zv5GVo>9v)Q4Y90lHVs_~*iur)oT9if(xnS?6CN(~tmYIlOI3wTAd_zF%VdJ0 zMBPDw*_M~VM-#7n4q4G>Xe;~SE-8Lq?gf4t;fU|pQh=Wt$iEXq-nqUasosTD5u#r!be%HRf1ZT> z-o^;cCnfJ?Dtll=H!eDuDnGbuk{9Z90ELn@qC~%#B$Y(pZ5rJ92&&1|J@b@7yMP7V zw1Vu0k<0<_~1auDba+ow3fe(wOGPdfFA1=BLP8oAA|VQn$h4>qwz zt^-3#JA68Vi#Pn*17Ex`jPcvum;j z{r%=O6g2yA*Lw+Z;=i*6S#gE)`i*BS1HZAXhC_$%k z|Eih5nBeWIXr4%e`7I?is8mc&@3dmMWc&81f}je0zcQX8Caa#+Cb+;+xVifdHh1%| zKl>t!BMA2Wqmr!Z&meMzlwZ@ct|(1FP)*jtL2IhQC&C`ZZ_sM-I**m5?hx`%a6pJ7 z;pFyXwthW|4{yzfv1kz>nqpussa1jxaV{S!v$^G7Xfot_vUXTtbE(_qI72c?S7Dko zL9%v$=DV!|J3v-yFrzO8w2bh9T!imgI8n{(3U#ECCl9+)A5O~y_K2Ri03C#~06F~M zEjai}Wn%$`=WX6gJjd@*%Ow5V!8Sg&kXGClr;z-KRT=7(3hEh_-En<;Avt+sE zPBe_ITngMQgZ%r<_3P0rvoci%5e|!Ifu_iB#);xq9Cp9bp`oc=oldNy*yQ4vJakgt zS*U^plIY*B5gMOx^h6eIZUY&7YY@GHJy#H_XLlm7cW3mlz(!-#a@0s3EV>5|Pco28 z_I80Q5>FC#_w*He;27j*V_}%OKxKqcVCH>HRz`{i0#o)!PxS`Dn>o7@?g&LV80=yx+W&+`#8gh{NC* z9etvrnyezLQOVfS?@acCa$QFtzguMq#Lc5(Zxu8oP*!tfBSTd$5X=#pGU6S`T2(m+ zG}`LDhY4_U>i*yIhl} zJL68t@WPcu#buFndL0D3q--=)1@!#5N`T};M#gwFcsoJwAaCoYhE!xB@t9IXv1<21`NGUu7mO%nK> zBV@%0c~IT2+wDio{N(ObnS#2nh8DwvLIwPJ|4MIOYaKg-)reHIqM=uBv4<{>Z_k?_ zep1Mu@IROwA@}5@5`ai#6Kc@lTU)*h4@g@&IJok?xq2dTWTK8eeDsXZ-ZTs zKqtSoVPK|{E-dSYBW)u8jQ#Ou5^7~93v0bK-DNHTvpP<8#=Bm#PB1uZ)GPH>tN@TU7r-l;;3%`FKezM`JJ0b|O%+3i@wJ{9nMTE|?VoyIQIgar+~0K(yp)vdA3!PC1aq=D#iD2GQEsy%%l z1Dr5}utJ6GZR95%_Zy$K9Ls-B+j@eD0I*St@^iJDKr(S7&Hk^T z_bvO9zuds3Gs=#hYB13zZ%@z@Vk$ir=~d$^!*hC zN@;9RwH4@H0Rl=KU=vI=b|9|2BcC{}x&g}*!zZOX8DR!xAJOQBi_gC51`yfSkMZMm zOK|)ImRQFR+)vB7UAx3fSl0gV1*Ey3n)7C=(UGZ1q0a1$>G;Zb;(_d*6|A=DN7vjl zh$PYpKUw6+T!vFtcIrh2)g3vp7Mlz`vR(4)hzps(r;|}iH44ztF<$p-Ob-|gmkX;7 zdj8U4S=2Fye8mXvtYzoc1JFfnPk0gETUfg{Ntaa76km5Nk?}Xn5hj7A28i($yT>Eg zSUVwQlQD5g23W6wRsr^=T=k)KDwe3cs*ZlMGH|6DU9C*77G`84OEC(bs}uO@)L`40fX(NgL5?_)F|a7Qu;!vZ+&DvD`f9{X}G{4Q?=7;~M`3qM6HvgXnU_kNzGr!+oXM19< zs7?B!X)H1Qt1xf-oDO?$aMKv*ig4(66qv|gq6L!WPI$pHQLgFeM^}rz0}`W zu1RTv@S*1z0lD?)-&=_bj8nF_-#=Pwq6hQczJZ&n5E>TR8Lk=Ch`imE zF4K4A1?AhW7W(&Re5Qi`PI@GW^DOL;z8DR~F+Ekd9d(df-tEv#r3+z#!OmSzp3RhE4ry_E> zUF9kRE-XFz#q$d!c@FTU3XV{ugyt#-j$px>4a<+(Y5(?!04;3c1(>-)g(;@pYk8l1 zQ(7gXwHh7&EVPv8vbbdF&xGv2NSd5;JU8$Z2m+@>z+4`pz=jbftO4_3u9p23_Z`%Zjf%ymTo;m>Q39yARAkzEtML2u z&Gy0mJwm`rcp4W5mp3g4?9^=Md1Zt&nEVqaOe9o~FPZ$+UXv~2OU|lhwaZ@Y`d~9Q z#+2X~SCrpyZ1^a3L6no)+-aV|;2^=$u)&XWDAVHprMPsyBv00OZzJIW1@Vr} za=KkQ`0?}lL~KL_4(m|lX2_#IW-}PFm@DXF!<(^K8|gl@XKM1BIH3=IG&;b8!=-NB zcCm$xg0X9^tDLHGc*71APd44#MRy}#ZI5abeeTre%=Ol6b12|wCk3&8=OAg6QVpo| zqSp$2iHhuKZXCj6Lk`%l73vTjyUBgD600$Yd|JtqFM)uu(X~jJJ+-~Bv|ml`Rd$ea|XSdnGwVoM%W%`9((8Rb$h6(W;(E- zihM0dE+Z7_-X6t|cLm1`9k2tZG6Ln7|E|JM945}KH&(8W6{_%GK@wlf(hEr2V| zzyp&w-wfwO`K8SWBnF@73?BY$dDSofzLP{yY4{}wB+p>w4+TAn%(uEU8NQ~ewN;i} zBGb`DMo;ISA1*@22xhoOD9!loW_1D8tCi>8f!$a>DT?)H3?BTUv%4dCwK@3pQ=#Hy z7U$`p$`7Of6Qui}w$L6P-@=5CrRnzD5;=~_s1a%3M&8E~m8q-Vj(hB&S^(G+k@AaJ z&H0Y{Qtq9N$R&#!n7m?^*kdjBjG8ccCB0s29z71W1etXji#Lt8i(#^N4hS%IOCD(o z!lyO@CklPqCx1SM1ciR5bPR19zLItFM`{Sp<=!mtE6rSt5sIZ=FIDo8((=97W?^H^ z8zJ%;eJ0Rfo~RaR*0^<&NWt>`dt=gw8%IWv`+dWmz$t?9V@N7RKkqWA@WXpdTY5M% z&GiU6!15kibqNN19KLG3m!W&&GS?)hYm(EL5)%0MTSMDU=$MP6KY@NoF;;^Dtt@zl z+4LENJjK#JFR_sEY48#Bfa%7+!NN3+Qs5FC!WXhFGoAurvT3nxq`9#LTuN*aS6zez zYYsPLy_3l6Jy|;%br_7kQ#NjS7x+2yW@1;vWfA`60?gALos#XIE; z39ihg_ZMxZSHJ0YB)WSr>vOW#LCXlUqd5;%1f{ogEAA0YsY}pWo>@NdBH$I{Z$%fJ zc=E;cSS(<*fi_b*LW$T&h_zO$1o^_Hmo;2)N-+&AH4pTdN) zc*a$CWHFGcW~*|I5M{e2Bktmn)V^mebPQz7`*g7c=%@Mtm9w~ts3y7lYv3iqxvk;* z!#`D)h8U?y<=*@QT#e(yk+qg_?7Ex9oiD%Xn%q3;pcV=kvERnZ;bXTSzoi?N`D&-! z4q7(*5G4sO@=)1SWR`X9QYVv`IJ+lv9q&)ChGf2dbsZZ$-DUCT9pqUbDuWsGh&?{Y zcY-bF31HbgpsJH0Z^jd-D69&=C@xNUaXftJs>#eW7T%g`JyMNMwIS}>mf^g`f1#Za$0)%S=>rZgG_j{ zc=}yvc=oRnTGv|8x@kD{gALfyw*#2!AFAC+5^qbx&D$H|9e-RqP1+pd7O zF*3It%n8@8Fcm}>N1DvzHcQh(uwZG*A#!41YRVPqxF;k_;s+9Q=s}TSA(@yeMzPA0M@sjsl>2>@#lIr z-5j@#ef-?vu)KdeCxNrBnXj$13?_1po(Bb90#{U3fu|`Stj+IDX&k>cdFjt^d z^`VjhJkGZw!-kYUZMq4IFF2fPGYIadbc>Yv){ZPtz*=qO!4*ztZ!rj|o+?h3eUq(@ zwx1$gO&F>@{s*rMe$8Arfr)p$YO$|lD_j?7)+U0}w1%jify!932mq@}p-G(Fib+(~ z2@`2Mc{4UB@quE^q|z*X0R5S8j8f5au$qAbqFcZatX#?q$PT}&4lb4hVE873fBj}r zLqdjzxXEBH+9nNo`7GqnF>VS`QOeqY2*3F?i|OosCxbGe=^?hg#8PsLFeV$M&*{*( zi@W?t(nS@Ti_mq`G!PwMz2V1mx^rr&=^Tn?8&1y_(2)f2W$}uyt;iL}VDmE~zfckW z6Ancg+9Q2B#tKo=hx4!-|7G)CaX2W}TG?uoCgT&b+IFX9fYEYc#LlvOT0|?5d!$Q6 zVxY4|cr{~a4!i6n@LSqse!7U5Y zpV23NXCCLla(Vq21qseAkYC$GDZVTfJCr4dyGD_sjZY_!VLIlHRomqodWZ7^#EdTy z%Sy?midMQA;|(r;q(x2RDgDPtqEXH%y%`V3V z?}e&1x^>68=HMM<#(-pg>?lUKSa{H$HWth~Y~%=-&wPCE%9rCF4+#MlBs?k7HB|lu zf+MGdxjG!cM_wYK2+v)H*g5f5Q#AYRfLpzm73hR<6suQIN)ehrl}@IasxJNdxH>rS zsw-cXi^`WXc2pV`fe)j{f3y#=qRG+FHn6y9$LswT-9D?{)mzGgl!-Sh|BO6t+0)`= zSYJ@ef4yB;vjnb$D{{TU*r>lDBrH|$9~eDLN3>~-_<%m}@$k%kzOnec*gyZ2(H~TJ z1$%6GBZf(r&phLCgDolQ+ftpJl^#!|`kqqclBBE;K77`cP zjpCV{9xTd?hF3v%FW&CipXc*V#f2|als8Kp;#uUJt+c>=5*p5 z_iox`5=drspI1|DD1V|Cw?Yo~qg)Fx(%+)>=DkD)eD|$Fj=ewS1LxqvjdG}&lFs$Pqb1Iwc zIl66viB)whHg%{1d^&@zZOhay<|V9*>g!5J^UL9T!GY2~*u}{o{e^RtNfX>k^6)&3&2$ny9QpFfS}B{QmqS zGIAC{K}6GHDT6%Yp)lpm#UWo3iQ3HuEMukZcMWdAI+nyYYIf~59wd=z*4Lm=Nx*Bf zFyVU69wa{3EJhAeN9AbJEPr8uVCi&(PeA;3t`jkKZd~e;P1CWXk&UxzV z_yZ>2Spi0 z0=h_+!_8@Gdr9we0yQpUy;{a{?>0f4HfB)-vu{VENNY<+O!c1VittdQioK?y4H2}K zO8Ehl%Wy<4rXrtnou%j@Gmd~fo0_}oi`@rC za#x;N2Y*NPy93J6fYY z6X|yrbTgb5Ih3IUH1@}|PbkNyjmIU9Z8TQSVaoOutm> zZ}mu^zj5eN=CNOnJIX8vPT+>XS8&&qc5ciGzloSfr#{EAr6`4om@h}uRiQARy?2uL z`FF~In!ut3Z9e`?NRp9r&yn(*vap<*v!UXw3XegN{MfiWjP7*?l0h?42ll7I{PTXs z-opMQzwO*N_u37yv3B{##Pez^iJNo{S3hMO)6cyvy-^NgqR9{QZO?OtwF#1cykx#Tc*t(HT3LC2QhVMHslU- zV4KAO3oLxf%(|Vax(pIqK>%5s9qI=AuUfizxR%qt?`%vj@XXp7l*+gF~b+}mGx4r|LhwqJGC>^TY=Tp z-LljXSqblctHC_qZjEd3V2Xtu2~Wh_c~nL^G(~jKt}9Kuv1r~JOs$^ax1J(1Jz|?o zfCo^Zb)(}P)V965`rgKXYm#$h6xVFtIsudXlJ(LyB*(W43}m@Mmun}?)v(f-<58{3 zenqW+ycr7s1ZM#tN9mMy%qxaOg%lltpHF)ucBTNnCd>Yf_Ewv`F$uK10)T2BeVD2{ zyG^aA?!B1B7xB9n7c<#P#RE+mgm}R4j%i-A&TFiw-NBj!P_ush$G%rcDSzuuDglMp zo|8A!p)&Z5}tNzY2T?(M4Zq`wFzIY3gd(mgVvNv1fYLDBm>}rO2C-a zdz4Z3(sZV6OU@kx`E@ROF|Zqc4fi=}*lc>hx4q;K>25Z3s9w0JoE1tz@2B}$8k(8M z4K~G-p+|l#BcRwgp5Sg^ zo0@eVOGPA{0mD!Ja^YQiuG^(?~zv`rAu`oaFp+KO;-TxGlF)qt{NNKYw7=er#O)oShZ_EE~nGf zFt?>tF8bTD)=xbV)dveQ$9f9^zy&_Jh-9FASc6w0mqC;9ncpKSk$!Z03Z*<->(J}z z@@a+J&-hVOCn1$$8C><9*<{}= zklo=(OECDA9+ooC;$Y43vp`nr4wlFPYC~>*IYV?8D$f?5-Ml~1x5nHfPK~O_2;MiI zecaMuZPxXZE%^DH6~V#V9P^5$t3OT~RBle*=IO0SQg;&sR2sg&NjCIzHWc8m=A7JQ zua2EJCsz#Ao_?v>vcz306jL`>Q_PajZ+rcazl2WoN9g}y{;0prul{fIx4Hji{(#1R zo1dBq0^sb=e}TV#|E~w^|8;`>X#*nw-7vBL%lv-z|1^J_`~S>Og#1tQ%anl;^|-9m zm+!K3mS)V;F(|YP?bNpf6Vbw?;~h33DP>!M-H8+qc+`dL3w{F(#!7#S7SIK{ic7LJMTCcA1pnS*g!-wj?gKIEirpDh8GT>I zpzBUWI(G=9@RSC9BKcvBJdaY?85r3|E)ql*K7a5t3O@NpER_8wS5=ZkGJ zsBfL}tL<<()!CAh$i%Lgty=rwEM3QqyjXHZ=SAX?zVEX_zbcvv%VashJaPdy(3~Vx z{bmacTpL`TEl9V-W!N-4SAQqt`!Qs#wxab0Zp2y#+PY1kJp34lGlQjZG0axm^US_8 z&E@iEV;iLWd*OH*!JU8xas_J>UNCGZ&^yI&-^wR|w&epZ;M_`v_)j?)Y6Wu$46^xR zC9dc!;AcaMVoO8Qf>xy$6oYfNi?p#X=3)p-WQek3g!~8)jJBi}kB|(F>&B)kz4MNr z`sOsSFF?41D>3JmcY4d2XO~>yY0LTVuJymO>AjP+jRMJ(-q9Iz1xD4vGu~958I^`O zw)IQ(^i6IjGCIuBzj7gxfJf-L3R2HSv4s+V@Wli0LJs$Z@k8ygs-LOEX)Bg8>k8`h zYGfg--At-ErUQ1Yjqnx)6y*?V0;iybmhtrNL63Mhxv7+$CDX4I{ch+AOb90Emw3gs zczwfb!K}jrWCEK#Z909M2OavAJekW_gs0kSyG4x*v9g!7aM%#lt}ALPT_?~^He9V0 z$HQn9&J$~&0SS0Ke-H0KoHmPAQ~ufY-L~>rEMTDy7`cjgqtyA{*@du$zk9oZy0C^M zwK{Zf%}a@tCksOS^fjuV2T1!0_J2!ab=G4ZRm)BI(|D_(n)b>4XWlu?Dd;=?qt_1t zksYq+xLvABE;qglaO(H|#JZ8+O0lZ31R|R6s6fO`R{PO?VD3i6%*DCWGgWN3@i?ux z>4VesZPooZFc0{UiBh^#v2IbHh$tm*g)L1Q)3|&#{d_{B=GCCOK~Z;iL$7RgNZ&8_*Bhgg^d^OgkH0&x zw9SnlU`$63yDcx={kp)g&U%#d(skXq~-dX6x*dRG6 z8p~XXHTfZNB>{muhVgB%VHV44Xr?es{^b5iGL;TTEa<52r%9zH_MHqsf{)@Ib9xd# zYTFu7Pho+=+vP~`=8Lpai?kH+_2?*5Cb9#$sr}Sn)qPd^+&E#LK>F4qHN@#X#3wM! zZZ)txUohnn{%d+nT`}1($-=LOC^5u-2bE+e-D(>Y3|^{t)blrf{u^3)c=X;+cAU{W zAIymGMLX*=*CbAsHxLVXtUV5w8Uj%_A{hCRXp2s}Tg~Bnej;YSZ``V=1v3#b1=tH! znPWvM4IFuupf9*04Sz4sTfv&cgF4M%h}F2T3kiF)B%_{NLb>n33G!X0Zw6PLieyZ3 zqeH+yZLm_%*sdgK^kgr7do^y!T*r;5&I;E-sLr!HCb_)>Sx2{kp9sCY1{DVCF*~5I zwat^G4q*A;-lUvTH6o|B%ejin0k9-^ftKH&>Z4Gd@2+Xe+~`c9LBpqN`(gCOt7^<@ zNp76p*F&963GGe7n1Wg|*^md7u{o7?&R85`wQx>$hQI25w|>$6^(}E`{?D|>;qSBu z>Ypor58?k-{+Qfe#hz4H$L*(W8AFg%-L=i*otoA} zJm$|q9}3;_9;%4pa!))byLqvV${OZ?gB7bU&Qk1t$fJbH{ua{+7_Si%FMKTC>yGj2 zY+V|PDvf1puHRe^Lt$&SVCu}5#2>5lcKOF(1joY5Mw~|_+rb3xh8md5LgLHmdNh_>xwfT zi{fdVF8knFF|=eMlYW$rtMy;CiY*Hp@w8#!u$`M~U8^YH;m&bvq$`*cl8r*<^KJa8-Es znUPwX>VbZk-q3{dJh3?iRc*GV*Ls;J=P3KApf{7S6(yd>Q zi}fOFC(D(FYUKSSMLRSqR|5^W^{SNk^{Q~JHcl~UK$cEZ&WZ^Ufh@D67ZpG}KNzV? z)_7{T%N|*h%g^^8pyt{_tH5=H8`AnMj#m7}oPTHWg>mEC*b6b@!eJ?KiX2vP{1nt& z+8J_q)w0a9-2Ak;7HXtZ58tcYRI!Ftu@dLy;6lOri6ij>H(E#vmrs;Jl<9Rqu_u~r z;Evm^oZLiYB}78|Y;+bSO4QXA&So}G_G1Q%rWHJx8iJf-w>PdkB-h50buDZqkw^sQ zD0cis^JZ;>;y@l{wp&a(kH%n-M!mxZTg4B*V^z7gfBi*V?8jT%SPG!m%KTX?%k!ic zJ0qj6j~b|Cq!%zt>@Lx!)0Yj3Rei%(WZHH~l}tPPP|{I6HLkT5%t^G$;8iAg0qO*v zi#mz5Cvet92h`4u%r7a$(LQ&C8NEqxNFPKaDKcOd+7u#FZtJa6pwgMRiT2Za(o}(0 zE>C#(d!!zKXn28m`6gtp(O8HzprxIZ5bkFZxS+&J$PCe?0-4RwM;LP$fcPCYUgQ9{ zjkC+4rMiyQKbg-}`|fH)k&Jk~YBdLc8oV^2=42o9p9+a;jayLjPh4PBrAMh3Ol}<` zzNE2?xF%HH;HT86c~px=-o^kB0hLcY_xNyOvR-*jO4gEyv_wY0Q8E}h^+sU~-mG^^ z-@PF2Xgr~tr09w=>t|JLT4FgXz3?WVI=5NpJ6bpQcDN$esJkYCLoIccHWI4vZGe53 z%@strtP8?BBBN>nNQ00`FHdykpo5pXnqA>nk{mQ`ih`Djl(?=4zxzz2haUI1Z8vi8 zBgCG$uSn98*|(d|&ZlU!v*-Y&G+gH>?cFYUIsU6hw1DN04-DPWKK4W zD-UJ+r#{fztd*7sG$T+J&`5-Lki^!g6(<%psvsl{C|7dzHK{)lFP-G(=lbO1q~cGF zbOR7?$2ixwP+Fy<4)e8pVOjuSGDNKc?3M7Uo`^<2A0mcsb2uNmLu07u`4l~>qPYr# z@L1`cF9TxJy7`ITd7t=5ThkA9F^0_r!+ojx{Dxw}h>i0eGX)an*yF%d)zKbn9?xlT z=AJg+zN{??0YME;!nC17=QX~;>T9!e@cVN4Jtn0sJKB4Y%+$u(eN~6j65WM*BYd&L)Lsb_#4jaG3fQE(mNk@{q!kmK1pp=!a@J ziniF>-;Q2{d3f3BVMZI7);BM2z`gBPg}s^-uljK5q&ED67yHot62XEHk? z4{sX;vMs$FyGjbtz&`#Dr^ZLmzCW<$b;>S8WGSxu*pfJY!`yt&~bG?H9Klqg$lU0qwv2Kb7uI{K@TJE`#0| zgOa307-lpr>k3TWI7-XtcVMt#LYZt{^><t!~rMox@=!WsjJ0#WXXCWLVXK&f!5QnQY1)foA^L0cQ{(^b6-INLB4~4 zpJy2kHyt67GzRDVU_@jRvLHA!i!X%RouUaga$RpOMR(imviPuOtgk!(FCN=Wv;`9e z!HVvT9rzBSoD&MU>XB_+v}()~{t)5fLx8$5{HRx_4*jvS>le=VqU^>pN0-Po4f2&z z^qZ>vS}c|bNWAtDcskkpRt{aQN9hJW?bez9CVx+gN2s)Metu^O29e&mKSk|$-$GFW z@(5B0Aa747>9IUn3R@GF08yMk$V8hZmgSH$mj58JVV^xrX7wkht_Ac&)5h`xNx5wv z;r0fH0m3$r&mMsJ`AkvMMn*WqmDut^` zku>!RUthI#PSoK^BS=ZPHzN0OQ?6RhGh#8Ae%i`)R+{%UHgV zoMBs2Q}V5pu>~RnOGg8pT_~sN?@bYAuYx{*lebDO*h@p$!H`GwUKDepA`>xA)<_qz zhNr7fU7nZARHi^&`1eOr!TQGnk|#y+#&|b&Z7wzQpCXywuHvy0T;q?DZD?McCC&M( zWg$CX3a0bA!h^l_o=-F5xYa`=(vQp*#L>Z9#~#-Oh3WO+qhoi=vkvAi%K2#=_!cF; zOdC;aF$^b>FCzHmG?WLnSa|A0>{eFxqK^_-`c+2Y0F#Q?R^N7g{$I|TjZP{Fei-Lm z(52E#uq;Lhq6aLj$k-}V7F~gW*9?Nm;$~5?T?Y1%@A+wl&_PJgF8HUBjKxc&dkU&i!L z^Xq&x&KnWNe@d0BhE?1yab9d zI1JHY9{f#Y`N6ZE1igiHv~_FMEc|dbx|{BB?Bk=LB+@%kJcx66m0F%p&7@&P)L$_aI&){pC2ryc;!`}NnTis;r+=AUeb3S}lLBn-kX<@`rWpRV zDV88lFDPCMedK2gaX3dsVMUq%hU})K`PNgaKE#^G_vBC8x(k5>KtX<;9wwLZGL>wk zi|K%Otgf1b()f{!e&dN(@Jh-w7Pvp|T zfB+4W#ayaa%UQw^g|an_Sd1)vq>WL?YP<5eP!Gu+=&;iKYMp%emtS@=RIiT%Y+fxG zbDB_?X`A=kqH5GBp;u(5W+@Wy8f^JnF=Fj&Hb6jR5g%-6PvSK85vP+j-%S(9BAId=nSD=eWCT|}jLa%r z@lB)xlu9v?W~IeS^uPH_rXFLhXG`VBTPAWw9PLpCL%J8W{h>C~ku%2uv0?Vv4!xR4 z^vbM{?&u#bTIcWJcfA0{?DuN$ABQ5>P{lSshI_g6bc{*h7^ynBc^nzsl7sDO zaS!-36sDYRWWw?iAye|=`P())b}IlP0f=E&a$)&T!Gqn4T`;sYu6Mq~y03ZcKA?-# zU4b^n+X@}9u_*GKW9X_LH`9krU!Aij2FY5;qesI_1Zn$NYEg3wRPu4vJb2y=ee~a*3an^AJWucd_D-R&&Qo@UG5Mo+j z(CL>?YW@yCm>CiE}o4Qt}&IddAT*XP{LeWRN5_;xB zj%DD;7)x}|_2cDmyyPCVbabzF5_1pCu{`pI$dWHtD1AqZ+TKJ_nKPlhEcXcXD1&sd zTz%D>hv7=Er)n7zxTCz{rmm}-+5+#OFUJ(6ui2#H;s>T287F#MT-s0rA;AbO)lqGDq{H{?R% zyG-xFYn#yMU39toU=Dmv(m&u|7{Q4XX(-YltXa(wVBq(C8gp{_JCavO zT*m=A+3+*=bn;EA(~$n$@&HBW&`G|>C6{*l|i{3EdcSH*+c z|EU=BvmxLTL^5xFY^iIL80&feSS9c+Y%rmxZ>kJ6^Av2!$I~9*Kp*Rf|3+_@w-UKg zMcmB!mBn0@0#T~-U52L0SCWh5NH+eOZqV=*V3|0KC$dNm5{WJoh<6sXaSJ!!C3D8u zNYMa-<#k(C<(S2IKcu$HbHi&VmohckIEw2NW9-;bvG_d2Fa@|fRa~ATRWwz)PKuIF6W8!r<`ad;MQuflx4Y!-ET4^dgV30+42kXu-QcAaB-b3d7;BpsvWqhj2dEDSUWYjtU}GWCaUb;4RUl49~ zZgO61@tY(Ry( zkaH6AvfMY9<8;5`*;Mm0QK+2HCxP()dpk&oKH5N}3OlIUQs#8-5}sH~Klh7Ma(-2V zX2iZeMSQTsL^*@XBmeMtgE6peMWxeRu3PH`aLe15NeX$CJ|=D1Iv}!vOk=QXWnMRd zv7i?|*9lyJj=g12H+ShbF{L?uXPTRUG=o-8ai)JyXesb3J*;a><_73}R*^hG+ChSd zxuV5*;$qS>DyqPrXmiX)Qy&^MJuZ1x3eoGe`mlPzwG|6N25s(e5tj~_zqKHWS9ZX zIAmRgXc7s9)z8AJy%Z=On|6J0;2jUnwmui<-W| z{z2z$DN3GtIPJ-n4^#U{)#QJ^<6k5myO~ynp&!p4tB0Kmd_g?(27+yWufIyRDIMJB zZOTu4+}z;ReID*TdzS0!m9D0H<^+jsm#|_(##W4359z!029fn+X8^Au@!*hny${ay zTQc^!umbZlU*M`bOpxWS_WxE~&xv^0o$wNPH^s*==D1gVeOOLySIm5|t6my8d?+nF zexrt|x9>FPj{&|i8nm_}kZ1T%H|`7O93_6H4q@oV9pS%WDj#n129;oc@=Vi%)Yc|# z32SiTqcn*rx4}NML%*v^?w7WViMT^DC0s@sCv2ZgmeS5G4nYz8uOU^)%kjGY!+zf-|o%&HJ*|N6Jf)Fo_!5eBaeG}%q$y) z=q8C5i!_Ydj~`Nlg}UMuiTHSzl?@CA_MNHc2%g`*qq{kr%TrNtL^}iy&kh&L5y72y zMYf@Icb-Hga`tPwE-SW@P2OWlX9|LuY~wl$b^<)Xt>QhXfSF2iScW#jFXd}g24kDo zPUWP5K)Bgu5;0cI`~5_!irordShZ+FQZ}523xdXJ&zojDnH@#K`nh<(Ps>p~0&lSpT$36$%8wmTrvtlWe6Ks?*1L@>+y@VY z+^Sq-9H-=<(KMRNejtiWY%=d^=mv(mb_L^9Jp-$&^@+mME=} zD&RX)#b*`>SkE~bw7EUE0X0R{DbOkB81obX>qM`F$(KF4<<(H2OA-~_ZVESqI`9^T z5Bw-?ZH|eQhDeph7GkgoS=w?7PyX9C(N%H3E@DJ+3I7i?I`E>+iLb{W-RV?~eib^F z1=swebJw%mFedpPT%7R!tZrlfBgy3s=fwUCQ(;ZIgFO3;ZA(nJ#jse2?3WRn53Pmz ze6rM)5S50=zR~$f8WfTA*G5selYPnHKK%>Uy=|%jprwRO0JKr`BiM%(Xw9l$+0WzT z_Q1*((Z}EL;KxD$%JqixtXj~Zf)}}(LD+Q z6l9I%{$l7nX4Su=e z%a+h5ae_>}Ub@0b?OpbjHmq`ey<_b;<~@H{A4rp8UjU`5dUfP*gVuxKE4L0Js=@3C-Ldk;33ghUe(N-;y}-uT14a-xgPHp42sJsbYROD6weMWq z2VX257DcCe*bel{9d=ly4TGcKN%rxcwJ!l9i%)>lYXU8k{BnMvZ$`ButyTL6>R($T}``CUZ0sc~>b znI!EyEb%Ap?~KyVM?j2D<>c8YD!iSctqxH!O?hoLJgEQ`&`xH$gU%R5`!pQg#fOzc{)FjfvS61;>?k`pIh34qSBx=F zEBmz6rdaAXKOD&Jzw60ulM=E5X_*MFqBeU|J}=%*48Y_%WO*J;$(o!rZ9IP6WS%hw z#leaMfrakNH7gSypC>ha(j%FtlBA?#vkH`xYXm1AtAXm}zK=@m9=4et}DWDot(UWh@npf8x^&KM5 z^7r%NXlQS1u%hmQTH=xiSpG+yrt!O?Navwe+6QKv&!y5osg0_ zV@6GekRRQPyR$idWj3D6gr&NG2Ey{f6bPGW@^oXW9n3bhzfPQM_h0YkZ!CU{Q*D8nQ^fPBMtBf6njJ*j-tWK5UlL(|AoPP@2EO<{ye!x^d^FFa zR@azycjQ#Bb|5-|60qDj-3AZ2kIePJB)?1ynCBkYPD|Jh_jM8pMon{?E*RjH@52>Q z;{Tqg28S3cfMC8EdG}0~7d38iSzA@M-SyE<_uwb8CxR2E0BRDUE!{{%M*0!-e+43- zt`-=fSq15EAA*#`2Q6V2I>-;~i)y}EFtt}&eH*Lpl|pq&vubvNCC=`pp|GhY_D&1W zgE4gpjn(=L)o&W$u8=T&n3}qGjc1ugCx`;X9V$(2-vP&@8Y7 zNuLSI*r~zzGlT{GMR5Q_bSGdkrZdEI~w(Op# zY&F&1gR=+&wxue;kg(ZsZPl2nWi$=!j)kIr98oWId}_p1%!d9s@1gcW95dupdBUJt zfWhm(HWr`Sg5;_PqjpboTSj1WITY#vL*Yet4Aiw%ESr5Z5n(cs+BzM6;& zFQqIj={hG=$9OoBfp}277cDH{$isT6?)#MClbEAlwg_l72z(&eP_we|_JmE*bFnIf zl67j9^y)~xxYq2*HA&nS@_|3R7PP{jHay@Z0WVX$PKj*}y09VE%R5`;vLwW&!G%N> z<^Jt)xbbk@C_1Rf>QOlni5zMlR_tXFb?|ZV44v!U%zg<^O&HZNERL|9R2|EwYkWS^ z+~;+D+tGziuPp}Q+5=vAe`h4J@F6|~!*(gIcNm0;g(GT&Vpt%MTz^t>Kb2a@E+DyX zK#KxxBM=Wa4kAZoDE{@cf3WqeRyE% zS=ce&e3Fo7!z&RU$c8E(m+2J{Pj8gITzw3~P%ts%)gWHO-3%WX2#{~2X~}B+_sRA7 z{1THC#vc(ze>}HBVYCy+k}gE%G=Y0K;<+}rI=jw=J#>lf7+5{QZf5m%c6P?mm#`)& z0t*!U6dkpoXL!-Te-N6g_XSmNu8?hCPC*`i_)zD!7Efa`zC_KIBRR?^r5r<>@(huCCw|ea|Y&V^KRk*p#T*`vX%GO*GPyY zwKkX?vf6%-Sou`yIaUpRKQ45-!Z|S|q^978cNjxs_a%V!H6lgueu3YXlwOLsx2z@V zLTC0nu+`z=C>|I`w?yEb_a`7@OtPh@z;><}0v*$q#Peu-HP;O279zB}F}jYAsAs~= zo4>Xw8auQRTIvT6y)hEwOE-c(6;Wu}R^`$Bh9$GRTIB*Oxu3$)vbhH%BwzS-_!o{1 zEVW0gSX*I`HHraQ7i_nEoR47YN|z_q1;Q1%e4L`41GIT7Dp91mJP1A6dxW2hfujo` z@B8chra~mP@@O5uwZElXFkc3tE%k3j=5gldVy+G?d(rd{I?H|@hbMp9u3QPx2ILLa zo`Z_xHb*P@@NJmh8!qN2^>j{VSw!BRNs1#K{MbK2XQ_AAU22$O8!~p0 zwT`=%r_LndIjrMSA+#JQUm0nL$uN(pG%=P~cZIQiXn+vg9r zq%k3>gx|^qu*Gd_qMCQTIJOnsnF88f2ica4+(1sQe zN#nSZf)zlZc39FCcEB=3o?idhS}ha4Pic&BD_%mrLYDUQD0?JcrIt+r6V;!q&)MxN zT1u^d?3!h$#aSiA8dkz!4Z#tEL4LVRnh*Q73aJY%*(Bs8cC`^*aJ-Y>NjN!hAkJGVZh z8COl`;ok5RZ;d2iwz@PdZFW7~@db)G%+x7u_tW=vDA>o0jGxFY%0^$`1^J++4yM4* z#_1R747rf=*;3ysM!`1oYCi*GOd{FucRm-~D%v0*aasG)VZSI7+6Wo%D*vAA-n*J? z;Sh;?J&Tl?s<*X3_Cd@lfh3hDsV{}2j(aQ&97;G5kA z0W&fGt6=8v`fw1g-KR^szFI0%jns7!<5j+aY3B{Y8&RFTRbGp5^xm2=Hx}|XlnFaA zKZI4@i`CK#{3gOC!yMKGNL!!Z5hbfXVnnY^8Ye{U$C=*z(PRBQswPN^E}X}~5)uN| z{FkUgSFrLfeS(QE4r>JS1rw|s_}u)P0aF?u)yUd)xejNHheiJ?eA%__>;q6VxFdXR zYFxOfXrQw!y|)|Tgtivhw6|G`%_p2+{>$HBx?SC70YcfEH@tPjJ>woFAX=3fqL5PT zmkD@k1DVXbLMGir9E@sEv7w6e(zrR;JUyr|4BY&SRcCAfaK#onVEkTJJ*hgc2dL37!CA$6(IL1xG_LAtQ;1o53j z(7w;VlJRWnz4>aXk#N{WOOm_nT|CTsROMwJ{An?Ejp^^2 zqNgE?Iq+VD`1sj)k>Jl|S9#!*S7-@@y8**rwF762zk!pKw;t=QBt1}m)!O9QZaPF7 zdOSbL^-ywX>Zot~EgehHbgIa6`GF%cj(@l}bIw*+D@=?aa;7|q7o%P2{untJloV0> z&M=K2(aCyTQLbxtzYG^_(&yEGYS}Y5!v7-c2onIZW4^SQtckH@gYg%`lYq=JJ(a`K zjAeAlGS*l(gwQp^b_`}u0FW(;_`XcX!<)W?MmpAU!=*)0%~GPnYBjMu0>Co_u;6@K z4GFY4mobNtW%!~y6-|1&>erNcP{jLg$BBgG!v)m|6o_=#$5tcz?d-$|be|k2xEm!R zS9@g=F~|H(V15F2hlV7ZQft;D^i1!yAu9XX)fjY>>fZnY%lL-XH#w&gTk*3QZbCS( zdsNgSR^i4Z2#9;?PoIk|jOf!!#9x67-nzg(oDVf=O!Eg2T<-xkI_G1$l)n^wpyXW6EP=Sp$gcfq<9fd%AzbF|6W#cztbEo+x~48v_*|qPW&+9r1aZJ|{GW8~+w^>uJmQO` zc}AHtDCkg!24dCwr^Q-bU5^06cvqf7X6tPtN}-Hx*P@&cWc?BJ-?xK5Q-vMKkQ|9= zLF*0uu(4~X#wCEmIyqm5xslI!5eQyaJT3P8QFQ9SVa-pELrPw@#%C<^ ze2v{89pmnF1w9seEP1zwuua%E(bW)=DC)UXOwC|m8Q?_g$8Oe)a)Lk#$7|_?GXWKY z`w=8hb~ERwe#RUaooIaIs&w~RzIQ{!z+(FuUuCS->4xS%a&GDND8(ab50ipuCt;BC zKBOOt=6~0R$r)B?&fHI;r;GNPCPVuED$5l@xg-I`CoL|^{9U6_!?yQTgmJrSH@1|b z=;V|SOanNDG0CKe|5}lm9l@$;v{IeE4udNNhlhOSHe?u*P{U@dafEVZ`zzR-#7}9r z_w_RBknZkn0eZ-6IoyETxyXVaVGvcEwBaWV zd3VZf>M>Nf6+zShrN8Y1_^#_#7L&TAz|o_}L)HnVAu@|qA{+Z@+~aTx0W0KDTW|3PEc)hvbZ-T)l)y<$1EF9F=k( zaVCb>D+1^Fk)Q<_CgZ-iUC)d}mLrW80+rnCz*rtGdBCDL+h35Z%Ep#gy;MEU02Y2g4$<5|{f7B(XJl##WuTNpKNOuQ8ce6t=Y~O2cIVP0r?%m7=9?3hiEm7#AU7Oc18nkcJxe zKFCa8``A%>$k#`0WtggIkU=Q$;GBB|7I%SfGy@QNR=Mnv=ol6E-`d%zEE80<;@M;~ z#{xW%Q3fRJs|Cvi=vt_W<^Y zNSnt8PO_I?_W-|(<(7azudXSNdM<_uJA3T}4u;AhH{}ZygeOY*n->XZoDiY}Cb?E3 zMn`dS0AIqUAf6fLvH%F)jPqvV)cQh3ruc|aM)|JAm#5N%Uv3+{KvN-I!RKe{i3Q7A zW>e30m-z1P;|#n=_&Df1N>g4lD#WEb%nC$dQkRhSST&St$0onnuaxwpUXlTwbLXlQ z_F8cY5Fl4ga0Px2CYBRyElML12v^)(I{vO6IFKK< zN3f7J?xiVB4#hty5Ub;FsP_kt;lxWnBIkLQ3*I#Q(xZn+DP9qAuGny2s!D`|tRdC| zSMO^5{g3h|FaB4z$NOJy58!_)|Fz-2m0wrmKb4<~1k!L#eF7@prhp-m9H5eHT0GfJ zkI+fvATwrLnL2yEPAmC70}kt!nS-V-!L8x??z_`gX;SMYc%SG?Qo$nc6S1CX=Sc># z9E*4{VQTkrD(mavxAHE31!f|MD0uus(BINM53`RoO$M-obsagt1K~QM!_MX>kEqXt zgN6DJ)lO0AX~!a7F}+U!$onH}$rXIA%shb2k^KUlt zereLMrJtBdw5~f1v_Q@Vbe(`C%A}g|0l(eY(#}Opy(+)mEFJ%*mMB%lo6#b_(G)O8 zdCda^%rKY2EKKmm^GH)QU;sgP`1I%!Ng$) z;J|)NN+R`rmsTYK#csHFhpMjHELgz(sB-bLuqk$WuqiiZI!-ANm){o!iQh#a$W=G_|V*QMQSM#{cB;90^^-c0Q=nY%N9QVec)x|qSdpRJp|=gE8SCt{#j1uJxN?e z+zMe<$*vZoK8`KtMnY(>s;ed4jC;?CJGgPKIu5sf^;O{ zK`myL%j10m!SVsP{;3kljXcUcg=_&Uqs#&aTtIUA@t{N~_KF0i z!|t4EwNtBZ_BCYed|nd*l=Os@=;R?V;H=;zBDkz22|Qdrn&fmwR(um+xBS?SK4um& zSDiWU0}zU7DbpWf%8-y4dF*hlZ+2w4XhjGj8M$qPG2}khL(0vDf>R0!R5%xGF#<{= zK7-yYA`11b$wI}xwVDsOtFdr)Rh~P1x`VRzLDt0s=N864sg^tLm+tbTmZ_cUBmlrt zB;@49&I|PYw7qA>+repd&5GHFA5R2#7}PhuMzHOgn8HflJ?;;|FV$ui5S!`8u5zIM?0=cU5Xl?iS=66(^IFn1PN}8R8VbUdF~)#os1eF z?dWUFv1ir?V@?W`TGf}MzR%yLu{3U(&BdFlIb1A~y6M!tnT`!8Day{Rr=gy^-gLNg z5bJRWgy=GFtGp&~C071`9&Afp5otQxtQgrFi2*W!oH62>Zb@6{bJyAtd22g8 z!;(~*m6kIipq!ykp0HA2yZPeIp#11TNd+3*&-K$oUG+P)@dXPm+^~sapF6|wW~ZAd zHT05Garpc9G6sB=Ou@`gM5q5a*mJf;)V|2BVd6SYh>Xm)dU@REQ46-}Gd5Tn$!CmM zd};sQYoJoi>yA7>E)=PCGeF({z%8OYG0ziL7Yzu+Y~h>F*glW2XJ=bZ-i$l0_fog~ zLk?&bZ?{Q)8-bKla>B7cjfQjc^)p<3d1+ArdB;mkWl1ngOXLax;+5SC11R1-tWl4< z-!Ir}Y!a%fe#Cw#@7o*uzB9Ue+!kO!a$@GC*Ng6|yR2ksugJCu`Xi740S|rry9Otc82sFBtd=c!c#~t0{`sp&mcTNNci>d`(QNeFDGM&MNqNic zayw+8;^}2Qt1B?tx^SfKy;Vucb0ioNY_mUZh58<5B7F;~u~;wNaVByMCFQ+B%rA(L zyQ%iz*=uwblP4)c-eO} z6}67pgcZ`!)XF?&oipe20#e@YmE$(iO2$L3o1CUk7|7`iD;&4H~S}4+qrOkxE4-BrVh(Is{w4znQ;Oa z_u98%wD{OCvusO>AlkbV90^?gZf>sm07GvoehT2BScd)HS}A%m>Th&4$Hwfm$NaWp zM%4tI)l{FCDYiB;Wki#R`VJhW82MjFBOhqdYxDaf%a4(=5iF8Cm07O1Fw{476hlji zasYP-U<`AEFhC#7_1&CN7TouezQC14S z)_Q+%3g0e7(AXb)bcGw_xlbzjlCK2^o5Gm5$CoWs<{z$_M}$|(8N3IKdbRKrDJ0!i zsyV=+A#ubxl}^oDEXQIpItTDdW@MZQ&5fVF?dprr&S)49v=BMer}OkA(TFu&1u#`y zps|Yh5D@v(hAk%AmGrxNA)g-7?2REQ0>LaC2>H}p_T-x%KPf6hJ=z^=r^C%v{#Z*ps%^Y2wabfpZ zJ<00gsc*nW7>_!934fcoR49S2%%_VE8?vNbt#|L{52ThbF z`P!rzGno`8ybrE-Hfmna3XQ>)Wx-vO#J;tsFmmv@G_gn!vn-bqhP#v!duXH$rc^(Z z2$7L;evZQDLpbB$C;o-0M@a(oh$xcMtY$*|Vs$o7&F`_Cq#TKc%y|Pwcj=F`h2^}t z8Kt@|IZhvyn-$#OGVdZqO}rQ%!VDy)FKB--pw{1{@dc<rG)8UUp19pVKgQ!U`?rZ} zLw)}?TE;`_&w_}76pvL`B!+2)`tO6y0AJhrjGujxKIQ^ADWWDK>Ps3?U=fsj9v7s& z4qFSESK)A<%O&^Vdx*H9>pQ-VQ7jTQTFFSDBj19-US=Y-Ya%QjbM_}~cue}8)#cH< z#;>F>$NP7WP5(ldUr;h?=mwhhjh#L0apy3z(dCPseM7pi&o(?#xof`I+L-_}lG_tB zH@>+})lm1JtU>W4%DGtH{YQ+@5YCU32Aw*sGe>Nav@B}+!I2eU-C+>JdRy3Ozh`%@ zfix=%~&%Zg8^R zueH9aSU+pZ^(V`oWvnE=2a~&Zgdmcfm)fg6_n1!S2v3_d#u6j4e=AKzN7MjKC#Cs5dUU|=q8RUAa&*dOxVykJi{+;C zc#TcAIAp}fNjtb7SKA|+!h-7U!-QX{a@gk0HS$rIT zQW89+YlRiXr!)!Vv*{e*3b(Ov5S-$rZZjIW_D1!bb_j;bn?7J%QsRW zL>^#fzlY_Shd`OB#{)AeuXeY4=MKh>l<&5MJgtt--eO$YfgP_U@ja@A#IVaTqu6t| z8RIBQK<|f=E_#3wQEj2PpDZwK{xhjzfx=@3TF=>Y0)+ChZSR0ktH+#Bx1Ed$mrgbI z(;`)~r;aObf8}AY4mr@0FXvQE=GmrI-JEcK%fWh!QQ;s*6Ce|j#6H$B`%S1>ejtKo zA_1og`D?9Cn>ZZ|pa6w4Tw~rAV|SVgvy)o@p+q9x%A?mgeU=Ua=jC3uz@k1A5Is%^NM#7(Q?T$#QCBsr-p%jc zQeoAE1RV1|wdUh6y-3hPc7-IOnfGC#TQc(?PNTSYiDqC>+k3SpPb%*s&Fpjz9G2cs z*g|Sasa}bAffE!0*+BosfJDWw$e-U`M&F@ipbyOe*>axP#KU|EU;^lLT&GL`YpvRc z_;r3g&JG&XXqj$pq$zfwzzRxK-oUWs7DjiyPyKJS`=-mBso>i=y{LA{O(bY=jdiV{ zv5KPK7p*SF#BDd3^q1OZ>#(r^d+A(U9eC1QBCvv7Ux9Ld|d*LWJE&%!m%S;W|fvUUS2%6SkyeB zOcL0uZ36VNUS7qa#Db~h*tQ7Dk8u=uLW}jBs}g1k@>S|xg|J@8Z|#qK_wa+mCyI& ziW{aV8lQ6IT=|j3B9cE_Eq9I&z*!CryW>`g{FE&ZVl=6Gk;P^nne#> zC4%q1Za#QbS}_%<`mdN8zmw4#WG59ucuxFkc=U1b_e=KZe(~N^`OpcphEDs0d!At) zqOxMGx9z2)pkwjL(dYN!#j4pRfOQg&jYP|fM0Q4cJK<>@VNzzNpkmvS)K2{^@q0_+ zo#et*-CF45D$V#2X}JJ{YR%MC3Q|IicNWO8;YH_i@{AzC>eP0$`)=iOaS88tX6vQg zk6EVBrZZkE7quLqRx7AXBQ@{b_*<0qocSg5*F-;>QI`o$?k8wKjO$4icZ|9*!wAsq z@S)7Kl}|qwP4b>YCo{8|=`nBWc}jH&Xv;OotL<1Gr_nuMboYX-?G@;-lfz8RFIekp za|WBw$!1q<23YXb1OiG}Bk6@tx!Q^KcP5f8b7j^)w*_7SiaIzk*$56jF8VFvV9Oa@ z)3cM8?{fMYm8VsE-80E>0ebXdi3|e)w`JXw0Xtk(qSC}S) z`fupX2FcLu;{aaMvf(Lm(1Dme>q^L}3n+iWX*b=6xZo6@XT62O<0DwHCq*jQ^fYZ! zerEF1O-0eBh61h&Chi^G-n!Amt5X2G5P^6wySPPV3b3GaMF*d{9FdUV4b-x}`FCs~ z(A`Gx+S3turJK3)ocB{wJ8kKioxtLg{eUAuUbTd!G9XQjQ9w^_Iu8c6Es?>hXi=U4 zd5hE`fa4HsV^$W;1hRzqCyIx1rx}Vo=`K{=Gzt(n57y6+-=0b7Ep}moPN~c|e-dQf zYqN!-!dy?Kpzs{?MIE56cd^~i7lJ8cp%R>hDKoQV4!;*dcn2S^!5)9>te#2BHY0s# zE6sZq5de_|2b+I2{}ww7*3)s3i-eW$ewx`x5q}1+U=KhGG5rQ6K)ZK`5}H+&GWxQc zUlRbsT`qvHDK_V}m9bwaZK=a3ItscsA+P7(jxS4=SzZPwB{!uIz?p5!+3q{DpiB4teh?w*-4C1w}Y z-eZBV)~r{F0&%QMjto(KB6ZFk!DfJ&Y|7~r0>=PLZZEk@m)Fu`rf(@#UeLaXr` z!%LyGigJPc)I9+k-lGZ{AD>|Mzv!Cw9^M!WhahfHg-NKIefAh1z~|^CPgI;Vw+BgQMSBwtMZ{`N&HD>m`Az^8D-V!f`(t(#}p=H*nhU+}1;_%uh>pdE8?v*{!OcqqUDKQj9N zrAH;(ka5a$pSAV^+tyd3>ztQq!bfYXxO1^9oOsHUPL(7yWbtW&B9+6ZKMuE;y=@G4 zent@{Dm5CH4Gy1=lyMt(=z61%-7yG3kd{dn?UK#av*snAc!|d&9vW~t5RSLDY;7c* zTq|qJSRFknYw}AaVtKE1XSR zJwei-U5<_l4Ve5`0Kwe5#Yie$WVJqwZ|*Ebxyx5J%}$_)VrW!Zr`Xca`(LYTU*}Ki z80+0zx41_&{802sPbSb2*UW~3=22J|lJwtLfOHaAU~)??h_ksaiHX~ZxZL+rmb&N8 zkc4%9NBK*i5$~|`%#3W5OL?c;f9iKLzFksrtnJVN?vV zKnKoaH#GVDoHgAe<}ZN{CzJ~;#`KqP^Z94?n|!{{%dTw}?V}MHvohg=4T(u#_zlPl`vNw`-2zd? zZS$R1Riy$jJhBd-S?KQrvmo(+MAGrg^+v z=g*p2#++qp!b8?OP6MtwjBgVN0Dm+ic-_=?3@snZQBU)6{i%sno4EpSq&XAv4FZn! zBWDi4|1EHdEwWD}W~&T=^QjVDtlmd(pJ<+RjDxpSOhazbk*hzm&h^Kb0S{^51UHQuTi-KM41O zRI(W6F&{rY0?#cyBu2kFT~~zUx%AV(Uz1)~>S2@kc(pIoMUZfnxU=0?(%=Y=cCh<0 zaKaenIShfU@wa|*e{{>jZ?ECE=mzNgpo8vzPYr*IaV#Dv?P+=q$NvTKH$MP|)4b!)As<`BokUA^^z{B&;K z+;KuDC-l60D7}w=yE8t=t6j`BTzB>jX2(|R<|t#xhhfnXzz*EI)Oh+$yFVxK(l1ic z#rd8TsCPu#X#s%}LlNd9A&4YCX*~7&^?9QBh(j1oB;*{W-)8W zFQ9C4RsKqfrui%XT)*Zs{kVs9!MeA>GL@a9`TPIzb&frvu1mLW+qP%hwrzLM?w)Pi zwr$(CZQHhO^USr9eUhCw*?-{q^kmdEM%`56HNLm9Bfp; z32rbkw6O`ZS;!$(tgo3?x~C&*@Ha=8uoRkIlAagx;f+nhY0%(X{Y7@_w39nRR3@s^ zxOEVZq^U7eqcJ+{wu31EpEx0&k6=_V!zZk%xgcy&lKzgbUdCoffnt&_Kr{b3fLHka zBN-m4if;gtpUxc6gvlRRta?kDqxS>C-C%KRgkbQ>T17n{(XG zz%0dYDa!>PL?zU!K$$?z_0p{A4G9WFN;=*bd^(aHrbvss#j@yr6QO zgb@+g^t7lO7b%Z$RZYUVCw z_1?IZYi~U+l2M74q{Z`S{Gb&msWLMAy;f{0jfk`izszkf#_l7>n&QxUK8b6>0i
Zw&A+$C8@<%e_Nw=uEvRsMh7W`r|5hul7D6dIYW@CK=}@ zSa3c}YjCnT_-FvKKxTG?W+Y--9O+36y|vzNTOGhZdh00{VEif3Pc{*FHueyzUWdFs z%*Sb%+SkMZYEwt_?WK6UXB)yXak+j-+8S^lPnho8PjLemIsi)iqMR=cE>Rv{7 zwdn|8K)s=B!G<7O>jS`2svnsWVTk2YM^1UEm*4zv*KX8C zHukYeevdK8HH@Cz#^$oi$1Pjo7i0!5?bkGJW8Fwn$4t6&_Mr+$Vp)>|pFNBGbfi9> zebXl`1K>hzqsB1BFuIdw9m%aKm`tLfS`_Qmda2IRM0x)fa1`iIG)-8;#wW=rN4Abz zkoN<`!&(MJb+p~@l(Q@p#H%p?PhmE33$P-Suf|hKwJ1lpueuPO&?02}<|c3KT&@-L z>xWtuqToA+LG|~{47(o3yg%4zDa*OzgRAUDF|-<^MV-Y9Ql^TZ+NU%%i)D9yNZ#i^ z@!!RzIYU#*@G=jnPW!1DU<^%u|C3ykaZOA%m7GRL09aWN)nFr9bEtJ!|%zJtb3u zt9#>kE>Xh-yL-JQ^h*^&>a`}cw6IZ89lx+N_Fcnq3 z!h2$hcPo{+0#G@=rwLy+3gxSsnA4ucQh^JPFH)$FeJR?T4;i{&`A7Mg|0@6ga1rtU zx(LPp>muM4{&5jBHUGbJ;PIc%0q@fPbP<04){=t%t|jma|EVR$r2kz@1XRHjcPLAT zA$wcu?&lCsr5!rt(>qgJhHb*U_566XT7B1CA_`QYY{B!&`(RPE#Vz7L2CAu=x-onp zqy5#Rk1zpY`kWuoS1)%Lu~I`6{b`m7!CI^i(6A7y0TE;DW6Bo|pQ-xAQtKU0?MZ8# zL|&I1;ifcVCQDv2nxI@mWF0cn8NTjpDu`BRb(?lG!_h90J9IxSr+wI<5kVUoHpk}& z&&!6#u$ZU(@Hz;D&Rr|)t8$f*&g;HBU+N8vFa}u_wY|QRx1C$6O|I&lp#8O}5974z zyN$=*`cfN~JkIHGE#u8eIb|66%)PCco3HDspwW+Hb{*O?N!x%~s;^rf;?BjL+r)KK z1CkZYv!^?C(lTjnYN@G1j`iq_HYmYGhJDOA&y>KKFQuUyF)}*fc%vyuY;|aML%0nw zx%{EF19#|xNk-UaVTuZTc!w{}D!O`)3QXVJCF@ilX8aR(wqM#p1CW?tkO9m~3#r5E z4iy5wshI^FB#=LgX?mdD?)$fhjc|1z060R}KCd+By=-Sh^C@!cfl_uzznLOCVr@q{ zZF|PTfCkiT^z7=~=3tyZR<_T5r?;$=N!*FZO&y9=MTM{ky)@pk(Xxv=pMrY40W=zCQ$w_vKsvvunNxi#Udt^utN z&x5{shfl-NaQldB)<9oOcWE0!?_6JTgSBK^ScaU zf;umY+gmim(dK#Y_tC`fqQ5`n=LFH^)=x%3sVs6n{+S7O81qxGjd1=~GgS`z@I#sJ$4Asi%PA z1&G~9>9~s-JI}#hX?Ku7e|D`k77rb_N|qCsJ6%f`$;xclEDFsg-}w((unWR%(;5&a z@Pn@tB(20dXj@2=&dnhBx0LJf(Jl$qz_4A_6yt>KMBERwl&!$yl5sKSG9QKYB;=YN z<7mwP4(FfFb-{Em(zpw{@htr4l^1watpOJbz;nG+%F1?9`ERolfu+@5LkLL8DC{im zgLf`Wy&Q{DIWs_ciO;&9koUR=D3?%4_chr)1$jw+d4Ptg#}UsD*ZTl2y~N`SL8x{h zN*eA>1H;?9pZz&7r18BfJk>@S{ZU@AJ$gO^#ft9XULRAd8+;Dl^(!pV&~8By%S0Z3 z%ki=ZP7=4jZz=f-Gg2{e-io(1_MdQqXzk-ylioA{}J@Wxd1 zH}Z!flQ4a4Nb4>jv#>%X6l>!J)E_g2`s$=ckO`@NQ&8AnVKduhJ|wboi4|tEIwjWT zTB`KS)|O_> z2->Gq9WeD6KkEilM@wa2IQaZtHnW$pXL-Q<9f6`OhR;u)J9uZvBde9~${h1G)!2q> zJKjGC>zQy_7WlH>?SRu0cT~IDw{8bdj1LChmYu`46>|RTiszqN!g~Ebd&d6%_Ke^E zTlrDm{-gXd1pi<8>;CB(hY=TLFih70&Np|W8a^TBR{s)omjnLD55_DD8*z{y!!MhZ zP!3$jizabNq31&dxTNfW@i-j>OXEUPG+ehrk~uA>Rhk-_6)yS$P?9?y(Ei5OX^bIg zq;T!GHU5~T8|5-waSzB&<4>A}c5)468Sb?Dpy*h`;yo!RSA(A{eK}7tmwpZ8w*}*^ z-k9iutBYEH_>C!m50Yq!0O%u^ci*aI5y|ur88>_`QF}W3;X;i0axpO&13R!)SIOUq?o6{8ecpIA zY*!s09nYi^$4OW8ziLy_iIm8OU;6fSa893QVncqNHQ3UOQ3P_?eyX z0zo^--{1-s!i12q!7>Asvx_vG9i#ml>rc%aBkx0)pOgN^Ii92=B)TjmJI!CXm}+m% zXyh=`kmc$cKV?B0ZGSgVlp)o+Loksu84)5hJ~(GrCsGT57SP%E0-hV^XReAXNB(h6 zsuhB78KGldWkq;8TK|K+p2y)NmdvGkmkC$2Wg97-h-(aJIFVZ* zLqif(m1?BcIk5sJEd{SX#IohfRIMm)t;lb~iav3x@T_wL$5iV@F6omkk#u~&AWHjS zb9E?Ar-98oDT0+K{9vN}@OK!~c8!6Q{Z#G42O=N{5%=3P#>|62{Fy;pc#^#^BWLUU zo{l9^>#G@HMU5jSVpY#5X6~Wf^HzhsoJzT$=1c1DO)*Ry!g3%5gHoa$5A|KnD$z(e z0=C*y75j-Vb5XC~>6q3A>wpq_*7x_jAda zrQOjWwBg_spO%8b)XO~G%-W!H@tWEDkd2B*@#o4*IA%+YVQL^WznV0{LBGM9vFyPU z)t|2NdH%r`w{pf|b8vD(84DC!4|Q{@l5)}PR%>;}kCZKUWnZm-UsX4D&hjmqW19fX za}AUk(I>y9Y&Y1NQr7Ufcj~ZRl)q{O;%HIM~ zr)KG4eKI;e^Hx*jjD zDYG^8GTrb{c+AvD=_ITXz&F!9DD{L~hQz3NS!=&I?qei>_r#pSA37R=U{7N_o}hac za#QI}aod{0tNO_)Vg_E2@g~QItWsIN7Td`(Wq)OL<*rFo0ZI?;RZ95O>I1Zp9_v&7 zIVOesZIj84C}o@`5BV(;Ovhu!E8Uvana1|?a>w+)lG>PB2Ty%5;v`y%G%)??AANaq@gU) z%p60gX;vMhiL)hI;e|?8)7mG`R+PvmSIMJCy~Y$*qHr9^R!4FpyJ)~cwm5lak^6)BV`N&*1kR2pg>{%zA1oHkk_|m-N zggdsoy|fD%NfH@-s2O^6U@+|->wewi(mWX%Gh{`2Ltzi3GB zkYdRy;@+Znu`)LI39%TDkOvhbO$M*Dvn;ZP!KHQ-<+`DGDo!akmJaOm3X()Dg-nU> zgL?SoS*Ju97$QpR9!Y8qBPAbQN!QmUqq9c>J&gU2(P+qqAo%G0DUA9g;^%PY*Szfs zt>3)BwlJrRg+2AVZK7(^$zUSFzhS*m4KO1Ja~KGz!NSXk^OeC~hs8>ymxTC!6}m3c zyU9gPb_IlgV@@}6ZdEqb>TeS*t+X&&G+GrT(-G)GOS%Bat8iG+FRGJ}o~am|f-99@e|lkrR&)nvZjdSO zS@UuOftRysFFi^JzmMYzSK0_5J`c-TY0pE`Nl^)K3NXYAes)zJAL1I&w_cool21`A zTKD#0OS>q4hg?mEL3~0cGMHCCzDUr%bX1aAslGxIMJaRUbK%vTirA_hMRV4uZ+Nc< z>*fl`Z(|PK`uo}MFJ%F7#ROozB3XT?QMz&*U~b;^V#=}z(gTvj>oXN!_P|vq3>D$S z+patMOk~_yvJ90b2Iw^4TZelCul!`n?KwB?a8F?O6|LcDPih4`{J(mJzha$BAufs{EO z*nz>Z)>#A*S_l@anZBT7mT0^5WI*U+rwf-5JflpE@;3E1#W$Re0dYN)$rnW7hW!$l zXS28!%~gK)lFP+Fqp7t#E8cS(k@@O%7o?V$fOGfTC%ilK4jcPI&8);-{n1!` zISTq(K3d~YG|xD$7hi_K{m*|=_K*O@<1U`)4@}bdq2ttUfA41C_|joQ^(>)oWcmtO z=UTZ#ZP}b9vGpZ)_Yd?wA8#dw|x6B9!?!J*Tr>L;2%++2;0pn>OVjnocTT z!@7Ym6E=hrkB>dr*Tb@YZTU#85vQyb&g1PJ{n2NbwQ2Ou%UJ`dD$m50v4k-vP3oez zaALjLwKH?ug}U{jGww1?g6pZ!H>fCl%;z^vxjqYYdO}A@_PJf@W9aQ(Mz?7S@z_?k|qvF0ZDYRl7nN zdOgpUsiB(tqb5#G;Re#F3`c2+OgaN^aNC$K8AxvHA#q^l`E*4@_hF0lSy{js>3%syLTs5TIjxaYX}IkL>T^EWPXH~dHm z-K(=s^V14OLKqJI-o-E9N}8j^`4t$^_RSDX8;Mt|mI1NMf(#GPL>}55132S6Du=S2 zDvk@Sv^fIJEN(uhQV|CuilZ*<`C_;G3BplD8H??}ki=0(wMKQ*8fviQPDBuY9mK{H zbde(4>_x}(NFG_q(9#8?P#TG0wp=rK@zh0Tk z0~+8atu8$pvQ$;-)h#GlcgCGIZ737y*LnRU5SVjL6ZCpqEuG4zsPCl|iq@*wqsV1f~xl5o8>{HhBYnQRPFpWlg~ z0+D3kw34N#`C;u(%(`1Wp)snqt{XCXBO=*b;fNeJ_)V&(@H{fW?L;_n@SWeydO3If z8vDGolFw7v0~gp1#Tg;CZ9e#q64~|ic08v3r3!PTFJ?H+R#w%Y0ij*4`XO2SNUh>s z)|Gu%I3=urJY-E>&50=rQ&XP-4lhhEz)PwP?Gd_^ejm~YMgp2MQ7fBpMP~EQLR@$B z@rAc>{FBVSDP11aI=kb*cUTN0TWh%ElgXKBNWf(FybG?D6SUsKhb<;-<-q` zN&Y!Oc1!YaxknS3oLH?l6#Y^72a^DuPb7c0Vlp^#`XLyr&ibxS7*1XUwv1txYmaDL z1gzgb{C4j4YJ#kjEwL>|02!gZi#=V3vTBiUt2uT8j_s1Yi0@DkF-o7ay;F`q0;WeG zJ8{#SxbN=mJvCi{;b9QTd^Vj$m7paGw_Ce=*a~Kz!nzSuZhi+{+CN^GPmciuB-ibk z7iz5zQI{m$kC2-+UPfx7n~I=8S@s}%o)ybNp3 zuNW+iyHtrO6%Ih2vg4-1TAWtd8Ks%+L!%^sGcmmDO{)_E7nyn-IZ6@Z!s(12S;)2O zFSFTq4BnaLJ8-Aj9!fw`s2dHN;Q7odjV2#d~VjISvD7Ehlx$cQ(rZ_0Yb z83eX6sSCmktFYx7QkjI)Nvlqlq4=eliI$lQ&eo#c{5<(IS)}gXD@WeccCPc>HtTWC z@c09y;6_w8^2)k&7A{XA3EI>;vUP*Bud?$dYK$sA6h;Lqz_RS!<{kS?1D`2bB_|Da zgKpJQ;Yd+BkO?8!ZZ3pgJV}hbvst*mKbF4PotjcFE`rg>g-Puzhw#Pps=(U7qxW+k zcmjUA>Ti15pg~GQz_`MKy-}P_GI5Jg;EmS9Ol3bY<_x9MnxMyxPP?c-4mRHwj{zFe z!|_Y|KI!#|sVvZIL(Axkoc0Rb{AJMg0{S80Y6es5tUH2#<*Yn|B>*yUO-wIKaLf~_ zTftS4fD`)QA-v0I2bG^=cQO|`PHvN%TiA~}!l-4@)Gd8`vit^U1+lj8aZa-_pg*9o zKOoaXp7!r1VI5MK974%GY!w{KMpCmeYPejVHbi;+{nXn{ZqF!&GpyyXx6F8B&kdf0 zspA`Nlniw)TX$oJi=^6D?_2k6+t8I2&7Cza|3m|OZa4UEt8kj#GcJ%{ZiwVESnoHK z{4`g9n+PAl@^%DxC`fy?eqg(Mk1_)R$JeX?1;fh$WIB&P787kaO_z>r*HH-5B5=IG*Ma8Ka8Q1t4_S0p{UzpfE9M#l1jXRMmuoq71rpGUT{ro_f za0*QJC%bpP>dCre_SHwb=DVkf&|VOuX?+b=FaFy z4xw$Jjt05uy3%WFWX^1i!4OB)Cg7D_g8N)oeYdcxqrMtepv*%9UxH}kFJ5CM43+l) zn%OlHMrCU;MA^G;R*&~r*)F=ZhQMlCxQUC4KJy(I4-+<};O>xos7jwS@fd*3WfCSM)AsudB6^a?D`PrQ&q3qO!7kwfc1!F3Uf&TX&=^; zDeFv4D7`~&v%0m=G5w-fVUBQ{j|g70nd|{uz?cE+A$BL%FN34kmbnXq#3#VM@Q@RB&iI0vyGwyy?l1isIUluq)uWWAXEEBbpHYRR$p%4 znIc`@8L{3!9r2@nl38)^@|f)@hu{^-)70ba{JfKD)2)bm4@rf)&dKr1*0Qj2X4b>{ zdx2Ldpl^#6SaBOBTW;ks2IO3tGMIaEghxB;EX5+l!{sv8vy)5%`s=FYIm|RFN=<~F z>(t>7#ltxH7Ri(bbhLir=iVZ+sK@i#=WEmv*R{umPy8JnpG% z4s0m%jMT9=l+rdbamSF{&){|fj%#ODy6-v$fSX88X>b6Rf4WLff=CH5bbxQy<)pX? z0wP);87Wf0?~}8EP^=&-L`f1BOpc-pQ@>zMVP9S>82vs2<1fRF>BKBK)U?t-6p&ZB zD?z~uWMUqmAa|lj@a_I+WHIQDn8mSzg|Lu#YwlNu!P!^>$xVsm@NFc0BU-Sw3=fY7 zMl*bmwU)_j+*b~laL&$@x_YTpfl?KoGO@d&nk)fWSVzaHxG;H}cW6ti)@K zi7?eKkZKzP(q?4$y$D4ovy*DKYGFem7wDP_nmOz6$ga6qae=lR09AxWQ*$Sn-paGH zcb&#Xjae6t&)S2Y**SV{6()pOb3Jmr>j<_9^K(nY(vdB{;Ml9#Kx)T&1yc|qO6ot9Xhvj63Zq3OK6WuXOdtk0K=B4p%st4 zQ%xErCNqjl~?=f zl6&(9+T7R)Sy7QCn+tLS(KK3Y)qrtqAn#V4x5Gp2**~qVE;GYk1jf)%MxsvWpxQF~ zWhBz0Oa z+5Cgq3^Q zYX%h^`vjPey+iY6L;@;N9>WfQ5lPxR6QZxCpToTHp>v!~ReVt|0Cegx7vNZuqIi1p#d30*KhQq)UDb45bf|)c@->_^I=dcrA(jJ&5$P z-Z_-y1p%_5!tVk1WuMz3Pcv4Qd45|*4$e4D*7^jk7_@FGi=M$zWxzmyTcJVFzY-fu zifOPx-=+{X2~ZO0RoE#IN`d36@1Q;|6-W{e8}?hbwODq+h#?oJAK#**=3Tv~j~og~X7yO&jsB=T!9rQE1VCbhL5D)&{E= zlat>;xPcvW*H#m(4W$bF@CprM?GK8m6s~qEI(&p zu9HbecvMYN65`Bc``?AY2HY@+znpZ5J{5J9tqcf8Wu7z81J7u7=5%h*a9ypF4psv}Rk$@w9h24r`9(W@C z9cF+NS6IYJGe8TIDRh2)-6EI7+St9#G?h0u^)BSsu*KKOP65ouT7irB`Ju4p(K7_k zHfi25fXG&}t#9C82T3}~#=69Hj zI{&QchbB#ftAu<;O5WA45rW3PkSa{I$?c|DOf8HY?&xMK9BfYUx<90Pwr!jq7^Hi@XAl) zVunj^6C%ZzGVz+l?yZ{ynE~kGq-)y_3(*wr(wLHFB^;#oi!E>cC@NFWZO>b&K4Fxb zSSzIV!Jbb(kj-g)vLim#cXyF?h<~1cPhcr#EQo9;zjT@u+J;ZW7#HRQy3F%gak4zl zfV!ag*sw}%D)7`oS^fB@bG#p(t#!ReCz7#ah5$u>IZK{k(!lHU4u6169kDERD-3bc z@n#vbv7Iik2O>*kxKWrMo?@}qAT?_-xu&HR|LH7(2@?o#lb0v5DYw#Sj)4g2Ev3Ao zPhqX09#aXUwREAO_8XdR|N2cWhp&evQ5Ildym@J-hFMjaxFn~)fhY%5Cp!6MZ?Ryo_g))#y-IKL4x8`^snxF;Tt zZn7-rmBl*VX}UwwU{yy$guI_~r$|7P@D{y|*>s&Po7>7Ol$M|-UmQ`@qU$+(7F&aK zo)M12ZXDC`HgvC7kjwUFa3}R9T!TfihmTXR?!y^?>wi|q@DHIA{w4JP!Td@8GQZsa zWq#JPf0!Q(=KnLl=igVI4gY*m<>P<8>J0t&RcGdZGe7Iuf0&<2>c5%a2!SjlCgrA4 z70GtGwT12PMRlFC?kFDf%o9W%n^~Elc5n2V=;a`Cb`i{eA zu%}m#VdK$YVpSWt`%Dl%e|L{M+TU_iyDtUknDUJ`z7~)!P z%9hk+t_bF+BI_1vYnsbp&h|159YIqnBdIR|!IWAVjnoyKc7lQ1!y@|Yx~n7$O4EXb zX(apOoRJw)MYQhG5T95wI-sbMhCXvX>=Wb8S&Xr4AEyYNg9SgR8G!LgtJmt<0C^vy z2kfugik2GOsb~ns8+T@iCXdw~9rflqPYd3(c(qmW(lsE*VBDPX751SE6o@?hp%_`r z#4DOWCZ#zz6l?c77mr^h?qn#wg9lW^MEOj7sJ-p(Utc9i^Vvq*f(k6@q6L@upuq6X z`(|6z9x-%E{S}b#2Panyx};Y2xn^tA)v0c0Z`a(4e|*4SL6G5Jp};@dJE=`I;C;Za zs(r#tE&DA4Vt?@|qj1VjYT6J*%VGi-X<9@b4eVGSZqMKP@-EU3dz zJ1&2gGCwn;w0DPU2~Xkg`#`u#=;A0G=4H4~0?^0@JZ)g;Bo zl=B=oib;%RG-6*7M!z>wcrAnxw$y#4c)g66)s)EY+yJmEdW4N^#>f#jKO(FBM1%fWd|DqOz@rx!`t?C56#%B=7ziMP-iupm zv@7cavclZLx+Hx^QTrBq?Q;VVe6O!e8DWAsRnOlgO2wB%|(x96|gLMCs!&K0wWb!$rn)x2k9(J9g z@AJ&lE_C*qx-fzC8Bx2-o{?c4zq-eJn$PdQGCnXH@3&DQUBP${rl94q4wOu?h+L%& zePT0Do;z73x?qP**0uVE)#8)&5a3NBr{|sobKSSn_V?erQESA*;7Ge(vUvdy9RNnM z@7~00@sDmdn3S`ZTFBE&QAJIAy-(G+z>(U?P|z1Ue*Qk$WgJ}0%{xAGDj#Gfq-5Nm zuvfP8$Sw!Eh!|j*Ko{_2!8;PhT15b7Xx7l%IiKp`+uB1c@Da#F$t>#j=uIN=39J6b z@K7dxNn>cyMW~i>n7G=qvouEru67B5cHH<`uyxuN3#vVgrf^~x;LZG5dN(%t9=#|- zeP2ZKjHfy7Q>lX4PraA;s-HGGK%0=G4FDr0p)m@)N_MV)>byA%7q{jEyWcIn1=%8S zlUU>0@zh#a)zf`&1c>hmg({F3`qYqq*E%Mk%~ytUM=UWeSJ85L&7Vi*i^AE9b(&i& zqT-sG$U6)BVrCHYp1>jcJNzSNn)?eU}Yt=I# zkqR>f<=wS6yGX(fvblG2$BsKrcJvPo+`yg$Rdr9$b7C*pg|7Jf^QokMl0Z*B)~GP7 z-g67#SVS80<;vVNhx=){qMwdpITVY4%FyqtF)=aoxy}#9rLm@19;p#G7tAolKNflQ zS^&xFEX%uAR0-c!TmV=iPJ%fyi&I$U6yTvaH35!BZy&cq|D*hwpZ_!M3HvwgdH8ST z=Z^c2@?T2+xAGq^k$D1B)XA~dPB#ZUO4jP%?E?-ccnq_AP41+sxmtc!l7YZ&nhnpP zt<-{JW3lo<1r7*wn1zzovJYf!Bw?+bEH&uDqZa z$Z0F&W7z`%u&QNQXt)jEoOm*tY&1~~Guw!1L+I2Cnumw9cWrZTlRH>{cmqg}&zp45 zv$fAivJt+9QYV0tfr)AE7>85tC8MJM>0l;qws6~Dn=>OKhAEgye?oC^wlFHdmH*98 zD8lkIu4cY%oz5}|vb2@N*}bN0RHLl~@XBaV7(1h9LuclrgW8*J1+|0b}Cl_P}?YUUk<$Wm*GKmQLDhV@-94!=_`@ZS-Gn#s-W2YA1r_?8vq0{~mO&Df6%hU$=}IeeS$29fify&32n4sBW*rSp zh7YT4Ty2$7@+x$R;^SdGyz0~E3Y2||Yj4T+i(`}Hr+t&T3?@hIn+ABLp47O##o=#) zVIc?~n8-E^Oet}{{M7zHKY-N=CDyWx zyMxQbzO}jJ24963=OI{qtq2Jad%k6$7Ge=T`A;^wo|5a-St++;VL7@%(sYQbQHIDK4g`CTdV4Z( z1ZR-;tebIIY&!(2;;|ccrap{hU0IXWkR>-6jJnT^)HHoyqqlqs4Hw^WKxtF z??Ino%UI_+E}C%7h1Y!e19)klsjk#6cfXO;RNnjzTM@KK0_0&DK=1LFiONnO-*oeC zyM6_Q5HCcIB5@#UkkWReDfpfAvSLL7qdG>2f#}g3_NN5a5j}gqKxx~9^b>8+sgPH+ zY^t&Nv)3G^9Kg@zp#$%49{Y(>vOF6F^VV=VhT*U8WPB{Mo%@svE7Ih7O+&crN#>D) z)!FqKZWV@*Z%AJy6#39QC6DW5-;pp8mF^EvvP^H3`axC430+hnTVV@lY+Io&oezR0 ze3pzt^YEtIjcgr}q_hg3CmgK`ZnQajhtiWmL z4DYqmKjf`-BD5j(ciEZV0&P>=A{#Zgc$dpJwLXgET{a>nBx5yavhh=2JdIzXMO$%& zj@UtHQNMxiK8TXD3Le4b$Q0=Ki*fw49_u#%i~P{9-f{^cIdO%`n6>Mp?yZ~eDph0A zRx-RjJi!j^2HipQ-K@kzze=7;xIyuyKaU?h;y+G>O*@K7v6UxS%sS3rq{~Okm~3Hq z7Tdo6hVBXjLJG3tTd^*{smINd zzNzmIEM)9cUtvVds%NO)FyHzHcJS8;K<;Kp1(OyB01PaX`XvS`>>(Eg59) zz&hzK*1Qc7R1w&9WsaCrC@RFpyOn?5%H2XvhFLy{h0aszkHLrhatL)E@)T@7fxksK zTifh(`53U?a@d=1B1Nj~r1J4x1{X^kG${J$ELg?0?5A;`1(H*;1{X{m$J*Gr5beSD z*eD;UmF2`>oUMAqU%^RyyJ?b(hymJQ>*4eLR3kfcywesT6?^Q(wi)Dlp&Q#^S?svn zM@S+_oUJI1&{gY@tQ@Sh8+R1RZ3a?QO1G#5TBAn5L+HcaTkQ*3bnmJV*>TD)GKj3V z=1Y@%;E*J#}O%(AGx@9eG+-DARNKElQ zbK<`J>v(%d-c~E<_C3lNe=)**LGXAN*nQ;BM59#DoGco4ujkwR%BJ{&q`<6!yqX8G zuVE!&Mzc+z}k9fj1qywVXPI5as9+$I?F&X1?vT`F{<@lDn@Nj5h;3K_7KR>qMRQ=?uIc>d#x?cwn z9w_6qFi82tc^d`3b3N%0B5SgfxZ>tflwWD>f%a3x6z_-Vxh%7Y^uCD8b-%7bNsfHI zq>ISjq&w1aGaOtCyovN|&!O#?(J#RamxzfUXkioQ;} z0PemY1Yfh_13+JK9qnu3Nl0o5F zJa{#~rUAY+w$nkp#g;$Bq!VinGf<+C7wyeU1&7FguP_`vvbn*8`MRhCQiVdqS*f0Q zz1}6GQnET^uzBlPpIa3VdiIt=vES_4Ess z{&5^II6TXd5naa#-bvjfD4LiaK^&t@0+I_8uk=D`09oET(5%UX7?WIhi!VL5COnRR z#xa5|hK(Lq87qSkZ}6hEN#s$gPEs+fKuAB{gTAhaA!M^YrXiZklhjd;f{2mC|m zU4IGvf22Lh|E4{%|2ORs+xsW&c|!ibY0v)G|4e%#{!M$*{+s#5_Wr~CRnPy;{DDFh zE-@H=F{Xx}nGg+viheB#(oYx<+7|P^p6x+>!W3h{1Hj_5o zi~R_Q8M4}H-YHCKd5ksW9rY>rMNk;C10F4?hDSwzEZe4t`#$F|JOL zVX7GqEYCF949RCcPR#Qml({r~;sY^y?3Z8I%S<3Bu15PQ%Pv&Tch?z8=79Q(+XG^J z?8iH3T7subURB&#Za^kf;x0D^o{Y~9gmm9IB+@Me`G>CD5n?-t(=wRh9ddU`9Gdie zPMcjIN2p+2f2ikM*-}U=R(2S~|A6Dxh*=wW5|dNx{6fY$;Q$t}A>#Ba%~RdLI>~$O z{(G&mGu2|pOpZLOKoEEVNvzl)z$unI*E4G4MYNJWrSepznB=B&sG2FbDat?bqV2kk zsYt3VlWGD3@3*-eSLaO`_05q3iQ6&gyKsTX$ovUwdiIwk=6!vZOfyG$9W z8{1z)xDWY(zC4kwAWpe9hkndt-bEsf%DPi!;?PuKIS`LqU`TNHgrU2S9HgZBkQal* zKKVFvtq&WR*;SKyYDHiJRiA^_jd_$UxTd7-<~bcVovsf&)xS~|nC41bUd^P}4p98w8b+>_CQF)dw%B@|O&~x_4}1dMk?e=diDpZ;5>N zvilQiAK_vtsTryphX%)iT`_jc)?4QOzAXzE*~xCp3Te0ABm05iq1Mg=h{q+XHA^Xz)k%tJR5iR|Hs!k z1dG-sO8VHgZQHhO+qP}rW81cEoA>A*+jif-y6Z($zla*F=^pGsu8eQz&Qyt)(@Px( zDe&keYC^fVjDBX{O=LgDhkb`9));@D&Vzxd6d0DV;6qv(d7hv`{z?4!%&TuuNM+A% znF&E*aRB5N9_2*7kn1Rc>xJ1L3kODX=p}cP8K&X$LKtnP;D`24GmA-E1^8xxCD%!xhsg0m+%2d zmJtpwFOMKxb+T=5qFUK+B+-`h1?_%6F{~~N++cvQ^3 zp{;%m1N_(TF(m^^Q;EC#CAkfE8pQ!fol~3cbFF}_6#Q(XuX1>Wkn6_gxH{n(#?KgD zjGI|zjk2uiU;v=CSIe z)xu4|WVkL$u!!q({FR4I){TqDa<%j+B;8%2RI`WPmxcBb<&zJ5k;@n4E>W(Fg1YN)|?jHhJKu-DKejzthFflKZ+8 zgejZ7=Wnl)eJfQt8!7@L%)GwFkRW9_1?@w*slvEVJJ;hpH zwqpxJl_xC?08HIut0s=7LxY##T1lEiuoYCdti8qhOjvel(<-7Bu-vS`PTbIy!mY0T z^o=Zyy{Mz6tc`0sR4WEf9{fT8%O{yM1X&t z|GN_We;0%QZUqw{(wN5lqx`NC|Ec`4k^ffyr~Us?{)NBU9&g#N+`Q0Tlg-Au&l0r} zmZTp8DDKwo5+b-~81!p>-F=VpjU*nxYd};Ye5NMZ<8`7^+x8{gpGm;>Zqh6R`k(em zy#_bklFR8iV|4}t7r694-N{Ah9ZH7V8N7mAi-}(+Iy=9jW)&aIN3L8IbG@DZYA+xkMm| zsB_=KyKF&V2^HOAF-ix?9iwQdzB6UG zTrPU-$Clg95h)CH?Rf=j93PwGJmBSER}K5F|LAfoC&5ZIIjbgilo%*>f5~;Af}cc^ zo#EZ$(OzI`+>{WZ7^l+>!7>nP2h(+y@TD}?=T;+oqO)DV1VKk){GNONDJgdxH%=P# zoOLy{*mT?Gj{ZU^xd%_1=^hHoBfI}z#o^mNjh6vCSW7%8s#w%_0wYykJD-!t1O~(9 zZY*7g*F7aP4J%|m-hqjo!9l!^#Mo%tH+VFt5jbZ48XL81)zU2iuM6-AqMk2-Qopk}FY1$0Ja z3Pi-KI1*1s7&rO7WSMX7*3&gK;Cj#^&ivAJJTQ`9XY{()FNZ2~JmXA%Oo39n>ZD8u z&m-)EH%8bvFuYizyy#7{_coV{Cv*Q$T4NM9lG95gb4qgm^EfJoz7RZ|u?v^a4$$CF zETq*mm*4FzJ$DwgX{W$3HlFl-`HoYFeLBW{AeE|h``k+3#ehFyQK`ZWG47LQ_~}k> zQ8Y*Zdy1fTJSP?hm@9l<_9U*H)WO+ArcSb1P#~caV+To}pLVMz>?8|&zYQ=K>B~CX zZ<0Pve}`o`Jc`cu_UBKE0huN};jV%)EalGJoH3XN8>UYuz@yfIqUi_s>MLHpdYjG@ z2_sIty8D%q#fRkhxprV=w_)Qwp{vUR>g<`(1T_@5xp{KbAkhh*c7XX*%S9^vK z6IR#G9t1cv0gs%jt28GfM=a){^aK99EVq+ru{di?!~gwp0c@n0o|e>`DmU$rU1{Ha z46uPYblB9CXwX)>L>0AE+C=7~T4c6o6NyXAL1YD887hV)HZUIRj>d58c&yxN7Bk#F zoZX{>6849CG?j99Loxheo+=$;p2~U$t&T~NcVoiET;Usa&Jwt1aM|WW^ z5WC2I5CIa$V|6TK7T(U7s?zy9!58tIS9rliZ=bK4+EqHoatjSG7Hs;{ zBlzjmD5B6qVPH6-p_`OU1EZ$Q=w$et!n2`!s_ zVF*xq!Rrax<5ZjPW{>fGQ2<2fP9r@9;J1UXh%dP88LI(n?_4<-%mCUaitrab&{&=* zIjFo9M&IVo1zFQlZhC#YA>%G%FbYxk}`obI}hv$9LL0nD$kWWaue& zW)!bm78UXA=fM;C$g-{B*u4j^|I4oCM>0^-TnPo;%31DiB`^;vU>!oD58nLimxzyM zjBS{+txD(hX>L}Qn$sMORssN`>h;t`bh~u`(kccN!b6xsoc@ni{Mw(yySbGiIuPyX zZ053T0vFk{N?z+qOT8sy!rV>0w2u9O>#z0_N$D#Ce>^fqF|kGT2;3fbWw!Zm7Fr!jSF%Kq@xR}D=k+B#wE&*@dyTEPwU zg^cB)G%9#DG(YIp$FD2r*WQtMJ_7>&HE9a`Qn}yqw|4$_f>5%Kpl=lzv}FPd_W=RT z)rX{;9MWNCz{N7Gfmrbb|vlx@hso7M==J|SLn9~GkX=5yqpImmd z)Xd!1ve_p;+7ORKg+&*gqRVZnYcn-<$4aALIz-ikKm^0Btw-Qu`Us_R1@xxp(-<}1 z#C?iLe`_Tl&YcU0cJX37^s*f6^B9RChF`5*ibukizxYEHh^b(y!8>i#L>fN#3W5{3 zIZNNDeyLA@(Jr;n(rMl_1wYP6THBPe+k`8K-R?sJR_8+xdS{udv1ri6k2Ej$0@u~z ze3;A>lN`vrMJcwHyGCY9^0zvAyL9T=KFH1`$ji+b$g^!#gZ1R2l|fU613_ZJyO|A? zMWwkvyhF&IX+(coMwtxYKsq%IqmIPf$KBf>O(xIjJVBqsq+c)Iq`Bh@?*BY z-v)9puKea}VS#e85&NVWZyw`3$BGRDMr6cJoOZKj?u_##d0Ha_Gk6ojy#-a$ab~1n zI6ObipOj)is^nl6@@3%(#gt{e)!Qg+JY+!^dmiUTf;O7oFJ5zC`(??X3d*RQu;2(( zq-%d15784z6F)}p>)+$#?3LlXgj8`YJe)Ev!nWb8`C!{8dylm!1c|mS^RBn@W3ubW zA^B;f1eL`sjY4rvzPE&)ssE4!PVPnd=B$6-aYYwcL*yxO>Ix=cVcv&t=_$2SyzH6- zDAhYpe}a71#*vf9KJ~Z4$;5Dmwz#U@e{Dh&81e@EEBIkaDBNLJadFRBGYZYSbMRcz z3N2BmqeZH7O5>+dlJ&-LJUC}wM(-N!R0O11t;d~?*oY{|gIOuYkxM^}V}{PGuAW*P zhKYt_(l}L{s-iW@UtQmhzOkS+*)0)&adD%=L-*gV^ekjUXH;+b@BPoHzxlH>nOSfQ}$@ z=7UOUZ42!`XR1eZvkl^$mJ@K2TMuGCmx=Okchgi^_l_8gl=$P$P=~cal?FR|H{uF{ zrBFZ`(!a7NN8OplvpeR;2G6vb#G9)AaJ)`X;s%xr6yPfUQYgaL`_c~RD`cePEE;u! z;E3K-?Ys&7{LmE^EFNWNQ`lBdrAp9qFUvV8e|}n6GRMz!5f*!lGp5%xxwh7h9G~gJ zGt3%r?=e9ERzx;$HOmO4u1GK+Zn5i?TEhEgqAH**E`RVLhip#G0lBvaJv zn1ui1W&=}jM;kKFd*LHsPzusFOVHkh+KKrwDvxrbRD0+HVF!=>+jpw<{EwRh1}WfB zapB^ahSu1Gna()K0aFgfeE@cMAracmQ+_XwmPMinV6;I<`#pIw7d>x?S3z6UF^r@p zENb{LyGB4Hi8+X#ycZVXr`Q%1eP4k1)ldl=e^VE@`GmWSaqf5IP{oL>X#sekX8dMt zS3PS*)~_*rZ`CUP6>ZjBkjMT(ShBEPk^*00CqRVjDHyj0fDP)rAE2*yH|e>%kuS2M zB}kei*3uo0MCOM$g`Hn{_()ooVrgw6#IA0HM`oi<;il&nSwVmJ;o!lbz>odE30#-$%qu>MpG1eeWgfpZLOnY2^^xzwo|JtxlwC1LB4B9232a;-<-{))A>M!boF z!pvk~PWbXWq>F)Z)lnHQhdG%v7D!YL65c_H$)_iUj^pC~s*_QhrA4FXEP6^tL!HVj zlRAzEYUVDbeXo-Nurvs_T{1EDLZRvFe?Bte@)+Qa0AjaEQ~= z_Z;ZR@I=<7rPs^77pK!;OP$)LVo_C*iy)gpDGv5ANEDjq;bMhgFmH!3kKFTp@libf z+$r+u#7*O126Rn&Cm0UcAiz=k9ZY(+OdQ_RSi{8?C7_fd<3Ulh5}JRa2h$Ku_+Tx5T8zIwpF}>d4>NX7 zu=`?krzErMI=R8IJ3w2CLW&GkvX90J9XhB&bxE!)`s?_~E9l!({@xejDWu z>id<IX0A=sj95-(K|GcDw`{#fLbYb{JR{ zQoG*e$ewt8!Uir2YpF;Il#g(?+9g@qv1&u8uOS+0a~mk5fTpm+rO5?elC_|0rbqn= zTp=`in%uaqzG{)tyNuivBRE3KIy%$twg?#Nq#*|U2SNTIZUrJwmAX=>p+x|0kQNJJ zmlxHPj2YW9CZlF}eosOTP2HNYlEhFJe5f~3J+A##u~y^p-ClV<{n6Ss$_i8+*Zf7} zB6H^Dp}$=deC%Mc$B~}O3aerd`zZNIfk%KHAf0RcV~to|SBtZMb|U#a#jL1#3?=$k z)ttAld?z>Rhuh{3*2ncHYTYx;)_KvvRiE06T7fLw4CsCxG;a%7nxg4X9=n4q`^zBQ znP08}uQ6*Fw^=_J@dqcx-}mwlNjdpTQvM5-Px}{@m;K*VUN7(;D!=3SKUCiD-x*9a zJ4k?YP=J4(|DVl(ZkhhwbY}$%Ncm4TqZjxuHuJZiKf~=m+01TdFAoCG<`xsll$?Oz zRQ#c#DLvXz+MQsVEZ#2RORxFh=bfSk@(mM4Dm1PrjhbWmaleRhZN###Et%b)DTcHt zoj2;_cm(8QX1% zmsFF$b}NrVP2N^KmGC?_%Da>>69YN?KKMUG$oUBj6Flje(kt6!njyfeje9V|kv}(l z?CGq4d=PmZ6>ViHMQJ9Gm{yD=EuQjAKyh1xOUOd%ZTu^`y|*T(MZ-*9mDiL)!{(kg z*ih_JT5FA3ZPnW7ACm(Z&p)=Trwj!2(xWONf#@ms`vCHck%O2i1#I7 zwEreh>4;M(K9NG{#BS%+gG`xjYnp#b(?Y>_Xofk9yY{4gW6`zm-xNG8Ov)SO&uTyb z;Cp{0^lZT|!>dg%jJ9GxOyrx$U?4o-*cW6nD2q>BSRF*LZ&K2KixQAUg0oGR^T65O zfYI_w94FBC0TM#G{c3ViIdXuriWvPYOap;WNKl)J@fo~YSxk~BEb#2i%Uc`E2|~(g zEr0!6jK3C<0-tS;5MIHv(n3xd)8XCeQ#uGBK)Y;D_GfOr4%xK~L?gQl^kE?EQ)K`a`U@RupYPPcXp~)IiV%m0qv>oj(@RB>no^?u zQ~m`rdg-mBoF{sh<-KhJPVwQka6JtPEJu&l^{`0j53=VRW1OAdKeEz8f{G`<>shsL& zP7;|xUz*Ty|AwhJ-7G96js?wL8xwW!5ZRf53oe4H z#S-Do7fSMP&y&95u{2TmpV#u}2+nEz_*CH2)o#({V>o7n?-s1 z1UwbmMd#mo`O!md*M{8lMnq_;9V6aSXT>A+^o4vu6BI(+av=xC~R7(Ls>(OT~Cp19wRD`H$N#on7_ zbCap!S-%Y3{d}l8lmu$e{YXn(W1P~GKezYvl;#Z>W(lIsB84X0ezX0iZu^oIwglYn z_(uD+-paiU`pRwsLCd&$-sJ{wN%RzecL8zRBTbIdsNc>q0+! zD2FjZN9PVf)QfDjdIPzZAhou+T94#IDiWE3^c^?C<2D+gdyQ#xY=#spf(_ z;+l)fD;YdZis_)(z_1EbvwkgVQ~}@tVY5hkN8e^a^#f;0c|jJq8E^Wa7PQc8>Ej!C z@ma=|&>p?lgZwF;<`0^4)j+$UwAy^VL^; z04Qo-G7utY`B(KIpt3h@!t=kDLUuK_nd+VrUY^G|25IJoTI5{ay{@t(t0%*7^LI45pUm|30)2$a&7@o&>ZOs-N|)$_LEcSvYRUdVh?yDhybay*aFGWu zPid2=k_Ue7#-C0Tj^SLVSA#7tCXLTfEYO%>EJU@!O$Ya%ZgQYg7TBzj=afAWyDQ%B zk2Eyr9=?;S){~z+c&HMK^1f;og^xuqB#8A*^mc&8`)j)J&l-vLfi!+oq$?e@M*cSz zdoCgT#W8mA0u;8O87oql#!f1KC4ub01t{s^Pr70 zFQAHwi5O7kBy**fRTw0Fm)vYo<36vg;W2mhA&!IY7THj$^95dw6|Fui6G{hRosP4A zeB>@B?M>ZT@@oP6E+7U(*$g#K@GnymKUS8JkM}_>c*a=vDYC1)_C(Fwxi-pYy`a@> zc`H8fm7>Y~*1=rxReonn3!X!>|7N-0$}@-?7RRsY-GY@z#KLAXm9(M=_;X$}QSQyz zXqn!ArVH%us*%VBCCi1Vc}7$dw0V)J(U<_r%b+{DYvf#qubDzMean+u$ZnIn-Cw-& zS?`wf0hE$GG^Q#BAr(LaqyDO{^=brmtG^Ai=O@__uy5^$i~A6?e*#P0GHxCw)%sk91vGwn z(uDp84V!=LdFRMv)gU;Xt8&7J*$!D%)iSC7&%dF(5@D#<;6M#Yh7zP zH^KLXrNzXH&`QS%sEfo8YmSx0C!pl;9r{jq{7z&h4bp4$ytSEp)x?$ieN6fVdRLSA z!phKE9OY-}2K~Fr*Pu3Tb`QxYz5AB;duJ-U>2)tb8EbijMZGEI>OIffu&Co(vf=|} zHYUj9<5)SIjPO+|4RF?oJm4-L>6z0G+CzsnVstIyyr2^2(Y#b1w>>n>_+kq*+CD-S z<1TEeJek(cEd&L=K;?RuBgJnjwDe&Wbzwig@|MDxkO$G{29GSQs))>Evzj*E>Y60C z2JLgmvm;s<4_bs5URMPKK@L;5NTeCONq5RYha`@i{`^Bgk2>;;=Z3;Ei8jd%_Uu{P z)Y8*U|9sFPW~JRmO)nP}C%>wje;v5Pc|vghCU>r|E-<(tUv$ z^=f!gr^tBbcXzO!8v65*6z5ce0tQM+r&642fC(M;I%h2XhBa&j51+hw$T(FDxiqgD zZ>~M1U{(Jwp#F<(TCvg~{Gb`ByT5IW@DfE_@eiaG*@^lSS}yQ)f0Cz7OIL`}NI!lP zAPSBwoeJ?$rwO7tBA`k%ex84;#)6Ab@XVzW^Drdduck*u)~gYYsRhuNY=K=c{(&vs z2)qzVXd)^CKN(5N2akOsF~-Kf6L#*e0KBM2%TioOcHLcBCuE1EoXOro+)sflbE zxT;!7LhHZQC(l+LTf6C9FM7f3yh{&Gk1_UEx~z(t((w+5?N;`jI7aWVzd|rNv{}&} zXvj!SHj#@v2vy_7y;Dp?xocjLdT!Fz3Nj@%YACg%rg0lmP&H~op#G=6$U{*{ zRsYkXLcj@IsV6bfyVBMnqbjx{TwIH@PXFG}+okHgrIbO&7m$dR^CWnf<2P8nANM(b zSad8XWXGG{kgLnI6xVp9=h`EMG%)m!F*QKg`nwKZBSh0rc294&<5%iPtF8UWXshO< z9CcfBzfo2hI^dMh;{j#E2T?d7RrA9-J8TzKIJVRRVi?9Tr#q-9u1#IOha2p-%byTR zK*m=D34Py{#uS{Smpga^n9FC7nv`+}- z=}?{?y?B{I)IR5UsyVXph3?xv+s`MWSr@bMBq;bsdd9Lybl|ZUVx{np_2ovPmEjf| zy5HW9`A>|aBzRqzLnd|{^C~LI?VnzM{=9f+R+ZC#ZC%0K8Qo{q0hWHVIO{xB8Jy!e zN!?5j08klq6{P!X1FH2Yb~rj{+nuoaR(J*119XQUn*KbxY7a+!$&bE_p&Mcs=+;0E zfne6{05C!3n;N~#YIUSBWc6w4OQsmbA&jdcq_CEe4MbH?+u~B$f*LUt7XW|WDyE<7 zmRC9|C6wH3Q%@c>Lgy-iNK(`Z_lL;1(N=p-w%P)o-^r7qCkeAhF1%6!a}ZU=W!OAf z*_s6kP}DxkE@ZV;q1vYAU|Ps*ZKQ3OKtYT4^K?6-b(iCw=T|r$jhBWTjG4V~1FNCU z7-rKJF%Pjdmne<`d^)cw4!k2ZK~CB>N9deYm4xaX51fKLyn4-vJSF_ z+i{+m2@dZ@H36m>l9wPOSKm>-tT}cbhgdAqrsT-k87|X}aCPwXFQQasHqMk1bo-F# z>7UR%mv`#ay0ip^cyKKid*H_-6LVE9mCrzjIchRB+So4E7?z>hx+uv)C?1xY@-k2; zG~%SxCZsUtSdAD=RW3C_n^GI`>%NC3PP&ki)9O~slcRAPMBvu=$O4rO$NOET4;E_t zHuEan#IGAn#!{kdLU$7mYf9FqP}f4gF1F7NnSWc^-VY%!-oRDcyEFm<85mHV_$};& z&rt1MKQk#`62BIxv3&<<5F_n#sYT9y`>b^e>>QCYGzToBVbCe9L#8crv6h;clC~9x zZ^T^?R{S?=H(mFe6XM`^M__SPFL8k(H(KN)n*S)Dv`w}rZ z2u(TGSR-z0j>$5FefwI8U*?lRp`g;Ib6WVI5T_oPwY0ukvM+$Kl!$`4$iJdp2i=?w zV&i|mp>e=#;%J3UCN;cTI0^pbcSYwj(a|}|p>Qi!@+@gjrG6qOsfDdNo((s8r_~EWnxV=7QBt>X`E?)^6#zAs@LccP{!LGRcJY+Kw3yxNO)Yu z42rXTmzQyg<#@)QhNHb2A==9QS=L9fWQTx+Qb1E$)XL$@m6#cUpUJbtZ$%Y(30ous zcQq=J1!Y$Nj28dLp;P~L=>LWGr2mWd$oy~GWAFJ7?U~X358AWv&l9)o|EuRu{FmoH z|4+|v@A+@fZ_DtXv`0*_!piM?bO3Uk@>pQ=e5aO(XuK(WT%6_C%tleeY6Z-VXE9)K ziT~9{dXjSVRCQ;7G@qrJx?6b8Re@(+l3tIFEnvl_G1Tbt8X_2!YJSDUBwAd;X*5sq z-<>pJtpOA-;!-uJWp2M*$5Bi@<-+=>mM%IbutLiStdV9ztU2k>It(N~V@703)Q%c9 z32FYYU)tii930>b7EUbvIZgyBOVy5PV!gPPp5P&aK_-ltzYOtWMw?h#o&T69Z1dt$ z8XOP_R5(6F(Me2sVGx)k#}f@k0NMNd5+_Z(PIMTZwXf`6p2M}Z>W>F2MxVl4%*K-9 zaF^DS5>p^6af)~4On>uFRtI<60_)>#OA)+T=8*G)QO5g{9_=2YlX=y2_nA{I+pB2H zna3VfxfubIW_C~C^FLya#LZC`ouvlSPx(_a>!_2<{ptx6Kem;C&&?9X(?(422GDQO z%}Q-VOD^@O$ets%prIjS9T_tSRnQw8}McnLSCC@Q4&s5Xs7&10Yh7m zzE_HNbKNVtWoQxhgL2A*sbK1@ElQW=7pkucz4ii!tMw7juJIdz-&w3Yhq?`_&KUN0 zAoNYP@2K5&`-@E!O;# zI@d{rPEUYc#KpRt>KSts3D_S=ko8jS=%^CL&7+RA3ykyp1)y0b&4g<$Y;xKzvFV3V zk1@yqH-Q(S!mC>$v*Edms>E6gA1~k+J3K``pkyNd`IRKg2jDdO`B~XQs z;QDNg=CH0f&?tVx#u6V=&6DI z08uqVBvv~W&+Q=9O*LHdMrD6hPZz z&zxF^cR41qlh~;ChVNaF1bGT<8-Rg>NrCCfCP&J)SbNXwuipP~A6dQyCxCv}_EM;61v76f`|* z?$DxHY58tiWh5$EYiwRl9X?J3_|1T7qzZ4wqgTdp3du*d`ulJ1zDRx?wsQlF>+o=o z=d8NuAao;Zipon0n6>v@GKTip{EX)u3gUD+@)!5+DB#Y^Qh6H}4Y``4uie@fEwia3 zaEW4_W21??5y&UpY*R8eFc0D7g=)C6{H%%O9Uu@Bj!PPJXz#*eBq0~0(%ih^K(}Fy z<0DZ_N`$Y1^-3SOLg*5zg;KY(ZDofS<4AV6FiM%@>VF1V%&H4?HMX@`brb;-^@uqXcm5r)ac+fA7UD-xUiL#p4XJ-3NW00#Nl<@0nT#SF=~qb5l)(8 zz0*;}VU4&>H@1EY<@Z0_qHI(ZJhtAwDfoHBM%=c87$K4>9ftw5S-3=qLs_d7W~p3l zW91mA{{5}TN;SZDPdGZuf!eY+SQHMg zCmzS%D=OS1t0}jvhqru=H&Y$}5A?FC^YQ`J{7sQ24)e}qi(v-6l$jCDzE?Fp{~g3= zw(+P9q3rZ_OpXP(s`rhDbbF5DokS8|mM7~??0Y`lCxZI%fS-oLEmgKD*-2y=>M}-g ze%4y(B5eFKb{#o)>DQk{$(w|3?)=AGzWusQS|!!KZWF=S-pDAR*_d&fE`RTsj0vC} z?lAjrHa0e9dKc!+$%tM&y2X@~wG76&7m9A;)S*-CB=~Pf=T$tqVdoirve2Pwz z4hbo9TML`N0S)gW(mx&1Ymz(r+RH|zvkqt;0dj6ia~n8PqU732);zC&(GayuJDBg# z9C&=!flt&Xq(=Y?lbS=P_68-`v6mqNg0oyf|B$&Ap#H4LNPvE&rUuzfAmY&R_p=fA znkGMQM^Ky!IX;aqo3DT>i>pVFHOU3d#Q-=bOofy4|BA_L6#3)Joso9A&og3nr~*<< z4(JMazrL~ElZ|lR{K;}}Hg1oO!nYD^CJW^c6v(2YKaMM$G()QAzOHacBr;$dx8IcG zI6POLHTme83EYj&Cov`iW4*OEQ(g%voagC&4u5-AKlIzzU^8h7yFF7vt8lHZT7L)? zNd1Q(x40Bep}@J0Maw0jnX!0X9phIJ(PqDdz$F9qf$65Nb#VW$W+x4><)%jN^h@dk zes^^XHIw#U`21C#dAP>o4&_va6VGOP!sqH)E&M)aW|_PLbU5u8P}k90$nA)4LJ?a? z(*4O7Y`P5hhGfW3RdS||X6x}qA>USFh1nV5a^o`t!^|gWBi>amD0UT{>He&%%CE zc~-j0%nT#phh)7VG?p!6CG=2X)fwq|IGWqg^P>LM&KW|Je`OeHj{7cl!9M)PR<)xN zyOWpHpAbH7Gx_*x3Q?-)F6I(vDWP{)F}D~SfH*ifb`oC`3U=6ZefF(K`9kt;^CF}+ zMCbbDP&UX?sQb4o2>GDqAbGT|OGQ~D8g}fcZ&xRVnx%V=PUlr>mzXr@rrhFQbq+AN z&sO6R^0@4^Ap#aOhis`aJj3C>98Q^*-8wO&gs>*5LVW}h(kf=bn4sUBf>!VF*%QDb z&mOjNRpWU2Ud&_V1drLO7;X#Bf3Cc_?$n5v>sUszAdyf()L$vwUkN!xt!Jmy6_Zlr zvl~rG4cg|aZ2KVem1%<$viLDwu?>JZTtyxhO3WRBURFUy5(z(301Kr!xHUQ#q&?-k zWG!S)!8H@+JTZ>`9(75OtVd$_>%50wrRreVMxapswdx`4s z$UJ@a8C_1W-hKM)fSLLJ=J-< zmXu!HEw~I8C*vR8>@t8D7-lWc#J^Y}Q-MyAiA6oDVhqQY3-xjM6-XEucCJlbdD3($ z4%Q1}zCqiy$xt|KPz2pC#EafJP0RoYWylo>cDFzMdM;F?(t(e9HIptO{L0Jkp(9%? zU#$tsV4~;Eg-GXvcszZ^22jH~ui66h{Dx%1t^$7>_^rB_0lP<;1E15<(uOe}?lxB( zVr%PK?ypGruu~{;Y;EdTVy0H(KL|1Y(Vc1u9JA48@UIU2*pHbtFD>TcKFxA(jUv(} z&ux(WlM3d~?bRvwu@X$Smepx0pPV8G-76c?s}{E+N`AM~en#H=JX?JDEC-mw?a5 zSQse)oTkCmk#@uDRat61BDCag*b+bv=lUx4c>i=153h7S@mRe_j2ZaQ7ZMZXg_c`eecOcX+tC6cKCe2$H<#QE zazhh~Dq53@xpZRJ#MEESz$$?-L;^k_udJn4zBe$m#IGc2FepJKS8SHeQibb!gR;kT zibJ*4kbFehl2H$V>!(1}*?ZllqC(nx-q7TJzabi0)Qi!XuEm(UjDe=nk;HQ9u-jzq zRI?|+;J*<_Lj@;NBpMT_HWGu|zJI*z5r9J2hEfG8%(s!a-Dmt*FpDIQ-}&^&Ur1pK zB!+V~lV~T94TV?oCU6(I2lPoAO}QKhS4`YUyvmVY4~=`Or3jUzXv}Jd#1o(CN?8CW1Z$Lg)}*N)`%EzU0oHK8>wLH!8UUaSyuN9Qj;WqVs2ki! zO(71)GrST4>Y!gU5YS=j>C=P&oNW)y8*v0EauxjS^2Xvl_*OW$Gc3-YDX)X8P?AJE zX=heEs%#+BhyYL(^zxVM$+OqM%!`Bl+({tCRqFZJOvYeqH7krRgFa%}ph{W$Y0Bkv zXxn^&MubE#M<1Nm(piD%GKcF3PbiLbW3BfGbDHtyhtv>%1MD$)CiloP7OC?~|JIJz zLxiVwQc303u9B={hBl}(;d?fzD$4}f-5w*Mp}h^Cl(FU|f208~;gFJILq7z8qauL$ zm^<{oh50pY!<-=H&0Ho%Y@z+@^baTjTq-1}yp8w;d9saPf6cPn(oGW;p(j$lb&Gq6AUib1=$WYy}xmVij;}3BF!OLsv-_KcelSoPa7}wLx>I%eI zS6xmgPc8hx17kF(E)+{g^#}Or=nK|R2lLmnt|L&o(Sr9n9+L4&jr#JLl~p4ybR$ME zT-Dg1YCJt?J(#Mi@|8MMjJ>lpyqP3q=G(h$KR_UbBPZE5Amy#XGMZC=ntV3(p0!!I zrWr=$O+gim-h9V2%}VLuL{)B2r$X*E0#-Z8>e_mnO#t6^rG(pAg_md;hd|hQSEuT9 zxHi>`dnbQS4K76yWgcij#h?Z%uBG4-%+?kc0TR zVpYR#HdRAP3Tm%-T&XwFj8%c6G|?KCHjTs(Bn$Pb!pr_KVURZvHbfOdg`p*TAtG{y zhkl0WF||tVs)Kvz7CXcGXzk153L@KUiK*cK9v+`hblvCkk4nc?!ybH%P3yNc_HqAzZu@EcKbH;6#z)d>2ojHBCt{1^+t;1KacK)aL2sYh)xfts>zd6<;1NG zl+&KEO6xkt-dxaq4-v;Xr#OBPaG(OwgXI2YC_E?=;?Eh4N>iW_x`MC{8*Owgu-ml` z+7eR<9@V}QD)nK=m^9fg&xEf|aQ{bp%peLjJd^o==bJk=j$V_Od5r`Ez9yfb)Uo z1j4XFw_g^3G8o{6`7p~46eBHwN{l$)cVAj1Z0Lb}&G;;TyHZQs3NR3*jxN*H*f=j} z&FdYrv;kOMC?6yesloCoKij6ibGHYylmgvDZP%gadTp7TIV@N7x#`L^SxMvNfb$gj zkA2vm5(8HEYXgETSL5w%r%sU7V4cGKgSCaq@H3rn3V`|kc~;{t8z0PzT6SDtZS3Fu z+ezBody7sq>z9lS4w1={6sDwfC^AbE`VA0=-ioANp`G4_bx12Vp%Sa)!7DQ0=3!02 zfh$J-7BE4?j9iA?o+DPPd6_i{>(FF=iI(V7AF^{TceC}Tw0 z-AQvYoc*39n#iJcp1iCg4C?iFKg4MTc5s9b@|wVgd%?d3VPXWZW?0-OqD)#oa30$C z=S)gfPz3mvmH->aPA!!xM(lJ&qNY`1E=K~+nh2r|k_dbfz4&$6a zMR1%W5eCXGc9{*%-RW|;sQmUsg$r(<7h9vw*wU&Ee=`h?7ig|JHg;K&z}f|G&@z!jST=wpQMhR-mg5NF+FOAxEoZ=ER=5L_=R;) zW;pfKsfJ&h0CMsw{u{@oOj#Oel z0>2PTxE`<8KZUp((>6BPIxNb~UoAJj50^)3aPLm2VOcd35zI;6nCyDiuQ{t#HL@%@ zIA2q)5$nrJN5Ki)RHP9sUyXZwX+Y6fX*YDU5d*{oZ-hCuZF0tfX3$TXMkN7QVZJ-B z1#chhX?5l+eTxf}7k2C-bQ*+wvC@*f99gHX1jkoKay~M%Fk<99If^qe4W&y-L-b~% z2@*w=R8x(G@A%oBLvIGPSXgwip_Sm!!9sb`nVP`0J8kRPz#f~ZWj%Qul@E24wsj3V$&78=ww)Q< zwr$(CZD+=|W^CKG%{OaT-OpRAcGdm^*T-?T>ll5s{`lu0p4%AZVfQ* zdZ#O-fCdvS9mx3iG_J)f2oRIrgucfQ2YorQMk17Yr3dO zRudt9c=&B7JTS#;itZD%fjpIqkc48SQ$~Vj*!FS|r`*ME1AR$j;A%m&4>u^JxfhM= zikNtT%S)3Uh^=O7Mk$g?pa^xYtYP^?hS1)IZuNL~Hz~-6{2R!qE3INo%)nw8Q7`+Lzwbxx%j41*{tgq1UjPra1j@$$NJ{pP zr2G$?$@q`WNc^|WME3n-Gj;#Anbm)Ou{`pB+RV>9|Bub^{M%+C`~J^n%sc;WGwX)- z-xTUTO9tf6K~^KnSS7s9yk!Dh^ux|!>kuW7gG_$h4!9zE8;mhcu5E$qd+fo;2Jgbq98MH)ZoCY@wM;KWmsmWllFZ z;_`KuqLrQ}1>T;)+k0saR1SMRzwWAi(i(@Rwr6d%(LF{J)Ab_`2S;!-Td;2R2eS-e zVOR|1HPZm4#~%WkNH%V%=3WH3n>U4VaPk*kP$uHegC`IV6@7qUIr=w*ud%w#yfx8h8ok~>Chm2C?k}lwE!(`rS&Ii7SZk`2 zGxz+bj0BJ|TEXZLPs(y~O0F>O8tVMNuk`H5rRT*zrbj&H)C?P^7zZpejtvga_U(ea zq)PQAQ|vOx3go0Bd?TW>B5Z0>0lJZp6yZHQ9kisx@A5g#?viPRMjlv%jDmf4jN#te z7bqimb#g}(|DbyPyz?)7K!zwQJphg8iDejDv%**Hx<+Fq*|w|GPJZYQB1gOP^1Zr6 zjp|||98Q||xoa-r@Fe`IXHz!hNsg}DX&i8`&h4|XpQ74y{8M1lq}qZR6~6q5W^bf( zqf-9So9F7>>rk$80uA)UOXf%!-$mb9u@?&krx@0e9p1yD_z0C*WYoWN`})h`Qw71+ z&ZgG_HO+ zQR}f3LcKOdRyomZlbw%?pxq5f5q-dX3p3|<5UKAr_IDK?YJ=SpNe8Ki7nL$TH{%YK z7%Yu|%r~eWtR=oBrK%*z9(**Eo=)v1gnq8q;&(#>4W0EK7`!hk3XYght{P}d#KM^A zH9ol=66$r4tmS+jt(WveEv{v&`2H3lk^Y* z7VFD}L7B?5-v`N3`F|Ve-)xb!JH zhS?%!s6Gw$@HW#M}b(3Hjf;#Z<%UL5gNu;Ow1g(kmWR$L<|4YPr&m;{~clUMfl*egGaBIIVP z2zU)!n51ll!U07$lq_?*J}P8h7^Fl4IR^nQ^J(tyD4Qso9&2c^3GRu|IZ?eV(VZ-vv+=;6o$Yn0Qq z0MX!2RhG-gNfGERheJh6O&5}@B20iudkx?dz7g^-eMkA6sZMWiw|!*><{wHs2}XJzl+3r_GhcX) zjCg=rS{=bqY~upgY_R~nY6Uc-ipv@d>^s`5Cw#__CdB2UHouHZXeU~v8bp$eW(2^n zsLEx>1OREP6qqTU&9=!lw&S1fI+< zaxo793eMf>Gzr&cxlGF=nPXL)Utose@It=1>g{f~wl*fuI)^3}(O+6w%mK z%Bei*xG|xMh9Cq`Y`e8T9^U2t6kM6`i(Y@IR|&S$* zXAVof!)QE+B{R9~IfRA-s}7iMU5uLVR37XW0uPm6dYE?28Tf~$SY#~m7>JiSOA+_q z#XO>@7Bvf-SZ8E@k-{eqBLYkNx+Z#*79DZdLK95VdDez@S z*!LCA#JFIt_!}^!!NIb@5!lJq#D=;Hb^7t|L3S(Q<&K2|eF@U14VY%MG!3IG(puod5S(VKSd5~_O#LJra}k>%Dn4+ZibN)dg7$nKt%AM%uYh@pt;b@ zLcl~w9kB36W=acT^pCW9x0@M4n!qoW4YmCi0XUFpC#-&qZ-d49(can3v>?I5RLPqM z!ddC=C%0ucV~RY2?KEZ5vB<6mAz$ANgL&*KP_~TVtBN)hA0j0gPB$gY{3=?Aq9rnf){TZJUSavD*yTTu?yry%MZGl?rCtAPi@q;X~s` z{o=Ieq@&3TF8C!f$*?{}88>ZepkwT&>lZy#WG|`eY3hYQ&5R!+S0NXIWmgaOR8#Oa zmTyCb(Mf)J(cfJMnk+fezM3F=2^(rwHfJ-*A@sjjCT%T5<->Nx+r=Ba^Gs7@V&7X< z2`_kLR$3MjhF^vJ42d%y|U{Pw#R9Vs$;N54mkjLtL(`i z%(U5Loo-Ayk5G>o^0&dRY#*UTGXVS@2E!5Q-of>t*+x~lmWxzJ-$1$9F@)#or5uJ< zxY4}&iJ5z|yjfME_TNEP3M>7V`LWOT@Y|lK(JF_{)t+guLece|+qLE8ciyT77>rtf zEtD16K9|E)Y}~s%J*aP>A4yWc0_v)tR@flq3<9DBy{niqn7{GjSfJaq#L*Ti<%}KT zqeEk}xPaLiKqV|5A#+BW(+D!=*U^&iZXVXtMX`78y2#$9_V@o35B%u~g>WM#u$e-| z=@@0wNc*0MpcB5YDV}KBfISy_&72b|@Lfy58%Jzvn^zQh*ow4l1ooC1^97WfD^IX3 zh)!E^gGFyM=qMuNzaaWuwU@k2nZ*dqR%a8KYi;9+#gM#81ZyY2V%5NCjhA#I?GW)K=jv%U8QA zjWQGeL{kDz8WZq(n(qCvZqcYrztFm2$4{qwPbGR39tR!_;?P=iJgNb=LlT`Un5J6A zvpSeaTB(py!p4|@<;%Q0_k$~ZaI{2|t1Lu~; zjCs9R;`fH0`+ltLvQ3TgXaj5f*RZg?#KERWwuQ497{L2D!jZ49@nDisviTu|g*r$s zJh~!t#7IQSd$JX)uU64u!&-fTgm@9>G#kppi7;G8FhefK$O#*CCy9!PLEHEPb+H>7 z+w6pPRqGvrVRgye8rmh(G1w-UZP}{Tt(J?7BO=*v?fqHC1!{gWCIAnFvx^1CnnFr- zBh#f$1KUtR=%CI3JE_rirVim*d!J=&^oeJ8I^<$!yW;&ih@kuezXIfBrZcR5Z5yj7 zhE3UJC8UDxX~HPshv4kltA0&*xWHf#gB({unayQTiWRrYHzhpfb2{Zd2-Pl!-9MXI z^Bd(D>rxxG!L$@EnnFaAq5_3_{rGg3ZA1ZM9W3SaaLsUy+2sN?-ZSiUe(@`N-uQ$# zNS{gO=hCYaBLV~ukD7+FUlCvtSNmUt;D8%MkhK#aKFXu2<-%d9l!dZ=Y<>1+*@X2U zX8M0;f*f02eX_^sd0W}cjO^>|3-DJ+Seo+RpI*r@IM0nMO6jB23n@NRh}m=QLkbBX z+B4Z=7u1sdKuD>j*(8p^1AZ>6vfakg|uXk&eZM0L#uRec>!L>Y%nfed{I}NDLj%JX}vT zpqN!{jV7Le99E2}D8glmNS%9*X8`W!6Xp?;^I{ycr^|eIq)*nJUQ=|H8SiChiAJ0v zGo@(4Ty1;vXFW1j;lV45f-*m)&{sGo9z0nE=*WuN!gQ#ZxpN;J^-kE1%zM~H>F_~O zB{2)I;qUg0;Pty$pZNLbpN_WYh=wW_Z)p9bcrhb_Nu`<0Uc<=xb2d`%Y_<+=`d?aQ z_{}-QiUMTrAy&0x<;@ofByfTDGt5!WN0sa~w4?|hl{!~^suQK1ykRqyQE+ueVf7{B zL56h#FGv%goF$P7Pat-9VLd!F+0QvqfVHEw@iP3l;&1qilL2~~tU~GE&e+n)nb&o{#qGBcY-3a)rbYMZMC+X8|7TXd^G8zths|XE$7aO;+h(%b{;`=n z#DC4r{KsZcqyMMP{AkaQ&2awPX0qD;&t^)*|7|nBn1kmSu^X@}YfsTBpl4hCOYt0v zO2~ll+Ir&aAEX4yf5ny_yhOn0Vz34_ogRzeL;Tq}Q@UopojA&F(9_r*`_KytDv>3Q z^Ly=OwqIVWut8}!Bwk?$Z^FL&;=_^na#Zjj0#-#4TrEuxD)5z8M(O;r8$>7>v|fSJ zL297e25ajT0f3^;^O-WkA0iKQ%|+2gdqoc z4S?`ggAwR?^IbI!P4JdCjrLD>S2x}q1we70`juPSFTE!GtdCd7B+*eywAW5Xe`>)o z^p}p`KB!wh_l_mCt!~Y2*HG;FRbS=!qI!?X*D0-?u(8$hIEBT{+)(5Tteq;bezIr@ z&3Lg;^uS9kFva!Cac=q?Zfs&q(eBAeA`@)fXg+urc#D#Z1uvQUDK=XPi#69!^trW( z7mgW>YHQ|daO{q-lWz)awd7jUi5^0|NGo(Pw-9wgpd%eU%A{07EICWRHcHA64qf0( zh-YYhw}!e-2!3LUHci*<7P`RqXM0=mEQZCsS5Br^nIYIvU`pd?OmZqHo?nQW zalU#8Vuht%+pt&{AelwOT|SU|W!N5HF=oZGBG!{BU9w{0sX466oVvQ*mpcY^l$_QH zHZiBR)vbZgD)BP!Uq`q~F#Cw~$hkwlde{Ix_D?A&=snI}$-v#Fu5Pqa4T`uwZM_PuI3HlFqY-M!WDK-JJPQq94iO77QsYcCHYv8aj^tehThK`x-5uKf z)WE|uro}xoM>|A_2lkeZIsAu+c#Ed4@b4^M&#Qsuljgq|cTX$ALJwr_{VMCKwiop$ zTUxk}j|Af>c3IAYk6QLwHWb|4T}(Ej(*(?m#D4l*NC`W>Xk$r5s6=@W15eP|TTA-x2Os-P;1W zfnK~<&$L2gNTYa}G`1v6v7vK)5Qsdz&#s(?6gwwU$u*ICJrqw?Szo7TlDY+>u$S+yCZGB;tl(C_5R zIJ6Dst@?N9>MjWjm5As(DrbM+%%q%p+BsFvHk+K@u27CN))m=;u+t)QJ=^6e_D;uT z7~2hHWslAtJ=N^;KB2YqCrM_jW1Bs1fwEo}p{~ORWPXM;6ep+P@_&3|>pU&Flmgr+CL=2sV^*?o=Hlq8LQBCFzw@zsRzS*D#NBFbMVI;BT^ zsbAmZnJm=rLjMKN%TXIfuyXR7FzZI2KDT-G1+qQeN1Ln9+CM0&7ib+dO5ie*b>niC zEudhCLr3k(hsg^+$lmRcICH);flmr=$Q9Ye5LUmaapmV)JacHH$Kc9511J{vMPJXH zq-Khh5|n`?RTJtj!2mZPOP@rtX1kN*pm#}7kFP0TcOg{|B8)RB8}x$OteWTP0tv6X z6~{ox_$X`0FtnpZthpc{xjH4gpDY`P`Y-1Jmy48d)bERp05>kpn0~t(iM7=D3I}{q-l^2``3Fqi8h9C5?0-6@jX!ovj^7ZUPArO z%K-X%LoNSPt^^IryI-FNS$pl7 zR6-*cqgu{RlKEN9im(Ud)|cO@G{n*SCzl~lGJtt048^REw_P7=S9($K>SK2aP>|mb zuy|2M(lmm1MT3!jOOC>7!-LYOkl46edn=e)HP2KU8@8X);}@Q}QkZ*e&=UlsW1*|C zYA`MFaT)9GO`-K#s@4PiZ}X|V@xJ>-=yQ|t9P2|WAFFmJy&liEyN@CaCbpGAE)`yV`GOdj4Bo5-pg#S^Nqen7 zQ8=_1cAaL}NvhqYuiB$Vg6-|d=7^onvE~_fd4r?BZ(f!=4P}=2(uXLAAm&031JBwz zo)#}6 zDu%SwYxYyM+HWYRxT|z0YFE|_v)@1pFnYRxl0||6-+7Ro;q;_3`uA&cIT*F$zaYS3 z-m6;2ma(D=t_+U_;0Nf3<4aC}##1t;*qy1=m6mA}T%hX|jg?aF`4~+x&69hOf}Lbd zwaQDN_k#0J!jJyqDWjvezizTKh@Drypi1OU#1`bay1&h9uB)lpz?ET);3qaX(mk=u zbK5LMxmn|D@6O|Ay!;9#)=Jpwxb%oO~Trw|&t?#%;=Kkn9%5@?1|N<0A& zYwA@jhRGvigv{L0LbKGeNl8EL1QhECRcWyz9!2arkauJgNHl1*vCQnUkEtAo4*W!> zHyX&@a4~7H0=!8!BcOQISnt4)U4}@|<2}_is0r#|U;%I+=KFK&OBZIpA{Hf4^v(EX zm+054>Xf+vK_~1Vw|sVM^=%*-v6+!Bzz`F zOFAQ~deAlX&Fx_^BGf}?)}K2o`yOCL7(V-gLKqa6=3${KEF=LQRqPe#XH@d|2s)x8 zE^)F8_GinZ^d_^hggY*fB@El}1EqO{TiXI(YoOP?33^4kHh^XiV}l`3pbeo7%tK7C z;TVm7VcHG7$jW|l%2415DC%Vt4YgsWJ+eO6C^e#ZUbxx3pW#<{pWrFJNcJXLFp)Zs zp*n9-lit@cMQRgv-Jp*pZ%L}O@ecU^=XI`NLKTD(p zm3dT|j}^!Y%1A41a*iT}NgXT~uh!NhL+W&^gfzkfHC3~6GnykET$!hB^@PE$O6e=d zXjD#%n)Hn|xwCNSglbqE0%9#0PDM6N-natskYjA$=bA3kP$PUw?IEcc3R2sbY)k2N zi?|^Sg1Aej<{ULXgx2J%j|hLYl^zlT*UV~d=BR$I!dg1$W^}UF(Tjh77Ytm_e8)WJ zCEwgGc5^FKyuy3QyG14U2m6b;*K^g3^en8S(q2`Ak0OSf_m=F`G*;8}?MB>yZExc? zz4fcU1s>HDBYc&sDC(&q^BSZ0x0>^D@^xXphW#hXj2gf;73aGL5e(BJIc)$Ord3d_ zsNhCBjHP7t8;MB~qpgINS84OPe0;a+ZyKsHs@v%{`Y5uw1|o*zb?;d%hZ#zv409oe9W+XdmxNx^Xb$DU9~N=Q^w4+QieDermU1C{ZZGY;{H;- zAi}5$iVd0Oquu*X$6;PSQ5c2?upsKx3GJPlPVyKu5ORt}zbFF>@%vhP187eK?6_7W zDHmU?lY8GT#c@2uH>aoJ*ua#un?5SPl4E^0s-i(RMJtSwPv^uX^WB!wA_K9Av4)n* zosWb~u1VXT!l81KF?QVbSt7lN!MawT`WnDtYfH{zndgd`OWd9~n5dcLxJ^kT-ft{~ zCe&JV83yG@UkDSOq`u`@>j2TGi>M^L!T*_?i&0M#xFHd=4!yr~Gjf#- zi?gkg<2{njddsATmC>d$E4bAEux&uhO~&rTOJ&ownjq~-2EFCk8=#0 zrKloGczggu(*$wVyW~9%-kR*-5D zd}8`mxINQqsuxQ>1u2H@gB#1cI9>aT_X&twPk@GqNPFmCLQf}0Jt=4?#idzcUafZ1VIgeaucFih0^qF>9FTQ@Csd(<^0|ksK@Z%O4j3ogI@wzRCS0Ln_O8h zsnZ&pmL|`G!2<;5!rY71EPeJyE4UET)yC2njB6cFij+3WzXLMLN70KcC~NPuuL9oTJ0JDQcCDF;!N1CpzcBy zJA|Q*6Sitwq(<;yB0#lbq@trI>`8d%nY`}t!!*zeK+s*-Q!@+;8V za0G->2_fSISp^sD^HHA`f)QRCqBe2jy8g0!eXZgsw~ggM+V8&yZ$Kq~cHl!1r!-sb z24c!9AO`bW8l!{!Hu@A3f?z#N&o&WT;LdKSLPxq5QO()8BozR>1f3C#@9+! zUZ^|}Gm}Az1Kna&3t-i>(UrR3C-2d7W8{Gfr(;CSpb7u4G5FB&>exXmq zN^A8SrA)s(;qYch*;~06Us}Bi2T7aWVr}+7EKN@AN*#WuB%KeXJ@#&lc8FfRHM(q8 z{2)Cr@Z-n6>uBckFJthV0Lum|QW&!0Iv4Q-h|!oZ6Truw7f+Y(2;C>?OXtx_tIE9; zy116rps4eRqk2tpHmApkok{LexRxUzvYepT03h$V6_)mx7uhx`XDXpk42@9MV9tc% zB*S>ef!C8W7IJ=<+T}~c&ol|>v|vxO31e9yxhkJ-PDL@zfd2w~BPjKH6Ow|{7wdgE zwLJzz$8j_<=e>*0#DS}4&DHlS@yP?jxb;H>Ke;$Hau*=p`5T7ON%m+4RR!m?HQLax zC5g(MzK3R?l^$HAD~p!g|A$OFrsCQ3Wn_A}=f7pSfS_>5zR2>uE+=E;R#c}0#{Xs5WENEKy zumU68mV|J3#QkTt=7X%EH<>(^?`4A@40D^^wyxB}w>_tF)$7TgZh6?{-3_$8o~c}^1uGPX7!~7Q70+7u2=9P zek`?LWxZBff^xQ&^-}XY)nEb6TNLj!eZ2Mq)@VVxq5(qb%f8bK00AVjn2j;7J+a*1 z@AX@>JH9--J>)#sSHs3%53E?~a0d4!q4ejjq*?L2hBLAS~uT-RZ{s$vNwomW&9e-jlCEzRMKKMY}9$C2MJxZOA zng{Iqk?z{#IE)Vk&s~+xfsh~uCd+M1tj={vtFhyLw%!3Q+wjAp4*p@Ai-$~@L!kni znr?2`Nw^c8zKOlI-AXkHXptvXf-7)<;%ie+Mfa2tiDCm{*^L|CF-=6LSW)$WYx|U2 z8ZBfJuxgTLu8J)xlpN{%~;j){aWZH+qmh>Ms>}k5DQIj?XIHQOYvGk(t|gJ zF%L`zWd+8pt}9ft;%*1u$pU{4h=%n3jR%EocKLivY+6g_^N%SqBPr`KF)us;orG|U ziqpr{%kVWYdY>77pY6PuRg|tB(liT1SNcL&@-z&`*J{E9@y<3Ix)aagGKf2ByDCQ0 zxv+zX#MD>5{Ac#+v$6%()QjK=AUl;LY@!Ey;MFqko=&X=ZsQ_&`AM=@r}EueYiED1 zM0au2i*0vSp(_SsJx1~iMLB-aje?JG=D0-)g|ZXm_Itnlx(Q^KWs>X0muq9vA3;9Z zIMMnKX2C#+D;L%k$K`(%$OiurMzj_|ob*z*PR<9`L0GxK@3A&c~ zsg_^-TZYJJ2`ufhTOn?6c2fc=mrlafxaF^3{X1QSG$2&iU-cQxDrk2(b3F)p)^dcI z(cVgRwQ=q4B53HCKW*mqWn1wrxYL$uX#*hTjLh1;VRWr+7`rSsDg<=za_h4awL)h{ zjTF5dqjRRl-AsikJipTps?!@rFz?&-dqRcdLO@Q_UZ-Nc6J~$A$iRZ?xXW))@Eko~ zoFnf~D5Xq$Eq%EuDtX<~$B4J^Ep!54$H{jmOconF z8a|c4uRJck=^B#)KG2h}$;g^VdM}QbqYbPdr<5K#XDv6WCv}6;(`x5{JA1~*+~`T( zh}bT|x>&9hKgQ7wJq2bS!<4MRwUuF?%1c=7FL$(eHW^NYIzAU}`1rd!-+$Zzra_bS zls>|p)iL$nkrnZ^?D{^*D$UNo4dWth*h^)%i=S7(iYRcaH`NuD2m_7jMyz-x+wxt# zcXsN-x@xYK)jz=l=+qHUSR)r*8mp2j$E*RsZZhoFF3wyIR}zMP0@jsnh#ciHPpXs@(dIQXh(p+BQI#lilyyHew}meDF{> zC5rNl$|9Dt80Q_ol167@97~)V=hD4UVpeHVpf!~zITAFq`}gf_;TPV?`9L&)&__zC0s2P204e|U|e%6 z$IRujFO5h{jX3p!wARd;?5>tmgtOnI{bY`b&xJIctaC>m7G=e&oD%uP5;cQod<7L4 zRAEkA6w}?4^vN$h_e8AMHUWL3lO)gz)N}_8+BS(4`cT6)3gBHpTG)P*Oao^VqK{Mc zd&I-;-e_{l6a3x`r+_SfBUQ0(?~D&bo91KBLaokMjLtmwr#?P{lCgmbpR%bc3}B)G zSRXP10NsP6R_I}HrC8)XfeLtIO^u-lS$s*gSL&vaJ&6@+CRhui38@0FoOq9>o?tT* ziSDud+*;z?%gfx4msyjSL31ZpU+0PqB-A30F^L?jw{ibGi!i7@ zPZs*h8&j9CBeNgE?P?y$V2HV@+zy+Vt3DPc8dCf^Ao+zT(FHdH^~S_E!F$Y6$!rg! zAGuluj4tzJLu-!joHCT=vH77aHsojre3T#KdEAg*-GNcJpP{fqIhCBz#klL^*w^Sh;Ni-827ZIGLAV5f^7+XZLk z3wHqsw(u1A#(h#P4#t-ge2ftxu+y&$cN0)BlU%MI7XeRj4q^>fu(y(~P2`kkd}vS+ zt*xr9!6O#_IO0FG2qwBxWOc;p2+GAg6k7P@H3<^qGCd+fpJ^_p{6uzW#Zta@`$y5_ zOYQV;OBm%HcQYmD@yxBNzS04uPK)Ey)AqB0-(8^ay~L?1^+_cEzMr19Qt3a%wL%FNY=`&PqrcW9l-eBxVbb0Svog$4$>LViOt{z+jERm0?zl z{Cf{pUwURdE9!(IwmbsKrHL{jGgJm1C>cHa|+k>lg1Y7i5uj*WiB6* z&`)1+(;htNqF1Azjh~+Ewi;I6M_DHf*$_f*lVEir{#q0e%r=%pG591AuZ8ml2WxBs zzYCB>X|-8(xPwS+!5-U#FJRV#MqsPijisjFi7qABomELJ@ma7eXs50H^p}9mW15RSeSLLd z0YmmHHLEqXcFEBQI!l177aY^g>K=y=yYfLMxuSCzg#+hi0;%R#R&d14z<>%FUab+! zLMDTZpz}*q%3YI6x-z=kjbLxPA$dZ4t=V+Ift+G)K>_4CgYdkSW9(fn$luwvTL7Vr zt}FAR^4Vf&w10_78XHjdDT?s|HBHhHciYm8pbrPMx{-$GtYe(qUGmk6n8AJ>{(cjr zJv7xRV4k}Fs~Ag z?UUo%ViA$H5n2HNp=vU_i2elzrP6Cyrr``B)o_LJqu6BJaU}f$)QUv+)7llh9z%ch zp5h>DfqM}0!CWl0d^sf7faa0I!L#|a^)4M_;!`UEWvKNb6z|5X^Y_kmOdVgex*BKe znPUY>m#%ORI4ezj#z?Avx)GD$ua9LjNDy^J6popf;latv%i4 zKiae9L;3%-C*Y^S=0B4-cHsXr^XL61^Kbk+^LLm3pZ3K5|C_`AllfhI+VaNXL6hR> zO2zX*8|qY`@W*aSs)3viu(RPe-JT6iFd26m-m!#aie`Fyw7fuXwz9k5NlzAg6ay|M z6Yx%6R*mDSego{PwnRZ@^b`#!wR918SKpLz9vcj!EH9kVIg_nN|8j~18i9z-S7kxq z;W-hKvz0-?jf{L1P;$G0P4x;&$oJe1Svv8FA(ZmY5XqG}o6pVtg)5<@g-!Km##A-= zbr|qS5`PuNN8^Gnm^wWVdAZYuVv2Anhi!A-VQrLx+hgw94X&<3!`{3dmDcM8EtB^kdJncerXZrtOq*`;!NAa+{H)V@yb7Qp&61I2cUI zHXnccKpp>JbiV@b!B!aL!_{WIPN?@8XYt)wMfboJM5=g;X*n%=<1Ws=RnloUTpw0j z;Qz7Vf7jt|iX6z1Vh?!vRRV-1?yV7#kGJ01WxdK=ra4w~FlNq>FW7Ry^p<4k86I!& zBKCa-eQ2`$Vuriewj^5LueN5k>;O&&PSwye8NUX>>J(olU!*n(bP$S%0g^UoSc~QA zbCsL^r(TtUS|C4nwJE5SBU?rcQTL*67wo}FJcNhU?TByTVYmkcH5%Ogw;TYlT((Ea zr4yX@G7iiybuXst&hpz@%o}SNVOQlwS75u89nGC#RCW1P9 z(4*$DSzdkZj=4JqT?vOv*3T=!0PQA#uxIRJBj zj5Z&|_h(a7%37>qqoSE~b?QQF^R89vDdNYvUaPmw+G67e*W67 zhwJc3{LN!#qb2MO!AR=g3Q67}SyD>K8?q!0gtxkw)hQaC+uIdjOno#AEhK7c+fv?( zSeK)*pauj8i7@%P;(tgeNdC5mpu+~>6Q>n5?}g)+~uBB z)6mamN;73*)u(uDLDOclir>s7=fz@0&D4z}Oy@1UqGoB5+^iL*$PZy#8t7dm_A_u< zoKHP^pXn}adDCfdI}gV$YDX_slV8;Itq()fiEf4xs((pBs20aVGCrS2>W2c1wbB^} z5#6B23Z&eQoXQt`5B>V#Q9sHObiz0zl1h5M#JD@88i98V=l2?nbBl^p32HLzMsN(2 zM;$^i^3O20kA{&p(k+lQ_->^KrTRUGc$_F1U#!*jsCb$_vcklU?LHB;1L8B-^@#5t z3;x=3n#Vwl*%nVYjxGU2*zWDY=nRojGJX%SqYrwHJYcKEw`=vqOC_jaUvkRCXECNEK=QSkd-hB^>E z1@@B0dbk;Ruqf?YDvTo74|s1s=v0mFz{?1XoA2IM-76<8FuLK5=jy|{lL7$h(*ruq z?@u|%_u5~llr8nyfoKw8@b@?yZ9F*^YAoCmScIUYxLQTcSR=DTS8$YIqnRlV(N6aK za_6xWz+y8#K$+E$)aN4F-zpq=1VtdWYsq-F!p)8YJ7WQxfOb9$>%xWoKqsm}nuZER zF;#@3lTb<~!NkB+Up#HBI+;}&hQIlpy!v7&OU*>P0VokEU~&c% ztq&~)?0Wl&18}l`*|ZmiiNG!A@dKV;ER!`5j+h6Ak;2ovpyzeS{>&bCN?NLgf-cyv zKmt`e>mX1a(lsGrMcolm5h1&(oQ3Ao(N`N9Rsz6n%|@8r>M{BdhKOXB#%@yN#QyX= z^PTBag#T2fetU^B=@u)G_MkGm{uL*Cu`Hkj%!1y1`?f z-*AFr0|2PvZY`#rn>l_4NwP! zwrjmRr29wrF83hvaJx z4lmqcKQv89dB~m*Z^05NENE!MrQ@)YCgwXdUQakm+p&S2-en3 z??1e-Ss|wtBuq-fQm?qfFZbouv~0Kp{GG?$Z!iSht#ik9Vf?gOSz3a{;Y_$or0ka- zvusaLUFD73Px?t`U3X}n5^zyjW1~1f)Bwf3!Y?^n9<^;qd7tO#&6F(c2{R>JPklvb znl*zWs*d&R$;!r&`$6r*JX)ItXshM7(M%(4L5J_`mKMp%0==*$!D>{rz%g887AO7(WdIFHw6625-w@vy;_@hndO^uT$bH@#UW5v*8IYAJI^8y=Nx|rZm1B}If=n$NuIoKF^bl?xLYSguKknlQ! z#Qky>w-sFi9fF4Bm5Pt62^-@I zS1GJ&Fi#QI|Ln;H79!}-j!{hdO>*?1CPI8w*;~&x3SqPdsNf(Dwyh5qBxrAvX1Ec&$9EM* z_P`@_nBrTWTJvN?VpZy1t(wbo4vdEuVNzHu_Umn8FywBQDUz0%JxlhrN3$hTk|31mjA`O=bbAPCr+5t_g9m!+{ zD{%vmC!dnFVr%Tjk&z4_mz86XpLK9ac4&<1-^G!MZW^1eqg#s0`&9-gS3p&z7@-s} zP3sM9YIjdKHBazjGzL`kTM@ zm(9q8233uC&a~ZLR_%I70;R#ziC+B*@p~9jZgLCts`iz=Pxo7j13Y{9Gvh6N`KjKq zrOhmD6g%%pyZo%V!lg|xb6#sszk{k)lc`ICg;kuWr!W4EdYvn6>XCmRXUd?C6|;oE z&epyI)k;AD&jJHgSsliTL~S@me*e792pE0b{B2wPKbhb6C!zn3%>SeEKbc?Tzcc^n z|Hs!m1qrq-UASf2wz_Py%eHOXRb94i+qP}nwr$8c&;(0QNO z6UP-Wcpf6C`U14HqD;8twe~ov9HT)6=$xrX|9zV_CR%2AYEpzMY12vG)3)^LN2sH- zo!r5ZM+{@NT^B{HmO&1}Nyxz@0$e0YI-GK7^xSpuQ>g)Rm$6mUp zKH|8mg4cB0%`s%lv5^5;Sy}xF+QbcfLQhV{q_LV&XJRG|swq?QV-Nn&whrI7q&`KC zk)Tzee%p)!DLX6D^OhEHR)3ejd|}}aXnsf(;X(^s+z0n>ZS&EDQuGf-+%++(b?iX~ zhM;?9_kGgENN0m(OVWl;>V&ImUzpjrWgg9~BP5gST(k71or4vGX!Y$;p7g1+MM|fGTK0`$b428fK_A%anbfm&Qt{PAM~W zgOMb<9gaTlh%I_esZ{&hFWgnQjN_w=TyweA9{Kv9((&&bD#hLxHMqKzqmAYO6aW^o zy`JO+cp)}Y?^n~634f&=r^Z>jGU^S8ESz#hUl=z0B09IP1EPZ;fpn>cxYZAhU<@d4 z`K8K$f~mdUkQmf%&B8+fNYLasd5o>zq7?b!BP(pTV=vd3(^UCk(-css#*|AVcg`SgpIP$1#T~0Z&$vvy!lr_cVwOqQlA8{*bvr!*H_FmHFbnKs85cL|?L)dIGXx_FO?NhzmPE71BZ-vYK zIR0{gD9M*EQ8VEnSY>Arz&u8=iP5LyjC`tqr;Uk+Lx;^?lJb?}X|5R#kCQRLeMDU} zr@SIeJJh%q{bXt1Kg?@%a#O9!IHS%KnC!G$L-rUQ9 zG(CTzz=RZCs*?-4&d=EbaZfiDFe+|lz@!bC*oLS~m zTy2LJL4q%8^k5~GmpFyyM}G~Qd6qQPde&Kra`c!Aoa2Y6uw9c$K=#Jz3D?PJY zHgp3ng2d|%tH2tTD~;Bmy~${JeTRRuCADNBWEvq}<+cA_T8by}l;uRFdAv~J;5N*H z%xg)zBzLf;7r}^H2G*ZwCu39tK^TNH76_TPrvsYFjyHyn9dRdO6GniDz-xjZO!UP# z`Bk4rozAt#0@Tlv*7L2pC>E<`?A>eRp<>yN7T1r>4Lk4KlYAZ5E&5#dp$TfdJx5@m}lHA;>d zi{Sil9f`DbbU-KO<c z89b$JML0TLeRH-a#vsf5&8@Ummnk4BX7nTg3viDGe}@6RXy2cM5Sg@!wS(z(hvKF_ zy%7{aF|1wrsG3YS#FZ!5T}+Qs_NsV4U0;9pX=Q z$Mwm?fo{A;9~2u-6E#&4u;pjPe90!qBED}sm*Paw&q5D4OL$7aDoSrjiH@+FRF-oS zGbcYqvg{)zCoB2E{KTpfWQ_SnqIJ1g zFvldf0pK6&f`KG6k9dW zTz4lh)B@ysBiF3iVMmRGt=M=z0$t92lirV}9ROrDYNA_0m`c`g=EqSXZWRrhzu14m zc+Cub54bI_p4I8qRpazSg+?ED@HX-ALBCWW|InE285-CVt4w;s=Wpb_fW}?u6mjt@ z5xC_*HKe7A7|;6sAk+eWq3NlJMh%RpAC@{S&Skx`sU><3`&T=?&HSnu1$WAPqc>@F zPUb$C`(`|gBNHYUYN3;>f&+zXZxV$X(mhUx5+8wd*0cyI6fTiH8qx_QHc;(~ zti|o~_NF9>LE2sx^nPx`Sjnl*5hz&oVQXh5*6vn7=DP@_(y6_>kpm{_nO6c%5LUta z+n8MpvHBvr!8HmkowI&8>NiAGtuJnYc&F9lM(EADmWJEOEpJdZ<+%p%@V#tVIMD+2 z7X$=Ox5yO~a*?NwH3UnqDAbZ(r1Ye%d-=1`#e>BR79JjYX6B8nyBhy%doW)}f3gEk za4GyzY~P!J5!%YG!CB{#z}KsRx%Bqx5EZT?Xqy|gbSzL=5B!jw(){GX$*ryQOyM*i zKfp|#VykdH1QJqj;jx61>!9_?SkiAz2FXKO$YX9Ucc~)DQ4c*3uJ(xL0pe6cOW7js6lG-D{_M*GV@gS6QyAk8ru$8&ceuT|O%tv}?W-*B5` zI>wnl*lF1-)$dsa(CrXcFb`61bmtgrv;4@?64ID0&L-&Vh0Arhnf9E0WEVLQ)c0Dz zk}c!IqHWrG#1rH96LjmQI#JG#>Ua|!263@7~0VXz==R8PL*r> zw*r>glzA}2^lQo|ioCIQFSkn1>cNCRCH#XlJY*5oJ1IGhB z>akXVF@crs`%s1kw95=+s7ObO|Ps=zi1P zpQcdtyNXW$Kvc>nf z6EhzI<}2b%w~U>p2#(TPT5=>4dr}3tSDKn#*s5)cdbRO_3X_3aV$~~D-7znbvnSCa z5LnkCtvB}ib>*g)Mk5+2)Z@&q5%Sm>$EQM^M|Z-~&8Y5|8Kh#U@bcl{38Emq(Ppi0 z55jmvb>Lc22vZ~&%D7S(LJ=&-|ACcOZ_5 ze3a+AB-tS1N(w9FhqK(UqDbHdM)}q4a!g8TO9aVC#3M#sb(&)Du>32sCX5Fax)jBF zU$FAWY*5SjnQ#kaFR4XJ<`+!SA-?!kU~I73@+C6WpZD< zx3-l+GB?MtOIryUDZx8RejZ~p0OtGS6Je%YP!w9;^rhvZb-?}}Wr(JiKxDac-H4Kz za5eNbkC@5L<>Z8|gYWl!-`t8oRu*W1D<{c*GUDOwNCb=&VH{{nqyll4%8z@VSDGY~ zU0Z;;lL;N`j6OGB=dTtzJcwTk&1Rgz@PkK`k{j2`NSU8KbeV4MT*@BQ@ac-pZ4--7 zKuo>)lZo^oIAZVbCht4*3O_$PGNfCWRf!!1IYBt?DlH+t)vy`Ztv=B1`S`>s#2TC+ zk8w&byy6D0U(s*Jy^)Ydb&;p7_eYFr5H2Z@KN~Lx8oG4kB}71VR?qY{$^8|Bi+fpT zpEl9@5k&PhsvXev7>`whBL{x&95<&H9!j_~D@(CBwmz9KoVvdXe=8y8VE25BCyGla z@J)IJZS=l+Vhc@T(4u!0_in-zD`zRIl@})TdIxmTK6SI7k5VrB$Sh8X*TawXIlQ;X=&sA^gG40U-85efSJ^YfulkSuMQb zJ>6h*<{QiIDTb~YE9JUUXYEH}p&G826fh_I!_(@+IV8jU6?4S{ypE~_bUXIW_tKoiFN-PQ<=7WX3LM@z+qYz{*< zYdZ&;2TF>6)bqt0Qh^wyry$IAP#LafE|AS>`^z)lAl71g$kLJF`OBeKWfZ zmo2<1JzGc5oH&z5T9Bx{X!aBcd5Cd)SDnL;r6CjJZow{08=A-}tB$xYa|liIp}G5-6P~e= zPGix20#XTtyK5x;LMh;>Z={<<`pnilA?>ZRL1} z#znZfoZ!8eLS53ye1#x!K$&zQ@N>pHZsYz*ROh8HifO#gc7`PIjX~n^-V&n*$P&6f z*%?{0cPH}!+6U*l_uiw0duGqiF*00_j-yA1*lFuOU)xB*>Z&0xiu^~mE_r}2TjuG2 zsvnbf#iSERY#_dB6v$a?L_smB_7iUeKz!d5h@jpT3nS8k%d(EBme+a~mTYj=LatwM`oUgUfc3DJBOg7>Y8m@t1 zyNcB~$=^Yq5}2D&a4^iR_EQ`XlrY?C=~}QTjBhP6LvOP3LSZt)MrDW9J-R_k-FK zJh6tDx@;-=N`VudDCw^xwljcl$ow+N*~1JTVDG~WjOoznTV_kR$-|-#*Q5;NhtY65 z2+)@v{dz?YiI{B^O-0Lw+kiKKO#<2k-H>qA1g)THu(`{#a+l&gi9Co}TTPe%dKNY^ zv*(cX+0=s{*iBuU(qCZ_X17?`ylv&Ub|ljSiZJEt06f?qVx0?;9Z|)J4KwD0t%S{A zq!U3mPQHMVG8A@UeLZannjYmJf>%4FMu1)6QTDn|Pk~dCS-dGy0iR0*O}^i^&q=GNo)nyF-Ob+Ys>( zHN>&9qpd>NDvUSIIs$W>%a>I}{xn^#{2yy@D&rN$hOa!x&V#CPCR#>Dmp6wWHcF)s zqY;`WyVa68@jzKvf~$;h0>GSq)lujs9@I2x3#_J0eGP{4JJfW^b7k+N^hLJTJi>+ zo%$I%aF4|Zk~b7R`9Z3L1M?t)=+hxiz*#=bpoHRDEmiKPBd@(pku+5PbCjtp+D>Z{ z4nK)4NiuHc;3gNXNp|?Ch`|J+<5_6Q+sHisn*!rkA3ijvnsq)aCHZ3yu~iUkgLTk? zL6HlB~R)p)y^q@Uu=w$S<>{9uJRM)nkze-?_ku%QXUA} zRccXsQ{_Lwvw3_&^A9p;cJq-k1*=xkf>yHEWLLk<0Ec|31|q)oDlVP`#qGp}49P*B zcMlH%n<487Q?~^m*5e|s;g5MT%8W=+oNyL5kP-EfVG&iY&v%QVe2WKLC(@@=h?{k+ zzb5=|TxkTQYjD(M>0ChhpJO+9e=4Ug1B|_<5ybq|s+mhVQmt?OPrRd^Pbc;(@!SZ}$-RAmwJum^gi?h3dLpKvbaf~vwRj8n!Y4uEio zw1t5T$!cF_yowU{6N6Y|@dg?lmxg5NlHUA=O`eq1YsFnwteT+8iK>j@7 zMHhlKUfMZVkT!s300i#Si7Mp9n2Mp@xO?Vtj-)OVk$S=IdBJuJ5xpa-mYjir%tNz3#zD9!Lgw05bU z{uE9`ZKtU9ox5m3GHgzmmKD6n;IeN`p4VzADusj6bj%R6yQGxfCM+t z+nuD4yFug?0zjAmbkn%_ALjS<{x|dQru~=s9fAJK{6GNz`1$!UrId1gDqPE)$nPj( z(q%2amV?h7%`b)CIsk8xbptEj-HIN$rO+J`N=xaEV}rw>LpnMJlNKai?gFFyZFoZKA5Dt55f3^-z)movTlV_uE7{5QYjy;t*)~Ll zd}89PVi2d~%(aA?87#fpFN~D)l|t_NdtWf!*;$xwtwEM?Jq z2&kTs6nbX5%TgQdvMM#wVvx5s1jv6p(X`3&9jKC))a@(mvRa!iK(+ds?L1TtA<B$VJWK>UZ_ZBlirZ1B7Kv4cHxt0r|$dB440RhY`*BAqhs#WvBZ5 z3Sr;-otMGUA5{dYv2fM5U~?ri6-rw)_TkN{vVS@Os;TZY|Josd)R0D%yrT3%1*Ap7 zBe9u>nA*dB9|TN_5zNXa0s`fpn5G3+%aFJ?NL)VRoS<d>LanYaV2djU?}^uQLRsm-)e zFE`?L^s_n}z23nreJ72yWg*}{RSV&Eu00C|((^aqN_E7#3&rXZ&7?f`8$O~xC|V$& zhsrn{ed22;1z$2$lPcv~Py_}9{p7M1VZk+n4N83E>CU)}m6DLh&0pg@)%3 z-p-@I*RD(m`tPba8d@5{6YE(wG_lZh!0xMk;lbVTc!3!fz{Eg!wNV|P>bBb+?hkv`?e-dN4b*? zwYFBC5lCG-U^9j(S#MWV2tn*>10M=jp#n|@sM4Z}3-mh!u%GOcD2TxwscSO)zJ)#s ztH?t>pc8!o7NKdDwtvmAEk5G%2*bscn!fl<&lnMJIV>01$m+-*%(?X)pM_`_fgh2OO0&udwMN63vZ%kZq?srn#WUE`6YOl*>e&oXn)G%5E>j& zl-Q45@&j{C0yj!{(!ox1@D(?*@Z=F)HMgf8*5RWsO1j{Le`Dk!kKhgbv5pxPJh3#y zj<%>Ny$^H|?7A0rILyg1+$8u)J*7;9;gxc8G}-OIJ{R{B2Qfe><8+-U;QPC+pnav` zkY5HqI2Lpj>Ln-dty5z-kk>6-0GMyZP|gWGThdmTr6c47Gq?jY?zR$Bil*L5GSNW` zvKR$9*Ug{am)x)sW*Pu+*i>+<S**qk4|{RJ+Ge8-TOQ>*=2x%Y zOfI`R)asA@*z1l5G{ETiZu0;T?z3DqrIlI`*`axZyAep4X?eYv#e?7^NKNV;n)`UV z44ro?+l)+fkDLl2<85%{GFk7E36!DaP5C}vP6FXMgb#-6d~DwHxgYCm2`xP~o6Utq z2fi#EI;_4`Zt%V>pVvfV=d_iuIv}#l^JPEu$b&S)v85tV!dWM`GI~@B)aSr!FvQ(v z7GtLUusTDg2pG@8-e)zm{x?J}fJMO*8kH8z)Xt*yKX1t^ITQfr-#+a>=l@^%5vh$! z{;B-VH2<#r#{&PY{1SHmuKWzSs;Xwc0yO57G#r2-y8`q&J3bByH_@2!*YT;ghd$x6 zDq#c$#U)zwZbsIX0zbYjymUt$YS+QGPwJ`qMiNxwuns-~ToIEuwj&tPSm@uZBz}fv zYS9e84#9dCfOWYW%c6uo_kM+hAjHTas%AO?dnG%RXPcdF%2KU}utqdmLP5>vF#!9Y z?jpMMBnO;>{&hpSsWl#R)T|i;tP0V_I$F`-#6mLcn6qzYTR%7u0j6+PO?lqcCKjgZ z&%1`JuQR+7DCS?lR50BK6G)^gyP8m?=OrgP-z)*p*-J)8IOixn_k3}3$qwJfD=b?% z(<6}Wg_-(tOk~gjZ(A_Qh-EGV+@thv;_6RsSQc9bO7FuE!dtouN6B05Wa3oBX&@^# zt|b>5T7YK(PdAM@bnu?b+8@$w>Wogw(t|P~f=)$>OsUgASgD+FB ztI^t@KJaLdGKEatmOxjZN*j<@Q?qgacis6oha%hLfhjVxmrWEz#CoE*?$$P=dihwh zT&u(dtDkzxY~HCeF-JW0rp?Ikj4!W^`Rr8GSW?3x%L=Np2s#~qql0ls3s>)~jQ!2$ z0OKhz-TT7;qg&89a+OGj={-iPAb(7e+owy(;l6vUwh7FHfA1rD(^70yFNQYZP8O2cm0#t8`L^!u?=KDeB;!R(n#K`87yhS>nkChJ1Q>QJWT7!B z#sf=QIIB~`XS6MD{4wwohTA?YVil8hh#uw?j#x+EeDVBH};Pa}Qn_@DYBOE81hKQl4k3NDgFl>$IB zK@X!DRGHu|ctAF48&cL~$1_5{-rfe}+&Bt}M2|NqiW&>|xl|b4H4=PoLbJ3Fh0fx7 zZdwYijnC2((WXT;f#uBC8hzRVtt&h(!L9c^Hq9IU{S4v5`RJhAOG$cGq+}QQQv_$u zz@MJF!?Z<2P;98C(Yu{QEBV`}=^M>1H&`Sj=w9+?ye0b&H- zM5ylM;@ykB2qaCl{6YH?@vH5`>u~trx?>q+eAbSe)}*~RZA{jrW6Wf2l0=I`R6IB= z-G$z|y&mfdgg0AiW8KRLbA9uQ(THFqyy|y^wme|ED)j|%R@F-pyCM|upH16N!@2fZ ziYO5CD2-ZBDch25kyUc-G<9SiEx^bmgBjKj{W!jJKoFN9m19@LxKtQ&F2U8rLtyVc zIjic8vQ?%Q(3dL&LUw39jCD_16x5kLY~N71DccaMfZ!B>F;tw)dNn1m9uBt?dqNO> zS$UqCr7jUUZgkdGfjql+Y~Ul#=Jh_xCNOZObEx{p0BM@x8lCc$&+WmUX%5CTp-_i> zvu_oAH^$)QQCpFbXgwR)Quh_p9s0)=p*fo46Jh<^+71*9V%O{H!`2s{nuzj4)0`?- zR92ShA7TZ^LkP2g?G0jKDuph&n4U#h_`fdKuFGi@K@z5Y^iE2I`jSk>rcOIBXcD2n z7TUE%tW~!@)24TEK2#8AA8bwg{$>eF$;~$ridf8AKu0G{2k#4g@&87WQlt(z*v@%= zCMuLwqnDxEFQ}#7g@|`9e`s3c7kdNr%;E|(XZ1(CTT73;z+NiOtDo4T%=_Cl_K^)be+j85P|zAqllC}I#Q$we-fhg$ArC$Lj_ zqzW&HFHpQ>d~-{Z@rQhr>*+&3KFzJH5@B@(t6xRN0fOe4BeFOyT!~@Aj7?fFvFJX1 zMyJF)pBcJXqBgBfmW}`vbc{sl=A6W=rcTzUt{BC}n!EE~oH+WFssNk^vT1}s+JI!u z!qpi8uZX5(%Ru*yIlYIWYLI!)MiHCmr1Wjk4O#6F(e=-6*jbJ-CI9|b4j&L_J`D5- z99f?@3XlTbabwM04y?j~;0?UQX{uowwOFlLJR(CIeY~$mXVs=$Bg!~ycOh2O*L3QG zBZDtwZ6PmhCkiqvz~6g>DLW`Vp`#kPgWY{tcHt(kN2|{U%CT7x@C%^PfUBBJ16xTH z1@Bfh2NucT(>a(BHPhLb%t2OIA6MOzl$Iy`{jpNS^l>=Q6ID!ft-jzqxI!5NEceCd zPdFS5yJz!IA=NkpBuHzT1?P<|XbiQe?6JGoiYRT(92T?PVm(AOIR7h>^@v6ZYa%;N zLzeED!H193vqm;9Edu&$gM1RJj`d`)-$z_p4ocfFKCfg7$ji4^UayDN#;{+_KoHy8 zwje5LyPu39z9KNM>r@V2M(f*XRG5!4q7a;^un;u3VC0u^>LKV5BdZLIe~E2iI#*tt z*0g5kF3z&(oA!{m2K!QCS$K;HIc4nwDADKiG-1n@BufNY-RhAhcpD%A}+n( zrKF($bnR<@XZz2l@dzHA?owZGi=L(|gScixc-_(l3wX(vm-daMPV4bFi2F*iJx-5`&Eg+kKmygyk#XXk zXiQcom16Ed0lJ3{eW$7kaT4_o#(>Jut>2g*Jx* zN)oE%gReB4;D-|Z8jTIEsCWxj14;J3n}@X+!iQoj5vcSf8lfK-sE2r7GW`To*!ZXv zhUXjsq#jXAxfZzfAOKcI@Do=^+HT{&rCAV}owN)X*Vstg8Q@h0Hf@VPuv4a~yG@D* zrqN{|Pf!?#!C;4LPI2(?S`tQl0Y@x@Aq2+?OWjT?c_=d00Icv_8mwn&5tEvN#Gk8-8}l5f z!F>tLaTLYy^nW2B?Xq;nNc|GJ2B(|B?9e%b5! zej{~!(9aVqna#-Phqvgdc?XFzm2zmI?_63mm9zO3Lx_E<*#Lfv~)c_l7dW7vyeC}Yto}6&lq_3J1Rv%>{_^OVr>X` z_~oyB3E`a&ch3aBqm;*;%h!-RRQR1O92B6kB8$;DN0`0UXz0isSYSh=1cD3ShF#Cx z_hBC?sMFm)IEKoubai)*og2P6`CcwVv^UcQ+ncIgF(iy%$LegM^U<2(O+OFVJmnj2QAFPru*O5_nDqBIs% zxnFluYsCudI4pY10Duzcr_H?&$NLHTJaxk0oqQaV18lX8r1`Bo$apV!u}*k>3F7V# zVesw;i`r8fX{tfjbZ;QYqb7HrphHbkd;R9#+;;`j@}Kck$ak3l7r!P)$Z;Pb=zH*Q z8JfF+t~O2d&lPO+B5bGMsvtA)1e)@C{L4j)qTaqLjLi?Y1t)b2XKQa^d8|5wVB;Yo zfCD&(1oLj@(BXER5M$Ru0kt6Z48F;vM6lI>_hh&MrR@CLOx#HPLTc%xT?LQ7Hei>J zE}cK0OCQg~u>i@>{${W&hzndW79PE}2;U3Kxr63;WEYef2ZH=Y$vDTuA2ydZ-uEgk z^03{c)A;Fra8V3Wr;xez83hdECUKn#7}DIFY|uco3)e-y$f#U_j)?fKJ=ad!`tmhU z!1hWN#@iThb+?!GPcRhFq1{Fn@jD^5`ny2+0dciBL2KI8PjlhxT6+7k{c!PNXa*eN zOl;u_D5ol{Q7Kxc=j@;-%laz5bTH@2w*6WDeruAaSs^wrs2@&vGCd)a>HwpLdD>3mnXTCyUo}{p_Zn^r~Kz7jM@srT%F*S zqR9H({SmEo-FpYUwqLSgqa&50`(DaMt&cENVB^s zKeEB65*lv}NiNpkG)smZb)DVifD(_%xrMJHTjV)@+MWdTNa*&+}YB9T;S%CQ&6 z0e2ke?Jz5Uv&S3M9fVj9)kum}Hj=f;Ft?N(o2s*Q{f4{LHHH0FZ!q;;9#LZS93!O| zn2;r5@l;Q=W5GgJ&s@@4b=bNt zTp|Y1cprQU|4z;L~5hKOC)Rp z5F4Cn*&(70X<5XgwyGbh*Xa<+OM&rsLctG&p+PJ{MID`Y4)h$4@HB_c(BoA>Vfr}!6rNeA9 zgqkPos%^eX;EO`($^*Ob70#AAyyf?KZJ_h%q3){+^s3TN-~H0N>L8v=)u4?g3?$uy zE%i1nEeg!1yu30huzYw?l{DHU>!%Xc?yj#h^}a3|H#y$H-5`DBICd!rKSu{fgZF=w z6atF>smka5N0k@+zpDHT$6rI;_ z@n3DmR`uW73{FdcZ}?pb*RUfYbrnF01`ykP)KxBRA1cyQX1Hcx1xJ`7S9ZPoclwgT zhQxvtqh*UY4GP9Ih;V2)>lfL8wn}J2xv~1~eXl^dWQ4MMb3h7qg! zGkh)kR#NO>gYX910Ia4A)fR*cT2^_X*>CmGj>JoBwi5nqK1G~k4dV>h9ku{?6aMNN zJD-P;gsGli@0-% zEgwota6PEG#SyUY&whTZjGYR)JQc}hMsc?|LA6(j+Oo>%*V{p4<)f1I%;yCo1}*IO z%BQp9rEk~{$$FqQiRJTUo?sytL$_2b0y^Y3y1pbhMcKt)8aJ20m04~~X+o@hb6i2c zy1G87>^#|Rpbh~E%%Y13M9z9IV}+B@oBcA#pCH>MwF}hCoCX(iUnzJwJ!4INagL?3 zcYA@=cf$DPg>1WKo)Qp%)^4PgKwO141FBv+3mjA{c3(H178#Apg?#`(DCo~u7P_A^ z#AQZ@$BYi{P0hY#b1U5lT+eich9-3l=a&$ZU7 zn&z}doxhh&V8)z~PKMLf&15On=6nNQf+B@+P>uI)LD=AfD4^hKl&%E)X=R0sH7?)t z;IYjqc1-B=C&QE?;i+tV{A2n(_Q?*NNt$zxKykZjx)Hq=DRXCU)$#mLpJp7jpvSbp==0%YY|M z)a)!k4rL5(@>MHZ4A4$Aj7z0p5_o)_p12x+*4kTYi=iT|ScwocfIP^Ira>)s2qS83 zqpN0OfpVd=RZu)2yZ8B^t)O@~60T$n45J6>+XZI?B^&qROw(mzaNWE#QtlMuBzWBo zrRB!sLa_7DHc^odB+UIZexO?!Qx2!9v_L55;6S2R^-4-~GB({29K~!p>MqQS4mm3^$VO!I+fwnfVhp73vh2%%h?82#-+>&7{&_XWPAqD~3)+5Q!GxMA0O zm(Bx4&NL!pq7v|d}Emkv5&&`~vPctvEkuxZ7O-vYzKH4Drf@w5X3`%_t>nQk9SNfkL z;o0LzXgNu^vO!sV+{D7T%0w96K;JNWM9BNF$I$OPUQC~*?kU1TiU*@Zjj-x)@0F44 z^bm9Jw~YId8$+j62wcimG4W;QauSTA_k({L-`-dNjt>eo5J#NTxl`fCC1Wz~ggAZi z($iqs&+wPO^(uqlWfh4vfybG}5i)b{FVU_%erB`Hld7g}v)ZW7*{!6KhT@;wI}7}p zm;zCtgD#Q7BjFS<5=48lg@hX>x-04cYYQ5G=po0~eCPPx)xY@H8UV07LdDYk&Spab zPlWwF&Q%h-LdWVCZ%p%i3lE8-XVP*c5tH_W`GUy4#Ik@LcP_wq?=ZiL!&VaaT z6_scn%_|JYMQPf@f zh927(0Lv_(xO0Qf17A0s=MVSLXsYk%U37^dp4<|aA`9lp0!im!I<{fbv!7KgYlTnb zdaCUoO)k!!3xEah9c#LGfJyAjEv?C>o%hNsw&Jce!EYl!;1hD~4P|Lb5+g+;*}F~I z2UWku7ulH5zUtwvRc!XbK$kE?J0&-BhB!D3VNvn1b7je_x_o)fDLMsOw~=q3qHc;km{FbvfLcaxx6kO_&x$aAmM1HTjmbm8XffZ~cO!*vBU0 z9N5ox2l?f)_!wV}a1-KfgH4k*zboRuX5Kq1iQuZ7sdE?^i%Ayc{9~T|p|@76B$=uc zBYmgY>M<&_BpJOuGelD%mU=H@p5 z)~IY!hZfk8!PRoRMPrTEyJc@iRTcZPrcAO;56h@aw)P-ht*R&-Lp)f-vz1@tqbh~3 z#!ULn1l7Wk0HIkM;^JU9N$#Y5%;fxMfsus%)X3WapQ@Tcl-%IzOg_9=9 zAn@5#AqO+rL5Dq3{y;ER)>~~v%b8znfJHC3rm5IhknXQqIzB@95DkuSNuy2-h!6Z) zA#aiW)t(HY>S+$jfe?PVb6k>vMdYhjpb|vVXqcMygak1n-b_l66L&sFHRm z-S~?6=1dXFXKexx1&wR*LXH@C?K{0JF4&?mdQQcb{0CjWANQ)(>Rgd3O6vVP{&yh9 zv=y*n<*q;HfWYl|^h zwMQ(wvQbi3!3#TongjK)JxDB<%MwjAk@L++3w`2*xqk>< z;V+^84=2vw`Pjb`x4-`n^REMi{lom6=>M1bwJHB+KeqBe{aA{BG5_D&{>%LSJO5^W z#tWIiqVx-i;Amo5Abr?WJKDhK9X$Sk=#y-y_i^(THv)(|l^&N3Jk^b#@Y*(c8eTkG zr!{9)2oUd9%F?vSOC6fM9PyT5NYSLbiRLPJu1mjF_{=-+hwNS+n3q~oCf&Gh4Q3D% zi!o&tp1$G=cr}V-4ZqfD%9UoV@gkW}{(@(iU<>g^Nwr7XN>pI4j-U43q7dFkj$Gw+ zTh$`|=^M$?e$`0SS+L6j%jKLVXs_}f4Hg-QI=3$OtIMmvaL2Y^Eh!>Wr+uHQ?;UO=vg!|k=t`lolO z?Ju-7Qjl7Xx~xhK**?TnruNynRQbZBxs=;n;FQj}QsI~x6AGP}Zx71xZ(($N?M+Cc z`?$-*UJAh`Q4!X?_d0fJs9t(df!xDMw%qe*@{FqUJ;%aB*{(y5=i`Xuuf#Zy`F3Z` z-SwF9?OI7lTY~<4;q>6*CZN8+m9yXyZ&&LX({f*$x_x zyjzvM{y9(n8&pncUT5MM3dqHP-x~)hTP^FYkr(R7`!8vrYD@rpO;};11OCm3yPUXs zPmNqNuIXhqk-`+qL@_URe~QpFUu{NaU-3B9K19r6$J1=vi1S0mK~B9>r13Ws>}=j# zG^XW^!0#PC^Z*Yz7%g_6vF=(wLd3f?blbQN@!Fn)JAAx4Nn9NL3iOA7souoO@q5Wk z1-z%bP2~`)z1IR;GeGPO+ag|NCyBDE_D(@TJz!HcIL4gIsHvO!_mDP?X9^Lo z8oOC1>wG=mocqFrGzFb1JI|Oi>Zv}mNEnIdq&>Tu_er_=B>-}J#TY6ZlmB`fY{|wx zer1u~NPiZODkeCJ$XiRZL0!-Of?KZN+33rp9#)&xgjc=`y*^Oy^P+R_A&Gq~n`!DK z)uu7*h;suvr(FH*H`&l;jD?MqK!Q=!Pmp;p$$&hd3=0I$SrQIp0KURmh;^9*tXPA3 ztBo`d;ecbTVXsTYLs^V)mt$giYDM`XRn-ZOG%deYcG?u5z0X)=Ryv$vLJu7y_V8)o z2@pVkRa7+~(4ZN0F-BT6)%JbA`jY}h;J(~(Z0b0tFEm3*f=L#kuGs1oK5z%SIZM|< zuMa29P{BGNKS+*u^Wc5Oj61>YUPkO0yUPkf7G5~i(Rx|42g=vuJ+b9r?DYweRdiOt zAsa9X(j+b2-U!rB0~S+f=XO%JOq=wm)?iJvTZ(ING(sU8y3!yv=bS6S1l|y9y=I#* zyv|lS{UASG&AxXey0WyGmNPP-Vy6~_Z*``3{5*;JH_Vq~Vv&utej0fXy<;1^_DnFr zDs3pI{Lo&1<3^ySR>D`Z7~m~C_bdD}WSKCieecRl$U_UC2dc*Ysak@h?%w|nR8tbB zPxl##En=wTXXlp;balL>rcUUlUJN?^qmV+Q+ORpa13uz#qk!e_Z8Sh7lIDsHPx zv5=zqM(Z1@Q&w&%pd*~9YayhM1l~_^S*;O^t2pT`kNFq^vC(0h92U&0SX%QG@?YV1 zNHc)z<-Z=BkC~L)Yyyy)DvfYh!RHeBz=6I#bMIRe)HRGH7IvBMVUVgzjYqDX#T~oe z4o-e{7ef%8-YxJD9wKZP56@KTDn(Tk4v)w z&aWIAc{bs_aj7zEr2+%SxGuAOs@XQs!PNG!Zb{|HB0sW*TT-mO(Xg%d=#VyyrEk*A z`~|3AWv8zNgwp5><~P|15zA?NXk)0oHyTmb_NpmYgzr`jJ#j-aI4aL-xmQ5t7m;f+ zyzAF@SaI~L_|O@DFpqz3crdX8v970lR1>v*;T@mw%ymDm2lNgOL(uQ3>)-oT0+H#kD45y1E14iBg5AL1ZFiwzF&P z?HIdb+6V~YQc_ySH(XtfsHd@7=pSyR%J=C7#3-o`#zg=I34iP7@WVBLA{;(aL{JYj zL53VD^D8p*7tN1@v78Nhh9$KC(JU3o-&O1kGUuM@1SqxaD^|M%GgM%G3on~_HrUWg zaHtL@nPk%8OSO;db5ZG{nUD*v(ST+Veb--r!S$Afb1I8b)v&f5lUWHKxV8TMOj$Pi zsRDDvsC!5*-{!X5i7Yr$+* zCyB4WrdUcOg8UUzifj<}aHXuP^PaV|GPv}pp}Z_@9tHAS?pdHwB^%>e2I!>C0%>5v zGT(Yd_^x|F8;j976Z@e&ESIz>>tigWXuhRhD+V%pJn1?yOK0X^3dU`ZInngi!a9ZI zjuBOKAmF<$_q*BZN+n}X$6VVo;V9J9DKigeI8H)Tfw4M!j-)0FU6(i9!VSjrS5kr2 zw&3SxTvTiSekhbQ)O6;Uaw0-`2j*qzg)bHg+&y=!qjSC_AsAaI zN<=5$&_XL`mM~)-@2QUf3Y%xQ>Jx=D)1rAhRf4jhA3C=6_!ADQ+ACLL#_- zU9B7K>(%vYfs$KJ%bLplupP7$o`M_<&8tL-POFo3Qc3ecID5|hioAgcPNq~6jx{&< zlD z>0Kpt5ZALFNO4*`#$&nmd9}aXotJCwTTJ(;kDUM}UJAAG7Aet6_A|Y!>|^5cT21x2y|Q~a(^>Vo(#w%=g!YVi=auHSR}0x8q^9qb0v2F^ zdeU%3Z_NY$h*!lzG#nLI!c#<-ueMBbEuoASMR7r@#w&i_#g8Vzqz!QMnr^j=%B-i6 zt#I_T1NsK=5BkA`J0sMWqz*$=4?h+ehYwZQ=_r)hfy{_=`03Sd*CbAgI5?b9llM-S zpAy}Z`rFu`3(jc=pKHpn2q*n%g?A_I7!Sno&b+FxNaqnhuq%{`b7TW}Pq@d1FAZ!c==E=(`#E*MZtmD}IEanHI%ZHKQ z%;3nstX@R$geT<#jVV-~V3#(Q2&N-h^Q12950(TwNmi6GssN|(ub11$N8ZqMJLBJH?IX8!vQn9cqmztuzu@E878GLz!B<+xY=!sn_K89(4%Dey6 zD+qEII1Tpco*|X&#H{55S74@XIB#}$*mV=P1UjZv@q$&tQKh0^0hH6V@NFk!MXg-* zyFm8UO8`0Rv~%T#|8CI0t*FpSG@<~g8P$O>c`$%WN;nw4c}CIEoOpRLA#tEm3sTW> zy^3XZvl7D!wFoJs_>;+?7!K1(gl#Vl&%PH{nEZ9VBt!0Y{PW88@Fz&V1VIc>G^LDf zA2v0@Z%=~P)D6t5U6jr5g$$@Tta!ox$O=B+ zbe+i-BUMxNRCwYiJkeX)t!9pQKv2SPaUz>q>^t}oD=ngidj+w6qHZJWa3=LBCqs~T zY2gi&knd^J7IG0Kbw*rD-71c1o}B5!V^*2<+n3w-?_e?kiOpF*+7gHR@N7m$ks!ZE zgX;NaCgl-lu9&C_LStVedHOB4`^aN#)@%`BPxjPx_Ytcya5aV+>3%=6^xwZ; zbq7KMEWJGp#)PQ)j6YTH=jXvNFnrc_hR=-M6pD?8>ib1!2Mii*G_16ISrEC+s?T7E zE3(tUcJ0ck__AUK`JZl6D#DsmHfglb?v+A;m)vcy_M9HcLrurZkwwJU_htq1t9|&^ z8a763)my;)%|qjd$!LS9V=_a3aK@qdp&Xa~urTIgy7K#$>6Z$Q6lfkrm3H1hA#59+ zARD;0d`)WAB0ds=@4DVTiR46_it^Vf9P6NK}9awChpZeQWQc3%!8a})} z-ERSr4{ASagIYOGwTLYQ79v-*otupDIEc0ewfH4!FBPtF z?#iYK53qqX5ljC2X-JouHAhy%xe%*JM_~|Ot5cbRZj_q;()f>vaKF=s1L`sc4V*+tx&F z&z=vn+IitW-d#N`y}0WJ8QS7hHw4b6s!2rlQ_*Ta&*Jt;NMoL3;I8;P^A(Eit#}1Y0ChYw6>J>`^ic1M>*&dCBXUFU;%8N@DN-b?(c*T z%?0a%AFiv+VJOD&-Y37`O0(Bw`*l)%QTVd;%}K=f8^m^JPnx``4Hj#w%8wxpU2LNZ z-tW~YqJ0W;mPdS6K;p{aM3q0?-kW8j=nVI!*{hUjV(m9A<=~Tr94n8(km7)7=?c zq#EVzn4oNYT3U@b&~486puWb~Q!$zlb+#MHu6jMJpHb6Cs4j=W8Yd(7NR-zaDK2Ps z#1D2f35Trg6VEQtgAXJuL*<1esw{a0Q|o`90!!RMyXC74&e29c4e2H6q?&aUsgsdJ zVoz1s$}E?e&U!@C!BJpUGAUq1;&8RKCf9GWCStn?3#>~_+LKkTsW@GaoF3VH6giA_ zrCnTNyt;dN5!j5}d%PM&iyZwsF$C?-yed?NVdNMcQZ4R^-gA>WC_2BR+v)YYM;~z> zXHh*zNr7&zSVATDGJs5$SMIoT5K}cynwq&u9*a}_cR|2Nnci42^xQwH?@6#*C>4NB zqQY13Y-zWZi`9`1I~^csSVl|)4fk|`a%itma7l1-{WeKxcyM&@U?0RxM4l6}New~I zc5?V!t#rWfuabPbv);zvzmg=TrYxJTb&%(e8h>Z0_vJ0C3e7cS;CcGH zet2OP4)~&>Vw~UAbRMwdk$BZbs>vc$Pv?mmDYQcGQqGT3nZBnbdobcYN)qS3=aFdK z!^rYJQ_$WG4Ycf{I!ciqs6XOKA(L+(j_GbF|HERNe6XVAi2QIZch&6TgURkiN;&Sk zL(|G?#>ze;8|r{Hgmm@obf&H5@OLm~fY${^6I$5Hh6aL_Oi6w94u>?E>E9Q0w=M>( z{Y_*uZSOPKp(M)qUsU`wldF1IFSH3Q{CyAxC}3;E1Cw=EY@Gp3_S+tZj7lMd4;~f} zZl^S%BqBvT%NJsQAk=-()H-OUpEF%={oZii7n#g~hs{xc-pVD$)%^Xh zG0FB9sEST_pgHCD^bQI7nx377CR12gcKqh`HbZA!z4%^Pi(oSbLU`4VSP_w0QLyj< zkH*sK&j?QdKw&R(bHg(zRKRlphwPY)I&;hAXc{MwYe2Zq3iHt)Qs0pHOm8F=E;owEoVb$^$>}g|xVSxU+M_Sz)1X^Z!S3XFBSJ?=WyxmpGx+O03m z(jf_$WU(c&BZgvABgW>YW+)Z7ZPJ7?7Uw^$6LZ!#Vn)}1hprYpnLeFMyNJJeuRYkB zqJizjyc1b!YGLV7pX9pDNXR6w8iKloaJ~1Gm(2=O3qPWwYyeDpu=2ma?o+bulj?d5 z_yY2TGw&R4Tf~hw9k3vR=w_SSJ5zttk@q`*>Au47yum*^dGvmnz`~+5cLX*`u87G) zqPZ<3PDc^KsGbZ*C>wz}1E$2VUrrx`Di)x6*&q5)sHsHbG4b*i71efLRx57(Gp8BY zv)C)meF^r@&CgfxKWBjI|1|?N{hv2KCgs0x{hcoh%B}5!F=Jn1@A3mmB3; zLIIMv?kwQ+SCemZQ4x-qqEAprW$PM+ce8R9dw}ui&+NI$!rbN5jm9198Eu>tx4_!JL3+WR zU)L`)$Ebi5_P!PISsbp(+6kyUk%n!;;FQ$=WJNrC3lwgN3T+Q`onn1}`g~Y)BBq>DP1mN>d1v=?XVN+It~HqAcXRQT;=|GJ8*~aJz6euKyf64VyfuJNuOq#rWj--? z;@vDNzn9gyf*oG)JY< z)E_FVv4i(iLj1`kmiw1+YE0O2g-VX$%o8N%49%R6U=*jwPn-&}FMbdLw>Q}dtAyYD z+sHwZsAhsgx-e-$11KpZ>1g-6G)<0Dg*Bfx z(hK@J_{KILqX^-VOE{R0xqXp|QFtW$8~DXfP8L*>-sN9jZe+po9NsRa2a!DZ?b-My zL7|@)1g27<#eARGrXOk{Lw7Zg85?ic{k$324rZUHpgNVVD?~?Ll?o~tB4~>0_ zH1FC{{#|Vb05_^XYhnXBN4QN3%r!J5KoC}NNUdwEXa>H_v=AF9-9 z{R`ipk<*~I*y1yC_T(Eoj@}@B<$YwB2}xFy!e&v?K}U6Q8O)>8#!@+}AS^aYdS`%= z^XlF(&<_)7WTxtO){Qy6bj}wq2kX5wka`F*1wLih#T#AMlAk^5ose3@?qaSytki%3 zYZCm7GnA`<x;v*UAacLFxI?V;)dt)uQuz-Goa?T~{6$f#8<7{s+3$_!2^&eY2 zRB8_qiet~*XdF@!hV*&P_$c3_`d~l0F-G5SrJg*7_vz7Ou%CYuBzlvkpTc||)51Ib z7~YQOYxLT?vUoY;JPS8MAn<(ql8TTO{K{6G(|sk>-zO3cVFMOWl45v&AaiCS_F#g@ z3{X{g;aR=|`BTgdNEg-C4jo)m;5&l1$opJ>=54YrE^-)DP?%898D8@g{W@%fXTcRa1N*g%U~dGY5lfj3%OWiq zJ2qPvmQ9RivMUMXq-B%tWh;7vBF|uQKU$~BQ%Y9AJIz*bA?YBD(JN1%urZK@X95rZ zZ6#ZL?fU|jIeHZI5_)6pS8U3Pfxq&*-lNp;h$ISL_He zwbsVTOaUIemhD$psr{*m?8lr(H~{4u1xW3CoJZ0XDgRDQ>JcsEJx< z%_E+s{L15(%xv|1YBk2=Mv53A2?g7)`V6?=8!)0r9Erv3h1(fs2rx&6wTf$V92};V zfD@6rY;2qS4o;J+zum_JoYG3fKGNnJau6r-smp6AXqev{bh{9zDDq+Eozwq93fyOL z9qumD9Rv!vpsVGzK#moA4(f}Npf9UxZ?$194ZlD5>1&lNbenyGNLkR6I#2mi>z5BW zX#~M9F@!)~B?9An10O)6EzY8M7Y6S=r9&zBIL!->RBp-*Pg?|{H}VIv+y7XJ{*zx{ z8Ci6%(7fEQ&ra=YR9F*AUlJ|O6dL5DNY3@^&>WgLO%%D18~VcYtC-k1u#xeUL$< zC)q|PlmwG`M)%hRY)m~=9oC0NoYEY_sJlZ=VptnEt-hVQFhT({;pd7+9e63=ImPD3wR(Xzv$8F@YAlSop+=$hNfl zbI?LbUUhOSK-f8O)HJoYg4S*QuPeIIXdC(hN}Sln`)TbfT3ohEnAABr*DfsQjCN&)*jgsOXJG(X0Q-4&CtKZ^qOIcuiO zP2kVlaP&fe>XkX`_xN+lds#0RHtZ47(z{^HEV)aXm3urFpBOCjm+nM&6B;}E<0;Ew z9^HTX)h)Aae7Vik4{4F$HrO!WXXOB5mnF(JbyLv}k2?r~q@oo&$?Jvky3`KpnV;4| z4N`VTVv7E5vP@di82yN+^8!%jb1~x^F-H}Zh)+d2{=g`xK_wJ9*l4I39LuJadWv&Y zG*R9QZzLQvuivK|KAK1h`%t2pBNR(V?ehDqLQb97FS1txrmk0JI7KU}_c$j*=&>sO zWr52W+{Rj)U`St!*fJVK`xOT+crNFID)Llx*mm+4p0sznDQ6vZRpq|MZ|4;>WTu;uNg!PoX)jcPZif= z(PlR9I|KRICHy{yQqf5*JQch`5UID5(9?eiUG^`b{}0bp@-HjI|NpT<{J+*oJpXCq z!2th%Rw(q}bN`Tq|C9L}|Hb^1|H=F$p8sZkZ=e5UelD8XV`p}+4<;qm(K-MhfC!#! z0{p=<8~9`F=fNKEs`#c8Fr;Q}T4q`%d0uCCd3N5k0lx6S0$mZ=Lo2(o0@0A3B;j`A z^Fw%Y!<1)_IDHrxuSb8HS1i(*Nrg5`n=-F&a*EfJk3AklLryX6QfNk@Ii4?)r5iOxMn zJEZ)8xve4LmZ-XOK5z`y3|PQ$JXBF5IHGtBaTlGpNbYqlMgEkhUvOwL6XC=)bkBbt zxtnQ!vFDg{I5q|G0zZWoFN`}w|BWJ={b{UjG-li77wh8!#<4)Jbn&7wLUrr%N9Ks$ zNA0GA?0FfWr=KPTmPO(B$8;;BAG0iaeaJ7k;mwH6fXRC2eE$)kXE|1;l%xtyDF3_| zqKco-r#FCa`mGw}Q2^4IpX^e3pNRC}~^f z2^KU64rWP*Zexpnt%5tk02ng*|c^`KHP8b__cr9R{}jT?C|^UbWjsP*i`E^G62+0y1os^8Nn>EWa{ z+{3pY02{8R*VZlaOLU6##e0#8CzzGP()`Bn8txjZb8Z|H5gTUm<!OtFeN@3X1Fwq4{m?j_nU1 z*}Cp+wP~#L&EVG0A?M)lW{OK}omoxZ9UWY<>{NZn2NQiKB>8LuVbKv9X1atMRFQf8 z*4<)e#En0=#i}G*F4MCMjwNqGX&{!cR$TOB(A#l~KZSC<*^HbCc^G7{Tr4@D_rR_6 z`&2ZHM~6%Khqms@;$^!@U>uWYBYRByBRoGm^-}4cQ~Mz}7v?6ecAOIgIxrlzLTnac~TlPp3m^?Mh=ux7z`n z58^0bJH1@jidc$?q3;I0EfwUq*0=nrxa|v8Y@=-2Q+G{M2V00up?hj?<8y?GwALt8 ziIV!z%Oc~cl2=F%TZy3Bk$W+kbvt+ocW(t~@%6XB?VN~Gmbu^BUpUh$oej)$Xmc~^ zfC|_pyY%iV0`i~7NZ0HnU*L^?e_{@ned^J=JS`qx??A1R@CF{q+J89+L_F?S%l3uE zC<*u~g&UW(3VZ7H>ZTr9hM7)HxVcb-po(sFGVRBq+u?X$T7`{dI^(2rccYvCZC$gs%l=m7};EB2VHr6y4{QKd;5`N zG2XakL=K9Bmzw}im6DJdsc0^oj{CRfC`l(ki>#zo5*%UW0y)MzUz zvHjs(0{w~P{E0|nEwK;|l^;yA6%o98xS5ej%KNsXc;c8z)y<*rU3Kxjyh&pD19A4B zFy3rFLM8I_TRpHx;#@Dmbiq)P*_=0mD@o&I0VO{Vm-k&>K;b{x$O@lnKJKZwL%|Y4 z{F;kh_$;-u=HTgMwn;n3n0`e{_=Y(Qql7t#y_PxAwr9CpY19W&yhiM5Zhb0=oc#{c z9wHP8ADsZ_K-3O;f%1_6-$R%*{RH@{AGB66qS&Y%hD_%!);BZfC;->GTI&&Vfu{EC=P?+Tooja{$OWzw2Y85|A4P19UNb<;UE{EH?th zB+tXv-_o)0xSgEEBvP~mc?q$Xj9IzOxts)Ib!!}i(XK7?2&5T!1zY|t*u^;3l#p$l zU+iZ0*g3SonyUL&bHLr+w$Sm`utV1E=u8?FYEJASA_Bno=Zb%7fjXqC%&Ceo`j zu4&z0zOBJG5-^9C32m!=&o8Zi>?fw3!*Q3a>$Ju%JWMF>u@k?`_k!H4dTk8csK&bb zvi$tD%%y1hs0-emfvzPb4VHna9*%Uj@O04!5AA7ngcdNZ@aTAsA~|JKdCam#M4pU{ z8B#_hYb7e$CC_XwqH{d+0EAlUatgy*(sS-NhTeKz*F1-0#r)tldDS zC@6P9!Z(1j?;={H=YTDU@BGmY6(`@7rm_zRJLI_lAPYPhFbia6M=Z(XU6aR^4yGw6 zk#V2gysb^QDjTjDSLij4$CxY(c{B7g?Ikg|*aSE`31l~muwws&g?(kx(Z$H9RT1C3 zCNXjH=`{y*=<%+Hxh{{vik~)&@%PVLzX4<|#XdW_OlEzygph+dnnfs5q3C)zGSev^ zO;+)JpJ#Cg5h-LJXeB-B`5Y6;}GULyZBWu|{sntvHtgLMv#v%lWZgd~~9st{m z=Srv{6U#%(DaZ(VVy~U;E`y1R)sEvgwL+^C;jt42>9=BKr#uvH-C@cpa!s4cG>Y8! zunFgwuHrpRTk<;BI(-2aIy?s>f1-KhweiTifZLy&AiT$3%&&(8n!7^iJ6p{I@0G`8 zN#yNh!;Imn!1#NqPK+Q3=8)}j;jM)rn&=<4aV5pMBrM4MLOzev;I|*?*ex%P%rfKOa!U=XoTFt862b<`PO=0&g-)=Vb65>9+hO1i=t zQj+XPic7or&WZyGrQ|-E?5d>g#1p8dFux2N4d{)&%1&m9cf3ZVybVlR3cIECwUs1L zq$of{1y7**&SGEIT#4OD!+*``as0#lXnzU)e=z^wzRbTb!F>PC{PYw5Fh5M%e=tA6 zKPN8#Z{~0Q7xRz*C-c)!{EPW900?Sc|C9OiQjp;RMj6$Buf4OBR{@YDevYWQh3_`; zRtiMyu$bb%lBaY5!0aJbD#)dYM0$Ok%SXAv-RZlM?Q9%;x$R$uGAE|_}&fWr=LYUQ58>vn>oW~K5LEiX%hoasv$TU`jT z42ZQl0`hrqC($K3Cv8-9Yidi82_QmE5&1gbxTf$y>jR78$K`=mR`Y?bIfP>|#IeZH z+}|?to|N#-c*k&#FXT)JHRAd3Lyp?6`h~?EqX#-->GJJv6URgqPMuN zFY>=b{@^r}`I6Yw$8{j*W($$w&XX;m`kPA7D90Q1M%OMQ78z=(-V3#|C@$**9k-7C z?PrO{%9ydxMZ;Uz*ZsQ$mRlb-uIRwA(ZyiQ1@)(ZM*w>%(2f0iFGVk` z{YD0V0RzzpJCqkq7d5a9Ay8-0Oi6xB zxs^-G0ZBP!u+*>}4I@6AcR%2uS_+iwgE2=6yT`XsBH`L!9h}N)8^=2{i^%l=7R2le zfW6nW4E%`N-TGaj|GeH0CpsRz9LZ>_n7>3muIkO6p9k)PW#i6Pnc(J5MJ06DvEYnQw@C%5+3oL zbOY2$hJF^s>?Z8^ZPbH0L~@doIm)aB$O1c=0Iq0ypHMXIsXgsPFX&yo)2kf}0K0l@ zF9GepcOXr-eU5LbO*>Rf{0nk(g!|3w8-8((9N1IDq7ocWy#HDAjd;kOWOfZ)Sw&CvbQ}A&I)i=9qY2gPK>IwSN<|ycmlo9>SinR}GE;HpD{7uh-A-&d#UP)GHT- zr!GvD(k+9)(0-sx@o; zW`b(4vGQwDo`~dh#xIAB|01H$G_Cz~9K?oy;EPP;?3YWD4{;HZ|7oKmA*!X+9(T16 zG)=d9*TuP^@(vIb8K@dMvLgDCv?v!g@>Ry@E_bfPxmYOIs*ohY#2^vlK*m2}`tfw25&zq#xyc~h{U@H|M#kOH$i z3i3T3?ee~(HpwJTvuG<*7e`9cIXG);XJeaUOG=nZO)0C$>rJ8QLrTPf>%-EtAACcg zK-J(dVjLFEMul(s<=+NWyxo2sNlKGF*(~Yq(vq~N8zjzHEYyj z-wpK&z=T|*HyLj>G^)h)p|DRf(fu3Su+?T)O&6uvOJ`b_Be*DVGHlYZPnM~0JUKf3 zj4uN9G|^r!ItD-;yNojd2gSqttX}{dKU~FzFvjk*yM$lWLyINctMh8aq%9o`2HwM} z|2GMGGM1!k?)k zq%{LyLHns*R}T;E41VF1v-e$XNHO(j>Tw772!j;&AS5k$M`PMMpNRMeC55vVp; zGVGFrV_}JjiwKoEEavKh5(D#z3rE=LD!*==1xh2G=daJZv}FiCKB=YdpyCY~Y%7x3 z=JClkgV?&iTBC7YQNGV@OA-m?wfszPaf!{u8bs$jiAHWg;+V&Yfq?Ro1Y%Q!jka>+ z)z;%07jSpyE9uU7;D6@<9Jmz#MbwoG;Z7x19FVpn{lTh6YFbHV3WVN}GtUBP>#E0} z6gW728S=qvX{mAOjyFA0O_ajjTn+H=9F`SKL6>o?GG+~hAHpuLs$?jL;UUBo#rqr_ z`J19Y1%6+1!`QmbWtoKhxY|{FGR~y{UM;^@|I~gzkW}}=w;IxO7c6lh;Tnf>1+o53 zbmY)CyWxE5yjJGrA?-HrIXh-`;K^E(A+4zpArO7NWcIB?gxi0pn43S@Y?SWiP#1^= zV}WJqOySCCLbG(IfkFz&zuE$kW|#`*6ud0~20t9Qh@P6yZ}(JV#au6R+Kb?vPKY*} z?-l8Fc5IF4c+PhVK-sj-+{wQuOi(d%k(vU}hd!=$FGZS(1)jD@6^}9iNt@lU{4SyM z(yxW*nm1R7od(2uRdxZg2)$wR9;AGRlR#qsZ1heL4j8ySItg{2lxG z=5z5uE{MKf4n!{_!{Ue^RRQsuUsy|Mo6)sazaK71IzHy&>;T+tYJU<0s2J5od~{Jh zH@k~ts{N&bRJR%BqZsxPPIOh?2P!kkZF%YLJah@um$u%7xN>|N7r`)wkrmK7(l=1g zn{va9z8XnGBpWl-35vm&1bjJqGnS6)j>-utBwiICDR;OCL&Kpdz9430k&(dmt6z*R zfarM|-t~L?QD>AJpX;J8$LM@;KS79qr_wl|V?2XJyI_{37bW7M*531i#2|lnJ|qkz zoGDh>uELD=w@OX>>FoGFgueg3ng4H7@?YlX{cq;y#{7r*0mc8D`KOBhr{{0|7xRz) zC-ZY-{@e4TjQl6_qf`gFG3fIcrV~=Bx2>whJo&?X(kL36%*hoY+^(Jxg~l7z^3{bM zB!sK@qM^-oHHE*fxV)#lwd!*05O$aQLfk|LVuAwbV!q}$q817ncOTz`cO zd;zWcP>Q|pt*4@BjCN1SdvAh%f0iP3>jm#8m&HUSs~uJgTXEmvoC1!0f%bZZoS;V6 z+!KA20)&^|$mC}Ja(-$o%C&KmOT?dqr6rDU%#9lY?93C_pKO8Pu%(1Od}j3$fepwLTamLI6q6e{$IoR`&v)S#hG?T$ zEZrM2B{$CeTW@ z$5b#vjUL=@*HWdg5g>3a!fzAjlj?S$H(v)-EIFkkh?&!dZVbGQ!3HmtRc9{=z?-+2 zVse8<3$(H_8$&T-Iy+JQppw=u?3lr!d6z?)knb*={JXvm8IIm)&%|`7#Bdj(dvboQ zbO({lpYZaUrQuZ>+PZ0oE@$GsK;l#j=wXXNM}vlQf*m}LT}dAmn-A?Bl+DAeZvDC=KDCl zDCR6&-XsxgFW$;*Y5p+JX=#`TTJNkY({~Om~gH-Ui*2ciYQdQi!Su1iY7=eGmHONTZp1`vZzbkWr0kT(L$DMJEl*Q)J^dE7$Zg7prV)&UwbDB#8 zCbAr=#zBDS0uKtq9>wWpb})Cb-8z}ltiyw9E2z17wFdzV2`|`OUjmj_QD{Auj#FC> zbod7Ubw1@Gg76cA2-f(u0~i~BvPolqZU)4op=Gt#x3R{wEd#=w0=^QwH;|6r z$@*`iOtd*yWvp;P=){_O(7YHcWD_Hkyt z0fwk2ZgQtx)%=vtjH;0_$_Eo$Mg4MmhLgZmdLUQootTa@9tQ`2!A{uc#3l4qQKP*) zFG{?vF9`)kLsQ4;nBqB>b3-&`?dJEWLSh+o&se)WVX~A#(>flL5k7`GsZKS8D(+ch z51KORYy3T|k^2(tM1#+qI9KwTSuQYNj9;`N>~p-ov`4&-CI8hk{JIjDcj;iU+i=~x z91nmNB*q7cRAT@3Sy!ee&;C{@K!u4`aZU5`q37Z;oB*~D$yU^*G?E$zL-ZqBHbZqx zX@W$=wQK7gxVJGlq5cA$V@7n8yNCkEs_8KEn+CUBUBRwN`;np1P%JtL1)EFs zZl-$>2?udmFebk4GO4A{e)wl6);ERaW&D=rgxDiWd7$M7ac>QKjfdgRRG@;v*`>t8 z?+v@XM%j#f!=Qqfj(~gjyMl1<;m$}t5`SpMni&~_lCS95PB5OK!MR(&Hht}>(PSc+ zIX|mSCp2_8{@F=hJOOs5{{8GA4Sop+>Bm&uS~S<`5M#shh)r;C``e5PfMRc~iGC|= z%GlMXyz*(f&M0w&Y@>uNxOH4ZBYAXxmMShizjRidtp@weWgbpc8OGcf26;CwQ>4Fv zp^2lnsm%)oB`+%p*{%|<;mOZOgje8fg15n|h~s`ES0{)fU})<8+p_`4z$gFE;Z}&W zYil3oouhtOoSz(l1Ee=$v@>-_8=Vukp8@-T37BgpN{oiJEMeC zcbCKReWAC2ay0|VBrz;QPwQMDBaO)l2_+;b%t>EV`Q$Ji*~}Qyz?@dKT%W=p!qbk^ z@B={aahl;ub38OxbFbx&`@{{gbF@K0l}xEvTo1ncHisO4QOel<*QiLsvS@cdwUaxq z6{ie3p#+ZbajKFFQhZnSLpIm~_XO*4m0&Q;ZJ^jY@3^m0oW5R^as^NNc-U1LP(mT* zzJ5V$;F%2V1(t*dUFOUF1tL2AmSZ0S@9(n}i;I`Y)ycREhtnbhk17G=gBX%@ zmxtpGEo#jSi;@6v1Hi_%OU$B00-dW;lP6`8WQ7!=nIwAiNSB^IF}ndq!>65KNo(z~ zJ62irHC=lg=fCMVGIe$z@a%b@DeA*`xOMJPA8u1RNg;D^6i=$DX+I;Z*#;f1TV$($ zn1AChq5luhU;Z!V=lO5u7qk3_`JbNuoB7j<|7Vh`{U7G{xA{-z7qk2~^XsAfC-cXm zx8ba@4EQi-1SNGfI7hEzPf4>iQaAKf!}^Z`x$q@fjVp{48NlAc!a{-?hR6zcs+LoK zeG=yy!d>9a)yWDbC~rUYsiP|OhP&aJq$#l2Q%opNqAncJsi5O?&XV# z#7`MBZyn-QyMm)%j?l}OJF?$xUOR%DxDMm3WYX`T`NlG7Yn z0w2ltk93LJ76m+(m%$D7R_{}1&ceJ_J0?eX<*tRei&cx|3bGlKEpJB5c#Mbp(Lw12 z==Id_?T6Vhi-|LFs58GilA9~qJ!e!artNj?TU6~~9>RJ87M)EE3E29|6Eqd;z%*Vu zVtgKDt>)9WVaO+M%ZCoI$o<;3@|_YFXcDEzNWto0J-(v`10^2FY(8vs`!zO&d~#je zqgi{RWFtq2wNOK$9uRC|ZjXeE%Uk934lNU&wxxgA{eAsglLy3XeFjkk#z4+wH_!+- zb#g9FV1XRH+~AwnD%5tV%}Uss7Jbd_q%eMxLE^v@W?w1I+ z_MK=`hjCHKxmk@nnhML#Q*NcMz%!~Xtp+(MkGYQ;bfCfL+yv7W#&@u+RMV&-OTESV28;{NL9aC-PSoI6zJ|vZREzr0-PDipd1M48cN_ZYw zcldTfpRc{2qN!5`+t6by>Ke!?tZB!?tbP zwr$(CZDcsZwr$%+=U->k8C_kY>*BlJV}CbuJ#+0f*Gra+<8D+io(r&XjRV(!4c!RX zDuh6rlWaPO={(UC>hpqXy--%iiq*QQKZu zeHjeeJc*4Q1oxmnm2mZ#c?>ezHwg!5J+4bMXLs*h0}RW~PH=j@SNg7)D@VUAjkqa-#^_=jHA7sdA zz(sK~G=+dHL}p;|D8}TZqP2@~<{d|7FUZJBr6EyIrt>DiA5(|hWS~2@0IA9B_#l0KX1$}OIXG>Cx$o**TuE*e0pw(Ce_~x| zP5OSSiL(HzOW7Yiv(c3j@Rmc{P7)Aa6E!VpE?@oF>2=HpndpLA&)c&BUi%G_1y<1J zHw$mIUv#_V07alTehyYab>Tfs3?~r$5A6KZ?Wxn|wp*QsrzYfzW3=iiejNH!PHDF< zIW_G3@nog6lZ+&zCwX5v&>KO%IPKPTVqVOQ>>6YCh&0DR*~SXCKLZIY#k1pqs9d!0 z8aS*cC4|O9>aDxnFdvd1-#~!4?hLOVzsLX`tm9otp)vak>Xqt%ioN4$dG3I&Z(>9x zw;r0VT0A`cA$NWysVve74|!zNRA0D->}>Y1jO4^6==yZ%(N2#DLwR?46Uwxmp~ttx zxjtB*(aR4^so)9?`CYiaXQlL={QW=bzSFjRBvMYa*mak)F56od(8^g$PQ0ezEW_U# z-}cWZBbzaAzL}<*Vd@u>2?Zco`J28jV%=f5+==pg^!x5w+K*R-p4swqS@g?UA{h0& zAu_t}3{q8GG>0L5yz&iU6pQfqI@zgRXg`;QLt+V>V&R?R8N_v-P4(OVtR=f8|FiP9 z|Euy_{b%KuM*Mf>hgka0%5M?<&H7-O|7kwtFk#P!Z;|rRA7W+3k%~Z=_z#e1?tRL7P(0Ym;|M^KUrx(#9kNKDs+%^BsYbzkkKQmc}6tZ^6|#wUA_fntl<{Fj_&oD+vT}5^Aqr`lIT+=5 zOIn|@h#QO7lPmzQD57bb-5xFJKp1g5M&<6r8&DhL_K5aXS)(2MC z(PUCnc<&0njq`b;g`gpq3l%(*$2O92T|^cX=C$u~AWR~u!BG@0;sgxTpeXt_GhTs^ z`<{chxo_HhS45$X*nl+cL%sGxXq`M0F>MAyE7qrbw3z|MO3H9$;xR-aU-z~g;oOz0 zOfN@Ut93}DP9;F(E@)DL`epOarlRWPmJ0b0{s3X+jp;?8A(j3| zu6c?1jr|%55LGXo1i&*3k3+Vsxxktn5$uiFS-F2I3KkwcN~@VY7Fo&x zlS=6k{@q1CIslyXoN{`YJ4o`EvP7vB_3O$def*5oeZf8`0v{Mu`$S&_B2uLDic~0_ zonkt7%SmeYBjevqs3-Jd48Xr*YH&6RFv`|)uoh@XC-cq-Al;ASburz-l5TIq&+IzE}92=gSz(+f(GD9i?+-;N%k z!JW9`&(}lXoE+}164fR5_0gcg+urbkE&%I)1_mC@fyiD$Xb&FBU!Y>Xog-5BMdG}O z!t}SaZ*1gieRVSfF~h^MO$u^N9Sm-8+w_+n^c)f@`>G*$fsIg?7U1G2yM*&1vNI-( zsR5F5(?C~nPrxVIkxv!)_12iU_M|*`B@0#L<|1=mNfxj;|9&HMU$Al#qx0k79FQA} zC}}kXp#~#d=Czw8Qu#tH7K2k3AlmH<^7hler7;y`eJ(ft3AdDH#W5@+d|Y$&fB;00 z?0Sqi0*3RGH-8hdQxkf|NRM-RNalWzDg?w;Hg4);{!Q$(Fu{Vi`NwRLr!|(>Y%38u zTDZhdfjs>=Z{|(#g3fc_^$smr-WAqlek6e&WNpY?6C*-!^>+-4-tVLUe)ml^ih2#U zjKFj_{+TX*9Il+qTle?YDo?HB3RBTfN>VtP0)Z=$Ekn=#>7_%T%T_=NO?uLBl$|h;Q{)w+RJ!7p9ZBP zDDGf;9+92hBNQy*_7I_vAsV3)?W9y%OEMwe^;sb>h|9nucrj5idqaFphr?2g#A9VV zUlh!=7TUf#wA86G^c`(?3d_*@);RPTo1YhM)VpZzE#2ls%*g`BSX(q%oORpwXO(T8 z-$~TOo>9!5_)!&0pAjRzB&2_GTqC$m=xc@>mwr`MISv&5?&u!l%!-}Pj!M-RL&_Y9 zbRdA?w{hvbO%s|AU1yBr+TA1ebjZi?oWt5hc#x2}uZ^v|G}st{Y@qG;VxtQZcBEk! zy(4DIp_ehJ_>L(!I9{;4J{36!73QacCew|i0ttI>r65E4VAI(N2=uo9&DA*SQDO@lb* zMcRj17f%TQgfyI{TvfJ)1ay~Gbk*R>WSa_RyO5{u(-Y;EN5>OFoi?BY<2>ZL4(}hT zW(D%LkSJ(9J>HRjN^54*F(A>76~9vwuw|zv(%Oyv#wVLmJ3mA|!5EFwoPZTx(!5LF z@&pdXqtnSer$L^FOfu^I^zd3XBGQ=GMEJy#35gW6Dl7>NtwOihAQXNh@g}mXd?*Kq zWH8*-T_9*x5Apq~z|9*{f*?Z`5G!=V@F_C$2GO86Y-ijXm=urT+h3vt{U#ArV{B_& zJ1S8`5M}*bn`K^Xjw8Jyj!?}$PoidhsB@Q53!Z2n1#Wm(9fgx<2q0@m#bsLtDJh+? zJ1bI5W%Ls-m?3a%LFTYkMqt70^+Q;oZMe)@DxUbXBPpOl%0bv`IFGKuMGTmUeq~vi zNgoudI#cXko?lg!3ZD|%UT(<0R0%ve=MX)>y20)FfiW>f?6(0^2@=>zK7MT*a z_d;Q@(%fak6jt3WU9NrUv_7>ZKrQeUV+vvd7Lj-Oq7h09)kY2cxGb-_L0QE(rt^Ab zG>L?uHSLVeZ%peyz%yN){Jgn##z%;T;#(v>Co9l!&zLPKd>zkSB`Jq(t+y9#y>*aa zsdX7U(~@pe8TL2!guW%v`Q4L8V zA|3Tk7?u3(;2|#75Jt^-MiB#6=i5h2YNGKO4O}+Rlj}bbX3$N#mXAYoorK`_IIV^Y z330pKWASPTkU55&Bl~1)!}-M7g8gt!kL7w=w{pCCAy{;Cm+347A2h7cgBMRj4?$jZ z9^!G76H6;QXA($!6k^+VPLm#=7xW7FU=D(N!%?#01;p)7;foJB{=<%=n!*an6HNpI z?@E)@iyR`tGdyk9`zQDXbe4hXo#DaEA)-D5`o~u501clsA*kE{1jS^~RZv2F#D>HV+gr!th4}FV73qLUfUkaryD(*im!Mw}d5KjfePdlWU%s9%>R#7fr_M|?eyq<@N zK6SW`H)Cmif#;@0Js)imz%khtT%5j#V;=?rhvV-EK$!=em?IH(;)deQB4SHmoJtAxz?S*7mAA;mKy$HV~1MYNjLLa%vEBZlSocJ*fm zmjRPjM^k*tR@F(m)O=rh14q7Yl!z$PxP{L;V%{2y7||gedi}%-d1p94yVPEpB?O${ zaSMowmkZq{kGn(rZOI|OrQJpSZYw`RKO}PRaJi(uF2DKEr8I($v zP;B`(iZ8=0v3uvPB-j^3j4PQdU=$iAnb63sOP3<52>@!*$Zm4Tcd44VO94fbg7LK9 z<$&%ofXE8yRz1@EWTAG3A^n<)ITUh7S;LNG(Q38XIY6+`~^f@@}TmrFZ1A)T0i`*)O+^Bzuj;JUE^N7tP`2$n_jlYAxM6b z%(5q_1`M1#OQJIZD_>zN2n+sM0p8-fCR3ztSaAH7$ZXLIS4@y9A_A8PXuZD4Squ7f zK0~x0^5qCCB-h2WEHVoUzz`m*=_GX0ciLF6oLw=?#b_5Pe0Kh66SfEFc@7h6*M6#q z*%i(9TP4ZoDz;$h6j=010ageV&;sMZtlw>@v8*R{mwbb0{-$w;-CY>%_+I8@QOtB! zMQ>7lr`vBpZmKg#e=Kt40{=ixk(N@DDhCL2^rsSPWK_`(NE++R*F`G^7admM8X*Q) zQ_!*%)8T+Cu~j-}z1h{xcEXmkr}_lm88BZXr{a&|LCWOo zQTMZJp6|YQ-#{r0dMKWk`%ohlHt!at7kAVZVIqe;nbE;D%!nYJMLA^*qk?Ck?kw#7CT?Lu5q?9Bx+*dyrlnge zn=By6s6q1gT*X>QCk6hO4Db^>_2-^+%;2n8{rp4ZL1R}-(y#deWu;(sdyI;?Yhnz_GGe)2WhSQqkY147q?{3?cpC5?;k zeGpV*3c%Gq_)^tJMA+2FUh`fZco#im7;?o#K^@N?3Ipz=hkh`7n!w#XnIBdv;0G`J zSDd&sS8l~{Ej|xvv-WE|#MrWOo*5nXmcosWh;^ZWNdyGUx8TEEE*p0+56+Zl%;tjE z(IgoJJ@4-v2qc3=`dCMci0|a0;|bB{5^=nWBwwx}K+55I@RjSo*XdeR(LzNJ#3+>P zNc0Lw>kGf*JT)b4OaCI6Z6qT6dx*m%85*R+YAO$2$Q8*C^@|4o{!p|qCsyye4sbG- zpJM&;Hc?2GDz0%vcluc%q|E@POL}{kt_+RxBY3Dw=W0&ug)Y&h2C(n@$xNUAr)cXN zm#ss!W^S#!>DEgg-R_H1wtT*%7#=1$pGq|g*F|Y^fM7nbT9c_`97xThxe?a}f$f=B zy%0>fj#WQRz*_zv^PBt?`u{Nh-|Vixr-eBG+x$9^f6afkBk+ICANF@DnDU<|iVpry z^LPEr{JsBaejUhvo4@PeKh1A2Kc(){M}x_pwF=fzp3bw!Kx>sn3<4@c(wh8}wxFu7 z`5vFjV&;KMIxAY|Qrj|PDsaK-zZ~8viltF)3P4a%Ns@wzV zQ3aYWF^l|Y{L#+8N6dhRlU^vz*UhK$@{#8%TeTlyQy?y4DFlwFJ}>}b?n{Gp;PU&e zNm;V_IXc4u(-WJ6!jIkcljC=5v>4jPi6I=Jy}j{X&@pYYN-07=aNC^e3qv5^ z-~LZ9RXOr|_79#Xt9MwTaFD_= zyxVW70V!z5>%Re9rjIseu7>ok??`aA*Ue0$lNh+eR|5xM-^mNGVgQ=P5MGZWC>HJ6?GC`HI*s2o*de05S`^!?oI3RB1vPYe`VsV--+Lw-UPnQ_wO|z~YJn~Qz|)Q00o0M9sU3Ng z@En2w=VC0cs=Q$GNaP_<<9gA5_WIl%VpZSOGbNzfq^8$i@5V>ua*8N6<&u8_m|Ju; z1SR;J=(h76kz1OA5Mqy1FATXZ)nmIN5zS#V025s8qDGu`rZ^&RSd3^HYC{qe(VI-` zR8DoaLqXW4jz7CiTG2TNfEoJJnQ&uA8yO`%>hyHeXQNqS%APOyx*v3n=Ajr_H^A!Z z@D+KR3=tS=g#p$w8lA;V+gj*CPczlXp+YrvkG~Nrflls8X>C!YV;J@;jYs-(Q?mrH z5bOSiJ=N^v4AY~AE1`pXVkfwV(F=4cF@C zYW+2DJPA)fLLZpDr~Y(12nsA6AEz2(IS`e&Vu=ccLVcNGQ$;BQLDZzXtsBeK%mQ6Q zK^ZSWobXHf*V&H42It91AWUJ*$ixfBW-t)RhBVIY^J^}FM{yf=!}A@^57HZ909?;d z_YN?st?HvRC8vdhsAEH&bNoj<77iPn2|uujSMA3Pp~OA(Rw@|RL1Y;h(+%sz-$T4> zM}84#G!3p_Hdf{|VVB!YgcAfgLpvz`H}u0`#6>mkkGl$%zr6cx;v$&qiPa4WgNXdL z;SduJcZQJr>dA2}-or|p@^en9byzs14wL?bnCRm8)Bv;0m3(m{JPTib?%t7r1zy_s zehljoC9xn@L_$k<$<3Oi*xQ)Se!P6L(7`yS+hHkvw4UjUOHa9_x#OM)DinJX{_cXg z5!VcyfoE`pF@~v~{)%oNCxeKFgZ!)baL3iPigK*J?ZybyQ8fDXo>=J>s0LE@obZO>p|BJ2S2-%P5H!JO0C-4 z)S6&BB~_Z+9sIAQU5P&KCgy#N(O`A#qDL}v1w$XL1%*VVF3lB~wOB81yt2?{7k_%B zG+f&Oa_B(1QckyMp7<=lu{$Z>>Zd?BU*7B6H2-txn;5p^JS)3SCpGwpIgtmsHtxd|C{ z;Z7Kuk1Po)&XM74qMmvzhK@y^0#(`OQT&XL&UYJ)OiE8i$n!3km6&&TtM1TOVxv~n2mt*^XfrmE%RDGjB-DTz z8Z-2O=e(H9#8Jdxp3cEyLBKkgV&D<6eZ@@C=41V2tHy$-uz(t0@h#9pLL0rPfdkAA z6z$F7FmQTMn)gM7a{6tpP)pDCstE+aCGb7{nMKlQLdE$-f;&-L62z0EyLf?t}4>;M?;l7HruvTK(MMwRan@&P}xdE*jgk? zn{}B^1e=O0Rv&9=aNw$hXU9%&l>ijXJ!fGE{OCK=wk(yW+uwd;G6pUQay~rnkDGl& zGaWq`PmhzT)yw^w$&@9ycLX6k1|2-GgfGtD^FX_I@+K zzS9oR^jx1elO#B0t`yfnQ%N;Vam!=)yF-86>w|zsX2RX3e=#bQ8pkV#0Oi_(HuAF8 z4wy56uzZec(UhOB*5X6Qy|lwwn7=Wn`MmL-x4$pJ-RwL}r0Qs?b6Q1fl`j+!pB5V0 z_DTO4`*7az2Zeq|I0vPb^22Z(Yzb+8=j2vuwN6Q+s4E8SAjb+eX@Z z`I2&Hy)HqjZHZB=xtmJ_{s&zc@9qKSba5_TP>30Xg*UKks2vcm1?|6h-?r zgCJU1cZLC!LBWt5ElvIfG7h0J;h0OEI{&QsHWOw;-T&0eQEIV+F0_VCxuyz7941Tuz-v`;Hx3>5Oy# zR~W#=J*S5j!ju@{e73iy`e=7ym|B>y$ZfQ=Rx!WcC9gH&hP8q9g?#T%4##7uBXWY_ zsj>jDA|FzLdv_44J06dUapSEkd7E{VioU4*6U&+Qs2&-3z`>7BY7%J~R9+<6=%hBk zT(&rih9f%zkG?;8S~jE%E!umy+bS*bsWb=InkbzqvD*zUbf+|8+Rb*gYslr>!2X(t z{#1U|L#83aKSEdgEA;*ml$h)q6T&C9_ZuVzzyD(XJ zIC%$^4WzIE+?|WBKd~x9FCL=Vyk3UX99V*Zy^&aLNxS&~s>2t3Wi#ugWgP?~HUEAx z;X!0jQZLG&2B zCmq;Y@1uaYCk7~H0gP{p@Yj4V*2$Xtyfcf?7#U{kORLXC%7S^lbBroMMEOubMIFh_ z6etjg7~5v$E8z?pBwSg;IlD%6uEsE?WFjEHDqLGS_3)$0I-7CxtAPJL_D+~)Z92Mf z4!EV^{vm3~3`V#{`CIY2bT*FQ3-y!FYP!pi^Os)nj4EEkP%%Mdzt^Ka8|JvyS#-70 zQOELN!Qk{B{&5Q1vpON|_BpL(oDBl_>ZQAp#y%&^Txz(Q zRv>e$(1q{DPTx*}8YWcSU79zb#(<{{Q@PEmq_oflx59ar8Cf#k&B|9&325&L4O1u4 zfj4zRrTcetyw8r|QUe|8vE~IUtBJ|rEey;hW4(i0>NQls(Jw_3xU4m|uS@sN^DZJp zr4jrP!D{Lvl}VM+8K$E^DBvj{*Pu5AFa3kYPZ0;*SF*r1;^OQmFd*hxWM5jTD9Lw* zV2q<%<*>s%$j9Q}3JSY@mOBa|jnqxBdV;(VmJi9n?iMA(b}fEe-6}QGDk;}WXa*_f z_k+gm806$SEW&Eu7lSg_YcQ5%*EskmCtIvhWz_)0lco`vnemyKaSuwab`+t%zibrg zr|g{i3RJEwG3kv-?I%Wa;50LoEMy+fCtQBVjuuA_omxJKj63&Q&ktoK3FUk|4I@=a z(twHci>&@e)q1(sa?hfPR!1ZR+GnEw^b~e29qh{l&7r~ZDr=B!2){Q0Wju!gF+X+df!71_Fydn=E@fN$*#WR(jl2hb^_ zl`H;Kua*RxG7c0|C_Cy96V|t`8V`{t`@l{T$5c48;x_5(y{!h7jAtRB)r?06`6w~G?{$(AeOm7N<=<|w;vVUj>fV5bVy~}cYV6s97d0G%(4tA=2r0U&>2UIsc zR{q7HTvfJJ8kn}`2=3Un`NI@sj*ysAbv*X1O(r= zuho+k8ap~C$wKeqP-si=%OShFlU4&a*Fo`jWH6jS9q{w(`#7<6*Y+@kkbvzSeylaw zV+f^|btWDi8&YC*?X~<7N}$4KAF9D8TI(46^S-Jy_Oi((4%kEJ8=wV|y~^l{_G1th zd2t19tf>MSa<1l^sNq9V|U?8&{dc*zLR zPGo!A>)C>!%z#%{EztZjYJR0dkX1q4oj{M3dI>4l)N^0#$E}CHWEKo5=^I;0wO+>h zz7{0}f3grm7&S2n3*B}y9(I}w*es~}r^&gQluX+?@?Mp*0wg#2J)0_)1<80q#_qkx zfe6#DO=?&{`_OHdTnE|SO|`+B7l`16idr0s_7RURE0cRoJi0c=gS|*%>MA(1MMxWK zZ|oX-Q%=np;j~JW!V2%w&1^H&A|ewjwy&Q}tSH)BOGb7L{+U#e;FsN&sS8+oN%+I< zok2L^;Zf1}Nrth?1YT>7p{pcZxCKe~XPY<8%rJ5H*N5P%+dh6!c?18D)r%=3J4=D&$%2LcX~26s6cS;CWd&`D{+u<8EWb+76kn7i80FA5g)@H` z&8GSm!|5l7kqtHA7wYiNNXuMU(w&npM7$LAtA5$fwvmiSkS|c^V~+GFgT=%sxmH_L zED)gYxyqccd`{kUQBR_<&vDsywz`D_E*IK>2g;SH!*L+J6*4G9K7g8P7 z>t2I8W*{?RoYVSQY~lP;V&+y&NM(Z)T&(217e-_k$GbKEHsMTuwge!WFVDH7gd$cJ zre8u0J9XxJAdY?+%$-bEVJHT3SDL&Kc9lITrzQ&P#(z5IoAuLNhqo`4(2nXfO=-A( z2z6L6_VBSN$iyH!rbE&Hor`)nHs`OulMcwhW5{zj0}HJwEjkMfbap;#`pi?3`ql(wJvs%;91o-1#m*wYfvQ^0(rdaKUuS zD!nkUeI)euw^H1vrm85Sj!OMyJVfApFXHoV5%4$HG6>jy{4E<#ec(of*X-n;=^|vv zMty5Wp^=V%RYr8K31Ab<4H1oke+$W^yux>Q>Q$H)vP2c2M{`<@tO$kxv_dd#sY7f_ zgxEU1Dr#PO)dC*2B5=bbdNNbUdx}!S^%p@VB5{L*dY#3BC3^U&F}zKObbXfws$bNb zq&ExhSVIsdne7`GTsW0p?mwvo4H)>Bo*U|sGk z!_Kl(N~)+68Lh~f!Gr8vvbuQjSbl;%`H(}eaG|s{44@~7U6L`49od5jPFEA`oX{xR zaPLrNWLjo(#l`)@9n!!EU)QZg=v>Z^9#RN%39p+or>ONxw2GdhOw zz;8k->dl~Q**oIZ*S^M}3HkiK0vm5^7E^>yc|F}5HaI$hl&=djXVzsuikv2T_`hRf zO~iX1Drl{u?XkUzx;jMBQ^sH1>4Xigg^=w(edyXJD!4=#7`&sN(+>U_p~%(_QwR}7 zl5u|?yN-=cY$#}9NJvVX=*6Or(@a7byZuCwg6o$KCC_czG5R%M8FVj@UG2%2!}~=J z1*$VHJk`Wu(Ib)$pX*s%&@(HQ__~1$Z{nnrV}t}^qPC-Um6KRb*spn%I5ZZAuSYV~ zSz8%%d2w|%2kE$E*}QzTepI`>ho$Cr_sE6~P&p;1oZx!Guummhvx3yIDa z;MxBevBb{=Z0Zv+SRg6AM>zg`=3^j@$76_V&Umq=et{7B z+RRMbEON(-WDy~H)njkLB9HF6Co=#AD*vXvxKg%QSjZM;5vQiZqG8AAbG*O|CX+wt z7L>uRa@Fz0YhuFK9PzMo8bAXxaF>FK-W}v2l*@VxC**JOe#&#lG43Mp8>c zMwBaiAPM&RY5fXUyj8QbN_{&i=iO`py~YBq~^pE+q{tEqn znE!8H@85lX_Ww4&Q^h~#A1(NA^Yae>PxJTw%luvcX?~}Qf1Ce_=s(ThTsK*`1*i;= z1H6o!$CjvvZoP386`JFcmiLBx+LUJWMis<_ZKdUXN+FIbkAa1QQX<1+rf6#mM7F@* zg*=Q+a33O;kV!NGd^#r4eHH zo-ud0F`zL39tS7}yA%Am66g6V9uSVde?Ke7GoYfz*U8*$U8jsP79`-E(G-}L_!o|m z>cnnBCl~?J2Kl!;B{iVIlIxk`YjPUt&47`MpfnC|<6uCg>7?{-3AXR)53+jU;DQIO ze%NDJi?VO}AHJxpV-H<<7bu6zQSL{n5SMF*G$Oyrh<+!Hqa?$d7Oz4lI!rUncutJ> zrn0V^y7mR_t>Tlol;0V$&ixXSk5*%lH-6vUWX!Li!v$4-c0qSF7`5q6rWk$~ODnJ@ zJ<;^U(*q7xr8GE&uOM%Ryg+n$X;f{s!@ajyQQNnJIKKlGlR9P-uxcbZ6fr>FQcSq3 zAyL+}m&ZF)hR|OZg9dfOKENGid8e`TCYXW(j8{4~MqbIztpH#HvbJWK8FMQYQ?_u9 zLs+2`hV&mAO zyck7%IbCiXb|V4fDbwPZ_%Ur*Q!0mum}eqnoUa<6nF~zV6~^Kyl9YNMn_F%CN*PZt z5B;*9B<_gvRG!1en%<9bESm}CE9c&S1!zNoF>G1Z@xS(6&xgtgP8&o$I)Lj`z`rYJ zFV%RXP$Uup?rfNxzL8GRg@Vb zHT@`MfNzv5ig_-F*rBH7WZ=j%$C6f-fnAQw-hN53N4fD~kybb*Oe|Y^y{b?K@5vK@ zN-MAvrakCpS@}8&3t%mrO8uL~+eTwNPIsP%3~bG}+pH6(R@|JeL$XRC-0T}AJqhgC zsI;^Ec4wzLIY?Y^Te&L8E|z@$^;;Rof69z4J=pfxX+fm~>U;vWa{KqGJzxzBD?4`I zlgDYe`KP{`3#;)fLLO!^SP9>89m=n1!yyj8QoCh9)nSbx^Inb95Ou489=S*-5U~-OQ*a?)y3vl?ZutJ`~ zPdZOMtqCzNB+Q`9u=7xaA#J8`_M{t>o%$nYfXyXVdu%aW%nV+82oN~F(bR#*Mm(v z)Np9W%cG;d2cQT$v;^T-j`+*c-)qVeSqPioCSwpA(OivbMBYJvu_GrzgVYXKH|Gr` zH&T139scOgC%pG6dm=fwR)D0tgPw*WmbFQhD7h6n zVzn;^1*LbL8IsW?%HmP#HnR5zemADue15TjGVRDF;JH8bZm`qjfxN7*gp{3wpkb?A z@>A$5eo2HzM9-jmOmg!IgC3(MqS*1335aN67wbC#NbjOY#*k<}t4aoLCPCq!#li8% zd4|wF473(BNkD=z798M1%SOY=onjCLulQED1;nc->ok&sF$ujlNzI55uI4cR!`rrD zaLA&3t$U!biy%5~=;L23-)&c~V|v^f#?LWH=6-8i|GJupsEx>=wImi`Vs4H9N8Z~p zv#C7ygA;ePUZ2L!3hKrQyS30sdZk;srgp5oPv*_H&aXox#awIJw8~p^6EQEM2sxwt z5)wz@(C~9~{_s8ClC=Gi;l7O9%=p>Pt)0@vES}lq#<<`tp{vKBK*}U0Gxe@MkL+&% zH^$vcnwkaEG67+e(0%`BY(A|3A6`~d#(wg?ZTjJ420DeJ(Ibu z=lqhQQt1w-=5!DS)8%l)Y6sz!WDiEbo$f9ZElVN}f$t9_ov3X|t;15XeWO6zYQ6}s zrTW)sjNNMgOm$ieS#+ypVU+xY>YQ{&N8Lim7H)Gf+ZZCr{g6AMs0NXc)x9h|vUKGv zO^`LY$5y+a7oS8!yGi|A%h@u2^SD>~+x~1dI(ixA0dVz83CQwREf^{AIv)l*37AK% z(HzfKRa_;;K($e0%*b{L3{m$z!VvCC>eGW;aeQoxifQA$XE=aA)uR}Dv}JJVH=-e# z;j%9s`0j-%r-01r5a03rYEX;lCb)ev3n2DX=6!o?&nc&)1#o$<6kb6{3)(>oe7&VK z#v>Z6Zh)^|l%jeb|InL_axG}=8Zc)ac zCs0MQ7B{{s942D-uGd@XKRw=xfEc231PWxg)IXQ9Mw_iSDTr;F%T`0p-a zj|Unc@o(%ocs$mX+>$g-?=602Ns*%l z@$-0xxyc6`z|@hL4ap1$fEcz@qxc3-TFN&Zk!!FUxa;h>#chp@+N;JkT(406E( zfPZ_Fcwjmb2(_wMMVt766jj5qJsiDN7Stil18NDhk{4HQhEhJWrxb-W1;Wc#UCDiT zqDo~)_KdfQwm0`dv;C;>Ddy?#cW9|w;QWBcD;n50P!PUSJ~^~j*@s+fAuy_d3ggid z5d5x5qn7PtsK*Ta6=>yEY>sR_3FtRwhgU?MvaJCbDF@ZjCGc()L0im)mB=*e<-KuB z4tRsA+$FAlEBK5||C2_*6wQ6*gRpjYe7;^)va4P)hYK>F5Wg<)T!&=Wp-9|Raga9` z7s74oQuozpVOBzqbKBiWg*@=S5fUwN&>td>ze;jXN-RSH3nYb;yy9DCEG=~fkO-2l z(tNcMAj1Fa>T&jlQ)eQa`Iex}TXI3c0%xnp5jo4f+|K9Gt;D3}L^w8Hu9Oe*3e26N zbO$_asK*JUS_r4e`Q35sCkQ9|@1=F}=dLVSj zgOKTSn;z6~=xmu|A0~}Jua1JZ_rzU5gw+|xWi_l$6??VhGNqcDWIgs*2}3M7$~rD9 zKsIf)|yXs;xU6@Jd20X%;>9-e4CKUq(_ro7MD5vO^?{0!R_C^f*(UZ7Y-L7ReUW$A} zC9Re$82v)x__iEYifYE{l_NJF!zEixJR2;q_Q;Wc%wn#5p&sk%T0IRjz6>=llL(1( zv&qzA<)U~Ywt+rKk~=8Ep5DEP^FGi!Xw>W02k%|3IS0-RmImS5q8HMro!C!5QtY8v znyh-ZTYizAU8mup6cV%XpvyqD7ik3}-0{Hb?D0X&8qNGE^IZ~(9hPvZ*DDjzk=X83rz4-jSGqQPdhexsMaFxo70JLcB&Y@h0BCr?x^d9A*sPT`epF(vf3 zswYW5DUV*zulg96&M2ZNCtk&hOmkI~#3vfZd`QSds*AB>#w zNr#K9WisHbuUF`)xoDtXEmbLuXm|ip2voA1vCGJ-{X?THqSTHBC*-ECH%sO5vB-Sl z-5&lE$Wba6#|fJFV+tXtj3SX-(zR}@p6hdzF9V(T>JsU8u6KQlP1j=Jow21QmW%-o z`Iu+e)m=f6*o4u{`i^o+H?(Sek6B z5a(JfcFxfi%fVZlWukgba-R?T(2ku`@@Dx8>jF2TAF$pixUW z*i{}|G`Qqt(&LuO-;MIg)J>DqwZii89`vHvw%|$BfZ~XEDzb_w zVlX@bq82#ZY;$2;4?xA9WLlH*lb_{6tYJfF6ygPUuzl_^Z}fw3qz{iTDQ~UcpsNfF zKCY;1QWn-|wSjqgy-I(Flq63PjvrK5I(3I(R%@*AI6Pk*?em+aqmlyIl7WcMDz!zz z{~^yoCi+@2_;=SPXK$oz+PKX<6J&rK@0qoVdgPy>91)SW7FoVckLk^(c(`(-b0q5) zOzJ7skM?JqwegkYVYU%Te2&cVwu^}KhS&#G3h|05bLvKI7s;>6`I$E(K)5xYb^KV&{Nl*eKAeMOJT=ed-6_C0oVG{! zdCuNBE14>y6DTGd>9@T&rE(^2XNJ1y&i@mAnRuMNHEc|Wt$OigKV8L5mkyTZGxSu8 zS2CWsI`38vBo1#0eJO@PeK*uQ1j=>%o+PBHJtoZo`7O(F;Yb(eo#33;$C~6_ce=Rv zX$o((U#T+Y&tXq$f23KSgYhi>QH+~(4$?``ORy6UKV6hlqtPLo}eLp!$Q zQDmSBu+4-Dpp6gr9(r@z3@yI}5B{^GJVgecC3UrE>qZqYIw+va^}o7UI!{#bmYk(FwF@k;(be4S&AZe13w%eIYEwr$(CZQFIqwtdRB zZQHhO-t%?RH|g6q{bT>#J8$x4%(0#|=a}%#TW8^c)rTBC8jYSisMf#hn1Twx+Tle; zactJ9QHtf0xS#%396F!?S@4h!OBj9A8knJyqV(yVm-FHFX=C0Hg-0Im+?%!?`3W}7 zGHV;#O%=-|HV@+Bm_h0u2J#7@#zEd`SE;3gdkQ!v>jTQU7j&4FqU{eHXuK#Sc8))( z&_zuBR#8uHss6-eV4n**ELgF9KU$^sr zJ%7aC2?6nc-bl^|4Zw*A@UQ3p_56s`CPV*tei!)v^!yPL|2~&wY5b?>uQtC7#wSL% zvZjhZDr&uewIhprD3wz}>4w@qnk@PFKFbt?dQnU-yl}>;%UtqWO^DAYhJ;EAu-H4! zoI&zkO0^+!>R*D?#@NtpX^0l|3tX}V`5Z-2L0cE??`=x|lDai+!P(?XqE6b}gNm9L zJEbr<*YuR*AI5P9ccCA|DDa6+plYWwXC2nyjwd%f0CQ>Euu8usGN_bc|5eQ3tK=MQ zyCIm4P-_h}>}yp8DK&zssHKgEO6@yCCq(r-lquEn-EIY8;1eizp-^rawj2)ADqw`m z9*s5pNLLXA?ah+0--$GM#kC;J@RyGd#@NC)pPc=zDzmx=W`_#}#$G*6Dsm%JNMKd( zyb9R3X!Zr8hC3lwHwse%JM>j>+BGzf9s+I*w_nULO^gtsF>}&kv33yAr|HuRUW-L+ zcVm_ZdN34(vL;_YP>9f<&et=e#i0#8Aq>7G$SPRW=rkC9YXj zza2gO#HRkypK>eq?=z_}Si%dViCiqd)Md3oxTXkWCNhSvvMOecIDJ?2MRPSi!zuae z0b1mKB$if-o_6MHFMNHl zB5(lNA^bAe7;J@i;OK47@~#-OQjMpJFSRSVE<_Xg{egx8JmXF?3n8%7z@n$PR<`?5 zN8I@NmAqDrIkOn^6PrdypFk3<9>H(17}5MA(4RpviUqu1cU9d1yx{smNIlXSGbuPk z4TTLX;cWAcK)&@J$m99#IMS`+RDNTr^mm^&-FaB5$ki)1B9^BW;tTVee!Diz4_Ors zhhAG81)2)}ezz>^aY4O-?ObZeM61A(4g=Kpe!&zpLcZu17u5-mp{^p}jL`&R|8jk$ zK`c%qsc&&WJ)b7ACs<|S%QzP0)Ix5inHaKs!eG0SMTZ|(AMW7j7CK)~MHS17_o z`Qx=kKsxgl^7CcufI&UmHWv%A+$b$qief}3U;4{}wLD*C2jgIoG6jaQDeIv+4DEKF z;SN*&4L*AvquS8TzV^-hm=NU%cDF!P(`?u`LG*=_Oxxt~7p3_CnbqE->^rJl4622` z8BZlB+VkEs08PvO*iZ(quYxZVH8Vlyj7?>gC>Q@f#ZaR)fwHeiu#u=#?H)j{b?~p8#d&mukI7ynLl#}<% zn#?`}m}kz{54KTt3(DSKfzqUTtmiBzYN>kdybH$?lIz_jw&cx;FGvv zHYl66QHh9kVB3_AMFogc-t7Ol^MhB?i4RySel(VXeR$2o=W*>H3DDT-?vPr zHZC+l@#e1V%~i_RkI6-y_EZxC5nll|HH}?tv$cw$AWGB` zP!v6r@$Tgr5}o#eGr0@BFy`uMQ;_f-%%33!D%4niNzuUG&q07YZ1Ug-RE44~#i3ic zSu$w?W7w;#q`^Al_AfZQkLG>h=4Rb{Ek80sJ*+eda2EjRW*Ksy9}gvn@`#xuV6&IT=w#C>CqzSuqKFpb|{Zu~vx_^btbHbVv)%r}Li;uTbFSeI3JI;Yt@`9H| zHD_XH>Rb`i7(thfWYBR_XYN?>>-ht#5UCAMxliBpBPCR6)`LP0Fgg`NW9zc#*^`^$ zhg#>um{H&gbfs(8?SiJo*KxHl+Vhvf1~hT=>r1icS{f9)Y>N!%WUJgzHHY8O2orVPDDyH4dFX18`L#w?wWw@8&j;lwQ> zEx?Fw_NQ#me8MU~Mz1qd#IXH`dTA=${M=MK?=V+ z{GN;aZPqenI-3*j>pAX?ry!z4kB`n<7MtWiM<6Wq95}Csf4BVfD3^KQ)F_dS%Y;fH zBwo+Z_Auf4W&S7%8`K7!CRqU${9L6g~t^5MQ zS{)Z2NxUBWEJJF|hKwdnMW{h-_`EI6LzORE#j7r^Qcs&|qyGE%KbFt~h)V_}_Eym{ zyk|zKVx)uJ*#e8S=kT{$7VEAos@Qc#_9-Z#Nz*2->)+1W+=spjb%)w2p z$Y`=kaeXbUNsVXp-emtHQD)V%aolWOEjMyJ7HL~+7YHqByz&nRIap2q`f3fE;d45q zoNcc{@x&*b!e&FEQwC5iK0s9b*M}#G>=U$ejpvyjbK=VLr(4a?DG*ejk8;6#%(1|J zE*z^D^7SNqlyeUDx_IRPRxG(~xsAXt!O+}a*`loG&_qu^OK=n772_JCPf%e3g=kx! z30^qX@-hg7swz5N{$mq9DMA2dliF5*AycfLm6n9fmo*Y5egWoqYr@C*+zJ+1$~G7W z1`CsdfPWU&{R6G~m1)Z3eB~q<>N=g=1f5!wJ+5TGc)vCa4^-tw{m#)LVu*=8r!2P; z!RVAT;X)R^bnAbVjLTa$bMyx&DO7&LJ2;#nurF#kc!~md!P_NjQdwxkdrIyjtRn!u z>|k4~d_^omoy86N-Wrx+q($qOHmL!=;w0%_lu)fvU;a!g8d5;<4BzjAT!x{UD);x@ zWqQ}>5DkjJiEJ1f?+WPfMgf3blU4YFKR-_-@wPo=A3=MDuqlYt=qpyrr$Y1y$XPm+ zZ@qe(be=&_9D`02Z@BH76+vZz5PA7`h{$gy$1gJSKh=MhwcxaLtYS{b_$Swq^VKOJ z0&JHn=FXywn zF&f8W^TcSrM;#tm{wZr^M?=)%a~iZvQxR*kisQFBZoqU{FGvt5%kol1#kzp}JMU4e zBdRmYczPYwrgBO2C;8n3sTx1!Zx+g06UNDww9^hNWmIs{`wrR{G3SZ4$c=Q3;9>*G zRysbIUWoL_8FId#97x8NJcSM=M5acxkMuGH(uX+d^=}qq8N(opxs95(x7=*9u_4c! z9(LM1r)5_ur_RHy69g_;Q;(=n2N-35mC%ul&8)yJjCw|7Y~=TaoP}g(gex~Oct7=U zEI2USqno%sABe>cCYi&$C^QR6_-}d<{@YuBnq8T;Uq}W_ zlJFfU!e@vsMNx)aO`i4n_`BI1*I^6h;U-<;c-=AW6kt$4cN_*)(2g^5N2g2Y?iS{wdZm#yN zG}$la;jwv@WzUfbc&OIa5*y2JP#6P}m0rlpqSpp~%z)#`v=!XXZ^-5i*nSf3R)u~A z@g61ucTBLJtgmo3(N}fGp`R~;K#6$QUV$Xm(lEZBfe~TGA>sCR2qx>Zz=QIHCVfVR zB4B*ER|=zj;%eK$UBb)0#c~Evowi5-ALWMrN_<8ql%@!S5b#p}5oPi*fWZ(NkA$co zU<7@bJ$Rkt?vNh)!d;(B6>8=wlRZYkQX%cBX-qbOYj zNc<%i&YHqE3qg0v~?Klaf?aovy!ENWy|hOyn=spT~hac!?tj9wAz8fO?(&4-AU~q zN-nRGNq4^d;qF9&aTAFTufKZ3LjZxNTZXQ+^#p7HAS%R6w0<)>UK!l-_f7Zb%Zgx# zfQ)dLiWl~eS8+{u@GHWH^l}T4#l3=ixeLDScetj_kYs&id3C3-Gue%M#N%b{`KLAGX3xt}{+g7xh55LH znOwPFF7Cy0K?!N!I3KbB^cK;Ol#q43JK&Np_^xnbTp>jqFXbLgdA)K-qsPCK(-Dlo z&t<<5aBZugPR$Arp(0)K^%v#me-PCVE) z7jSila$kAjanAE(dy95{LII$*BB=lXd!wGWQbjR3)^Ha1;#7^Xfq_ z1E3;Gqgq1?m@;=Ng-lVBqHl0SJ-${GNtQp?L9!KwNZ|ggR`xIkx7h zquk#zussNZygLpsjMS6;IV>CLZ)T5cG@ZqL%&LOC?pu=Y)V{t|Wu?=D*c;6r<$lAG zCwKlu-jXMu+N9`w0SY~?7P3&p?w>f}I7sskN#XlTQvQ9z`~P7xHUDBWEdR}BG6nu& zGkGWf&1P)*|0kOn{TG{o`A;^JDe!ML^EUdQY(@h~Dp?YZhyi~YHB}Cv*Q#-;jC7^A zFxC}_*KedjN~zkTjdwG=1bR%N#G(iVe-Ea4OVk;(m?=sAW>5KCl987*0!}>iw}%2D zIuh($wjJ+RA)090%efxIs0Y{e-wfP9R^W9(R?S}GyRp;|G^jc){IjGM;WV)%JAxHt zuaSjk9lk=YtK_PQLM{}VmFS__z30+k5Jj$KaEdK`*pljmc(uztU2v0v-=*pl1FxLC z4&2EzAId?1D?xvD6shV$I)0Oa%b$Or)0cMGgt|qI7YWrybZq@PqxAUwd@txxAkge= z`oXg|11kiAJ1FPQ3MAr>vg9nQlpk{t!njiy&qtV{2rMom>?q7R#$IH}?WCLU0$kkx9HaDch(emqPwG`Q zK+>Z?*jL;&t4)xR(qEj&-U`KkFD(0uP0Typ<#w}hrSow?XFNA5pGOj$1F)A+Ypf9t z<}@j~TBSvh@FY$sgbyjsdU?sII*Of^033w~R(L{fivU+YD*kVC0RduyIy#};>#*29-Ag9x)D?dZJqa)fAXRf?jaU4h@ey zC6{>dv_*R^IvQM|0#{nlc(>j%cmE0uP1#}+LEvHnlPEj`&ON(^XtJ>#ORibempd-k z&C4GxI&elmG6w{|+p&Qt3@|vU;qk^Kr{A}2)bR_3Qg>QIgB0FN9y$2GAFbFM$ zzewv-xx}7eok6(w`QdKcRy(K<8{DK|0#N@Hg8$ur(ax>R)iC*}Y_5yw38sB<6FWpP z`sl^LJ#YCnK>*924PMM-e=Jr|@BVmvTomi2`e}(D8^XSmD2J4v=Y}4Zr=UzwZk{HefY-6`P70xozOt~^jT!R{J6 zK)VrE7#)TS!9upWOq&m#{h}L(^rC7i%;mEEndTf4&TA_Zz81z6URPAWU3Q90#+`JmXX5HMqzZzPix;$)Qi^? zt=c7@?eKIqwu?&qg<>ZB^n{F~@wvz8W)?TXq=bPkqZ2u9-5YKeijpDEs+L}ZrT1b^ z$&9zuTIJ=wC?Y@d*{{OjA|mY%C-QzDGU_L)N}fWZhi6>`=0eIgu=p-DEF%x=pE4>a z!MfT+qpIF1s7D=S<&e(ZP8-}Jmpn#oBOBnp;UskBjo!Z-4sgsm0G<2Yti z9-#3B6xWM-p*-;ldCQNYnkqWd{wU~%9ZwmJ{q$6w5m>+I(ux=uXZr=eaydHSM>weL zT0p!v2=N}`q9pht*Ry?Bk4u1o&o|TPZ~ZRr)R9gM&XVSTEw2cb%CiH=c&Pk5T9vsH_`}R~YOfrC4y1twe$|TGE<=R2s!aF+FrDHG$I?628Z@_?WU?fhR)rM6w>d9Isl}^Mbf#p$n5b_+@_~U z{2gF8nXykySU0cU8idVkDaMw=gNxjv^t0h98Iw&46E6;Ccd^{7`Espn3C$TNTW9Pr zH;>aDs9zE-4Z@k&YFhY_T1wUL*fkn{*GGnv!5=J_QwXV?@Zj1RWb2V}jNErJ67jhS zARHkgxHTNiqiGegM(5$pXic7VoNr7lLy)VA=V@lZ{bzG#TDcTHsAw1b@4&A+R9{a) zAmxu2Z)x<-+@}!fFHUSG(5`W}4 z*L2wBbg+N!4S|431cG66kmi6>i$I3(`e1Bz-lDx2$dipdV7Yb4(wce~2@Ch){UF$J z{Z$nh_lv6UPo$&2PX?6NWC3SF`HnnLURA0%kucZEeQMsC*k51!%+{q^+BrNs`Awg4 zyoHHBMl%7|T02;iAz_om<>5uj;8kGt*)w4(J=EQ)Uf<9^B?L&J44G27_8=S!i?Dob zbUhDh-L<}Nv99c3e4k;GoCq|K(0b!rCMwN)gkK{rr~DI zYr6PE!9H+OuON7T_5-M1Wko9tbS9VxURHYFKaOx z0odpRYTZ^n7e3p1#=xyDwcHJb$NhE(Gq4W_a6H4%{Jkn6oK25 zeY7<%Nuh<;QA2rgON5Yt^N5XZ)t4icMK6vwwy$>D`1o=?RL)y6Ua)mC}DvqARjZW)&l;^qUQxQ z41#WSipH^(E(DOcmjwxU=Npp7de#QV^_TYj-?!peXuH(OR-z7MueWITE*<7u}r^uptMz@L}v8s0u~%D%W{#cPO$tol_ys zQf?26*U`^zKGM7p`VniBKdWII`r|nMS=;d zOaimCq*N*tL9iRliBflCiX`$WG6<#dK6NUUR$Ia5#MK2%7GuT=qWeUb;|m{HJNA4pL!wQyn|~1}R~+Jj=3}3&kN#9U-u5qU zi&%%Viv7x4UU@S>g{2CNqh~3Oh|H_H4;M6Eo^Zy5JRNDQq>RP+qq6k<&{#b=gF)}y zVJ@TWc0_D;w1nLcF_%n>fCf*-zp1_n*ZDhyV_?`aqM!@Ku2oGXjAG3ZKUo(V4xe@( zc-OHR<@O4$R>QB+vTRytjWaC=+JjLnoE4e~S(J9GLHWjPz??6$pgP~N$-xE*@PYcW zhJ}DKXy)p@wKjPwtaLCpv!*a&V?oxj%*3>K<17i&f8tdrDBdJ6lR0x<@rj-U5q><@ zN>vl@JPy7;2!jv^w&ldcei-vqeALDLS(sRzUO~C5l$9#p^^4o&X#r=BrwM(z09n)9 zM?9rrXl_c#qoyg!(@b}Zc3BiL%ETEgh|}V7?WYZ^Yoc%?W)1c*Jd-y#pAD+Fi+N8! zRD7U_<7XQjdXL27?%vw^;tikEL@!RmN(vKM(C>`2v4GNwO$|#w%md+q_Y=*WOd-%O zI$sJ;qWnlnR$fWg{fO!lN0=3>KKh2}7AfSVXOYv_wyOF%Kc~oCBlmA(y0an#Ndrxxilil2_7x&wsHW}#WDY`6ap@Qy$KW~rl2jW71{(le1f7p0#t$y z3iDcF%1qf5BeXLtBXM8CiRYO8)hCS}lNF`j+O__(jQpoTfxFBl&8H#8TD`1kumph{ zhD_@8JUAW|23!D!UZMyJpDyo7TZ~@ID$e}-KSIXGrm6>TMSJ*EhQENz)HrQCR$b~PHB&bCHu;_+}eS59I^$L{h- z$K}BLGY~D#cH=N;cAXpva0#k(Yq&3!9C=NzQQxEHrIgQ+j`TH0npBNA?w=ciIOBj2 z=09g{ocoo2Qc||S8*9R+2SkS%)0wNW=yT)Zw}kzRs0#Lp2v>r;O7G`&GA^o zWS}eROti--obdWrwh|jm6E1zR*NI^!P1L-1fEwNc4ky>%tqD7!yGeXw)IMj&B^p>Ue?APT6`Dem(>Z0U2H{oy=&@36BDhBk>`=dsuz?OE2n zEr|Mp?^{{Z-pc>l!yE9Ir2G#yQ~NJA!~EZDrjp|yHWPdE-)yE)02<&N6yRUa|JyeM zx@j`;51aAV_)j)d$?Cx|;F{f5Q-4-Q8RN{*--;wNUGrD}XLlNwk1m zpy=1rb*{9rfxxo5^)H0fz1x1Iz(+7ASX>U}xXtasp@@9RXAq9}m#8^2gNKR)8c{=M zDGL>b!hLKeZ|O(-^$M;lv3Ls1he)(Z1t z4cr=U3H7OqIMno*772Hz3vuKf?D>V9N2O)pX4n%%a}s^@-` zP|1=6)T(A&p~yJ(UJ{7uLo`8n3mM$b#p+ra#M#p&BjG)Ta?^{>@T8y12y5f>D;YNi zuz&^Ptqcx1fcx=S9H76+1e1v<878r%go)5u>f6}Cpgx^Zky1x!L1Bl@Zh$CkRZqzo zac%qpnca76fX?NrMDB4c9GVxV^ZQBUFB0Dw^^Mb(N15ay?Zt(ic!| z=R>NA<|$G7HU%S328um=VdXPBYCLX#8gCGJXp*5il6o%-U8_rc=04|_ouYp1DSiStYFqt>vOq~up*&2a; zHm~t#?U%)&7+er+DA3;>HCyHH&EH_y@IEB*_M$jkeLOP=p+!iTKp{3nO;4g57fmUs zP!|xcc~KwKE`x~IQ~|qDw`R}VqZycHA||5mz`+|bcOhddPwjOPIE0*CNPF|_%A37G zr;lWUxac1)@~ND0(wO;L43fpOTh%!;)osM6mnO+(jKjwI!WhOuR`NwTlJ!0@A5dP6 z0PpBb9cIv)S%YZKG!8~SwDjCzX`kc=Xg}LXid(a=*))hqYORm-;}Dqhc1P6}>d=cY zc(85L>_*~ZDoN|%Ca$&?oof$I$DRZ7aFoesBYyF6Z7ZH_gzS3mjYDm=$|ESUM4Z`n zXJj7kxuCgc!2)5x&d$Q*(k0(err)Jgj=A%mqFu{Q75LE?ocNM%T5Wj_@@bq$c=k>$ zq3y4$3Uf?_1C5bbJhEF{4J2*|%;-4UK+fq#T z_V!118pnIgqvY&2dLa}nxmG9adcdOGbxG>+#45vbr7X=9$RTQy@^7i{mhKyYynaBc zE%tQUqkDe*%oK(RW!0enaQ;=n|Ec_w|5ASS|5X0Ey?-e`1^~fa>VGQ#gTF1o^R@FS z?Ac4(A6d7b2k&5H{k1>Eegj*ntn*R#mz8kyGZvq!+j>a6l|7&;)U7LBnKD07=C&ij zSbsZQ)d72cmmB&E@bwAbe{c^9BahpVaJjVV0BBjbS|`M-Yf>7 zz<{J|*%Fcspx{2Yfp(j{khDxf)g+YcS*1-vfRC^Qy|WscfYURtDv6^H@TyFM9G8(! zepM!bDwmqFJ?Un5-M~@cBv`)$!T-(_quNnwG3$PJpnmj=wGBjtMYElyZb9&B(~m7F zs48462YnEkzMb|*fmKNCB_U@3mbAaG!c_B0?V8$H=DnFF3-9@UXe39X!(EICv?KFkErT}Z zaaENft97F&)fg7CRkUxM26xloRDsAf51(hc+8CIHTfK7LHHphad2L{jH4bx*%S#+N9u@1uUJ4eRc?AQO?`gv5J^jVRHGyL7soufIAf*nIb1O#y=4OKl{bpD(&?z zs~7>7Mt1@3&p%$3IRT`C9{U(N+|hUBvFokMMifq!Y~+MtZq$7jchGHfW(X;JOk2K4 zKQG-6Wcv~Iy1v7mZRSqIh7Q1Uh06{xN?iOM@cr`+bb}s{`RlDl8$4c%9D&(vT9W(g zu8<0t446#ip;(=Nd_XumS2-s*LQJv3(sO5fP6%@LIKhHT&q&LQ?? z1Me7BJ&@lbep=icX!YLk_QQW%*Q%B8>l3@WL^c`qw;qq`hZm-ku?`og@35rmuOg}< zjiFNOWxj)*=0&&jp|%BKSaWH)D*0JMqjd~J+p7O73isxXZE$gfcU~0Kz<%2SV0%f>z&ZewcT@s zIS1R&E8PL|6AP;hgY@!oSzMuz7~#}MyNSsD?uWefplR%Hpz^JNIG=tM6+m$$eiJp4 zfuuWZeOJ>6*o@uK5%HXhA->ykS%^IO!OJY~z(05+i-yo8R*%s(-%NSRC1`}=T0Qd9 zNc3}qh}-m<8EE=qoVNVj4@O2_sSKdjbPEZ!^rq#5y5l34H=LFl+MKD&LKrd2CpE6w zp+Yb6k4i!dm6~$E;7J0@lVd3lz3ds(3ur5wFc@5ZS>4%^$VjX zs>Ct@Z+tM#l(U5`(ajBEOY|Iy=^Zq-e|DmjC&QsWyL9C(cS?;HYYDZ@s>xmaAyUfz zrsCEKmu|3Ep3ELt<};&yJAN$2z#y;y_}<)~^4&})2|v&MvdJ5&1dmy3^ew~k7%}Wt zKL}Pj{B9fz0~7HU5#O)&xW(`?={KB7O?I@t%fp)bD=X66OL${@YjH+XPn@Y#zX)uFxpp-ir0aAttAOo`uzCE2 z1g8hqPVrI^zxI67=d3lOtxwO|wEe>aZ-z-ur8qZ81cKP4|KNWs|J1*fU+q7Y zza{+No`1pMKb2p<&H-^qO6jHV?5CPcYxwO8gx3lH^k_taK82Ca2Qmg8a#pp$GHhdH z!3KiVaDFtoJwfuU{M&6mn`R~ARyCY6^2(PZDYS!XFzkOvnK}nHAb;! zC;2ejC?>A_GuC)}Z%pFb_o7>wh}%IlmYcL~$VNaMn602Cq=V$dcz{NyCd=C1FKh&#;w;KD zDCKFJlRbmPF=LIX@pO;}n8D|=)zL5JY53KaoH{n05u0~Dmkxu~uu5XdPoaHb595EA z!(-(Gy-OZqq=?|ll?!aE6Hf&Rf7x}>vbUAu2+CzJ9B*&fVUz}75MruD~?^q%B7YbEhw zAWAn@{Q|Mx28|swlj#9n{0`}oB5Ea0J~=5$bOMCM2ZX^ zkZaxI@83H)kT7cZJR?`Qr`~}&PIc`nDhY8l7#fanf8{YD-pH5$;_I~j= z2)o#>aDaCeyn!}`3=C(1K}aUUgy@sUS^Uh1 zUOU#;c?e~@T%k>KI+^+t`KSr}lYpRaJ-G0^Ex-`LO2vZv4KPwzG}_ggu*bN0#*lDV zS@i+DcW?kFTPhCon0CJD$@*!OnF@mwwShi zZO*>EMcmV`D>1N_6qHiDeU=h%ecPsj#hI7O4cvF(onBiR>jbWIc| zaCetLOnRmgmV?C83Q_S`tN`arJz=$IYQ)#tOL@0f>JF3#26w>jh9z?gp_2;S7AlP8 z!o-(2TLiI7G|QS)_%oVB?2fS*d1xH?qrRyfLrLVh>?>16!L1ih=}LBhz!MfyDbH4F z9=3E(mUDP7uyfw}5Cx(k9NomUnfgcjizujZR-}w` zwt8$LMxgX}W39rRB#ch_hxDyd)e`%;VFc1-DUu6*%XYP%wHqE%;`TUJ{~7u;3EPlO zQ5jA=a^8*>h(uD}LHeitXVWVPV{&Rc>uClckM;SU6s*5|DEjnCd#4dvv^{wm| zumX8zhAt{SXN-4@HUWnFpV1r-OUIdo4_5UdB!t3OVPTF3B#a!UMf*c^XFB4aaW;T^H8t$6iBkZGjwJD!Q@h-ltt>1Sf zJI9wz74|bIq&d#w0H%|c7f$(y136_hb+PB9cbg+D^)^7J{b9M+Sqm8aKVe0JHW6N~ z?Rs);?JZCxoG}^!wA28#n}E8CtB;5B6JA4qnqBzs;9yTi_k<}UC6eLhZJ-fqf0p~p zuhQE5YrgZ8k@EDzJ}wZ4RX+c&B5Lo($o5|231i25*h#&8H88jEZ2Iusq#hwUXC;i4 z?+EU$!gztB!v##3|4OvfUC&>ff%2?tT%U}l<2c+z1H1xY5zBiNa{4^ddIjO071BWh z%fY#w%~CR^@{Wz@@NdgdiFygwa$8R$lMSv7N|-!mM#wG5C%>sgI?Iv=54=-N|1Kg} zRD!iGNw3(Nwjc(VOOIZ(NdFs+rcpwPZ3zz4!zOyFF=)!H#%NKCeSSu~f$=+DSc0n@ z{2LCg7MXh&O6`TJ<<8EXac8+TViYV9$u`d%gAmXSFMSDVuUJN$dg#$)pnR3#d*B5C z#gmMH6>jAOB-|`ob=3dz5@f5fDU!g43u>)KEI{C?kcCCQb-rOH6WL;%I1s(ynlP}o z@<-3ljnTwAe`G?${R-58+SAUTV#f zKyS8+t|0$?x&mJ0uhdcP;$#-cxi=#kCC5;G3?blH&xU9P%AIVGisfxgzpw98N_sZv zhHzE@_CL5T#IJ4(&xLh9jO#v-N(>Vfm^K2=^h6(B*tbQt`v|B4VO*mA1`)`+=E?|} zO#UV)rj)Ic2{SLU2VMMsY>5yLvTktTDP!{uk-o=16n_I-j;P{0=m|OMjib0uFBFbk zu^rAkgrS)KQ%k;d|EKcL{7d;&{!{t;*Z!^iJAMCG`Q`sAe<&!v#~m~BsJUMX#D3=K zaTZm)L}n3t0Yvnq!xY>SR@G*_>qhIkQ&h+FBjS?^!fvUVywUr>@Q7|QOLp@mHbDCU z8=om1D&h@FI;EV60w0JjJ)Rmgr&d1p!1NM=H1BHQ)8t!&iV#JaWHZ{SGdc>*;DQ@I z-T*0PJ=mRq)Byv*cJ_VmUF~d;bHmN z&9Yc^#+A_mh8_eZFAY$(<>6pglixsugC)j8lXy>((qkcpErNT5iJ+q?LN0(-;Z&uoQxOFH#2v`xouUe z9A6wns6^rJCBcfe zDIoqwE#gbGR4xf(bURZ0)^3;lV<4w@Hfk~BT1BXG5l=fr_GA*8KQxQkX;9n5-Q@v< zF*wL`q6T7Q3|GO2*27W3nQF@RA}@@jLG4)Pt|{tA#pPr+X(~%usQ1b%kdLTeK}qhC z5e!PGV#TS~GELtit?)wTPm$Jt2L=jm|8&3a*AQxY1SLj^pPllfVVR`@4wqXyW<29U zL}E3PUO0qe>F}&9qOK6@-^*!*Mf%}}2fk+F(e{~6>$t&57PWH+Ulegy!$qW`dni|B z+93z&jUt%==7Knvd&J#9eqN|))D*oHNO5L1ZVFD*DhQ<*QI}uPS)T+@&S6Byw57o- z^Cqal+tyLC0*aA95rVDvHJ@_kp@~e0y$bY@7TUxv7i>Wc_lq1%9*~N92|#3uqzdqZ zG*#CGE@aM-p$_}Y3uAozu17XVp%1G+GP7-|T?}|$kpfJK=et*_I3wR9lF>a^FU3Sr zB?sITfv%$;hWN)Ka@ub8zS^p4|So=Zwz;%V0j)+W;rSMIcB-#}Obu9eds zbTI<$;2tjfLu`4K6B`vkv(8C4HTScO049Zjx9zJa0@uI7%wtrxC##stYJ957B*+uM z;gzM60^1eJAYAqb8%=S75Jq=WBi+X5VTA6bJ_05svIGcS#1KqEasD8M4MoGRnKRW5 zQ3GtS`n^FAk5op(3r~S+ESs&`*Ut$qS2VVD84j5CFALhSz z6mA^X+uqpHv)#WFoAL2=;5z8qHXKLFi3rIr6P><2@1R{N)8_{2QdlsEtLv1OgCWHC zvR?&|h`(!ZH=l;2JUg;>^Xr5~Koh*-78}f&060k(ZxE&^BH0iCW9X0b%IkWemh=BC zIVpfQH7}@>rH;nYCnay&@Bb!%^{)|Q300r1 z0}>q*dr(AiL*t>wANPOwdZ!>w+bmeLY}>ZgWuwcsZQHhO+qSxF+wQXMs#E`*n7w26 zM9jr^``&$-x$?=CYoI_Yu47WHaz@>o6#&tkkq-9Oq(eL1MF-3{Uqt^VlT)0QE|*ae zwt|Oea_|gkILpXUm4&_#GBgN#s36XP?N4@+lrB*M)%#-!rxKCnjuul|%=qP25VnT{ z0>v+Nv-yTX&Yl;GEWz2Xkh)cY$GvF`>7zLWl^15XC%HQ|yhOKH3M) zXIM8Hl2_ia0ys0rL<{~V0f5c>Bs`+cd_;8#`FcSTaz;V&C9M+7c>g=$S0*vE+nPcYT4SvgJ1I0aBO(aXOJaJ|Es0}pY_LUWTyZL86!Yy(fHi$c z#48Fmqz!dkou?YD@5*KP9P(#Xi5*JS=*n|%Aq7l5HpiD((MV~l2aX~jaR*d^JA8)%7?7m5g{y+=;;U!bD zkmDfIDLAegs;SkPX!?WLe&95QCtoTjGCy7j9P*rrsUvD(Jo2m?sOUWxV3JnH*(DU74rA7^>imLy!*p;nQy#xN1`Rg+BbVRAWgpgdd@Wk+zZi*4_w z#exs74CopX0+i$i+I6TRr;KlygN5LVHOv7bM;gG2$H4{mb65{|FG=OFE+zBU}J{)-bcMrmp1{->@ss`*T@X!wuTic5r&UD&iv zX1))V@~vaTamxGFF}<`(Ca-kwM*04Uw-SEb4 z*KewnM;PiTp)?}i&#!~I%2&vML5QyDMu@Pdz|bR91}SQu27q6BZ?P}5vDZZ#NUBol zAMywp<1MKm^%ZDAH!)Bq%IruTh_%N7HY!CrBe`zbkZ8)5Pm1~c`t^3j;=NPiVjL=o zysLX8<^>*I!`~=?ji*P6f3({(ubp(I<-bshMD;&CkvzihM6n{sDxcSnI|2JGMWaK0 z|7cY>jYInBojl8Rh%X@S3fOAS47RBeqX8TyJ-Q1*GJ&XIj;V@o&pcGR$P86p?o<9c z8Y0v$xvBxsH5TKWNO3S5IWm$EBY#UB^1aWTdzDB8noJnR`@(fCdhJE!M0XwE-U*eP z4*uxZB5Iq4M1{cinh(-;>haiz%Kdh+QctcJ^#pGuaoVwv3{ZtxD3T!h z;*1!zzcIoUM7_iZIP~K3is(bz5n$VSMXi98#IVj&Qo$G@=S3}&_wUud$KHV2bTp z5p1v9|I`d@^o70%%jIcZjj4cmTBzykS=leb8ka5B{;&qv|J4rSNd35Akg91t$Y(6* zeF8u8+q5u7{mzrnazvql5{Y^qdeEkId^%J3_Ztbr3_rwXw@z81+dvww`xGR2JX^%T zL2qJ}yU)#Ah8xpkTErNIs(sZ<7psgA1LX3cSTF|6X^*J}o?id-(yF5!dlAp`epN^s z=mU=;_6@uCC|s+mAMgccnP>fw?lmRrP63EP6$2llr883aUe!7^&Ft%-FJ7CHy{!2u zL;>vVKhEsmCk#z`Ly?}j&8>}Ft~R6P}-2du{T>1saYL|<<*K{ z*$m3Mrctivs1=jtrE;a3$hc#NFaJ`{ejEM<&tN&!dJNwf*DEP&CJ24kGgwb_g2!Dk zADM7u)u1x4JHcoTZ-Q9y^`D&L2g?@i)~VC4Ed-RTq*=xIy}?(dD5gzAL)oUFL@o4? z;C^i7)C+jJP;Kw-Y&j`bp<<>~d{wW5Cu9G&1 zg?wI9`q1ZjQ#v&^DUz+zu||1SN$Yp)o4!(2;huei?ZLSoc`8>lwRSC9{&}cJSC_}S zv+-8Q`I`z$z}=E!`!OvJpy5b3OOC4`wvfZhd%g5$SRscZe5`8CEuL;@< zABKWysZNRgI<+EXn=%WktD>=%|JB4L{7W+hfI!7?$A;L5VT>a_8F!EL7;LWP>94C) z(mK*%7JnZ4yseKYl6MT$v$`hKy3)kE)dfyOLN;>iw5nIv)4oZ@vJ_m7a~8QQIO`$QAT~;pxYKwDw^|KuNO^75 z#7;%!*K|xXTs<(=wB=51)}Ge%tZc*vrrlzy)!+RW@y|Cf>Fvxw$lY|J;1o|n7Go*n z*H`gViizh$nw|`nX+dIJ1AVfErM#eG9}5wzLRR@*WBC!!EIb+)lk=e2?vo8U3T!K& zNh1q)WEzZUd#R(C?GgG!5`bnk5VqKPKOKya{WL>EQeG4LIFiWmWL@@4BkSIvxgv=G5IHm<=bD zZJF42Gq3VCo#!{nZ0=1D8MLiM{OxxK4=dV$>OjGBq-c;w_iqR-i&Dl9q!gU=q$Ezb10VcgSwq7me3n$m`bE8jD* zmV}|48GuT1n}n^eC`IxyG`-L|MRSShWqUYW8o{h$0b-CDrE811SGe6bi&sxvJ z2F5B6uw$fpRbCjgBBB_tLPa>Lt%11o=lVc1ATsV|e#^+ej6fB%+Km;iWCKY@eVB6V zxAKUi$3fXa6-Z7DVX89O3?JLK$lAMrwy}cl0wr%xx*1%-39wJ(POX297pTK$)$Iw^ zmP11RDZX6U3O}%@ERF)U8V@U6mK!W0rf&OToseDv4ld}d#O**b)frgy88eZ>P-`Htt!#2?dR>45aN?`lQiN;qi%60xkq>&8Gk?mi?HJG~r4MxKdO-Xxu5 zPN9Tb#hqbO0(|$vc+=Uu+PDV_?kK|O^us@z|MY)r{>Fc4e#ZaS{0npcXnr%9|IqyZ zx)P79|39~a=l{|C&OraE`4{H?t@&lG|I+f16te4&`nqU~yla`Rr28$>{TlNT0( z8j&Bprvm12At_Ah*@=epxBfcVB9InjiKr&CHbdvVuuK5QKz{|5e5hMm$`{pFGN)i z&Z}o{W4J`2sx(wxcOQ$74X>ptV?w;jAF6lfKQ7vJooSQJOd}CMYAi&iO620ASB;tj z3FysFp%eN6(;<_mIt-_G-r4tegRFrx<^^*83lkzwFp!5yMM|W$#>p~8F5 zd@8=SLAKe-(|gSMxAeEB1y`tb^rP^+gh|0Yv%5;A*v`!o9Hk3NL4@Y|+5N!zfbvXOp?x3^o8IDkNtM+%HkL+`%?s zg5*-4LRqc^avKU_dr*}Tl<(?~uveXw& z+=S+A@B4*^i3hUHR<&ku@7LcJZNa;PVE#0Ap?{PwXsp>GK!{vE^mDsYPuP~-WCjd< zR7tCfmOf0k^2(wT~sY zoFAfDOu~XbrODAy;YaI-SO>;!r{%Wf>Ug%+(*;@ek zQ?h#+4rd_2BhDEP8dT)-bg6&ecYvJPbIKvzc z;UXgV`WbF%pd`i>8!R<^oiKR`IfJ683@Cfl2bw&8^Mc&lVU1B=9l~jY}xGpjj zhS_|$iv^`@HP9);V@--l{q4MbCDK#xs4J^lCM-BPU^+inoUhJFtYbxK?VoDok0caI zwK1FGloVi6CyCY98S2#?H|x?*Q5v4gH_ayCpPgJ6ue8KSUnu8DlM};q^4Df)EI_~E zOXfPdrxGC1U(^hW%ONk4mkK?%;kc$dXQE>G5+UeMS9h`MHU{BEj1X$Du@Q6afWq*K zUfdR2jt%5f)ykJp#+MF|)QMRg4|0i^4-K&1I>N=xBEscZeU#7Ze3aO7$Z^Wb)7eeA zm@{ozZd7u}vcyPS)jj^;ljRX9X^+?)qbVrwiM@$ZaHL;RVn>fusr&f*W%PC6ch38( zoNz(~KB-}kDTSMslwmu%t*t(xB{;%SMh6cjKBx7SZVRe0?q4B#Z+e>8J`I%|l}c2r zvSKYod^62L{zieG>*15j4psJ76S^~0id#|D7t&^Khw>wNC&;0zD2dD~7gqZ$!$M2q zh1$UmSRVn3j}h))XVyBhWa!acL zW1|WE1*={o>CdJ>ui(WUduhnx+ZPexl$_9T7y$P9S|;@vAVFEg93t4**CA&Zf3!M) z&b^|F^h2uvIB8uiGe+CR8se?l^A|HdJ&3R4Y$4s$dpQ&=v4%pcsuOb0YEQX;AJc$}zY_;*iqt@V6aD+SOrW z?2TQIbyy{U?Q5U(qP&A=>n>$5O6Fl?0&9?Vn(naT*<(w{f@#x}z9&xkDITQxDB|&v zm+W8-&qzx?xT>z|WueqGBH62fDljTP{BW5yfFz>KU91Mc)2|3f6S z=SOzBobz=$dmthu2gR-nXKD{s5Ec~hGZSn{K*+@gOMRjVEMHn_h`wBI3-Ibp>KF(j zt(2b7oVC5y&EBX&O`;{QwyF8~I+_ml+45pMnqfB*nw2_~oXJYUX3L91Ne#{WPaL-0 zU*Fgx{*_p2mezyF0kiy9ZfH`#2ZZ1Y$my}SqUhtGTAok%rJ!9_6WWC_m}^et@VN5u z*%;R-JF0Kl;)Aq1B15(oIz7*W;7i6n*auDD_IXe+<8ok+K6XyqO%ba%rqXmCdR^gf z)Il(0a8G8+*_-jMw5VYIwX(a9vqbQJ{`7SEQ}OmfD`G65p2OCZ`Ka^)!PB)m{*CHD z8)!_5Hu=PNWePy;MvjUstrefTf28`+&L2)G5ld>91s#6O7cna}ja~NgY;2!Q{t7hL za}vZ2e-!&CrYc#1VE)unb=kclQ1}}K%!5=XJc88+Y44P<+d#MaCVOqLoOX?VBQ_(Y ze>$*!pBu0gZ{;g2;{BXeeS;x`cox7IF7Eas!vDx4uY*#8gT9i`O}>WiuzDXx3iIuz zP|#@-irdYUQ_GP(pJ`>CTN4p~-p=dd!$$jMoYd78T)=5Dw8CYVO! zX)Co4RK0?himg1y&ISkx7}y=jV||K!rfDRH`$ktd)08r~dSF>ZGn_+iuaCain7Q2b zJxpvq!z`}7|0^eSVFlrwlzJ}seuX-V8|kiahtSMRYgeR6J9A;)U%=9|{zN;x;oh`~ zI(TL|72k@`!{Xz7b?h$2uLj@t1^PU+*~BZ_ORu=D#JiOwgqup;v-WdTTUJ&dp<-r> z+K|Q|f!}K@)Ocxj%5N4k*H}KwP=~(qW^KZ4l_}i+M9mNF{%&s0rQ)`Kt*ta9lAGu& zU8xFd)u?VJL&M25)c3ZjovKPKgr&1CL3f4KsgLL9Z*OZzJ2m+1Gq4^}mA*+(Lz^JP znosBd{W?3sKf1v_Ijd1mz3=haN7OV=z&g2Q**CQY6&mn)E-eEG>~fw=&~gwqmE4w$ z=|CTu!&t}0E{_M7od%Go%hu{FzSjXMNIU49+o*dT!PlYJ+2m+HXa+c(x;k~R^1Nd> z0`pg%l@RqIAiU&v zOCKgD-TYHj5GwLV9W4(Xu(#)gmJJ3xMDS5a<(4gyw+f455KMfC+xxMfs7F&PjT%w3 zV87niqTa(l;+}p{AEv3mglUy!bjv$$d?I;c1tzl>Mpdk zu#f`72MDj90q76-`x650NIWc?+$SUg6|=7X3S139Uqs1`L#l)1K9#P-m0GCIh-q+E zX4kU##H5<25xXYmi!4xKhkEZ0M%F7bzYoW@Ncv)l=V}DX3M53Z$@+ zVpwWILa|>hxrXOuS35&zyy=mKt~Gr>$3$vF$Bn7 zxz$k9jz`rG{9h_p0`SnzM7{#fyab=#wLb|;X=ca}OoVgi0&teO(+z&P6`Ll$>W$xf z=Z!F2nqk-%S(nyHCT)kja`-j4fT$V?ua~Ki7s#zYH9{`8Kn)^YVGPbjrdn??nolMw ztM!z4kfW z_D75--MuT7*(Ws&@?5q>xI2snGc+j;%S7!A)?GrXFi_=PK4D31Npz%6iOd{W;wbnS zcOIZ2^=3c_mS)U|^qUPjU4Pr1RjuUZbf;N*)FIad7;VCH1kT}*&^;K(L2;K+P0$Fs zR4agS=5E9BAXx9*qQwqsuwWa=bL&e{LRQ8rnp7 zqILe&?;*}Yf5?V50;|7+A8X9b?kc_g&dGAg6T8hmt_Qo4#zVABB+2B`s1oyYQ&Z=# z9+>q*^C=K8`m->*5cuT%Oc0CA-__JyZIY2v|MLwLZlNRr_ zt4uzatYF0{%`pV)k(C8hhkNYs9QLFoi3x4@GysnNW;c|M(5m8oHsz2@P+w;O**P9` z-X?e$Z(cGHlD3GAi(anU20>u&{aJ%FJbvR{gVTBTx*f2iL8WPL(0gK{ZDV^ z@7TY+8K%Jh^k$OXZ@5{NwwD4W$s*(ZKly9Nk}Am9v5NvM<3UQ_&T`Yv`rM-62GC`*g7Y($AK+K|s;?-lxuh%tSk zq%AVR=6}iaMe~kPbwpxaPCHC6PYwn^oEOw_LpxZGWtE5a1PkXuHg3O1-`Lm{2@dbO zDY^EuceCVL6t1Z7YCq%vUK|DTA;F&A(4*(HlNTLwv62Nd6Z&(dd*K6vsT321!Hzqy`v9QP&#{t2F)v~fvmX09m*fT8>6 z!F+>!<(s8h>+JHuZ^&hy2 zu;o8|Mm@FK_Nb2Sq>_N*l@r#GE$QZs#p_)xC?9B_>pY0|-5R>OnwsJg>5pN^*c22x zn=h>NUg%1a8_(yl;PEN_u5B)4gA$b;c|r_s(1XK&-Co-}j1V+q9D=T$rh8x5eaC~* zHb9JVaw(4113!Wkn+&KPtN-vsTGh4GBC`N|QVaxyvJuQ*qm3hmB`1^)uy0fs_-a;! zl&4Kee^V}YHg=wEfMu!Widu~-|Y!W zcJ^ZfHb?MUR?-W9tuHTGkjKUdkNu+JMl^uc3xfNTC7@nYk}sZ$h+e$2MRBX91oX@2 zFYl@{JGtlXhN>jxkzZx#61u~>i^WmWwYO20Nx>IdS z7{xoRLQ4{7lw)WrSu=*7- z#iZNx0S7|M&k~3rI{&80;VyWvOc~NmH{;0BST_y6_AK`7InW2<%WtL)(sinF25~2HL>H(B&?obcPc-p=) zP8N%7p@V>91;t;oC`r0G!b9&F6|3Y6p+2U>76AR)SG7t!n%KtS%4y&3#%FJ6@GswQ zf)m`l9QPk2N|kg-A;9$9??dKruT+ShJYnR1Q|s$zUe#z&1_#K7BuHLt;li>S_u+Rb z-a*pt-vJTxj4*Jd@Sj~s0V*odBn&)7u28@+XO!%}*{0GMNk!U=Kou|R8sQv*c0Tvs z33Drca3@lo8*R1G`4WdDVh(>Q>h)R?1}g?`V4`%_Ogik_Cs->cBD27iaV?lOAxs1S z{MLnoV{F9S3U#!JFzlC+V(gc`sLQKyWt*G&-wD(T~X4$x!x@ z4aJIhXFf;*Wxx21;wekQo~ymohD0Cc7cuW0Y#EuPa66U6019R~P#(q}aK95L@SiP4 z220_Y1ZGmoCa{j0a)Jz3I96%)bbR=mB?L+xQNtwnFKs#^bAHc_s>{YTe1alJln%lP1k$y(+CUrT z`y5<=y(nEAg*dZ|}G5=hj zt!%PD!%YB-T!tqMU^=b>2h!sH>N*J-?6Lif=N}3VkpM3#IQvY^HMA5U2*o*>oOx&q z_SE2Z)AUQDD1v&iaM8HmuL?CC%2(}#`@N$iap2;D(4Vc6E#=+HfYnO&nhphv%`qp$Iu9OOQtPY!NmPWcucSf6S`l7;~T8L zqu%D{7X;29TEID4qlzFQ)0%(o8WMO(TV`HX%g@lJS1c*q+V!2B$FBVJ|IUxbbl2oG zwZbr;l{7zF9oS1xgd2`ez%pOG^e>Du57vAJIPaHI`!U8K`NRPO2X79{5IkAKSA%9< zWO7Cix#86oBS6~3{zggfv7 zcep!N*m`pkE#o}^H@ph1C%`LpHSYf==)|;RyPv|2x3N%1!RIO~xHg{vqI+5+4{F<` z#g`pi>tw?C-g?MNo^H;EPh=FqWLhZxvKW_GU*5ZDW@)<8k6+GGkka^6D83JYGbGWF zn}BPdL0i?%J;?r662ox|pQtj;l@g={N#m8HLy06#aWMqdWy~C@+qPsu;7*Z+mGwo;BR|G5u96u;M^ zxJlA_CgdXi^yTt&7oZ^I;z9l>=_ig~^#MYbDkosk-{f|6w6pJBa0Ls)9Hre?Av3WV zjd+R~Jr*U63WH)jM? zJ^RTbl8KVu2DZj2HI8Q+e1GxMWe)$SIWnnto8yLVHuJb-gEMOslz`jJU?J0^h`xN~>V^J{ako1W?J5 z9Bk-#y!|=Ws0L~?0t!6iWs#%mgngGRw-VpYnmG=#kCX|(%N@zK6JGxAd*nGU3bsbg zq~o=+47RoPEt{eVe1wn7gswp$*P7o|v9br`_NIp`f+H_Sbazz+pfuN3M1mTz&;B`# zE&!uOzw69JRj=`&NyU~ZrXBKg!cD?qFRZ_MP%MQPLHK}aaV#p(FDVwIV zQO=H(^l__?{%Gk6V=37M=Z{U?Rtoncl2I_h7=EgH%OW<}NkbA_!@#U^a9l@hv) zcbpkl>{%zr4+~UP`VVz93*pNZXmdN|FJs+{q2;p0Ap8BMGE|>u_{xf$EE6Athc?(a z$dhZQVI%o6-kBkWv{nAY7_UN(%DFw^GXa|iC_)bs%n6Dj6J6Bs9+&rL-^Z3!Pd zv-vnd^Uc-Yx697<$W&s6#g$(N&f3fSm6X$aOQVnDDV<*g!@+0Ip!OXzorGgp0#^4X zHyFQv@M4jUj0W!dc}P@8e6VB@D&xb;-mz1l=0>MSuR}M@PDTpx9JT7-CYFv-^-#yR zT2hA)oMGj988k=!iCJW$XFsjm>19iB+9E41r|oc6!8A}p1HIONKkme{Tk)HCo5C8E zL%}agpoXC!5)D7k8G%c(ei<*QR_Yl-KC%Ey+!YZ>@}_ccfEeG%La#~hI9}};L~#kZ zK7;o@o9aU6)-hgbG;%uUs~MRSS2JJsbg-aY96d2FKS>`Qhj{UI&|e^$Id1$Ya^ z<*RG{5O~$4&q2lB?xwT+wKLMgIe`UhYC7tC4AB|byxB@)`jRM3u~!MwV3M~R+Kl_k z!U+83y+>rm>K3JyDfWwcn@0EK^1;!8>gu7tx8d2Vw)SuGI!cZW$P)7_r}!2KI_QEw z$^@#Pij8;_(a1JBHsLM+m^66`9-E?I3jNF+i)3hsIK!@B!K0rCOk|+Cfb$oQng!+pGx;3(-cg~ z;m9z!0$iD7R?zd4O^uM;%GgQqV|&-O@Z_&Xql<zyPUiBVDKWZO9%s6S zxVf)vL8tfC$EyQnPy-DK$2X&iTzl>q8x(aXn{-h*Hb!c);1<_#fXO1@y49sNs%c=$ z#N$SX>uYNSU3}1+{Jf@9F2pQ zU!Xav#L}#1xFGOy3hD4Q`i`B^L#1iJ8TS&`zh3g9k+UktY&AxliX9I?Y>;c7Oylnl zsLQ%ahcPhUZwY*&W@A0P17byA-L}-TOq#I5Ge<5#HjG6(JR{+9XMdkq_KfWv^zS$4 zlIuQvPbmZK%nAWtI?|!L+B-OMZGOZC>7&fjGo*^*#XhhvY-6tav%686gAyV=Cj2I> zF_Zj-;8J9fNhfuIs5?Vr0Bny5)a$1PebrSDeL<*{R%nvL91kvaULzVVX$}mAgJ;<% zz&mw}UB!Ete3B9(#|LTb<@U?Npv3!e@&3VdJihM|xilo~PO4Nw#Yk~&rULvtZ&^FI zfd8|Y(Lt+0VY}l|!s$BjChzVU95t=WpP`XgiMR5NqFC-?=lz>6gj8tWE+LJuBTosZ zVi8(+@!|PGGd9Fp*bVIbq%fUy4VO!n!wIm-T>NG;6p(h<7=bEB{yx9G)J_&wuq#~t zRRmaEVTlIAKy3TK-nt@q-JL+w%ob~0n6H55_gcau6wJY@52K%#FA|x|`;EUS?yjN5$r>g5lV0QT^5Trz~@-MbQScp-e zcr=CIgxkOB&R!`4Ewd|uqMSXOhpmKaEQ_C1oLQq>@L+r3mCf)pia9M{knNgiMn{vl}O}*1btR0c{LA;K#4qvwzqE{cFnJfCbZ2W6<~7^ zQ=|-pymFiNTCkiz%88n*G-;`$w#C-P(LNLYG&bdv&qlMQ4lVWTHoC8S#sR8RK4$^& zrnp97VBb&?g(;fd6(**Dwb=OyxyV@{)62W+1%9W{f5r>W*ll{8+cKx0FJbRyVMU8r zCiNB_M^ep&MZ>xs9=9ScN;3? z8MdZ)kEqr3b9?QL)dv5?(jO$YW8X1M`ZaTu;GP<(}8Tm#>h4S1EB>HZ#d~o$M zpzt(A*GnzAw8*{Ktz{CGDmq$La7D__R5mE~WKz7<2+?{{7lI^RT$-+-15`49UPpb4 z7Mm?56SAyP?zIQsY*yTV;z@{3C!E(Q7gIl=`(j#gJT)JyN^Ljf9BO~Fe5{Tya=g~8 zKqD8GM(Yd>W)AuqG%`xZKAzGJwYJTPb1>WdZ4j5QGxhZ>diiY6{+Ht0QunxAdRcrJ98Amu^+{`u#13UqHU8H%su$Cs<}gh zzDJr7Ke5^c`>*;lv@J>7mcTeOTI#!tY@p%|(tvT~KtST4jRBl!E}>z9b<%*;72hG+ z#$LZOvmclFK|~3mTWvQ8(EdyXCj$&Lcbw;yAq^}Gb=-j7jD_M0fD-_fcc-iKlBiQ- zN#>`o9E0+I5kh|%%}Vw}cB>}px>ZDBclxCCjSUHS=J2dfh?l991%5IEm@?)ZHG$;%vu zs6bM?h93vIFTdG~04c~QvslR`z$W~gXW>HydR(NW z#=pnVWnv&^`ugrD!0FPaS&B~rb8jKenJAEBqk0`sKS`t!#qDQ~|K5=ZG4z$PeIV$A zBn-MaR9KECSMJ(GgM-Zsp9xF{kL>jFl*6l1~#3Vu8WWWv>P+i&G|*6*AOf` z>;^LwlB}4fAYG%5D{10Hm&4gHnH(nmwwq%GyNG2RI!|(YyO9RfpXG$Zv$gu~d_P<^ZeiZuu(EKg`()@J)t@+>0|Iz&XN&iRl$NX$^+5Ypz z+Mh4(qXGQu_y6{ZqAeP){iFG975`K7znlMC^IOjRr{-rKnc0oimuz|hf5xXRJU`cZ zHHzm1VCu6Dhe=R>B`;A&&w4-V%}``)nLijM2VU>8!jbi$8sO$q!O1{`M3o=o+6VhU zroGW2H~)M;!RD+vfn`i4E~}?y)8q$ms(pV*`+~GtcEs%K1MtcuI7~eADNYf_)3J6k z!KKo8GREqKkuSlVnx!|07o8(%Q5`p=6=k~}!vyfrmxP5Xw*b4B8!5Xzt24*&uC<7_ z52Q-yMy3w|O3ZYpVoWl0w%aP_Z$ay7OQ>OMEo$nn#624=8#<^c@dWeU_L|GAU_)n# zGB(F3Xa`4&8HX$86xDCUXoRV+E%t<9F$?3=9Ie0(H zn+u%DuHBz+6<+3t2yXc-x!@VnNWG*svY88Wm+PJJ17d<6@jm;5sQ#0St2h>oiq=4| zpWG60xY;UFEQ*V6259#1FMFV`Vb9$`Dis&)OnJMz2lnz=TAM#&FGO?3K`4m%3DP1uxg4L7wg{s22WZ@89ajXFD*k%rWwC0e$ zB)Q6iN?%`eZSujyuQe;JQpOZ%$i@!xO zDf!G>A-)K8WFOz4I~wiy?WcGtkh?+)gy(hZOk~}M`b`O5^aBEeXh!IYiE#BXCXC$ z_ihi^Vtbl0s+f4kG~MII z_TYA9_r+MNwpZ63dlGRaX5fMGelMwla`G-(mvaGI=15R+fzc$lJBX>e&?>nqpY8We zaG!Yg#R0fMi8}G8gQ$Wuijt@HlZJsF0TNaH?T7 zc7$O5g0hx=*PHgd4sJM@p>6ZHY)o;3`OxbEHce8rq5w8kV$qDpbuQiauBOH$neene zros~TxDxz;h#}YL&?5JzYzcD5=0QIziYauHwJ4y^-HaQg#(NOiViQu?x;qU} zmrryIe~S9m@NPqhM6Y&iFm&7bA=BtvE1s1Ojn&W$hvK0!?N6%e7xR<&y*-DDxJKi+ zTsVwQi-)aeOV3t&9*Mve(U(ky7PkkrY{{)GyVei4YLX%mZ}K}1u+NSz8a(tz;5_{u zSJozz!~S~WOYylb!s{I4oDhF@>v_~EIKf#6mp6rrID4esu&S&Elox;s*l&TueaWXb zupiHc`qaxRQx<@Fvl;%5rhau8X1l%y#P(4A>Q4)b@6AS0rd{Pq5sDb($bz>;af@ch zf1*UO!GCBW#9_s z-wFrDvph9`7ejkMU+|WQ_KBpcdZ#O%7?__>g7Eapb70~mb#%2fP>K;|c}5|~%zV}v z-sP+Ii{Cw{K|Rn$lOz8@LkLtcm*KkYf@a&SyYL>m$JM+yR%#Kf6Z(6@e#TPx_L9-G z@Uy!43tZ6FVhN9GK6O~l5nC;Xm$5mp19Mo(+->yO!cDBKatFW46}Lv3gn7<{zQXr0 z2S8K0Hz5vst%X8V{Jc2?Y^1BnDwiRj6CF#iVVFH9do9XUa zQ@=#LajV1j^RfQjfj)HT`#zmm$sMYKCsD^|Ec2CEG&{Ri?=3O>c3+icj@ufdHgwEg zPw{0t$BG3!hW_ZQ1Ug!k)HlYko~2Oxpa*1x=_}Y>$rN~ker4wOv7Cm}a+)zvqBNEFGkb}+Zho-1Udn*hV-pnh>jS5_(7^)2f8t*5aTf6QuF1yU5ICSapfF?LO)rRE< z>1-hC#AM_rRViICasKa-JU;1J9y0F9JJQP{GqaS~ivgHndtO6379xhRAQfx`Nt`%A zhMfG|bf0U_L-r18h3Rd}=^0AoxCtR_T7ZaDB|Z!e@gCt*B{cbP&NzSYo>S9H0ji08 z{@?|1h|TxxvHxBDCVZNixGWB*RNBm0FR0fNz`g4auwx{QWtvO%p&-2yOIL+Wk>?atnJLw?M{44z9L9X!1FVAXk@iSYI#F%VVaC zoK~JmybwOR2o@OFDt0TiO4hjl0~W~a3wiK$<%s7fjs3`sJ)=UTi#hSsicSJ-#UgFK zMC8`%8vsoxI}FIfOA3vBy3M!oA5$Nk)av3Uq$+iGfwByA~G^xfGv^1d*dcl+Rb#&%qtmy`&WEf_L z0_GNcr!Wk#??5~-mIFBR+7bL_T$O1%(~f?ZVaHO@;*p$@-|HJ~Bx1fpP#MGUAk@0Y zv#~pn!%ftFbxdI>mTMU`UEP?ttS=l^ep@LP6n5mtGz&o3JGui0c6QruhaY(58Rx7|COBu{O#A+;wTs7h{vC_j8MKNV4C%@CM7l z3dVfrM%;HKMy{8r=;Cl#ue0=w;5X)ZP>9Va=Ak%mpsL&E<@OD!SR78rd?Sq>Pw5Md zl*E!|PgDvMKy#w)Q_c`!P8jY;e^DQ`Dz@j4I!i&AD^?R=ETQ0Ibdyyh%3=HzlXM# znj#{Fc>d|0V;>v`2^~AtcNFg1G*_rd-z7hj>%>83nAMN_X6*T-&e+X0uD!KenMbVa zn{poATZl16!{E>ksHO67RU~{ zc%5T+#dq`n92_hUf&Y!B09nc!R>X-wl%f#sT}01}#&aIoF;8KqS-boJfvDe!^))Gl zJ-Ka`ZWGjT^=EQOYG2$Ereo3saCA!tI38LLL_*OzWpO^-3hXC+E^%VL9+UyAaKIcLL_|?xk7XLLt+~b!EiPI6Lcr35)tbQZuFeZ$fk2xS)etWRp){1lk0dx?Si5vqj z{~^zk6B&J+S@ z3zww13(OB)gl^;A%H9|EDp#c&xqqJ+TCPK9=`Wd3RpyrIm?A=;bJ-Ye4pvU>UQl#; zn&=l_vyZjf}suHirs(yzZ>jGt}3`c}`<6r@j@Oe1%oxIb`b2mJrM_K47qQk9JD9k_&vX$PRVq zu+F<$kxz4`8wS`r;tJ%AGYv!BYbhv!@f*%GVh`Jf)%B%(s7QTP?#M0^l*JXx^iQPl}#x6JKDC&NcrL28gmdea4U3WBG zo>%zj4hfW?tTQth; zBBMcDt&b3*9VQs1Asbhhx%TmCNDp9oa8r|MnaYUJC260j3)*0x%s*-LGvE@}037(+ zop${J)^Oc{$O=q|UM*PunAkIH>1=}^#%7n>kyqGmDL6NhwpIcM4Y$#vz?oJUEoneV zg+-F1N~ntwDQPcq*|X=S84H?GLV-Tcuq>kdop!^{OI@@ur3<0g$Cc-(>mvlwL=+T! zG3bo9X~6(6M|^7)k_^09`r~906DyEv;Dy0*Tpki$>~cHT=%b*k;;^IuI_MD!uvv0x zsD4Di)d&eIrmDk%#zui{&`+JdfRC1PxENW~<-xa6rvZB-eVyFiRhl;9{05LmEYg|K z1!?^U4sc9igBjH=1~oO3;D{G=Fkg4_SnPHay8|jsOl#SVjiD}TfcUpFP6b)Uo0uR6 z*YXzSPdX0Iiu++yA^ESy3HT5o&=)A7bN}3i_v67Ov~zAM1KvW4fG7?Gc1khTx4?P^ z$cNBPHkxwBF9r-tglK-v+$Vow*a6;LuX#@h9N$e#3|hi@vK4y&^^6V`D;*Lr5IMz- zlk|lK&#^||0HxIxsd@C&bblUA5+rCRa4e4jGyv$gXFz_VB8=6-W`2+{B6Sb4=Ib5* zIv_OKtn=!)G95G`4EuCh%uR9sdjny)^Ny{+ez-aqhIZweqAODwlptk*0eDMTIJQ4D z35~O%<_%*9KHMxY-(A_?e!O(l{$ndux6cR>MK-^&Y3VGODnuHLGeL2zpuc$&yQAwU zatT_WD$Hjzz-hX0$T$mP`rw{GRga5W z1afFKIuObomD|TjA(HNUxA5e(?C~ZfQG}!!89PI}S=7Ipn|lC)-h!#g0`fw;k01%mj|TDveS}`I&ZP6 zb$7kWHW%H*_Gk&x%WkB|xmC`*q%6tkLw^MH%R9)hn?96#bx~_&E31e+XN*FzqU!w z)TR|xJED5`3;j4ZIL-LDoc{yVnEohEc8?$_5{lQ z3Lv-c{zbWFory`x*IcLQIGs|d#)G;|#N&R4AD>P)$yniPsPPTr#g7ycA>v;a8|i9$ zF)Ub&sQC}^9{b-6z4bo~o%a7Q^i3qle;7LDt?itMo}47PoX~;0WGAQ+&Mg?pX(-a6H*~`#6{_!2*UpsX8QAD~SL1=~~%7)G&YTM~SMiGc>3jk$lEcnzv4y z+cnB4+cGe-@BW)J2ux;$aWyLPh?=8yEm>&2OqG3&8WrXXP@8H^hgv{K zCFgfr(0M?|B^A3ur0mXBAmI%<2t7CU55ZtL0UfiG)rvC3seE)4Ur?lv0=RE7hs7+}mL}EtO*PM}*E1MJDFY zU#lyVSpLJFzG<&{x6R==LWuk5$+hZ2iof(aEiVPvn@>CZo~!#TRExY%X)FYh$l6{= zX5Lg>;*C{Wss0?7TP;(#2b2&b+l3%CSarhNj#2>B(CdSZP?-pcZ!6dthp*vC3L*tT z6PIehG%_I&4hidN`+=RJsnMVn0M`Vj0$H9C6z?4PjKFTwDPeQ48WRm&<$ZX2f<^xz zZ=0a;WY{jI-h-|=CYWgpXxI8+F-ukN>!2^vY+@p%(*xjLBc63^Dh*>A5(cmGvSz#M zvWz>Hi7srrI=*l(6Q!g}R5M^`i0vb`k5>o~!*A5LYS@0A4QcWEk%|?|yy7cwK$&-Z z{~7a8;Z}_P4%`1XOBh-&*PgpRkAq{@aKd7$0vX9>jQfI*gj-s-rM0}19%4P)HfV(e zRhlIg$#%^wRnkxVJ!boZV8CUMSPlCq<+I{JB<9*B`V1s|T7@MhS1F`eWgHHPT>>A+>AVgu>f=Efo(`D40(~+y|!lueC6O`pocz$N;}SqMnEO4Q<68 z5%UkHY;`I!>vg-%s_x0;%Ro6nW88i8;rmkv;s$HnMfGgLM_^7mHXk6Zq5=wvoU_*~ z)>;6kq0`mIQ@&+&tefZdt3;zdi&EVl4`EIKA*5|`_A~jj!^)Ps*vPwQHzC0Bi`QAI zzgHg-us5BZUSIQXHq<+)#?uEp2t-hKB&F@j>K|QLI?ZbIj%6iOzT6zaV){6CCl*`S zgdxQPrFZRR#AVEdiLshGAf;^J{ciKUHVX2E^LqCAr%dP(PV{M}uNn5kN>&;+6o;wh z&b)iD`@|o>1fx)e^5So7_3hEP#Tl^S=c+&bLka~S8|O+sq+@6~yR?pmhq|HZbxkG{ z)T{9tyt7_g9LN19ds*r~@0;gFc-E1|W${c2bg#=twg*Gvt4RfU(rQv;I08d$)Bp^fXQh6=)SVgqAorq`kOg8i;IXA}$h*;He@&bBfQgw}zSL zi&=#VTG|I-mo6Xiu*?CRy)}uWK1pyiSS&O!P&c(Ar}e~lo(QW+44VG*DQrD)#gC|) zq}h$0D785~E(JUeY*#ZG${-+#SxPBJ9M#RFx-}-iuthF)$Fr}V^y#@AstW^O*oE8X zZzGa`j7)R+Z2&8mK}&}x&J$h*!)SfByy`@pellZK6O*gu~(%i{^<5q5 zy5Nb=_Nr%$2M!56rAgtjK|3j$Z&Ai2x)6FmBbyBu@KcX%5@! z15Vu={Y2RDE1H^FHo*-5Y-!9+V@4Tl6A7xd8&X1S;|`Kh?#_`sYjJqilXq<)OXJl_ zQSE(y>#Z6Mt!oP66^VPSaYQ1b`=$yjkH4iPpGsgRnQKjQtYlI2yKlq@ArZ1MTs9AH zhug2w=wQZ9&fU{?hFfH;L*pLrRye_py1yU~ni|r)TS6Bn4oO&EEPFBa*Y-7}6rjnp zK2HyVTr3~@&jsYtU`Y+k_&eq7@bo?huSE7&{;5(@Pq%Z*cYMNdyp=O4DyS_h8=~XZ zBlH-RKK9Gy_xh-iVYO+5*Sg7;AsJ>79c1X^~JgBoK0{gLVM$R9r^0rbB-+wdc#|D3DQ$T`o@vakO`QuVFhOvoPn2 z*r$;Zu^vtX>4+*vym3fSV8H#U6&TpI# z_#3!7Y%xG!xTl!QCWd=ZM5nOF-|HXDI_9w=>K>saJ5O zpFe?t*`Vd>!UGLwQ%YX3SM`UX9(bt7}`Ld!)6?iiJbiYO`~J(1EO8ey|W#PuYH`rRwI$YjI*i zrgfy)BcCA3H6k?~o>J-$5&&TJ{Rz7Z_n^H)yk63|GBT*tO%mq)S{t;F4}Xu7LyG4$ z0~*F=Fh7;3i4ftva0cjcL%Kwt!s(skNQ=9$3W|fhqH8+vYzX!0A*Ha>S;$ z6h&}DVVT4VILvwM=4P`!M1K3ZL87t;ZM+FxVDKJYS>=5Pd%B;eCg9_c?L}D7<4*jlS&0Y-V|cO6xOqp)VK@9lpP*fNZR!TK&glXEs@0e6R$`;)^5{FUwH zjU=-sX4OzdP9`cK?baj7of}&WU_B)BX)r(_B2O7YrT~wa&AcqftYrHZTZuS~lee>T zqw}Z{4&2*rV`rrbMgVyII#)kB_$+e^2I=O*=_6Di6rhCz6=~re#Jyl@K}JMK>0;M9+l<-9#=KoKeVuzQTtG8L z$OE1O*$^_e3wuYP3cR^pC}`YS20Bh8TQ{g9uwt2#od+kWk@QqfO^IU|IE|{W3dTsv zA*xsyJxm0xD$`d0bi#UB3`39GsHzDodAy*j3@_$#v|##EI1^}^&5l}{GyR{MpZafw z{y(nf?*3;>O7!0qI_~fPPPw=={kuXZNu!|WsF`J{3OgdctGN#lGD<4P{P5V+t6%^?{-_UHA7i#B)Mn*yL)pXH@ z2RNVlIB7gOu)`h;0!RYLs6BdKFb>t|Nw-nBk20kms->QxTiA0M&wB(C{JAXx-@fz$ zDognt?(1>?0hU3QlT-6_v^(k!#t~enS?%i|IH7lDlY_EtKPV^~ z;^B%>KFO6%U<7j(c|~MmdzR{8;=YXtwYTW_r@w3)%>QHunt8gq*1D3eZ~A=GM9jCE zZ{a0co^D;BpugVnPH2b>bgT39B-MTyv!Qgk3-tG{9Wj1Ywp5gVo|5NRqCV-KlP*_{ zzT!)M6p~=v*Fx1IQWv_1es?G^y*?LD?mx5oOO+b41C&YY~Z1`HWIXuf!;#KSVrkQ5f$#TOS{+xI4HVWKQJl! ztq9E~^k^)*ygtpLUk&diqu|I3=?mv9=5A%fx3Iu|geNr%hK0)a$fIeqFl&-J{C*Zr z`CBu!*7#f)=OLZb)*k}KJFr%>04B?p3M!4%yQNyUS17Ip=3!Td%)Kl(y;jAuMkxLV z_M%zq@ozwgP=D~HPfq9%+ed0ICrKS{%U;+#$}tv%NG$os(!MRfOW}?^31W5s{)28y zZ%z-$EY@NkeoDWt4Diyo@!0K<%$c}O25qXO&?^W>R{?MgDg%9Rz(WKdnsU;#nqSx$ zDG%3m?&14HFpi8a2fhft<_FHsn}=xh74c*Tg&x0Ez;60wWDPk=@gFOEHW@YZ9F<>$ zc-Lj>{$d@VABJ}5F)c6SnDRr$VZMmwz1#MZG7mNjRZIvc0MGtVN4zzlWEIgGZ5f2W z^1ZLlrnh?r5rFQT1kOjMuk6Ahp>5(g1)!1EhuPTJMu6m+tOB)~)ytoD7PfjKZEcn) z@I_PdHSv?v@6;xXf+^S2tS)bxnnu`sJo!jB*e7AYn-nSq(77jbPN=y21snlX=R2PFQO>}9!!bwV2R^f?UOj79bdl?J9Fvna@{ov-UyfS+JewprzRJ?- z=5)Hd9yrijPRys1{gcU5`j7H+{Z;<|F)`WpAKF9ne`yaf;6JnnL9Ruxv0}- zfP|eRMjj3WCboGo-D$J~x6L2Av(@JXFfu(%F>m}WeGF~-S!B9)M(f6;guSON6W(wU zUo2}73qLa)_B>dccyKx_l*z*jkC{=>?Adi-#E$NhA`f*bnNnj75W-toEQvA?l#(ZY zhXQ&B@NOZCr6K6_$VKYxq}OMX4KNGB3S+FPT<~#@KEKf@dd19J`UYMNRGwpFs16^3 zjj?)_;f8)TVKGF?TVJMf2X8a9^P>I&*8r<<5B~8Q$lryENIMeL2a_$(WNBI|D8U{H zb4MBaK(<;ZM%DvXjUR-w7|k8K4`OD#wo&N?6d#O1EZZd?grHBpME*1280;CF9C6Yc zza4H0qbEqQYIZquocq>{pD*2pl-%i0`bI%~CV}rWO@`0~JrVD2w0~X)Ns-C8f5-IT z2CKl7i+CMq&JhjU+6OYf$uxJVbcU&8^CUUuk+0E&9g;SG26&B^*-`l$lpu}H5q)gn z!DeN1;O-s@i-xJ_+KAhwT{~U_f%eIQ)8>|z{;{*SVG(fgzJI|0hLsRVxuO%b@-7=9 z=*xk>ZjJ~=#HuA#M(i9i-b>jHeiNhIUUo5KtU*1eb5hcz%opYVbZ61vp=_qTt4j#Q zc%FIFMasmvLOrvlKTe#sQOP{oJpesgmbX@3J=}@JkRl6e=VBXdwukC#%>oO*g}!=h zqm&YZjtd^Ecx$ZnLGCemwRd6WDJU4C2SL*wb$UYXZYVpS7UB2$BkVS*@uf_!BrF%L;Q0;0aP?ye#a@;>6pA}`;D|Xml2{l6P_jBJ7&T<5=o0mnSm7tr} zaMu+^7cF)p>6+Snu7=ANjs$`qc0P0KDYQ^QQIbGzl|-&Hzj=*%Y%A;vD)?|57P501 zIGahKRa|vql?8T(g>^+Zttwg+uyIEi#T8znf_+zF@beEppxZ!%+A;3;M7>7!j_~8& zXV!3zrH!hgq{MfR8f>ZFK0!o-hsFKT;JM7vc7EzV_KA>d zDVToEE1Kl??Oe2=Pe+xvpqq#!DpU<`WOD8Z&l4yKgi-+n3Uh=_9_(JM&CD4sPgY}7GgK>can7kLENwI=awd^!yEv6n92I76XW4Cn`? zt=ASG)vdmvjD8EnB8^2d*tDG247wM< zUZ(R9$Q(PP_{U2Q*8gW0vHu_C7yh^MQVMf2vkI?Y8{*xIA=S=1Vs$1sKGgS(c%&MXET0+HeCf5EO4ObLkTm zKp}p|J_i2IeRcF4L14c|;(CeRw;}kbFYpU(h(-q4FZgb8RQEB(7-m!rXxXIs_&a%| zLL5^$;8mVnrNcg4^WtQ&vH=cmV7JopV5g-b#{@4YuKdUrH$L$FNY+NZ?ka?jUW`4h zG&HFZygfUjyAekL<|lL%H*8rLe_{^JFa^h#$h8p&1Wcj?-B|~|_eGkVa&*LR^w0hL7unW5Y6Q;C1 z7G3SRW(KZ8N3^rdi2?by9F@K3vJXnoO?A*0H(h8*^r9ru{<}`RBPSSpwQire$gh*u z6EW*ecM@PtC+k*CrKO6A@zD(kGehHSU-uK=K*gTGZ9ycZ1c+aQiNfNz(g_e{%((*1 zQ2fmH=iz)|WYGg<1Ygf0N}(&E^TbJfSR_k#;J$!)Zp)-}Z4PUfXAIlZ{yxT+1EO#! z$VZj;EiHTO2_+1kk7YmtHiy{`v1;AH=p88E?KK%$LdC$hzqrps1oSkfY%2G9=>nz{ z-rAJ|L#LuPMQ&J8^iIGCF5xJ#Pje{n-^f}*cHxt`}zU<$l{M`VsJ-v8?tl&!yoVZY(+TNYz z?bmUwVt(Mn-zV$nc$ybB(s1?#9VP3yZ?_ESJ6THRwKf=E<}zDxuVUHGf#7zB(~q!P z_09%1XS~Kb3x`diN`D(b451!e+r*$caP+(+X`dVE#&MfjL&lTJ%NcnEDyNf$es zg6I|!_f5{%R+{riHh~gcK%~Sl4yl+co&Jt(I8^1YFFJWZbv$Hw-|d5$6+T63E5fxx zx?#cvN!7b-{2Q$QJFMSy5mqjsDJ!zrbvCfuUHT9${;t?!!f`@YOl@{xXPXCdCT;H6 zVB6YRxfCX>fX;kd?*-A;Of$$}ykFQSxA7&B+nZxlPjcw^^s`+0+#v_=x6^Z$HG@jI zPa002QA`Mp5DD=VO{yK;*4(VBsx5_{AH14Eyu#_8x%BCB$!zTY?g}Ap9p>*J1)-er zA?eNHZLV09Z`&48v60s~xj_VuHK!H(R=?l!=28F{XbpFh?R$!9kO{vHnuTG#L5?Zdbpt7jux?SXL%mp~JEBJ6nbM+y&8MGYGm5)X zBcHjek%&l+hk=PIlM8Pe0(Gv0OI3GT{Qq!k<+a4NSak?Xv@|td(N6*46wTXEg0O;< zJJY+?6%66@e;kVEKYXq~G+*_Vp)Q$ZBcr}K;UsZjZLc{Pi)7&BA21kAhk=N0IAcQC zRVeP}U6wh&zc`?HnQf-~FMlpZ7cP*T*3_dp$YB`MTnB?Vlbmt#aiQd9_!eYod zZ$PD*`~a55-H%}-DMs`=aM9U0GYz@^iqe*V|3~>h{wn|f=px$x(?wAK-!6hq;h!!7 zw(9?O5uTg>(@PHi<0V4>_7XaU|9S~K@xQ&qu6;CIVxo^eDNc_P?r*OMEypHp!O4i+ zHyNT|9-@{9S1~<l0$Ui4wxsHMm05yEBaBY7YK927Q_C0d-zjAiYa=s%KH-cUQdx za)vfu#0e4>iqkaZhmD%(#Iy-7Xl^yXD?jqQlB2nOe$er2JDeP+p2ET)Ltato{F`wC zbq{s_UAwo%t_&|^k?bM&&dTx^R>>2a?f6WqZhK)Wk_N~%SKo20_zn%V^%rsj(Ww=W zZ&SSh6|T>)yRwKD={l9yg#o-W*>|RpMTDXiu2W;Fcv1a}(Z*K}l>JhFMPDAa6;1sa-86RYt z{`*vPB{}kW*LKCHkc~Jj2$4^QT`Yw#SQgc!!vqqz)s?EpD?3Psl9IvP-*#t>9zpE|gBRdfGo&1*#g_z#+J}}zla`qw5E?Tm-CE`xM(U}y zPhiHYUGkO3vsD7CsP8cMh{JnvLS96aH#TgN6*w^9$l~JNBW#61hKnc7#Q zs&j^j)&s>-o~ks{9B{mpq2|w%ujI^WaDz}nOVE4c&SYe;T{dF$EX}l10#Y$c&v}+8Wtk(i|@1nnrH^yo9 z_(To;P5HOqs*+Emos{OmR1H^WKL*tV?Zh?1YApcvxvQwhDVMSaz5Jc~lOom||D3kZ zNI&K7ke?J zsb?jH@M1*3^)u@c(VkGk<{3Js9@WtUbdaX&3I4^Ipt!z9 zw|{%}3*U`CmhYoOI%UFJ+^h5mrCH0EV+Qh*n2-;>L@mmK(Xmud4yx;#%?oF)Z8CDP zyVT@7{;`c4+_K2a;qv<<$xF}~?RL@vV#TCmTLeTV@|@#GA8I!+3SIz+sR>-h?Fooi zKxnF`L_%nC>}aY|W?=J2+ICDzeYZC3r!qhSpUN6eedrSqP_U8C`_8R3M^_$THH!Hf zfygs7D0W>v_SZn+ahyxTv-e}J?+h%lC|*G#NKkspBTD;73O-F_6yXNqnLoEg zzWA}?Qbl;!meY2Z^Ehw?AlpsDfADuUg$ct-ZNB;-X=e2&4dpExX%0 z*`w~wodJuw+39IlkE+xU<43~d3@Lhi|kho$bwI4F4H0;+OL8OM-1 zP{<)}GXiPjleiHOhO+g>kCKwfM!;Bb=w{)X?7L8ys9yHha?|lfb3@^`8~xAY20}Aj zsC;%gANQk8Z(mU*tr%c7O|z*kk{V0tNi(1@_~{&_jlXfcr+2C0` z{OACav~JTw~9wnG{Re zmbg-{5PApyNO6IWcY)8`_?siDfdr1xFqB5e_2JYY%~f(e4H6eJHy+ls-msT*mXFn+ z_Y$OCfaM`KiaxN>M;~D5R^7rDY>GSU4Z4LQ`-lq6`p`Gyk9Auk*3#mRff)GhNA?Ln;GE>lBMa#c6MrO(Xu+_M68AP;Awn){022KSwM zdnF9Xzm3pu;`hs;15>5dk2!6ZX;(_4GlTLYk5<3AzM5<;zZ%HjwvV9%1VcJdCTgE( z&zive!VVXPvpHpqtm_gFqv2UPQMT0aa2!Z0HnAClMwgnEmq%h5Q<`fF6%>1+Zm^Rm zi64*zGL0E)JCtf$uk*!&0hwBcWA^x6jSEy0>y&f9aq#cJQIjL{1>di=feDOC&PQ!s zLCAvuQfSY(lk)Xmf8M?6?n(61UUrYLWL3+#718ZWZvNBWljR?e z*s~c37KU@Ho7;C=!q`7Mj@L8eG^Q9%dM22c*k^LCDPkNi&oceEji1Y`C;}1F`;^Xk zxd{1~4w=yQvtoA%Q+SnMjb35w=gUcp0tMpKeXQ?-zn}X!XX9fHaUW)bFHV4fz3<9a zsPG1PIQ;G6U0F}2)ug2O;xyGA*p}M8YoM7zu#dxY*kAIWSn&CUl9TikJ$i5Ji}RMO z{H`?v?oZ>dP=n0?`S5t?r`HOFIx zah7YMNqigYHlWC;6;Wn1mK$W(s%U20C*WVwHZyTZ?{ft*`!=aJ(e3~*|L)*A4WABf zCkNPTW44tdW_w?e*31sY^ztO4iICzhdoD@Ivx>>81Lf?~7PR3+TKbM>iP5Qckit{#Jk|WznM)YVCDp5XQle z2!@rF=rCrBbJuCOL#p#fn&T$#R21Ol@#1Rz^u@p z%W+P4DyFUGWO|~0kg7SZ%YHhqXT9BJ1i(D9V+f@pjwNzc7O=Ed!)wlB6u^UT-OI-2 zu7QQDv1uv&IdX5Uk`-~mkRaJAqO zI4wveuB-3T7O}#jkVQ&)1XE%^u>PCeq)t>|VNRKce))C+*lOf>z835Qv?W8oWszw4 zSHE*BxW|LARKd_|^0_}nME8MBIEWHZR{6dsOzcql)hEEOwKW7#eY=*5+~Q~l8t5gq zTx}0=Jb5a^;oQSjYaN=isULY`So&%9FxafChzAyRlY+^LZI7Q}(V1?m{s3ap2jE!{E!2BRHEVug)EuGVMdB)0)cY^4DXAn5 zMf&(tzAV6N#A3NhX18HYkHp&Kh$~qo--(4*Wum_QVT`+e=|Z5AR3BWBQ+8Pwj-C6^ z8lCxl{T7qp`rh9WLxnu%GbhajuY2O8p#?F&RV;O{5tyb^J&96kgUS^7`ES--8b=vp z!_xcqW>N{;mA;IY;5zmI0oa(=ZHQKkseQSMeC6Og&2FoOZF?K-+!miru1YO{Dxk*Qyw_uqoN;a?+* z(w*l#U2|$;jayL$l2;#{yiaQj(z#se3!VGVjP(q9hz*pWQFusB?JedLR0Dp?mgdw8Rso#OHw!~WQmL!o@}Y$Q=laPZRbu5uKh zZLyQbi;Ih0x!w8oi6b6YCt4a)Acn*}3vgzAN}ZILatrD&qaerFaA{A&?CA#X@%Ipj z+^6ne=khAUeW@)g2;BXo!2OwfqkaKK)KJtrlCrRQYO#P$TEu!Q=i_hb7uPyTliRXJ))&Xji(0ISBmf;M1&3l5r|K|eM)6v z?RET&lj#)0k|!^62&U&%YZI4aQnx1~)M``sXcA9ew<)YIYGF`Wn3gj8_)}g61prDE ztfM2e;S2?$SViIG{eGMzUD+M#_nBeu^$v6;!CF8ai$-lNk@OoU7;i+D;029X%W@s04N=fAw%!1cQmr;p7OM;sGJr=Ved&D9+ za!tCeZi(8z23_mIqp2UXVw6=v@zSfOG5N=56>iX`%wQ~O?7_=fQLgLChZuEBZqWBQ z;p5Lcm$+@F`M#=!rb}D93Y%)9<@ottH@qw?D*4(o%O0gz7-TZ_K@iH};_V|o#EpyA zfjp`~qRjn%*Ww5N@%ms6AlNio0R$yaJcsAfsQkegc5bpbKpA|?mW}u$!uNZspJAx# z%LREe`;ZW=nv(0M^6Q5STC#l%G8P6x{9 zCMhW{U0%hAFPR7urS)r;oaoWtU@9n%dvW4rDkb_wwn=Vq!qQxl+JxiaAJ_XNMng_fa4%+Md+T(--Zi0{w6?t)gAanqq_t!Ydu=ja%j^ zXg);qNm73F{vV1HIt%MEOzUE3fEe;I?Ga|!%#Fh4xx0_*dB|n> zvfX8$Q1jjk_D8aAvWEjC<%m$y@I>-iU5YKrRuIebztzd>KVvHtWG)FLCQQXonC0zzdm5xs2%4Ii9IDR?O2OgChHeTts z-|T_z3kNAyv!E)j4Kwk2XUA!{vk1E2c!y8|G^qAU;ljHA2+H0csYxrLJcOJ1v%>M< zuA6h#xTypL9V1&q^QwAgjv1^#&Ei!|jlk&GUT$hY0r|_Jf-is#6pxn$qML-q%dLES zzvqX(%8&a~lcI)Wj-V)&Z;JtHd&AktTfN48)=0%aGrwE&(~18Ifj=N%0DdhyE$G(Xwnz|G}&!_4S?pesPUfqIE} zVLgf122Mn_$&vBvsT^XXTf8PxRCqeEkyk~Oy;tBgxc%zGyqhO|a+CO`6Dql+hI?{1 z8*E-?{C-DxI9NxmdiA&zukEf*qfP65xa67UX4%oBEKR?O(v1MLV1XNAJ%v!TnO~t{ z;SjUvsStnL>dGFq69v(BxvLX2g850m0 zFul+k2vAn`I^HUPXr(7!iYscm=k}jBBGh zHEvWz#=gYekd_M1qG92d1{*}nt_$AX2yv=(HIV^&9p0?^U<_Mk^dDGA2RzwT`~^@> z*3T9KF2frFt`zR+3=luFVd!`{EfO$X2og1~N1nmNz}vGd9F_&(IzHu3BgIt=gTr|& zDgTMYvgtCAyVoQo9xXom@@ed%uBwFWGS~iwMf9alI|;3R4>5-?cePAkYy3USKML+y zC3ykx8p^q-1l^RNDXBNb_i7Q9y3WOP*+mKV!35` zOp(U3DgbLHBsZIO5HqY>=!JQJ-bwgG!_0mBPAIU`d%RGs*j-cEU-%lA2~K|;-Bl`# z-shQQ;r1-DN`X3qKT+!YQq<~MNg~cEs2Yjotm96Y&lA49A5b|Dh--t|FJUQ~ z98PDW16idjRRs-0JmN2{EsvhB#_I|Rg-5VE?A!#nOdoJOe_#sJ6@kM_JJw)qJH2j< z+y2zy?c`9ar19yGH)Az+0+h!9b36Ns%Ha%Sgfe1jnB1Py(k-MJ33NxHAV^N2H*O?! z+#KHVdE&rOz~_q=TYGMDHidOs=?_c2Kt9%09{N^miOm=^;N<-(f#Zu|B-u-yxB4C; z5{O{krYSd2@*3;)-2pAVC_*g$C9)A`yy^o4IQIH=B{oMFkc1F7{w@Y*fwO z$|M(3pTtt=US_NH5sFx->9{=8z$jxpesJHpJ|+cUYjsh9FnPe`KB?KV1xO?Tu}jj=7SGwXz|$eiOSQvB*j9OwL~Gd2 ziAP1ONpj!XEo(B{pGk>dzkxWBw5u>BR}OKMDKXh;iIjV6Dlu`q+y`(CP!>Wkg8A@( zC>3m%)h%)Tup*k*PSv<|^a?D3jXK9xN+>XJPAk;5paw>g-a=T zQTFJ%IHa_Hk)?YgJC|S+;=4M$ohQxYz|`AD34&ObYSn4!9StOlYM8S0UR8e+gk*1Q zxWGYQ$!G#=am@5y0sb~4g8-eRtmGCB+?;bgIG^J{xTUg=gZx9@QPNcPy4RgRuwX2@ z=dW0Jqt+W&U4^SxuF@jH9#xK*RxR6;cb^YnN~4!OU6rD8tut;6-woNFD>gyJ4rBqS z_A3_fQN_2=;zo{Xp4LvY{H4GYudMIy2^+CNuK91m9>(Xk_ov-&J34SjmAfAoaTdj3 zo-KK)L0CY1A#5k|%y6HCImoHcpTeVS>+_5!WPgZw?oX6~t$EF?7r4-??DreLD^_O5 zd6&U6yI*v{Y?(>ocg&D^XRV`>SpSc&dkU^~+uA@KYsR*1+qRt<+qP}nwr$(ClNsAi z&fKfcf2!8mRr_MxewVF3?`XZZ#;f))Co@A<#YoD48dU;R06_oV83<2(JYbC*=hgmgqZ<7Lv@4k2}-%p|?qVJcau+2WV%+|i^|^UaMUCCp|OUZsXj z`!5?s0HuzFzPP}^vhU$-?zuQ$5Fr(Nqr(HrUnS35jktL@JG`n6Z{xhW*7)WUp{_mNRUsUn1f#w!1%m$@xm}f+Jh5X&$|13x<$UI5;?{u z_e$r~7{o`!t2$#|E`y?JA*(coCCfL(7Oxc@+1e*Iozj1fCWKKFqtBLXQ=3ft@n7Ph zfZI7%by{Q2y1>C#F;*#EXN164j{tpK+VCmao% z(X_mXmG7SNrcl2q)X6G&At?=}d^PgwABn7Xp~ESmlEu9!Fw==e?GdjIMY*C5YY-aY zY^nRi<^RC|t_ZXE$zYUEdX2&rz2`noDhg==2IUN#2@%8(Z~TuYgnXywNdC`-JH|3p%Mf z(MJKuFM705cz06ds{JI-D5QoWB)x1?{p~(p&-+@~43gBmQRgYOPH4Fzm)`uugrDJj zi)m$j?9wC?Afd%bY*ebFmWBQ9QZ7w;x=9!TqmOhZjtcTvyDr?9V3MX<0 znfuPP#;*KM_u@)!d|lL2PeIm+Y6A@iY8bCb$BvL*mCwkpom8%BF^P+=3?C0dRLjhx z=V;m&2o>FZ?i%VAgcUekrQp9nd^{;upZ@jzVXIDMrcrD~=|YG+RS0|G-^4hYF+ISRYMLlovy z%&#Oi?oJ=mPLlvN} zdIaq=7i`PaL5)n?7QwG?u69QF^GD6x<#nuPg(HJbJ zdQU8rocdEpievlyn^yrfIiyhRkjgR%RTM~d_)#FXl*C07iJpy>y&v}7a}RazT?j;p zUswZ~X>Hk+dH!=-!gN=9ueddXem(0ZBKVUF{WfFz+lhB^XsaI|*W!={Xjh*+(VOLu3I;sb&82F~KL zdWChz?82=?0@C|q5nT-(^`!p10A2-E-bSN&?$U{?$T3-(+cOJwvNA=LaQK#=ht$Oi z=tWr1quE~&Q>lpE#vG4=JedfQz?s$(`PW%15$QYfv;u+WYcD5o+Ra%(agmjR+eE!{ zl-3`1W~TTbXLFJD#9|R0OOLi6M{C5@o(FHdy6s?SE00y$^KKG@_ya5ZIf&d$ z($t)Y01XXQFBF768zAV1)YNorEvHyIi|DP^ipx}nE!P<{dP`9{O=%tDUGl#QdadbN zOcpZ8uu=R9R8ehx#5pcd6lsGV5G~dBq$WXITwUOmsxEjm;54o4r1hCNpW z{DC=Sme>R9c1hmAWk&Is#^#(LVXlrS@6ml$viOZB4Fs`$AlqeW((koj4ymt#4)cdQ(>BL5)E zP6Pi7>VylGO_L23>HSwi%Y?j+fKUu=Z=<5F8As~Nz;uVm5Nx^&pQ@Sd#P1*31cbsm zh}c?vLV8TA$do$n0+l&~OtOXBEZtcNmcsi5H}@snkA-rN%`HmeR&3g zK^XKRuqxwzZYTnB9@ts=EvqAM6o!Ux;(RHBTLMQPlyRNlS?E!lo4303tC?WWTd*}Q z-sqF`OH4njU{qQPFO`09<2{d zNCiB4KUcwNuh=^xp9)jXYf3uQNphUTj$nq|T@)bq;5W!cL0NBkefwVU`y>7&CDWz9W}q1Ad-2CEY1<8lYA|1ocie)X^XH zQQjVxjgp@@laL7l$^2n*=3 zbjG^Ew6*%)Hb;6y_~6ACV`T(kuA2KP#v5j@8v*e1lE)Pd?;_IVWYkOT*!$-{2j0p} zVK33t^*@YUq|w~+NeFIRCnYu%kRxrQzK=zqzj2u@`hbg4;y3U$)gbSvNS-l!oJdMy#T5chneyT!Tt_%lFQTG^!n*_1&D~uI>y1JTR}v+mJb9 z=?8>kaHT;#V-*g%!M4Mw5E%bP6+3JSeDsXH>Ge5zJogh{>$n>_f)bQ$ddPvEN_bNs zn{v}?IlMGCqn-V+VDCa4){CG}u}d~I>whL7Tm2RK|G0_M`H%T2{@eWW0{=1pMg70b z@AjV*;qvo8&42oj`IG)_etCiaGynU{zs>*WgCL`9GYy7k3pjo}wK z_DD3PTN&atv0X((dHN=V#K~a;WBAt>fk5GDsX*+Rq(NTPAFRW}t5QD^_RYH8EPz+d zb1@V+r-{MH#&$Z%Y-HsEibwc9=?>UQshvp!zkav!Q(vJBanK{VyhAR;!Z&9KLkT4U z(>V!Kc3~1l)Z-C91rd4E$$a(ZIxHwq(8JBy%Xo}$8gG8xU(AEOdHw0{Gy4}vKw%}> z%uhZ*PqYfp19;@_Qj)a+74JDpuTVnNx+kc+bdA!ypQ(~0&FkabX(1t=X&>mP zu0;&kAZR>u2@lJIs8maG5_Ff)u$mZrfmQsl(Fr)u6RBDh1icMp{eHjpQQ2d;|e zx-G|*dlPeNl(W0rATkvoz5y@nE9GsrLZt?-5rj^;B_Q})z%gJQTofh9^B{x~h$#}o z7v#}XZn9HAre4z^uR24;gZE1lD$y+<(|})`bqFIc))Zj71YI20OW%!itV0ksCG<$- ztP&t}`K57#*6d0eyz@Y6!e2qKu=66VW}&{e&(PPP@Qg(=7T8;cco@H=bU*TJvJr6u zxtreCwX@E}R>)DzgO7or5srSd6PQH;2rXf$cEh}Q_x#~~2V7wy-T$n$I3_-DzYedu2 zUlu%W7rPRRBwDmhGbLtesRR`MQ}&72FqcUUEXcwSPt{OF{gEK#3+aIh*)m$oV#3ch zFb!%U7_K==z1}UwN#tO;Wx(#FyE{i*{}gG=cPA8C^}P{U1;JpymS1CK$i=u!!44j# zza8yTgn8cd^XwS?GQR;{l?2uBjua&G1}{7#2q%JjC+gU;%DpRl@sJ&^S+|+CsprMz zMJVag=ZMJb1|WY^9O(W&r-}a*C`t|TLgUbLKBj}nK*F3TBqvzpQsIqLqY^LfNi8BN zj8<0)%3=lwLnw{xV+ta{s6ZKyDy&-XV&*)bT(es7D!aj0CKVN|l;gVJZLt~-QZqew24N~wWr49(M4yTz>m_&|F44S0+wKw@C z_}P1z;~MT4j{{7#%!1Ct^e*h!sbKA%K}g)@DRy)+Fry{l$FOb@1Zy(D*Y`ObNr_@Gxu} znLn54pcoex)DC~DAbU5O;)7ywc69C@(xC(3vW# z^&s1`(0Tc4la_>O{rE8W1c2@EXpK^?(`|;djP26!IlDRR-Rh0-2a+SU_C8Atx4h{G ze(9$_6x$+9-G_0rW8o+*-vl-_iPr8o^4ilL?4Wa>`ECZN+a1}Wt`NcVOYYYgIp+|@ z6o#SDi(CK1{TwM|=-ho^Ep5iml_dR_Af?zBm{vNAA&eCW;JwmdM#rGVitn!lz?BpoZVS0ho)zxyYi_gX^gK zpx8~Mj+7!#Ug8Tsf0~10zqpZ-9Zc^<>3=} zdI&=~dAl@2-KL*EEzL9n{0XAAupI6S$ow7i2Yd%PQ9>L64^!yf8JBI{a`YsqhE617p01b##D3GkkwSJn@bSJ$4Xk*Wox0r*}b?$5rK52cE z6-b7?uPIh~`E(L!Fz(#~#uIFgeLwBOpK%im`N0$U;0vkZz$+DAFYMo0aYH+Fwtkwz zU8@c5qak87ii+z-+}sj;PKfPu0%D=Yhq^kpXH>ir)d+WwfHao2L=`5_r0|27hSaMl zjQ}=1M18V7Snje5nZqFumHZn_%6sH$?pO06AgtKnv=b}Jv{}M%*E4>TZIW7~OA9t3 zSsSd7Gl2^TjCxQ|K7)t6pnW+pqn(~$=cr*BuZ!V|?34Yb2K0sQb*Nn2>nC3Z*WLLk zM|56FW>)XdXHb!metYVM(VnmwLR*W&6b9w^ z>?3lJQF>+&B-R{Bf*aG#xDyfiHGb7%{40G@4r?${$TZd9XOMO@jWXzHM>7xc`iC)<+WAep`Bj*UZN zGsJNV8HHwBhu)y>?7J_z^9J>7&DA21y1)QrUM_9r&RwtdR{^c* zbn|9Gtw9~SS9bn7~aM|?YB>Ur!yq_TVAT10D@s~FqZIX3qGDOBG44TtSDlC~DjKY%M4S>7t$ zJHEbZPWC=+tlWm^$(7@2H$O@>&*FU>VFIwk#PI!O{6N6D&<4X@iP1CZcfKEO!BUN) zdLAdLLK@SiN*6Pz?F!DEaJkZ)h%JD#qEv==aWeDdNT*=N9Z5EW0wh z3;g(EGX9-m`J_j$twIX(bA=IBd4FL)0H^*NxQFW?ViGTAp}tiJ7mvV;KAd0Y?>%OF z=$imA^{sD&fCpp#t@ngu`SKk##n60swu@Qh5LTItl>z@1mSlNBk#FwhYD^|3yJ9?F zfM9!xCSUm;+PyH~RQq1*uSOD0^Qnul)Q|Nj-Di5_r(qFTEGSr9i_xro+z)@ea6|nR z3a`9u9VD<@)f#?2O!of>J?yX0|A+az{xLuKf16(`{y*m5)BkVt9|1uBuXzyX|J=Uk z{I~hF;{VV5`&9onKLA3}q~6Clq>wnj9colR`M_kEk&by3hj*c5)JbMg*+-vA%9Ho3 zig@u>qzsHXqTYJPE8ZZFiqSB1&86XG!$MxIlts@SK`&}0sAm~u7=)`18V0S^WjJPv=CihGe*X&|OnRFk zyp448JVL$|Fm4&An*^kTlD*Y0;Q6vGTcV85p3j>B#`=yF9RupHpSm)?Efd{vJVn>0 zdkag~U)fmcp&!^YsLUW|P2!m4Dkzz8J>k_IBGE ztnw_r-k`su#{nXyhqVF#Ri#<$Ebt!lbfrd7&y~V_0L-~@H!zuv5{TV*thY{P{qv3w zlD2eviGM1^p6Qqvf`n*kQLkUd{UBS=<@b`EkTAoQz2J3VzqLdX>%TB&i&?_=0l)_; zuia6|(eQCT9PimXtkMw$g2Tp)3)E(K%APh-R%UybAlbfv= zdcVn#Y2fCzMrwndY1fk9)#T{t_`c`C$t7V2xdsVe$7 zdfrOcB)oQn4rSqp?GDpdMQVOu1uXgvTwEM{;g_Y!TRaysDXIDrRX-^EkFB2a7BocN zT7Nn~@!MuZ&1NdTn{~)RX6?RHz3Dh}q-5*gcIYeAsLYbu`W|X68#Zn19|vpxUE;)> z43rco8$Q9gc=lyLyz(39cqMU^rIPV?w^X6e4aBcpfSF+1q)DZzY`C${^;_Od1)_0} z4t^=8bfpb79v;1 zEYcDG4VD9;M@AawXa$mGM~SzHA?nV~bDma4^$Rm3#Z)KjRD${85PmQ;Vp0h9d>IwI zS~;IFx&U=(OY#0*i}WxQlZ0){ps_2=2k7-pf2O)4CFz@El5Po3 z8g7KnBefLUJ=LoTT~ZCk!q?A^?3#Q?5aNh?yo%1AxsDx59&HRmYJR=q?8jP6$1jHp zz*!b9J*Db*CxnI3HJCDhkGK1Q1J*c}k$zAU01qfRr#^&X7290_bN-ltU&~{3Y;j>| z>tOeGW~aZ!+(X%JNouvZp)w1bdXnYXCOBl}Nf4$^8(HmD>zj?>cZIs^$zhriCGkU5d|cN8IoUrEfmtX{8~|hB zWEM}XuIMplB-0iT4286}solJQql!MtrB{lOxCIaImI+SsxACdI+0yCzi`XUQtnRyx zb6C)a2h{pQZdKsm9)bj(u7;~AuVKNuvRg=70m+f4jbDX_#~E;4jKbM{^Dv#p7c<0t z*+3PPNL073ti+4!rKZ#e_Fa4e+&rCvpttGc(?7ejWbLS(0b_KP&&mKb4>3-<4mV#n3)Ej?DzisB=X8g6@n;UbnEodU323Y zkJy%)(s5O4VWn-k)@hpGU7|JIT=CtEupw65N5=Ns^)2(@n)~wrJ1|uK9EReR^KwyR zO@1J4fY1aNg)|X&HY}isNed%1kPm{U_=PUay8cAz#|ZcI8gP@AmapaV#3;TO8Q5^g zw;?w{WS32cS6c=5HJvYx8GHAKizUw&7bRXcCKFZ(Ll?!(0RQHg-EJ3pJnrNc;{aGErS-cr(Kn;F;^w~lx zT0e`OxEPx`Jr!8UNKTgkuriPf*%&be~{f|5*}17BvO(~lN{$j zRglKRb5p)%IZW2`7GHBD~H3I62_c;`<=*GU+ zexlf(m~aMXv_V7@jrO1L$7K$B+8zBIQb z^l$`2;>F5Ow-dpxGk7TsA!oqR-^U2egQ0bc)Rm??7+HdV`xogPlJ*_T-MVi>FRDO8 z7r9zcTRA?}#S;32d2-TiA%^vMa^zDL?ucqu8mf24+yS?tKn>T7`6HioAD`XDZ zPZl`rMrBEq*Bs_E8nc4F-323FxG#L1S00J>J`t`}=Y+<9yUvHftEr?<26%_q$*r5^ zdd%F;BGo)gxF(+ zh>r7WKaqpS)<=S3c1y@gUXTyTtzEUGduD!nQQRLF9f2{piu^AH9e)#T)kt zQZ-z2OMI(hT#-@0_cGn2(N`SBXmW?rJdGwU1P z9TF`)rs((Z>#iMBb}`Nn(Q%Ufl`Y~ojk5R1Xa9Lm7Wj7ua#tU%8t@o$iO+{#(M-db zE=F#`}bL5vj2Z)Nr}+^ zmm>Z-OLBU zb9HEUxUVJUO@=+G!}+i(fZ#{o{R8Uij}hS@yXZXHq##$0_^gluYhG9%7`A)0B` znT~V}W!3?*$m(h?I>@XVOp6c1;hxAwAw~*V2rAgi=vuQ19 z6QF6=7>CinrG(TU%(Bb8Q>jLcUFuZW7HDNmBY_Nj^$&{Gn#XkTYlno*^%b#p##7e{f_0vjAyv#C?)BtSP1>GYR>{Se38*wbpolb1T zRM_2gPvSj|+lue9I(G+J-WSPjEpz9=6 z-?jC4f6vEiY9Lp28Uqr2aLj>syi-Z=E7zp*9&X1sYE08U!|O%-V}Jx=sWOCg`948e zNCj4EUG-Za88yAL=S3ti4-C;3)T#fWwdQSJvP?1XLzkqsSbgV_jmSsii#{)J%KlEl zF5_vtKA&NKn()FSOoMP!r~g8Y&maEr(g{y!5bxqjcoe=*>YWT12(tcPC_SvXdo|pe zPKN=WD~>~ag;bk)d`Nr%Rr<%lbWQ5zRaVk4(}WDzos=@+;Gb8|m7@u%n7|nJZe{_W z$}6kgQww`V{x$Ws1kvR907T*xZyNnO8XmLT?y=4(c0Vq$06MuPWjtKO#^nL@+qoW1 zqI$2ahvMkWX=ydE@RG!VEGQ9K)K#2L--wa$aY<#P-sW-j!;Ua*2`Mb~E#bCVomSzK zDr}74mLjJ(zKbRt((xH8V4EkNC}rqK+E^lr)U8B*K!UYhM>g*Ray({YJsX^7&a0%w zTF;4xASz^8+?YFNX&|e;`1z3(zt8z!z+!lxRMQ9|eK_^p#mI<)V zxZD{(W0rE+k(kzm7iVW2@5vNJPXgZ0OYnzuMa0oZ>d(g}Q}-j%4^h`8fq#Ne7IJ_jfk9|uYo7ed4jKTF&+wky1>bcC2E zmW(M05GWOoIt7bya>s%``O4$o5S;J;Y)&6h<@k-bThb9)wnwo0?JCrE1K{8SFH;6vy{5deD*&NZ^0grkvs!Qj`w~*1x zHRRn-UV6Aa+)mpSenXd?Q2^3{Ws;d7=yk42*^jkD{oYM4ktO3(HKb_PQo!r&NoE+4 zn>-Skd(zj4$%)lPSlPbbN~n0Ga)4rOsD7%Fl1({%-9xoQZM5gzVp!(r1Ie>^BAK=% zY&Vi4%PSVvLd`BuG^RJF&tH_2LdbE6|Lz~BKWgC&2&v+PXBU4I)nRgtU;~LdG&_DP z+8ldR=R#!Lc*9LylLy7fwi-tDBj=ZjL>My)Gpz2`T%lx%HMb&xz5C&aniRDDcG5W( zf3T7@YG^!!X>!Tqqg^|yA&w3wGmM7>T@aw^xCop^*b{{BNM;?z%G}VlnbeFJ z@ul{V>`CBxJ$T0W*!1ERLIy5X9oqAt*(jKWzWw)7V%A^ne+i}ik7?vq40}! zP1IEC)ETD4zs>mhszEN)z5s_3YpcrHxD9)+3QFDNRL=aC`xtLYlnq(Y5C+Zr!>^bp ztjk){y=bsD*TcMu0_D**CoI&=Q+)&$hhOk^vaCj~;S}#dWbX|!-G&L4DJ5fS|K>NN zb+QH35uxgRc)g7}a9skpao**h_>@-zb&HiBN;z}o*j-qg+8Z5N>`4hhQ>lyCWxtrLOpWN}_=`rNwZ!H- z*2us@K#=#TCJ@@$9bVm}trJH+5!R$t5_=p~f5avJ>%nRDJQME90UnodVdP;pd)U^gK{mZ6dy%b!%-9X zT?sgHrbU)~S+6V&j4eLotyO1{4W^ItqOJNRMaiO7;0%2~C4OyQTSLLlz^ecjI4{R} ziTE4TqhIj+vUw)=`H;|cfUi{$H>|67)KH@W<{fLvc~2P*~2zstGgRFPe3FiQ?8gBHkSxG#bpAG<14ByzvagEZKFl#5R~qAhURZT6X{- zcu6d!W$h-GDc>V%UUHtT4wC*cjfl|3WtkA-)FE42ze+aZh&9kWdM5}oh_(uk#PTr$ zicC}4tj-+)|Hq%fXk^jSUBuE}lzd31*3NL14k`HAAZ7U| zs)P-5%g7?xRE~#ib3-z;lNvl?rcc9PBSiUeJk?TR5k(0(ux`z~PB?0>SLbF-T-RJ0 z!^FJ5Wj&H*jTQ&|sqT(x2sA!bWRrmcaAM5p>!pVwB$(`iFK>K5NjLDJB$575VD-NI zR!9muIxXUJw>aq7Dv|6Q+D(8HHrp~0Y_#Mga-KE7pnA%zY7p~tj2aPx)k z@{%YKLrEUSn}!ZU{5|PNg*BtTsn3*dOVJZGa%8jR4lsweOQ>9tYw9pSdPw*lli{T0 z1XhlsInXk)fcySJm9u+IxQ$rnC43dEj)Jo>p;)M7O4yxtZq64k;4pBF;(3oI$&zbV z^xtRLkps`ORGY~;M=D`PW|b>;{Pf+eVWAamauK74Qdg;62dBB8JxKoF4xTQ!_OWS1Bk+N#S>XTs}z_A5# zgHT_MVI;P6q&|f!rw~sm>+idFUnbV5?i(Yv8WgD*K;lcIa+zisIOwbUimVC?a#g+7 zrrzOjwPz-CI}08jV2s44-F&Z3Hewbpz(lKEodt}C6K(qPL?8y@rXbF|5KDVN997!+ zp5YU7bca$HngwmJeD-_Ne5EQ2yY3ZrH^a1NASc#()@au>uqudz%3l3BS@aDUM(9jM zfQG%Qg5|LTi~!>`wE$iCk}HI_{ymGK=aVgx4GQdjtdKv+N_Y~Y{G&*A(MWK07?_(7VIZc8_fOy_?9KMOM^Bs{yf}Jm3zP zmtz((&u9r)JaqS{+Nm!7?;P_VUX1X7NFlnrz$1sQCp_ z!=wI0^9s!x70y!VH_2ckstL7UB(4Lf{kKt~rEuiw1Q}X#fe34tXx?FxD$lLvZc7gH&r=B%s$S(2*F7FczUh32w#v#N zBb#pU^7!<6f?&gQue_`+3(qGpk9Xx$&U>b=h!|?kfP|Y+ZIB>SVSJDoOe_p(=F|&E zZh8ME|h5rbXMMQBagh`&RGtkEi6Sk%|pYXOd5;mB8K*}kwiFVFo0^6M# zqNC;XA*P{;QaNw|62GO4+I4Z$J@%eOIAYAHY#;Ut5%DQW5Z{R*JU~uhr??;T1?45} zCH=NRNuq2?DYO;xbAZgxoJ|L1jRGjRjED22v%f<`v8^i%>d8Ct%WYB{Y#XEt@79SW z5A8$g4%%mI*F~uewQS?Pb$xs7tm(m)x$IEe=t?WYf}h|?l2%i2s&r78fF`jyrQACy zdk8ZB%M3VJ+oEtkPyF0e*yVQ2`4oWp{F*l&8eS`%=R5XO^c_9Gv^e#mIhihxWldjc z0kx9-jRQk6P}bCfoZ);rKWO{1<-<7ioNf&MGTuc>x-4|JJ?Vnt9z6|0z_*s-yuegI z?sDCGTev;+cDge_oBl*Shjo&`AeLmYW!|)xAYnP+*Byw@L&EZ*Z1MvRIzPXJE9C(w zy|W9$vtx-22{3BUpBJfIj6sd{BC-(HFSR^g)56Xn6cg@OsLXKZW~KQx;fLwy>FAU|aHI1!3OAzSszF>$y%e>a1gdua{b3RNptE(T zmdVHYN3KNLuZP)UN9GGJSDdN3AL0Nk|L2sMAOPER`(`Zn4ybF(vx3zVV&V?<8n{uY)H4o;*ZH zHF

YHOt&fa(CId%Ia(wRTW!ZD7}^$=SGqb(Twz8uNC#$^hV-15Dp4v|i;9;-sll z=OMl!DY|MH+x|^06*cd#>T}G|^LOUqRf10s>UI0r{wI3Y6X9s$IG39{{O{^3OgfT# zGZRjk^beNao&xu>8IF&OZt3}HddR?2eq@LF?3@?|^Qv#gwtX_+MJ}v;!YOG!a6oat zw7oqC-nD4L=2YR&R;GqhU>CNdx+slH2}lC&2?D#du0F@ziR`aK($1Sr$KPw>!>bw{ zWS}NYZmq@>16VqZOc}_ibT`vV>i3KyP8%K4{JL}y?FLkx1#&Hs%k|Sf=D@H%V+v-%+M!(mZ zcQQG_a|G0`YE4`Z7n4BVj^tbwHx19WLPS#Nuw9#()23Xme2R$6_sD6K-`FcY$C~&@wMCtJL=~voO0zU)jEJ4v z&?zN*xP7wKVk(NeJ_~wP@3P0nV)7w6gM;?rtk--ow3#pX*RkTj8rUQWt`Q(+e?5uF z`*cZ(nFGW76gDfpk<@0?DRvJJvvwfsgkR?n;Q@cnBXl6$WIbOjwBWwHGj;X5j5f_$ zqAcG|!P17ezIA{x;Njl_9CbvHTc7L9zp$B|5Z9n{0Rs$+)NH8=|wL0HskEBIwB% z;)27H$KdB+))Mqr-*L%xfz-`%lYq)50-Qy zzh`PzDqfhRyU!YM6)V|Z{nS{KD=|UA8q%}a7b1&Szk>w(Dq|^27dSJgZ4)#T0qHk| zjTl%VGa4x=!S!ul^3HXZb@l7-kOW1z{aAoM6eRL_nIGR=bS??8byDDkQi`= zIY%JAVq_vwtGZ3A5Y>J|l9L*;5p%Gv$8_wJO;pM{Tad4h7Is3S?L^oSL>0MwgD;(% zK>oSQDL1Nd8m!>6pjV>^l8AjWk{N)*9>6ku#mD~M|Bukg{tEqnn7{WQ^OO9y`Mv%B zWBwlb|298~oEe%CG z`RYBPcY%ezn#aCu#0>W9V+TIlyfPk6{HoBzWe*d??e-Vf5=^;bu)1U#0&wg1Xog%i z0`hUGv45%YwlOkU$1e{MNGX5Aro;F=qzXZMa>h9nTGbwAi)~$H+M`IyGoE|Iy9F`m z+9&zFu!&9&S4#68Ch0pN3MmkErQkxseQ_4zzwvfrhaP9U#zj| z2#J-}!pj*9^GFW(XCbUgl(_26!Vw{cZG|1>({MZKO_!}v_9Q8$THCGgVAQuY%N!P+ zC+g0~d%J_D_U(l!givN1*y5(lZ8%{1%|+Q0e-LIcN)Q%e{|^4OLjw?(*j-Y&@I%7_ z^b{)Ck*v*!d+qr-C^_s&#(wc061X+r2DRQRz#&qU?mE+FDdaJXtp`n8q9(`T-peSD z77BC@`Q}Qpe}lSU8^8ZqFiS(5gVMg{17ZWy58l6@A*L?(NgssOy zyBuB*xGaCC@l;#0xItY>38QbBCF7>FjKLqN=+rQ`v|7wjW`?J&uvEO7dW}_)7RJi% zVvl9sDRp-!wsytg2QQ#OUoh$i3uwHZW-mYCLEV}(dOQMQSqSq_dWvGZ9Wy2S?4A%s zw#bI(i8}&KcivU3J^p7=|?e8nJ>n>KH0#%X$5Xjk(ZY4nC0fq5$TYw&+_M zWxby?!)}Q;osXWS>8^tXe#0Mg+8-?mZvpYmF7O8=hQs=7lT)p>pa3e~v*y!>*_I1R z>?n+{7!LyLT{cVV!Hut>D^EOta5dn*pj$z)QH`>YwqzDI0^& zk=F1l55Jc1-peUbq|59H`aUAyR(cXa?$@3Ea%)$^h*MIa23kJ2jOijn2Z%E%#o*2u zIB(v2%~q9G)WcDAR&`MC(Zf8AYHLCYU_LsZJUh+8gj9vQY7~g{V0VWjyLLzTApM(r zr0JwA;AfdN^Ha`J_@hx73#dqN)1q^WHqJPzgYehY>6RJnm3Dh*y`h3afAFFr<8srH zBV=V}i)#??(i@?#X;EUY%n8Q?XK?gIeiGWImU1|qr~v1Zl8v4wOLMIxoog4FV$bx! zHx_}r^`Smt3(=DFZwyuCN!sd@ueN#TCxQfz-1;V?Hn!%~+M`nf`Q%vPp<{}G^+UIH zU4ULaJ0Q}87BMDPjR~z@cnOlBBK( zBeOt1B8C}|)FBXQ)N3C9*mQ~fsmY%YL@j91=an5RcaFBCVU(L|L?QKA8DRL7Gdw!s zQe0t}$VmRxA5M5+@aMwJWqbZ=djhhNQg3T13DO9)n$IC&Y3vGcTk}-p{s%ThJj#*< z?;}kL1caB%Y~6A#C|;1kgIlIQI0CDQrlN$7au#iOaDr>jQ6_|aHknY?Dvp@ngrW07 zqQl<45@41-A*Sa-0H4SBcAI7_x@nCVEfJ~LBp)mRo*gvUH|)>dJ@QNU5vtZa>#b&X z$O>A>EaCn09{h*bp}?R|a2?I^n$5a2BsY*Ja|;iMhUW^vpVjB2VoTXufFNfZ%pL+cJkQE z&rn<5UbFZFT@DPTNj-ip^c=JSIX7VsKpAZ2aVA9Y-%{Y_olH4d2de~%rTi?!mQ(2* zXpoE=xG1Ps%TDpq#>QiBGjg|`7wzb?r?OD-d91CZAvihUI^-=>EBT{sb#f>0DPtDvO^j-qU=m=2oIHi6?CRKO(r#fUDLP_gb+o-x;a!wJuC z3*zXawZLMJTN;{(I^>BSw}UJq9>hu4BO{;3u|VtPDnw}X^svM325C&jHLN%RThbh) zokVZ_cld~wjRES)pPY#C!KxTFdN_sgXiE`1a;<;y6de2e{CN# z0aHm$BSG!F&D=QoEz?7Z670pW{C$E2c~o%Ck;FR|{!u}G#8icQ{mxor3c}I^_xE8j zt1C0>*KmZ0pK;f$LPj&h3(SPZ*vjA68jXX*_u4IIXKnNGVnH=<2x85Q(0I2=MJ-0Rm-Xnt}bbEy)ZO?MO-7V5Q_Y z2)nc*Xvw3D5Usb6Vf(cWw7HwbuJQoLlSaTHeplc;+WaX8hfo)%buXC61)+Q-5=pbv z7K-;^5=mAu#x@q9YiOk!am~)-^N4ME({$WW;rzOvkq=BJ{2+%koh=VGsOb)8A1p3n zHz0--9$$K2>zGs-neYq{aICdUn?ZWZMIPBOQ3VwlX^U`4GI^qH*mdwXP&I4Z|GEQs zLwgIWnu)^Cm_l$dVhmJ&`Lw4uehnyDsye)LN-4hLBDn)F*T;<)LPUke*!s7InqjsW z!UHc|T5{AJ_V{N=CwGThC5Mi-MPmW3qJ~4K1CK+kC~vF7VjPss5w5kHzexkpx61ddyYP(c`I%dIw&n@M z8F@QThlEcMu(#T`7|SnEAvKQ-j4M~ZZG_*T{#kI3sb&tZLa$q--dd7*_<&sZ9_^an zN9B%l@re|W#W5v5-4>DIQ)cpFm{^Tp^XkUAnkYM)Z?=D~-upNAq*5*MMUFiTF<9tL zMK>P@UFap_9Kg)l4F6$%fxm?QKbXJoKg>`3f0;jQ?jPp=8`}c_2nY`Occb&4-JbvW z{6bFullkxe!~7BdX8y3b|1v-Q|C=rJ&)@#p6RkbQ*!1h)R33=r3&pU<_L(xdL?_Hm zK*vg-ySSWK0$ic#4$7$O#n&X<4`PJ|>#d}cRN^CkhgF`RtoVC4z>1@L!RiejvBC>e z(jXs^sq5S#5BrSTy|fiiQFDaepN_>T(JT&?_>faG@I>TckqT-=ATjH|x~FU$)Bs#$ zCex;Am0#Xk&Df!;Z>$FVbzhA7y%GnZNg@DPRNU!*pt$&Vv%xt~0|L03^-?y2`=(ac zO7&8z;q@u(500AUIbvnSaLcc82Mq`h0p{LB>q}SjoAhkp9E#y|;0T+;{3w22IA%yr zMhveMxxX*iic;?B%a@Gz-*KKXj=yI@DC2Zoj?@kDWp>%QSY z!6v=QDaTU9*_6b=vS(+;FYkt<6wxQFI2xT9N=$v7-UYxkE18%)3 zSgKfAztR?j?vMyAJxRfqV2|&O2cCKl2QrF`6q+FRaerq(=tdnpE$&hEi_`+mcHQVw zZn3=x4a=E%NX)09oE+qIsApRHgZ2s2p&-gtGs7tEhrVg|+tlR1n*;;}w9y*7P*p8) z8wru1*!B^ly<^b&=j9cGtl0yR9haO($|(G4@@hHA066hLecY`}#=ZVfcOV`f^a?%B z^lTvOr!J8iYP(uCX32FqLD##qht(cTnbR{2kBtmCm8A0z*R@rro&qSNfzOy?x^OI1 zQmtde%z!%8^7*7okdFwFclHFrm)3yO%6WH>!Mf-R>ZgV)(u9YW>td-ci(PM0ULoe) z-b}WBXp+Ote4kI{&hu&hvgE_~SySGfM&%$lEVBEUcs*dFwX0iMD}!J<>qCcnOe~bt z0&lwcc|(Nybq*z>Pa;*w;#xel^@E?kifX2<}*wAbX2nZqqe$e z%Zb3{Vp_u=oz>+7gq%*8lOcEQ;>6dmqNr=kaz`FtJ7YE73*&q>(*vb>v?CB@$7O+> zU(vj#N|aXFS<|w|I^zA^C}XTk418F>EJ`tMmV_2RaH@r1N0;!Rp|q;C<_yiJ66kRB?+Vp^H(a%{IX1vkHr(|SSbW=tG5w-r z4zT0O%L?qY(~`fP1>%82L{)U>gDpj#r0~g1E===tqQ+X%qMxuU4e!iPi38*UJ}wDj zSeBoGlA8B-B)MY{dUTPy`l1sGg!Ds99I~RCucGftQu0Qx>?Q|x-qp*;8{Gb&4pIji zPQq1T^B@4Q_k2*`T#23?uP2B~0JB_ZlS|RrDzX+;v_ye#B_~ z_eD=ut8a$5=p2o96i}jM>UsWr-}EdPX?yh5#v(+ncoYoIU$;YkAsOyhIB=Pnbk6O7hyWG;C&jTnis7_G~MY*IY8@AWOLLgS~|TH&cZGDt!piz4(RU+@(MKwM~G zf>6sD!{jv#etgud(@|--z505C!2WfW}9kKVH=u; zc$3rN$LmE9w*W6BQF>JLQ!N{Jd$E9|KA`sa$;p5)U940y1CUz7?x$Y@y+N6Eb;@CL zkNj>T$Q|g7CbGC%+^U9xNii+P`UIo7FsP;|DX{#_cD)zHv?nF=iWt{10DmcE{>R@dQD_bfJk?EGRK&P>6-x-8 zlaFsForeJWysd4cAh z+w>yp6IT+)GP%~&sg^@QE~Q2jT2RMeR4N3GuYJmgn5Um!Cb1%OQyXBF=#VDUJnIr? z>EcHUb*wTP>{mWFjADtDkYRUWR)YuNe1!9py1{P&pA8O4rB5TmoOgmk|0|!91HDJ) z$$-d`aveS+CR^2;Dss#<=&zRu-Uw@=R21>D98c}Wu#;PmzeDwP*|c4jgJsw$2v<}O z&1VvDc#Tm9#!*r0u;A3A2E@$Wx?Cq=+vE~xzHJu7@lzaLKPE^W*nWjSO3&QVc*$Lm z^RrY;-@ltKmweABQzws&KPd=WR>UQR=0S#I(KD3%ZEztAaIuRxbHLrnW%?hsp&Rq& z9J?cNLpe#=UGUirwv3k4^5e#tLEg?nJO!PaSHOM4g2;7wI_0rbF9S#}$t~xVKw~^=4mXT%q%LlX_+g_7B=}QA6kuxXX ztK>`uQ$#OB_@f>>C~u4!6OFG1}C=?n?$Kosu8Y7 zaa+FK6=~}@!U!|tS&13Aii!Y_GdMet|? zr+j>v&iT1RkoH%npC~UeFwCoSP*dM1zXncbW?hkyt+{Nm)B$t#8$;iv zV+rAoD18m<*jre577@olZF~KMF_QqU;gxhAv$15{W^2!Kgyq*$d=7w<24QYIz`c`H z@L@DSM~yd#*=ZWN!%#GZ5Fps+Bi^(@&BLR7um`@L5N)Uoy^+1f62(p)^`~zFgMdP} z>(6N-GqDfDTV3*MP8Z=3D1T(N4pVZdp=9F z1{-v+=|rsB_GInlPUk1uk3T#Tq5t*FTJZpIIg9Zo(t$ z9jB?g;3<~QaxB5S9%mqy5P$oJ`E~yi`u|}5{{JvP(f?)sB!YjKzqIcEGJmA=|GW)* z{D=Ad=>N_9Nd*64eslo*nDu}A{M=*|Fcr$eaIxL*Iq(>S;}$fQfyL{{eiSk_;S8r= zS5iO>9QehpT%y3>TybQDi$G*C-*;M+%?0A+?dyV>s`If3lLpH32(|Md;9c*WHS|0R zN+l4CqHPygD@-PPf@Lz;jdEqk=gr2lp{viA)#t*nqB-a)$?$BgvZLEJsF}bmxtX8T z;8wCg-MdPyRo^MMZ=u}-1DH#DRDqYMBrc#*HqbQTR|oTi29?as5DN22yaYR5@JbB% z&}GNIN)xXts2le97TIdq;)>GmNz9f}KP5W5r8o^8M218rSi%hno-uhzSVS^4OAz1Z zCEyC3%g$J1qYerZZ<$%7B0XH$J|1$6d3>$brI{r z$O225mQJ!zmH~~MGfT|Zfv(L({0g2Cl9jl>oMwQ4%G54=K#f?7f{LlNYLkw;n|Ghp zY-1=t1007A~mPlRmPfLG55okuFK}|V{qB@PP?h5cLvs1~%SNwnPWF8du ztEwqoS+F*(aoGiHV5oy~-U%(TjTiNXJ(cmhi`X{oOq#?39ix%8N*M+awq=uUiUM1wtdB zsB?~)$Wv~gL8Rl8ZT6275P>7z8Czq;QJi){BQTG)Dj~fjTdgQZ9j$0z+DH*NC166I z&Dhr{{t(AiS^ZL01OO=Lv+#75;byDODi8Ppur*YrCPi#gtFQ4$_H)^p-R{xUq~kNH zdc|SqKLr%*;^ZF;dC@i&5L9@;39BgwmqFGkIqTNIBh%JOawT!HrqJ{VK!M+_D6oLP zURl0vug7s3;S2>L&-o_)9uKWAFliOYlbfZT4N)Gi*1)ND7v2s3^7Hw8cXoMjlOyS6 z8@oma`>|$~V%OPEbzr1aR9KWbF{u0ML(jkJxxF8-oMsm3GuA{rQ5sEpb%8t40f!&! zdE#%OLXFOrEhAzae8~#(LE#_6e8e@?>Z;wha|hH%gp8wbH#E{87n6=RJ&TRNkFv}x zn3>>=rg2z!o%+mDVvArn#RuD+I?r|W`PrXYa7=%w4Y;R_t+)Ss+2Ph8?o6RrRsmXU zdTADG)(Dy05&EP|)XnM4g)T#Uff$0MD6UD!Q&h|*b?NE!T_e<}(Mn*rVHn`4MaJx# zYEamzJ=q{?+#%%o|QFVI39+Z&R*c4OZ zKl16)CLvm<%j;p=I+P_Wrn6jVVGuS)fIEPsjg+s7F?#lE!xwpsZFkw}B1p_gpyb%y z)_dc1hdy@))vXdIz%3Dtf+uh|q<`YS%fUa@k-4;c(GE{kmO`@D?A4r2sGPSbvb-Le?&WK54?ld#-^6W`5@`x45%zmO#~ zMVo{u$W!)7?mTJHes1EPS*u>ptnv!ZRrn>X;hpc|Ou?EP)SXqnAaN(?`)m?*6GtQx zuk>JXxM@=MV_D!6hSLqMwA=UoI3xEdggOj_%Jo)S*Uf~VszA3>--aj`1wl) zIL^VwOECH>#=F9_95W>HtI-ACERm3jy-Vl588$;M92*4+QkElKsTT#$$&mpeWCtVZ z8n^$=uPpJPRtsD;wYU_?Jb^Ia&Yt&=5lY3H7mQlPeU`rM!!im1)N5^ zeTgeJ6arVE!M)ktu?qPfmJ^mCcbM{w!ta=zgGY3dWZKi}6=i;yVEA25@ZqkHA_aET z&W@WFscBLNF9dFFw}hxPHD*W8iX%?$lEPKj;)c!gzaaqneuye8iNLr#$dtCMsGJe6 zf3~7n3LkjdpTZ}(RZ^7sZUS=@{!|bw9pnoCPLOu8JsUs0dl<{Ewq)@upSxZ`S~lqD z;}n7`R!3ZiRaTdad`+g6Dh9Vq$U^mSOWvYO*w2lM6)crl#eP%y>{o;$TNo_R>-4Y8 zW6YXJfQgz31q)tsEE7uG#ZlX%z|~tHmSX$(43x|(!reeYUT8EyuAfPWMm1I@{gWak zpdl7zEY}EIPzUrZ)w}L`jA7}bm=D7OogZkQ6E8lx%Rl`Q1gFuw0HALIBeGnn3Ki%d z{ERs%HD#=pz&414-wX6<$$E}^FKEeru^UBT+&X)0J{8;Ptq$@Ou$@Xs1}rp})pxNE zlM-b@GbAMPO8PXH2DvmjX5jDS#3fy~)#j=2o{+hs_C6@_V#tnn;8XsXtYmi4n-lW~ zhoUkIN*zvqO;~z$J^qqqORQJPkiT#-oltF4aK*daiPcmdwjsR}dNhnQV9BcQf%L}i zS1sV3E6#?;SE@D~I>0775!MakkO<&W`_jcF^6mpws-K!wIu_`cL4T>01ovtcQGbu@J&K^)y^iCp zNzCtsCfCJTqP}%!Jk|lTC)(`Y)Qi7S43LZ6G#A%7aF2|59%R$@FO-o1#b$8XWFZPg zVNi1x<`;kbCv9|1yqE*DDsb&|kEc>(52y)MY5Lal8*+aKc4*xIIDUP?nsjbjAjXc& zv4Nwkj)I%if-Fa3JUDZ*2=u>)jh2?2-TO_)oB|gFPR57HbyNqsc3X1c1qOj1SGUB- zu2@yT-+mekbIY($z#DQ%-cc@&VhV%V-5_4m!Yjux7#*!WkthITh0)IUpaY64jzIv9mR(mDON<0Dc5=b4Yf>H)WS_oJ{Ygg8GBM}eEQE7B> z3r6dc{9%|RSSIsNn);y6T>utV$na!pZiz&|3?=w@SiS%@c(uZ zx%U5b5m|cww~N4V`=4FJ^M7gy?Z0bDuKj;&$u#)CYsq_i5W=o1Hrx+ptn=`bA8n6- zgHD4{r$d4kaEX@?Mi10bZgt$UGV7x197i>{ANwsYjsy+s> zG@(NRQ>?im0C1^dif(M7>7~b>-&SvF9Q{HHST8GSl~H0u8=279UtT9Xmr9!e+2<1L z!dQp57|O)qS(n2L(Yu53@*7F`+movh#MB8p#=)R1e$>JY_Qjd>ehKFm962Zs11C^- zuXEFH8XvUA>OBITOl~le(Q*Yo+^)ZZJ8OSqwey%Zw3|IlB6&J9A^x3PoBL&56AV%x z5C8HLYv2Z)SkevAT!^p=-P&5p{sCstyI7(3YR zAgb4*WMfbD8XO=-OrWh8o(letbN?UaD#&MfQlM^piWRsODDSom?@2cBKR&r<#oYZA zB3&o>asW2+IOA;IJk&|N`i7cAM-xa-6&lWabBbO--8%}UujBODCSJcKsFo7~p7C%SF8AFoP}l$mv}c1P(t!qYBAfHn5Mb>3mJAOd+LGdPM~I zn078iagq3>j?VWA^N#+}9KbziCG#|m?p*?eA99y|yurAt}Ro{K! zwG7>#RFf9CmlKI6gz;DI#%jVT(|FgA^0OrQdP`#kGGOOau}tB9SBy*}1hK!qjQtzZ z4ni}?`Y}3sB^rlb!Ok3eRebp@*~u|oO#E#Y`h$xrmldRd(3O-*Bep`MAIc#$*0g?J z+aNuLt;i%6B5U#W*w+P#1a0@W@ZyhK#+XMNSK@mPE`)xRzGcTv*aHf$x~F?09*k?4 z;1+EMIcu33d=&!>HCgb>kSV249-+_h2n_v@LNG`JMiIxQ1MR>X8r|qtlc)7jv^JUs z{R!?E8SD+Gb29#WGi2_8v{+D7kcgaE&zIBq@Uh$#w4kpg`bfJ8;erViCSUX+a4=xd zapqT7Z}>L_m{Ao=B9@Ew&m<6MkizxKe)d+^KrlMWIwe;=WBNn`zhM|lKQ0$za(+cS z&2mybq4O?Wp=|eP!yxZ3BN4?B?ql~B_XCPZ;M#d)!WCMLWiUwinZa;JnhjsCk<>_% zQpW138yy>9&tJd;KGBjEtZD(yDXiE20>~Jax`}KGNS+^);e{3H^`zWyJoF?5oR9s) zgw$CHuqepGk5j2o0}JO``?7@`H)JOie6E+J=olH{XkrvB1^8>1@qGk()S{WXfSyX@ z{4*_5nw9q0s3Tc)>(DvwF=(k}WksXKgY=q$eQ>SAA$K7;tBKSzs0V@PHGyp=CTFP0 z2pixQ`WA%SZWNnwHTUelye|$)SL^tS(CpATi%8%u@z_X<4?8Iq*4$K-iXQ|4%w!8L zWA0nObbH|7myKjKqYO%jLF(@T6yGbCf;#gDMhcEhlYrn44MEcEaSsE%Y`a&+{@&>@ z^d|@=d;%c6xBK5vRSs&@t>@lk+{s&(PLd$C{ZmT}(I{NM;e`PC5r5VtJ-PL%ncOdBuoIrnN>Yi^#L zO?l74Vo{Im-cfikF)AC?D5O`$3G<^=0kbEd?eSI#T9&_y3QIZ`a;=`C`A z5DlRF7c_pFs`v~%_L+)hmJ!Z5sSm_s%<;xAxcUx502EtA4YDPhQc&$#(H-Msp>gi9 zX{!mN)*h6w^J|J1;d?`DjjId8P;O|rS=tlnYSg|4++@F_Qsu<%^6kK&-#TVScD5#5eZQTv%@2 zHI;F;hS1fJgufe9q|ukCV;M*oTm4WG1acm$xSV5_rbKuS4^Fs|@nSKyTEW7g+9*Ig z#!KvS_DCW$KaTFWvb+AdvqR00#?(QG z;=KF4BppH>^Q8rsW{3MKH`E{u)&!@{WFpo<5W+yW3z{+HHHkr|ZFDQ?ixasVEnrg? z9##+vzzQCWBE z{j!aK1k8ekzG)BPJdvkT3Ut*Il?&CGjAp9IY5a{ zIMd}94w`P76AUtcxu!1(Ns_6T)Xu3!8@d%1^yafjN1H43P*y}!Hh+jK*2N@`x<(5D z>e`^dwkyTTuMpzIE?}mMA3M@%PlIc&2lDT9 z&6>(I+8S7`N+DB8xy+)Xb1y!F*RETHV#&EaE^S_$&-?IZCj+}F!qWNQm{+XpC2mnC z7Z%z0Yy*k~67OGAUr#{NGyn@_>H|aB<&Kd%G3bJti^-Gb26~WAhgEC>3^ouksq@qLwThuK0(sS4@Jk9_n zj$M2401-Cr=Fqi;B9}0Jj)`&Vw=-iYtXvj#NlyYP_%WBH&xbL;%nljcl?6R*{gAX_ z`^?wGQ`O4KY250*^`M$BkWJ(uTI78;tE(J+0yedBs9{s)LNb>dl~QSM%sZg5#r6<- zgLywKgBL^htjpPAa|EH9Liz=H6@#o1w<+{;R~Lg&LaNqim|jDZ@gJqOueCz)yv?{{ z7TL1(fa%76Y5~~EGlFUJRLAq5ZEmyJ$MM^SltPm9>m;4EHtS&P5pCSscDF02uw_1Z z_tmf^9*>Pk=yfGZt@Igz?xWXz+wigQ53J~n)U8#9vNfgqbvsaEqf?6W+0#;GCQ&M_ zqV4>tTc`P5BDA(C-#{RW@GMuf)Fsif=vj&7V$4aH721gmwexK1BV5o$HU^kE!oo33 z`+gTYh>gC@Ou*9hzDQJ{R$oo`za;P6m$)#`o$8?2y1hgz6{qFN8){m`4|5E{(~313 z((**62c?D71_2&=Nx#KqpYo;}V|uaj-*Cy5IpbOfJm|UdmoKuNg`8_|svcamv5jzg zCxk%r51BLt?VFO3#&M8C!Sga{&%7)^rGTrW~ z-o4tJO7oLRxHNg}y!(D8&+2Jt^Zb!HD2CPZLYeo_3kyC_yqwV3fXJ5#?c&8m3D8Ti z>_%0EO$BmVW|@OK#F*!9l*I&7UC|Osh6KIOm}@IenR;5(`zeVp%2-$%k3Hr9log)W zV-Cq$0_`zB1#>1vmK)q7du5EYt|^x1jCBEAMy<+GzM~^!B9mXM2VOXq1%$xHe>qn* z1)L#tOpf-eJ~AoUzZWH<^4Z^vq%Ka0V<#inho7x{`tnUD3~Lnx_F_;;2%;)B=UvUUsNX>#Ch~0D=7* z=NbbS-{L@>poJL-4aVv1b~rV)Sv@_z2|iLGVbD0Uxg;!tSt3kDcE20U5%K9v=4Trk zb~1Ndp#YG$EPs3$mY~NLM>b*K->bq@4TKP<@@3y+GVaiWOq>6%=J(#}tgT zws;Af%Oc+JVD_z=H|Vz>!mr+IFs;;~XkrqyI%)unukEgMO6>%4@s}JXPf0)GukU6P zMhQR}Tf5qk(uURaeQU=c7`NCkzj3BH$M{Sap>WER&%F@fcvRu-&a<<;V`LP?m_ZQ2 zQ-$0)+SH26eo~)&sV>m0Ux`Q%ial*3{0=f7yi85!9z-TQ<8z{fKZ?ks zrvxDs11iI3sfXCiVTHoI?69kZi--xLmJM@evg}n2{l6Pg*%R)KJ$0)cqF?W_ z@!hdybUi}hLQGB!0O&-&0R3|a5IFeXcHS1Xeh~vW_z~pT8J--&>J;{ioxwljCN^Kq z8;{fDBHMu`DB9pG_Hr0oIhis#DNyOdpiGUa%|BSrcOn)lGyMWBk$)2qgDTbtN{bM9 zd6@71Nm$;5&~STJF^YZnN-;Kf(u}QubB9Xq-mvqaVnpxW={uHvYg2UQ_)dL9tZt z=(Qm!g7D5sq5Cns-f33xQfXt!nvgHy-e>C{<~6wR(~+7JAs%s2uy4# z>#!kt_-9s&ea~W%5e|C+Z9(^`DqRHS;`hV@*0mVC870lhlBn_wkI_xLaLvog?yl4H z$^4xTzepPy9-)V8w|DJx0ITEzpil-asqw^AS$w^!_MA|p!#PVy3ULvb#F@ett9Gde zDjYLYE5FcSJdBfZ(b_a)&|P!;Z#T``=d}>u=mIjDEOU(*w~wRu6d@G9xvvi_4tY&b z7RmV+hDrE8$(#1n=zfe+_8EIstoF?hgq;igR-3u{lWCvGk@x<^r+r@w-elmLgaq$$SbZduf#$Jf72i31}5#tcx0`i!c;ko#UvV=>I9Zs#iq{1Hr9 z=o@F8EfC(55HaweOKpZh)-5bXtP`y~#{diZy}HTHyr@&pq`Ji2cK{e2fm&|fiH={8 z!a|j^w_B-#EV)_}e*bq(LljwG#=Z1K7S=u=UslN6Ypvx-EGabW85v-jt`K=I!%AQa zx7o;>9LO^l>G2JYjT+-vOz9l2C+yF$rf)UhQ>39MxRd+Z1j5c3yy*=jP}s#%<{+c9 zNd^VN^1Jo4W9~gp(M4#l+vN&81b*c`LF!<>jc;@q|5S!X+bBC7%%hS7$jz&4s3>!~>_4duu&BnvMvnecv$L{c-iqo8! zeTafRot|X{^UN`qUI1^a>Nc*=k;40F0|6?t)PSA$AqM8ocf`esWxLa>vK`>H6xJ4f zXT%1D#vCSONSL?i!mjk9WKBo@joS{&2)q@<*YVX(z<7h~KTt{Ff$KekPwkv^y@T&z zuSL`HmOcSm9Ie)P+k!|dfDwk?%sDY#CAil<^i+Y%pX7)22vPNe+^TBt79jR_=^fhd z^#SLGM-|D}Eh8^I!sq6nq4Je92$aM2m+OU8>9wADRoDmc>Zp}u8*(ur+wtj!N3pg* zmz-E+jLhLmb9Te}vJM%Gvf8*`e6zZP_;R9BIhKuUz{p@-Paqj=H?D~aJ*2hxIPNFM z%yn3UlL!dE3O7Sore7Ie6!4XC`4Lo2Dq5`6{~9L*sI$m%P5X|-&0qP``Z z{pZN=&>K3I(s94O+=r$J^`B@l%}ayNJMJj$^R=i!5Xhi$p@+SzCBfSt*B-!Xd zX-=hD5S4mJXz6xj`wy~JTu^5e38BZw?(p3mr3L)_Ry7yB#5jg~{+0xNHZ)_tCkC(x zL1&Y0dGrD2RKhH_EEI+IyNSdaY-^Ki7=OZGYca$=X*8AAz37fq} z4<4-%w1#lmCzESK4oJC@>v0cv3-CmJH;#wyN8D zF~-_(R)AZ(FZ@&l*KVpTi~VUu7Zc$auZ*$!bxskB%Vx^%D^7f`qoC3Y z9o5@4CiLg;T_#sJ$|fZ>hX}Y}iJzE+a);=fp&D~yJQ24B^m`rF9VK;O;o1R`LkqeT zzr@1w-NC{m`7kgLw)nkK)wOFR!ArbZLg6yp6Etb+HAfzvb?x0)b9*g&w&Qcc?Hv`1 z49@5&w$wY$o8e_xp#QgnEu22MUYrDeR+-<;2utzElUZ<)7LB$FLe#uYjTh05S#=P* zrZ0&1rWLiX8y-OE+P-B?fMc3)Y5nIts2Ay7RAqf$9T!_spF-18>Sd&pv;7^{Fg8!& zKTb;VUnk{%xblPlapejAuPfhz@Q*7W-24Bz@`?Z5=f_O@pZomp|9CSV0sr=9S`hy0 z&A=x7+nXVQn1N73&LIG8hi_z)F2VrE*I?y*DVPS!i81S|TOyqoM5g)PLbF5?@Cm|bkC zYF79Hp^7;oi@o%Kb$s_~+&=u`cuhMN`$T{LX!DqS0N)U&7}Jfv$C~>@OLh*a8^bBj zgFe?J-OhxuY56k2%cz&(<+W%B4FM@p78UKK2|g`}p2f_quqcl>oAc*OEZre!lT&R* z;FY0zPcp|=22C3ZgSpenP7IzV%!Avf5M=v9kdBS;Ue*_idB*itRKIz1TZ8)t0$Cy2 z%I72(8kmic6q__SI6fDC(zQsnI{Fq66owOfI@Th;F=-^-Wc|51aAl40I@0gcyLa3p z7W~mmI3~-O?DB1c0s6_%hR2N@2RPzZReHJ`C(N%EfTjU3JLS@KEaUFP1){bIXc=b< zur8SgLNe68Y(SHlsh0L_7cUd?`ON=fFwF+k7jN@uXz_DY(`-m_mwgarE|Qpl`q zgP&E;)Q1O6p{fm8TX{~4NFYidutB@UB`#{m`30N!G(A+$rufWVc{iHgqd|d_OUr%v z%xpc(a_H-_O?i=zHWhP0ib!({C-YdE0(DX6RAV4u9E>VF?`q}<%oPc?E>2)mJv1sU zF8_p9Ai)08V!6cM*2{+>$uZBP+B+Y{y%FGnR8gYN9!!li{RvKDu5u8wgnWB}{NQ%d}+6ap-!AntqSZtBk zHC$7@7Eev*Mvuua$>41$9oXU9aHAN;+&1dCqk1?rQpOPRK>}Ej*d0|=4Q~RKj5)P2 z7fn!0#sqH6Yk^3A#J-Ok_!JSoM_~5cfc|uh$oZIplPnO-hz-z)=>ABs#N(BAg5Qy#s=R-blv^~AqXtH zrKFo=LVY5X9)tdR2-WJ*$mH#aD66+ft|u=b@AIp_90;{uT+Uow$p!Yo9Y=R4BVcs*Y@$N(J}h(B3$nhfPk5>jqeR)1t2HtB#9( z9HWG8j;KzAF+}3Dpo2mTlf$wwU6$$Z!&-XszU3}2YQHxCjl(g#bkaU0L%&c0qe1Y3 zo-P4nG2TIsdXn6-OhaKmOQVXpEY3{O+yNho_<54oz!&GVf6d-iAML^>xmPVoG{cuw zBIY8AaNEyqQ*ogga^Dczt$2AH5(f0@IncrPFC1%%iQs+P@O3KZ@`y~Zu=0!&{iaX} z9cw?xCcy@|G6WFXu@V5T%%L~GTcLwrEnE6VmqVmXZXZ-IPcrb~WWyt+pi2ST(Sz+!T@vsG~RG_{aGN;nm{w3oJiK z`cuzzuz4L8*<>yVqJ*xNQ(s1Ui{-FpXRR#!szQGK9lhpt10z4i7<_nIB#2$T1wKY% zHMamq@&Sl;5eK?;s#WV96c08^H$F*HL%}UCKbb(gB*+Ks-rqWr>OzHKN_8>KVFZoy zP>FaAM^DuM#n1xca1)Kiz(i6 zaCw0-aVIPV$njbCw@G3|H&H&i(c;_qux7ifU$=hKL#ZE5NdmQ)KR;=FB$oTL$Dl&{ zYGN*GKtghjjLmd}IxZAdIhh8!>g&~gjm}vWHUt?B2y{B7T{RUX?oa}MVtAJA`uUL? z%8+iMNg*5vnWqm*` zq3rKo4L7(42K;hJ(HAt=3aZ~<8;}0#u!~{BFKg1o!?6~(e_<15| z(atsD3+Fn+%ad`>saere;3K0hd!UE(sD(5_+cAh@rBI_rWSnjuL43if{%(o5j60@S z=Pu5a5yTq;|IX?9wnZE)p8!kq)`4_))wpeY9dS&NnlnX188A{ks{z!H;qJf(qbXZk zaBN2JIn1AR%xSa=X&WYqUO9BtdXvW8&YkF?U&tR?E^ip9S!Yh}KF765;ng>}A=@64 zdEz2F)`wdT_FAVczQs<)_Hm6wu!|^qsmL30@#mUHd_}C#nVs4vYO|n6yoDaQ1bRC^ zDQ;@*g7K_jH`L+3k7Fl|nXJRyj8Pxq=LQLYb!v+F7{b4yK$N{usdBs%481%Zv2m=> zW03~NVtdoFOlL5p^1p!D&ZgMn1zHLHt()lRQ{ha1a*R1wm369G#a9hdOHGr*jb18F z3(r_iyvU~Jogq<_ZYgM}zNa2R-1x*pV;?wMS8 z^ZR!@SDQHN)LB!h68MlHRB1|B5wMhary*x5*7FP$9V+WnLdB_A1NdW` zEUZKiY7<;3^HUK;FxE~$%1-bJHRh8rF)#mFIp{HnDpOlrWd@|V*@eNPDIH$H0Hu)6 zYD%X6?5PH$_C#NC(V)>{lE0LJJ3$7tQw^IB#W_h}GC$$DsO;+0qqyavCYC^2O>x5M z^jgak&y37tm-V<64eEewc#L6>F3!~jpSkx|DL?7$^c1rfN%;xOq_os|?}wXTy|9bC zQGG!IoYlJOfqiyWRbOE$$v)i~VRaxouGH36R$Zh5Hf{Tp&D0(vgAWW%$^@GF0|5el zYo}qPzbEuH6{WbQ+=SIB`gCXTq|f3W(WA%3F>DFT!XnVOAxUA)(x}4wshIXb0ny!X zG}9u<2!!S=IDhA__~wV#Z*mq49JIFxh|~Qh@+iWnWIb$`c9Y``FFRerK*Sk>?wL#h&~rq>D@rGvb&petbNpILp_qXIzp z*5P?t@QC#=(!B^KAkc(7w_prN5cMM5!Gye{vYOdO;#o{p1#_bn^iL5epC*D|lwa=` zboH{A3bPww~%Gp13Vo%nxovV8iCIrz97`#Dy8-`dl0f0AvB; zIxOSqGcQp{1V}l+4LZu{K>=g^z|#vI#vlOB32BNx9R_Rno)mqSGl}zd zx}zjgP{JYrej#Q5!-B{^^swMv)auCyQ(@o$+QhQn%wb=B=g5Y;&nwHIXp+Ell+I@D zQW{R_iRH!<`d&R!uX^7lXxF`M18e7a=Y{?I9odFYt1wWv#!m#DRQio@(c-~J3FG@z z-4O95?IH+hCM1LR!Z-vo*}sUk`*(a1V?SUGPBBWjS3FQf!4T|c%a9cV;8a4PnUO_S z@2HiqqZ~?RbF9PZBk<4WSJBWFNQW|c>D|xqDHh)E(Y}6qF;x{YH5bTnd*|dnrqAS) zNzyBda+JHRV#dHjVfV@<(wj2)Wg%+X-S$)GVwUE?tC{ST?akq*&lb08YvT}iWSozU z_+yNRHRa;2X<{HH0&^@W>oGY=SIb{dbnx$0ToG4&dncdm!{cxWhs}lpzt~Yk-Y=b zKN_ZeFDPC&Zj-0|Q0?cqdkSNGs<3(BXxiTs{FAPk{GeapcZsRIsC7!g=kGcF6aYMphir;ng+TA&g&^v*J z_b|mhUPaGbU^}oU7Lw|F$~~D@{^x2O9)Lke+k;TpfwE>RI;l{3fA5s1ql>7#R|wX5 zaSz$LVxg7^uEM#s2YOtz2V|+aR8y%gj(Fpnw~*fPkldD6%1e-Qv4IkO=Uc7nmL!?O zazQP>50=1=k!4cGMra%5JOw&tMHA_e8^|wax7-l(XavkFk|PA$qFXVlp4aDz z>bKdQJg2<4_@E7$Ya_%z!edtv^AoLXw9lPweP?CYna0%ch*`D&`~V6LPoFnBpvbf zh!=b5`Rep%*60XZy$|0T%9;G^Ih84?T;cD`EIjB+YA1})(|bVCr=38T$quslMPeXm zcuDF2>_U%}Og4ple_jw9aEGl#1WAJeJTq4emzP&-0MNY)d>2KWG1RN~n??Itc@t=* zv`6iHf&Im**ie1Kj?@)8sg3yV=!xEmG-1e;;e2yPZ+zuDiGe>S^Ej5+^F z`hWO(ryxPMZCf{O+s>>sD{b4hZQHhO+o-f{+qTV9bKck|Vx4_sJ&f1>Kl~9RTK`7t zy)6#Talre9#LI-pGMG|@;%k~kQjagl7A(`|=}TD)_N0@qxHra#dZU~4Enu3cSb#q^k)@$_il@7 z6gcx3)`Lu;K1Gx;8Qx7;CrY`Y(iL_3CxyX~EExM-gI6$;k-{(!hFq@Me#tam&B?nB zBg}N=ehiXJe^R;0H8ps${^7>ny99wJ-SgM#q}!3|3y2#tw|f4Zx0;@{6-QdE$+S|E zS%%rIqgMJX%O`bwI!WcxRAY(8WAFSz8kk*_YHJ-n_~CXPJVJs!t64NdWp67G zGsPRq-$hB>lt{6CFbI6rCBMC`$Q^p`V<05SXGVcN9D@moTJZp4kh2m-&w>lb$vAI~ zyb+o@%Ns)Z%~#Q7(jlcjpV*qX{O^vcZ;e%}dF+a{^=Cw-kAG%*E|fC5T0D2d=wdth zw&>HsGv2~r8{XLA0Q&Ye6urXdC{=EPylLwD5A?<m9v9Ku~sIh@gx0S7ZmP1h~i~o_{B)k!2L8*-hoI{QZ~mDo<`qsm~LUL zOZ^nYC-!AK!o#Y$D*L)6a#8X|@ zR7V3s^zwk5`QGHX37YOIqAW=7tmRqfRwy6)^5v~P&6q!B+o{u&$JJu7oaMODm^xN+ z5N0-s3p35|o|DDnI3Z|3Ck~+mDha9C$=R>Am@L{cXA4~@F3rwzU9(p0nL%|q_JR_x1k5%yv?G1J)El%+R*ztHhO5@7U;4Q!yILx#W&}*Ya=%W-nf=TrTwW*VyXU?7o;lbzieR{(-ss?dTZcNJyP-_YW!BC-bGIXx^@*0MJe+EK~W^_ikd7x0=`h$1zy;8b%N{S` z5~DHuC8SP%j{hg-qKPcIXttb!j3JDVVl?%l1r*0s6ho6tjc^UxJ4L^$j$5u974aO6 zPSiE~<;+_=KlRru--{rTNVZiNw5>H)az28Yu87BWeX^RbR9O|Y8e?>_Rww!QRgnOr zCay{GjHI-BaFwR^-&C2_tYT6H6K_H32BuV)G1w|!2=-q{I9$SHx#zX?%Ask>!f?$( zgk^&Do{~lU3gCW1QZPDw-cC0J1GV*u8Wh;@__~~sjFqq#i~7FpJ0V2C*Dt`N zZ-6ut3sqr_wi$T~s!H9UhW-F_P8NgaFsADPCdPfkm!uXkwJ?F%U+6=zTUlTTqnM5D z{#Fme4ehms3pv`;eXLI2Mk74qc=hncE^A^V>bD)sVa3nSZhR`RO)AwzBqhbXJcWlc z{(Ily!^+MQAc4sE_^`V4;Smo+nlujGKrXJfGs<^9p|MklbqGFU{!(76AJh7#{_W7s z!RmS%D2MFC{Pd3b7^~tZDZu@ve1t^)pAHU=+ABgvPi2-ABFPc#HRq6PiUp&wGLNZ|{nNmwM{;dC1nn^ZN=^o)YDu;#O zL~9u+sCvlUZ@A*CzJZACk0AkL2XR>$M5SWra~u=gd(9%ni{Ax2>On}HOO0|v9WJZ& z&A%?`LsHRD3oSUH2l~w2(wEyx2ej$q{Ld=S@!AH4{6$Ib^*Ewj5>e4N70kYk88RzQ z!=Bc6PzJ|!MUAHc`sWZ@69w;eKz16pX{}g}bgA>3!~fO%8a z>;KXGwy6JG^NVG`09XJ3{Ch}>xEe)X|34=t1b{FEfR@AXKNYQ?|9>lD0G`dv|7S(x zb=(#owpA>d5!@rLnkZAD0yE9WEuZe(+A**4r;n^7R2v$)jxCgbx{Z*(Up@x~`1kz3 z?oZH7^3Ir|EJqvSNzXz<2cYF1WHGpO|kj}q$>Ysg2ZKxDLNLAYO%wa zTqDg|Hu5+8hdsU10m)aLTR31ZM=5I*f?&?pz7E=&F$6(?OJRx43wXJkowZ+~kI!rv z8(PN2S}*@6=9^8V@6=*jSY1igry3wXHt7ZXeU1%95uD~*bOGh=!*hR|ZyXZfkU0@R?Gg-J`<|w3g&6f=@LfYUp zokqHcj_b60vb|-GcnPKGz{~Hv4LwnC{*Z_OQtkN?x)!xQ8HuF0W`n}BxC*}VZ+3w8 zT8F!lDeO_Wq*IeffFu@v0vqJtf7-z?Mk{mNJ7O% z&MTMq&yW3l*1Yk5V`|FH-PIX7aLsh3)YOirfG`FI6?LmXaK!d;f_#ojnViRYSvq*T za-((`7}8Rh9kj-l=cVb8#O;X9tpJnU$At}KYKI>kJrq&!0K@$b76D2#8H5lm(FoT- zw(3hPvPht-e%VJ1I6SA4-0oPvhDbx_*L1pLANF(thYuc!-Bv<# z8EjWtbs&330pVb4izB`1ML0uWKkVQ#0{VJ?6T&h$q+VCp@RmeCoUCP?b++o$>ms7R z#EitVwr!2DmY!&8r#U;g#V6i|@Yh~1(bODY31FWqrM_vTy?(hME#qurhq@gnmdB!_ z%8`g0aR@ij)QE}c?^{VXC+HTu5EG2Tk}52#TxU*WsQbb^oVa8N^xqMJreSF!n~$Qs z(2P+->}N8ql;uoUlMKko``QhC|J~0kXSZN@f$ipC@HBSs)b%XOe!rj-`W9zabZAU; zjA}!WCz3dvHZ-2qd)$Q%%d#gWJC&}#;1e@J$UoCA5$@0^CXitYmeuA$h z9G0C4m-cL?v3kX-a}^4oF2CWsN&i&VX`s)a9+~Z=ii@*77`hyf-6JH>#*8$wQyw*9w9&zGqXxZYN2w#mw zr4Gxh-$)h+!NKMQ<=w%YzcPLmaH(yeA28>sl!Y8YgzY4Q!>>88*XpkQ%yQ6wbV@+E zYSwM_`}nhTY4uNKTSP_ zTpYFp{SaNR%`XH4``>aPfBxl6-v4>?&#V8>%|8hAe{cToe>Tuv z8FL>P6^y}oYL8K8K%j+-Fe7cggDpT7H>sfD8)Zv?C#i!Cnf_+J#r`-t_Nuo_a0@cAvr^0Ef*Xi$awiUnTF2Slo`L!&yRVVX{*ode@ zo_>zJ*z=~`_Pyu@{-{1a=97375D!NC4?aZ>Ig)kS#2CO>jP&(u37j;Tq7FA^cO8m4 z&v>N4xtO_q(DEL9k~WV7L;vXh&QWaA%nCeTl^c{XVt(G1;VRGiBM0}j4!#P*Xocv2 z_}adkXz7V1U;3|0=2RS&9I>CC3H^a`WsqXP3-V==E5#w&M4(ziOQm9b?>M`&Hu#Jh z(C>_-aZdw6iS**!)YC3v_Hw)OOX&D5rToevny6iHC`fyPlw-C_#a4X=)sX-UKO3XZ z$q*u&PkiYfQ`9L1;dVvZD<+)FJu=HhN}tH%?9AU(=vw0LuM`3eTQde@n|7U8YI~} zt$Ow18Pqj^p6+>(J?!ZR1_dv#&az;0cXWHrG+;o)U*~E|qOdS=f`=suAb$HiGkcsg z94sq>3Wn>FeBOC>1A!S4HIw@qNRr{$f=L!-=^bG|cX>kFTjSwo5@+WRks&Q1~pYRF!=OvX=v z-F$HLXcNX>t^znEu5WSiR^h_=Y>##?vsFdF?)E*y6kl+&gA-?eSCIYI>qj&wkXS1h zq0R%3dPk@{)P3hqyq~I4^vhEo`;+6qkQznlF7msC9aNdl)D8`eL9XPNTej<^d<^#U zj=0D$a&>jV=ax9E2C~R(NSHc)fUhfG<9-Z{^h?cvx(_jl(k}`#`1=9zY=+b9cj;$A zjPM3P;ur2F_aU%FHL}O1&YBu~WTZ_dM~^O#t%rQ!O_H=bFA;w;a1z?uOZse%_etH{ z-%Y@R>TXD7$wJAEheR{(7O$!@toMk}wx;KCIn+%i5-Q^!2cGW061~s8(r%=P7bh*NZ>Nmbj;A_Y}w~OB&Oj(+A zT6@A*PgV_!2`6>#+40}cJ$~GUqQvrvZ*ItjX2j~vF|)D)Rwz`!!lnu1xFd&W!!vn3 z7p|NbVg+mXG>$%@7wuNhwaNCh)4vJJFQ>|b z_c2==F3glB!0HOR;mM5ZlENQKEcguR{n8)r)RGUj^ncDL0V%ksOP2k`^1m#B?wIxx*8t_E{`gz&N@8zbn|IKs zJL%76=1)EPOk;vUms5PBY(vcO6Yvf799S7vqsOPh!&HucKnKo7#BgDnW7IfBzs|b9>JwW>QB2Hwnu)f`lBogghiV_MM=0N zr&-wm33hoqzzZKC`4jBtHKrSlp37Bq3FP>uk+3Pg%Q7|upz)Z}WkYxEObkNL{Xkc| za*+W@QR5#K^$JIA@C6cn830>}|8*sv%|#oWzJvb4<#5Gngfh9uqrmL-;-y~vFm^RQ zRk_cf%ZpqF0G;n3?%?piP|0EUHXgFFV5o)`5451r)h%v2Z3&4v| zI~8QB>{u2)s6l6}nYWy@WX%xklB-ySC-#l*7K!na8D;M&CO6pfQ;cs7^-EQpNAPB> zFfrlnsqU~wW;1|K#TDl8jru*+ZP>KU>A2r_)pYt?JCx~@zT)&&$fBnya1)p;=NhLc z^?+NU2H*Z+@B86U%9j>oPl5_23VTN2MIm2RQVv=|{ear0PvciBW@;d>Cc82FiuR^V zYrE~VPA8W;P{u%YL?1rlUIZcEqwIgfC9%7|XZ2ZPc1NHal^v$gxF250KLjr1U}?zQ z$A&iuDh9*laJ}7KV!0vebPu9l_DrWp&!JIdYhh)b5a)lSQoq0YF;xWF2tkyHOz~`E zH}6j3+ueD)4--_&skYVlY<=_wtV)RUbyv|ZD%Av0ClUU3&Ij#|yWqq%^~Nf^5p+ay z5n9rCy^z6b@pnyL$p(I4C@NjFXCr=c-ZV$?h!gara5lke*%df4CmIPRxHPT8%En44voExSixRb0JESYXl*e)guW)Kt?J{q4 zkzoS%bOGwNSdviWKk+OhR9mWrw>?b>fi$DWv%MfYQkBCksFig|!*ppvRKVTo2Kgm|2|oY{{}g1 z7{Y1J)vnQ$3;39M3%usRWNZSK+irO;L&;i1G@ zJE{qqT0uS!tc+x=aU5=12!e2EmWpL#lNqIK;K)JGOh}kEL+}Q0aT5yT^&>?QkF68d zbX@9w;s|qw9M70{1boW4$a`lG--qYfyG$vyIBum7{8;Z~_X{LSqt{A$zmw5`!Y%=9 zLyka8K=%&<8Y|jysauhF)Sa>!$;I=HvX?vY-Hkbw1X=mYX!l8S;WDVkM{p=Um0?nY zk>M*?VqV%&cW&;dyj_}ExTjYM&Y;K=)SS)Jz@@_HP;0w=o=+qk5~ zZ;+OGt(6u@ekIuJ$TuL;KYNS(GdGa*GhZ%TK#IYTy*vkh=k-aGqc%R4=fa@_7A%+~ zw}N8~k9F116l^1L(o$ZomC<&qEsM2xH>3;>P_UyQOel%B%z3KMAKb8D52wK8*Pr zIwvLL@bqyf+{2h(eh>N8HC&KD3#f^r2Xf9SCBzFi%kL}Kp?CV5brlg;qbNiSf1tml3w&De?#4nmqXF>hA;N1@C8Rp|ePGmZSq znQ;FfDrD-ru~q(;Gi_^s{a-4S^4CxL@7ppvEbM=o^)&(fNAo)^{HNyMD*qqNuPFAP znqQD4$IeBM{UEjkW?EcKF6A_4SH2*I(2sGzk9ywNc5_10grVO_+I@r$M*YLG+mxvW^A|d7&KhQnP6S{t$R5)`sI|LD6lP~ghAREvPUW=uvS%hVl(mrSbCL+B%Vb?^cV@+PCdS9T zZY1%vCcXg^E{avi#C0~g-9lM9$#Kq^w5QHP`J|Hh3F~;%DYb}sFsSQ5Mo7hlca=}ErXv6>8nwWr_}KH z6G*KJ&(XfV2@=R=pP0mZ^O?xuo@TEMT%F5A-dO&^sK9J#KdaXB4H~~(Z!O=G(SbOa zMO94W20C&AWkPTnUN~vt8j%q-sy5L0XoFCGBh^4Yz1p?TI*2BP0@gl)J%uc@g`Y;l zJ)l1DlGMDewKTLO0db|!Rhj~uF~PR69~;fE-6E52ein9!A>fq zcMWA12gv7%w#0IAGn=i74c#JFUnL;;EPKw3xooi}YjD*tjILV2Pb`V(!ZU_~BlVSv zqj&vHuc%1yoN&~DXY_TrY#o`)JEpslvHniJ8n^FyfsEBE)m3O&+Xt2#Hl}%GM;f4J zSn>~?^AIo}`W~cDqoCr2VMfrKOUmZSH21lBTVG})2L>=c_^S0jXb7Q`q<^meOg5(z zKVD*{X=2xEz+|<0;m`OUk!c<7`<%|)Lu-X&9q0VeO_{BsQ6|KuiUJPf06qn@E!L0P ztXFsuArB>P4i;xZ*;gWtX8tVzClyV&PWwv1bwcR;_5v?Q1E19-+P13^u76XM_Wc9U zW%EwDUSXd05QJ4LI;r97GF^!tbm`0Q0_+e1774?>CA8FlAP;0uF!VjQMlCJ&9wNGi z01$9B^{%iJOW_{T0>uO_SB7^1x9&`QOECBXV0H*0m7;XmMuNY_<;WZ6)yM`i;n<;} z6e>SW0hUhdL2g1SG~oNmn7+6}rmio?_}Sg7F4Tgf zJ}5Q@hTlq(#q{$V(Bl3qdAjrsw!eVHRxLIzZC+lre6=_LN6SFE$SVta>V~CChwaID z4lqF0f~uV38u0n+JOXghhP>9I+2=eH4WqPl#Mo0B%tN8tZ~!2yxF?6-9p@!uMNwYt z6HdbiQH8_TsVYl1ps`#zBIQ`feKv)oks%d5_+Yhpn)WK9#FN{ktb!J-)tW_`&dr_% zD&#>Fewrfkn1G8ZjRDd&Z|we)VJ|+yYKf;CH#l6<}(ch##nz)xZ6X) z$f2EIGM5xwVViB1d7KYK==Ad*oZF#ynt^EMDn1_1qTmx??gXr}b_f0(LRloc)apIa zSmlEegh>VtvH{g3%xJ;kad1C+w#D7sJ1W++W$vx8Fh05zwPlz^70r4HVmeAe?`BcS}di&T50L|kt5hw|%&&B0O;So$_o zZRLz0fi^H5>WCE5qP@Aq@ztxH{yk9PnYG9HMQ)=g8XvR++>uc7C_S%)Mz=(cqJHn4 zJ5;exHt8iMza%oIn8w#JNvqTcLxX-96y@6rBEL24 zw|;rm(MjK^hbOFu$r)`rF2zS;(dxEscftcb-YiJP?rX5%1yo=r#it*b$J}w*PLCG@ z1aQn9teOG7D*ut~TNDs1tBb8#<@s+iT|L$szFDQ;6L)9(%-k-#o>c!Fa08N^!Q2ja3 z?C`m&VH}Z9ij^yaF6P}l{L=m~mYqR+?KD;;|(uU_kEWWF3FQ@+XyF7L5kdh(ad0@=A}W@V{Cf z&ZI0QFbEheZdZ-;D+;^q7SpMbgL;UrA$Rd;Tc(D;P0FxZIhGrXp5^%S(8U=yxIwVW zEl670`{!B@&l*9iP(65h5{W6)Wap`a(usA&PBK4k!6K7QYW3u!z$pV;0d_sHW*KwO7G(H-A>y|Oo&GOb~ zzjiS{wELSAw{LXX4i#+v)U#J2U*e``(9sFXVEJNgmQbCK42t0AJkV$sjYJgZTS5x` z4gS)rQM2LGlWIRXK>3y!EDwDCo7MMsbZ3EP!g-K5kDL-M92@>x{sHo4`6PJ+{hJd{ znJKO2eE#6?zJrWYF@qKzK$&O<(_6pRjBKb|y+}knc#zon8l=H8+P}O>_!IdM=qw9>ND9}9;CPOOZX#P`?#+*z zAu@!be$N?SmCE^Gg3s}4CF{He$NxSK=Gc0U1vNrZVtN*HyF67p8%47{o1- zBM*T)AEZS{?fp=<<&0GO6dD^*G$IEA2`Yh=YqM}`nbqEp39>T66EmEnHoUc5_3U!W zE7r%JJ+GIv1J{Hf8fP|-VSY~}C|^`UX;DTC{9`f?{bGuFDVkAf1s#i}d)p8aA1_KX zRsX4Q>mdny5|jZ^m>kA^(48+( zl|z=GE|G)>;_kBZ%U|t;N+P<7nS5 z{6_G(edwGV@`8xu;aoRj1QA+V|M}F|+C`&=&Q6U}tsDizCf?23n#XOsS5qGW=mW2Z zPt?Ve?-O5T!(bDg1~G!&$K)yjhd?_K%~k`C30Xt25tss4AfF^~u0iA+>y#&6h1Wrg z=xl%bg=`U|OEJ9?2=OvLsQ(uZqsQ1fDN9SG={;w4j(ca~%8ZuAmCAm~=t5L*f7Vy% zYFL`VllAvyv-zL(A@F;4dS3lPjukBdNeoeB1RsBJIta`@b3E=~zcIXDrBQwG{i9uj zCED30cc9x^i_9bv*){y3-@EcfVkI;pW9d8cw98#9VR_KjG$1TpOfR^{ zdw6{Vp9Q_}QHW68v>&0cy|EhWgY?khL`d;Px|XaUcI`11z}3$VD1mGsQ^l?4jb32* z74vkxClL}(4|{J3Q%*`=5}K_~C_(rXy}Uh%v0X+?%Z%;3MLgWSxq63s>*W{LmqD8| zhV%W#X;HsXj+RdrBc*5QTjKB@OCFC2)2GDpY0j0EnQWaL^=d1R-HAMHuq<6mDYK1x z`y$~2fcOoeJb~puYp1NMxdc*Rki}GB3~TiwZWmVWZvqR18OWc(#pD5_=)(6%$DDI` za|GLCMTf-)zKle!8G%kdRX5iT4hF@CaFR4|z$VMnmo1Hc1(Nmn9oO0g<~aj*%56ix z=(#an;ISGnZ-(|3CLpFb4My30dfwZ<(yiQB*&HTe^d)g8aP|PPDK#Imc+lVrk_%88|>#%eO=@>WtY^#0{`H^*V1 zkTpzz`-#>Wqc^f?KaPS?3ezJX@W=O>WVpzjBIFH zmnEkrFEr9|KK?nYkj9P0orSO7oZRg|?ug_Eq%vz4F1*VAnYBZM1-3m@6;55)%XxLm zzX)LJt{wbuy3`Tc)`z2P3g&3}k9KWXI%9_PVHaV%zts1E3Bb;-Oz zG$EZsXjQV~@bu@Hr913^Z708rDTn5*8H6v3v&H zVli3rR^UgC;5lioo$2Ny7vJ2W%D2mYXKL;<+RxdFS1RtqIe?jLN<`o!yzYqSmBzPB z8?i_L$$4S3yWZ#PM?uziNfP>fy3%iJHjdO3yT*4Hxn=|}U0UHsQ&}#iL9cck%blPD zvn9c(uiA`27L4KpD)G!@i8dRDFRkuuVC?<=?ygieH%M0B0 zo|x2=sK#qQ3}o=-Dy4L);ILaV!Izh^q=bYWBL?&PID{ZATOK#4-=_fyF?c@LqjS3q zNwP{&>igFhH{n*vPsO}|mdw%ha15q{TbIOz@ZI#cp`KZJNbKGs!L@CRZDrJ8<%JYp zI6T2iWiqP(1qdLAIp>}^^-uAU5|s+w+AYu%40l)cU-AF28O6UO<-f3*(SO+t&i`gJ z*ZKc=fTTA6gUxjRQ_&CZzp@#Sf7#6Jf3lhD{QqGysRjSZW&)>e21b?x$~}&oPqrA1 zV+*EGC9MVe4C9WW%Yp2$Zs^B!;40-{*W~frI)}jT(77d!RxmwqnArtJ#!G7=p36wK zGcF{F?V*Gaq*TRml(6qdW`Fc;2vhvbFNFj=z6h7Jh3T1Aqc$8;B*^U7e<^dJ~DT(`)ta&DoH^43sY)+bWYorIk+l3Nr0W#w9 zmttDceRHF2R#PuM=ECgb^~uq;C}0?et{ew^_ZI@M$QWh9p9)rH)_MI)h2ta9QZU-M zP}JhXDspHYA)A*CqqU^jhy#%NvLMU{f5W5Db@a;IFxB}mcvYA|-oI;9U@dsdILy_g zH~*+!D;2vmXW>rEIxh00afh5-y7PNqA(JGFTy01Q7n8gsd})D_vMIzZ;FzQa6rc?@ zXooId`hZagqQu-OSa7YcqHnc+q{DpNl}5XDJ*LOe5EF6o)L^L7C9Kn)^`GXBmRm?z zW$(P-y`$)gPi7lmH-A@_e6{yfCSDwOwCPiKcboMV=jm=C^j`Lg_IK} zm50Q50NO)*IU7sM8Ck>l!)5XdT-)~G1PiVp3j~Y+`4HpYOxU_cCH&mZzF>DG{NlND zOfLg-wL&-woV(!Ns~l~*K2cmpEeVq$K4Kw;b^GhntV=l{nJiEL)1V8Th40s6t_h8uyotVSJ{&FKlY9p{ z-XCpDsC3-O4w8+?G7RrDH-h%a``dSLHEAuvD-elw6vrC;8LFRAODT0KUnGzCvU)sk z7Tx1S*t^Wn~%V*A}tKVEXmmyXGkB$H&%80qRJob8UuZ2uAoT_o~n4sT9@4 z+Lv5?NGLTrC{dr7Ihx1oHuymrkyVl0F+ybJ__=ZZy3I1wKJxwv$QvEhw_WhY#f$TG zlo8;o;f6m1OH0!N@A>R{5&6u}g0tZ3Og6~dZtZ1<;t1$bvVaz`2yuRy1@K(fA0uO1 z_|q-pB}8mNG&7DqS-t|2?e@gzteE<`A6kZ|?=iBTLJ2Fo2uFlbUqb;_7=qRF+O{2I zIb2o9x(*09wboWCxv6&QVY=esXOdTlSq^tBY%cZ68ALy4iW@|KmIw<-W^xyaj|^~X zz7f{oL^q>iZ}z$s-mV1d#9>a-jSTkMB1Ny%lo?G7!=b4YBAz}h#_|BCtG#e(v;agm z3+G*Neg8ge*DU%bv8lBGkr`cg%H`$Q43l=T*it-1EB<3l!;coO2Fk+_YNS>+433B_ zZL%Is0Q8+05RuTH+z{$JDX1``CQu$SuWNr#=~KQkr@IM!1vXY6!UsQ?yZK8 z^E=uu&k1I2(5zg4KM^!00#$Ne{2FY<1mgItfB8Bu=Uqm}#999&c3z6$g960JwDdli zNK-dOl-!U*Ep-6rlJuS{tqg*U(*esuy@Ua!@ZYy@X%%(6eTRR`s1qNBLar?+ab3; z!|kBBwVBn-5M-F(6rXq*Bsap9V?FIR*~Mt8cHan4@&&;=dVEL%KvSGNn$g;D&7Xuc zVIqN9Dkwkhdgu3bJT&JJCk^~rLaOK9d_{CpB)wX_tKtYglM_1)ZIqH5oXRIX^G8Jp zoJxoVLJHG`Na|VB!y^+R&);v!MRkXI_SqRS9Ku9E&*@8Z zzrmYl*WI;Jo(VsTG7CZAe88E%%!i^dU!b4GAKX9bOI>EU>K7S%!x}a1`HE;4SHo)! zCnGsMD4p;3|6IG)jlX$=Nvrt=2&SI9{|x@&x`_` zjl_DU#wq&oEWs3y0{cm9(~UrUpxlR)Bjfky(l1Rw>cgh_o5_*P*yV}Rr^hO>6d>ed zhy0imi3&}Sw7!E@8Qn993d=X~$r8|q}YNU;P zyrD1<0NQe>4GZlZ=U(~|DVgC*bdw3!mu0dDFOBuVyX9n+T1`NArQ>ZYh8C`_fWC4d zVtTs{eudK=(L$?dmMp;F3w)B8==qZ+MzFJirt~3yzY<`8s>n*73SK+P{E>T`*maqD z&Yb(vRSo*71$A!?D=Ue)j4M9bCmkJ*$rbgbv^9^q1=OJDz@4`B3J~$Ka1X2$XMj{+ z@A@+oteLAvb5<$41jbJ`Mz1Ya5kf?5A>>pOVX@Z;CLJizgQnW+g&(ihK$C>ftdZe! z_h$yq0DPXPoCbY8<_6(X=0y0{5*deKo$`?r4Hrw>=e6JLB=3OySU&>A;JVNahY9?4 zzxIPb9ec>YZlrOl;KHU1NMRl2PYD2k4_JC9;xHi$=XeJl2I+|HTi%0;&;?`IiQNZm zqTO4~&48Ait1UGU57z@;y52QHSG+1Y-;S^@1VzSRnVbJ|JPO1)=@3{i)#zLlF=u@O z5teuZA#*2t;;E?&w^5#U*FwI@Ab3P$+e*!W1i5iyDrSWt8mbRY#MKq!JK|c~cy~$6 zVzD1LYRt2!mmyvv0-4`MA%HbZdfX9DORObyY&BZjwU938363*pfd(*56esj%+!{nf z(}I`WD^0f_u!OWv*<`ypI3!$k;2*tm+~ME7tj8(443q_eD>*G>u(Shxp)CS{sUcPy zkV^I*sV|UH{`8an5mPr^%?!gD(}SNp9qJbzGu5Nu4m%A<;cal5OpXE+loqE$UQFZJ zkiZdKHE5K0tA*RrbIghs^(m>dmXhDa&7rRo)axSCMKLxp`4v4dzcg)DPAX)cW!U@! zm1=YKZ*u5`8RZ*4T5^%9#?yG%eIiDhmj+InF%ur09!r5pRjEYyp5^Ger*k|sK_zW_ zeR9u_qE34p)CTw%);6BvxaAmr5NF|fayc#p6QqG;X{15SiY>HLdbB`0YK4g`0&c*6hKfGv^7VO?E#MWMhVTe(>3%1PW~0kHsEmDae$jeTVoJ%SO2@{R*cH~!WNtHG+a#)mrqm8bX^~c#Ljm# zEbgXO`R!yDw|AS{9Uke&OM~AN)w)2GSzkv{@NM1O2Nl_lVboQSCT|0__3S->FSS=~ zf=+fJa^|vJ-IaO^b01}@4NiAaf2rHiaUjTnHPhsnQUW78Evw)i#CPW}d<9pTZWO>C z6RfXOn2g8CX@1o~0qTC@#BC%r+pH48Kh-F~+Dxoi69UzGOz(=N?{z~c$aXzQNFq8N zkM$;Cnu>+>diX}2>^<`GoVJth{wYy=R=d6%W(A`Z((GQdd~xBfDEhl=#_p|_x5W%l zDVQYckAVm^HYl>r$wa`&(7Hfs9M`)&TMh`~ACF+|#$>JCK@>ylr5vH#DhC2JnHD5p zFQ{8x#`(mfgb8XX%epF?E~tt=~0(+8^nJFIcdR_mIf+8_0i5TTMrEEtvi&8#hx8lz7YG@jZxIOXDu z0!fqxU7|$dLsl0{Ft^1|z~j{Tv~@;JYTD{37Om1eAHHMaQC%dXWZi_2GKcH^Subw( zjiC69mu}FB0nxd3mt(2FB7928)K4?em$TBw zp0h=s$~9@O4f~j9x%>>=r33KOJR#x_B?r8}bo;TH-m>*Bf3sZ;VSMX!SWCn23U4ww zkJYvZ*W2g$piGS7X*-vF!zde8pq(ceSSzG=Fu9x7zp7JC?1D_gc5_XqZYS+G4t@yr zw1ka$Uz6R6pTA&*fFj68*MQTViB$?;WB&V>ovQWNbiOx zGw81Z+i@BZh@_BXwt9LRYcdL03Lw4_thuXYCfDA;)B0Z(nCN5Eg|yJ8#w=H8g7F7Z zi(v+WfGoE)8Mwh!?TtnaOcr#EM2cET_G<@7ezX#szqR0(E5#J z-w~Q<8>Hq%FQqF&zHWFK+$v}yPbPdC>1%K%CxjF!EiPdP5IRS}!Lf1_^YDuS(4=~X4vm-niwcut8I4%rx)e5V=g~W}1SM}i z!8uHo1zoLbyHB82vJ!+9-XoWK8IrTm4^o#rB@#3%=FVnQrOR!fxjc5~6)2hd*Z$40 zWb0Sc`|HX~1foG76{JmJL1Kz;5ye^vcCHl0DbpC~HvmCyTK0xJfBABw>iUH;duXWk z-eJakKs5;UG!vI;k%Rw~-w5SDBqjAPN%=2qX6#=!gZ;nR%uo71Y=-mjf3ulf`2XgW zHv#|GEARZDZ00BZUpDhMV=;r^KiLd%zg-vTiouDm>OIuEO~USoH+fP_Ugb1FPXDDu z?@VHqd|9zx+}5xLximg4FRB>ZJn)WF)v7O#ye7tvhDQtVEK^_|4HSYg)F^7AXe(OF zoaBPfSZ%2PFA{!a&sDf;bK;d*W}Z$ucT0N${)BB5e)D1u2y9{`7bgHMYljW_xTeK`?YxC7ewx>*m_dBc%B z%?*h+kb}`NZoxNuoV*^5&))E!j3^mD3RIlU`l>D#&OGOMbUT=oK z-K0M_FQaf+*f`w6VC2_!*H&l49E*Yel&tbLMysiE9+QEJslG{zhk<5!X1NK78OQV< z6Ey=pi-o?4GXw)1j`<8{kiVHQVV;4eG+w=;D7*C7=hl;C?Z2>~u-6h5Lld*(-)kHy~Dl9f*}%4-wzo zL6TZZ!nPDL@hLp%h_KP~L~kj%i-ig>@}d+Y1MN-v>W`=d$99%? zjqccV`SgcbLnNB_O^SEV*e@t#y$t+FKv^*I+!l46@LHdN=-bMFQjUdWFNk=rAkGR~})QU9vFIX83nI z=a%H|zTeG;z?Q=0E02M&x7w?l@ZOT{6uamB0YnqM5t3udA?V201T#6PsRcKZ(&Z>U zjh?25$fpEmp}u>eSz&%h8QbiPqMB%AT$1u#2O@&$N7BOc3ODow_@g__%u&LCLlTE< z&V<_mw<`@06s~{UF@`9hXn3si)*3unHv!UcX(GHx?U9}%CwdPKsgoWA z!6juX60!bgMA)hE53TEa3$VymTlHBbw)*USa@eAamgpZe=(bZ}H3SO7P%$eKSx%+o z@ZcC)%54(9#2O-8MRp)1JWnNARR-X#v#l+v?)d~C8?=_11R8eRVuLwO2!`t}dt%?E zDnE0B#y5C9X=Tp5CR>8e)h*;e;3?%4%uPmctnk(<6yNcC*o`m~h<@SFDyxZ+V@zZj z-2%H^Mi1-ZQ-X`eWw{AK3 znc)XIEX|ZYU@&F{(eI42K>$xR!KPuyY*`y3E2-9)ka3P4eD7QwH%nGUs;7Q9);5*N zwQ#d`9nBv&N46%-YQTC8D|rajmHUe{9hL?&XS~y&mlo)lQ*%Ml=_s78e~0{F4RU!m zGMc9|%)`n8X%~?qd;89(KpAY*;Xyz`zJvI*ZRh6P6$1DW)WU>U?Jv zFiRp0H%KxyIbI!HrT4TkYV}w9=Z6yodf2kT=3Z7yb^7VHvO_v!OVWG7r%sx>KxE5Q zt^2Qk?!?DX?%)E%MYpL6MM@%8iCGY#DrBsW z$V!0}EDMES_d*#JwY7-&o?Bib+T@`eT`gJ|KpfDU?cA^3PvSM(5mqPZMW24-`U9dR zj(=i@POuql=)@5kK1;fI8ZXsOPE*GEc*F>gKFs1pNRwVIkS&cj@LgWB@BmO<|FsAW zY)SBMH z^soJFPN{Z@OD~>ng8_|h)q|YO`dG2MgD67^R+*}(t`w}wC>0r<7DEU0dgj?mwe;mu z5~!jbjYFGcUbT83pf1Z=)+$4WZ-m;wz>u|(TwE90KPy}BPIq7T8m!aAmC3I;&uQnD zT!lT-AOU)Y0D`aqU2reC<)8rT$G-Q6)n8>iipax35}d2aBtsC^siN+eu1?(>pN@T* z2kX;UAG0z^)mZsyjrH95ifcnHh;L;wf6=P(tXS)q2-^?h!Q=aPuVY#cb{TAe+{U0r_8Mm(v_Bm9t>ueDXS@7z5q>! zoFq~njcFn73jQJqirt zN^0H0F3S7-9xAi_aNJf?do%mk#h`5RV84}?Sb9@hZh^$DZl7Q5uKBF4jI=uEn12)M>>uW5`2F9^4~Gc*KQ1GfLjJ@2{@DM) z{C}hUdmbC2@PEwT^Uwd-273b+Mu=4w>tl+W`?3}n-IIRv-a;Fny@S~GOY`UbC8Fw@ zImMLAtyz;>!!2X!wV^8Z_;*xkLWwX~MZ`7=yAvNP7e}HjAgClH z=>mAcYHmfe>>OZiRU4Pe^?!}PtnaQ9C|oq_3@=xPLLaDOw@m#$&^GB9k)$xOmg#nI zg%5$oP1s^B+s3#An;3Ws#)30M$HH?aYE_x;2n>ct33r3J9*EstCI!U~Et0D= zjZeNU6m*ki9+c+0c%(rSY!Rg;b<%YS3~<`5_#%A;W|?qTFgJZNE$LA40ANr!%Jra^ z%)x*@-|@(ttRvnPP!Xe^zLecYo{vo<3Ln+b@C>Mw-u#KI(S$~GeZw0hrQ3B{!dOA$ z1k;tKx=M9KP}6$YWbMb%(s$Trw8<>%Bfk7V?kkMa8GWX;KOP{YZKVvT@b_nRZpVPT ziewn>lke5l_{n5X8^wYMsG2ME=u~U(9p41~rFxD;JO2tGHVA_a759L*x?VXaUnyWI zE;JKJ+BAd|gGCpVQ;8Tv&Vgg3m0P^LrBmQAOl*Tn!7hVx1SaCfTFX0)>K`YWmsaN* z=#^Six<;C8TiZ%{*My!caIJfih8S3Z6i9lGPhOjP$O7(_O3sA36l4^4`dO!Mg2Hal z4U&6=NXEx{7h}Kg2qp;KLlRC%j+}axZ%hGX2VX78#QPY6Kses|OpKOd+9?xlEa{*s z!yBNF5OBJ|eX_N&iWnLiwIEX)T8JYM^yWdo$pG*Mf47*LjlLg@CY?zvrjN~~ z{?Z~9f;!?vxkfHx8A&;Nr}@dK!-S8jjT4q37kZOGaQzd*8tSA$qEan4TRGAR^?K!O z%Y2~As{GZth`^JU1aPGcOIBb`fn>@-rqwr0%;3xNu&a9rxve2wq)N|#v_KjXN9HLY zu11Jh7WAUQ9k&W$FB*swT)_%Kr163(4&+r=pgMCp#^*YrXSh4rC4`pZeLv{pUvu%I%A^D= zK#+KezpfS>of@y5>Za`$-V{uY>Nc1EQy^uZOhN*e9l_)a>CgC@_GlQ_mo!!zBbkVB;W_wqxny#JPj0l;`ej`|2uhwrb~)5|+6U>mn5fqCx^j-AQ1U0zYi5vW zN@m8L7bj9K#Oq3M>9;RxJu)^|x6wF)s2*5`dMoT30d&#XQNHEh&j*!-Kz*HPh7iOq z`a?7xg@qIPJpa@Z6{P=}`Jw)m`LX^p^CKkuJM+W+^-=@`gn;_{=jvaXKYL1RDy!sM z?m8*}W9Be!kG;#BI_ZIgP>b4DUp+C=)&Dn>!FB&7U;-G4$O{&#fy!nagoas{nN;r3 zMHMBJvdY(jvO$yj`&DXgxJal84xfLP7cB z%8a-^c(nTy%C_74SujM@BvG}dj0D$<2-0H{2z5*zF5@3b!Lq`NE)F~y#SsC9f$EU zi*>Jio4qR@H-0>A)YFBzU%4JsA@&C_PT-iz=D=l?Vnqgy5@pa&a2x~^@lpd|HuCO+ zuZt>dd9qMXS_khfEs+S`2aUb)P9&e<_@3)AEc(I=X`oef*nRJD*m9_UNPt4@-?J~6 z5(IrOoEgN;BkBc13gAU4E459!964JrX&o7VALQWOJ^~f`Qo9Pk_g!DjNmp(=2bxp+ zG0RwikS~>O6aGGh7K{4T-z5BISPBYcvi;$o?fy8(O>Ivf{__dn=t3)Kd8ExYxXA`{sK+LE=$z;}EP-~6> zB$i(aVEw`UEh9XFQDN~J+Gf7O@WPjFBZVI%ACU>}uRo^yfI^f^=LO)DFTV!P9w7kT z3FdZ8Jyxv6Dqfh+WvK5O@T+e7Ndz`PWBH#Ck)8Elq-Yp|!PZEL6p-l{BfQ57b(}+r zL2V5|!_UuulpfQP?A@Pk(c5iCQ{yD5u)R23n7PSA$}QE8k?ph&LjXW#ZBO)mQnMIS zseK%Ek^eklX<4tRg>Za|?V07ljv&#$4^NwvuWC&`vwdYoFz3Iri`)(ElX`5?F-ED8 zVVHN#$I$v8A042yf`0vhK!O4a(vkG@WvTC+zxik?60!(@@tfy&a*;`NH}D=o=w7|& zZwl-wT#Ma5bge9V6vk<8I`D#ki=NlK$@1#lfz_lf&Z~vISc6&s2S&QiAQ^7x`MCx@ zrihP;gmMwBs%PtYc^I=ao@WB2UBw2r!pX~XQlBG-#MXC$K zR2Oc?F=(WTD{;Wy7v;^g(!&RoY0Ct8BGIF+c1sYQ{mg26a3Yk}zf+&XUerdV(j6m{ zRT{j)M~s=u&NgX2;!gz+tfnvO-EpK9EX014YCa`2b8;UF3gqgK(t0t@ADhp4Nk~kX z;mBw2aOx4%D!_zpHRIdPFITqAdTje)f#)&zUGB<@ukjiWf6hrlZAaZ5!nOBt%a!u! z%TExe8>P%4diF#MB@4s;w|PoT2X6}3{1RD76S?S(5@(;YTk0pC{C&sAbm+vv^#~ac z>xY*Rg+oI*qKPFtN9$(1No#>ZRlQPNoWI4w*tHUM5JsCHh@u?=xPjYs`Asi2@7sFx zP0=cbmWYBbXT>4Mk{9iI1jdW~%|X~|uMq~D*2lyH=(xY<0`Ha55UPSl1yXuHXaBn0 z2JL83@;I$b*A9Vgm)MnnqH>c~ON>Cy9$~*=A#G!FXqjj)pY$i(F<1RFy--6ng#@%~ z#kENUWfI$EV&yAS8&fM?K}em!`4@Veg!bj6#X;~jm$e|H^51>bznS0pZ|46WUBtw{ zx(Lkw?jq1Q|LGz~h5w_A==mq2HOv2;96}?oFt-ejw5ff^04Zi4;|j6f;G%O1tF!hLc`p6C4EX;S+>v>1UR4<2Uyn zPcf*qlTnB21Qc~TztOk4+P55V-Jimg8ndAmO41DT1EdxfS0VfP6lBG?x= zFfvkouYYYXeH71K>p#NxHfp>abSH$~bORFEN2$}(WgHpIP%zNcZB+paf!ql1nAYGV zspjD3xDweQWSy6CuO4^tI-z4%Yep$l4CAiN*`!Zo3lBRf60$F*+${lDhWrYXMI^NK zrT$oOJ{C!7hb~!!+@z2dhONL{W)4+sb$yX1rZvpH2AP7d1I9bQ;J!t^se#YTxNJIswIi73=Be>k6m%Up>ui=Q>we9o+ln-)dCCFp zLlB!&pH_XQbT75yRHga6qG{FIC%NUitkGwa>WDB&9z4micU%S-vg1nL zkhKUX92m`5tSJvtx_4y{0JE&Zu8+>MRY~w(K;jdxq~;#((=yVx5#R{TsYfUl)cd$N zZ*xlHLR#0I;nwKMA9e8(5Tu2TWo=;Bss5%Y*M!(OxcEYdy6`cL=UYp;l>AaH-XIH6 zZ1+3Yu2zgz>c%wf(|1MQaW56awfoo-?-n~09y;$|Jb0sj?%`G~wOudk*;Jz*TvCIm zj%r3n8qy6598Yr}5JepiT}si(_BgyBweMMEB_2LqxTAwqH-(qrgtCL7-Jb1BY!hXi zKYOkb#?_$hcCFZP4@=qh&(S`VIh1@8l{*d8gKZG=CgP2us@$A!NE|i1q8xaF`1HL5 z$YH~usM_C#N_>5}FPfSjqz{esU}st11o~dQo1`gF<`xo|QKlR7alEOM)qL~WE;Gvs zaPZi>Q^c_MlHm3ff36vG97DEoB9WJ^n6zPuwLtnrk9l|lLp0>ra0_FjCU!p3o&pMq zQx#A(w|_excid7kW(22|giD^R-5$vsBh=vor8{r?^$B>l{SfkL2?-cPDxEa;+r_!H zt2Ewzk!zD=p{({J^i_wqKlbXFlaJ^y8~wfMquopf6bMF6%Ee;x9w;c6vm+MwB{zakRA6v z5-4@Mz*pg3l#*hMu=42TFkW_Q#tTNDN~rZKWZ8UDQ4?_cz=9Lg^$!@^PF}r-l$fIX z`qugGom&kP<*`dSvZe1Q(=si?jMH|4c3>LAiE&)qg$p;$wwet7_bw(rp%2Oua4((UHM~7$_0{l+W?V43Gn!V!3vPQlW80Td|JJND zKgN%q2LRNCCb;W>V|PwzxVMGWZ-ukA0t$K$phKy{boc|WplFMf@u|=Vsp0Zfre&Pt z#kRpgt`u)xa&oy0^&_m{Sh>KNL%<|av_Lx=VtNkW9oj$VDBt^zFPqCFwb~(7bmL!( zlGqj(I$HQ4Lua+v7Hg-eORS6Tk~DaqYT&CXGDiVMZO~}E)r1L~l;no-q{4RSvB+#; zrxj#z0O|{s4j0p!Tn;z3&^yNdf}f<;VM_Bk?_o#Ryqr@_FuJlQBDP7`>h+-Cg%i0z z#WLUcBQ>CF@bV(PzE+b|Qkp|kA^6Tc`fZCZA3=Q?DwyKBgQEmdUY8(Oa3}_#uR;{W zn-UQ({WhnTl3(fx?cLIC7?UFEtOivar}rCo@&5UTRJhspEEc<5k;5^?^JFy{d&$`WGc3e4$7jkFGf276a#W zbZy11rx@mYXNT15tB&*fjHukd9dVG#G~Xyn+DM5TwGmS#KO|y;MaKx2(Cl$(9#;c6hpRG~3WSwY z6o7^k+6hWXxN_|T$dTDfR<-#K$dQ=dwG}>(9!iLNUqH^VxSZ0})xLmn1L2P_LyX0` zFG{L+xk9TC*Dysm-h~77DW-Ln6CGMV)?Djvk8}zTuyPO^t|LnI(Eur|FdX**@Qf)? z#PsM{7qMQ19#c%W4per6p+K)vzc;o;`#)jAa=&M7Ltp(jN}ypLYWN}G=%}}pg|x&| z>@f3~f}<*UVMKFj+A2DZvqQoP9AtZgAWH(X<}WU;xrVd!kZV7HF&0LmWNK^k++aE$Y*j=l3pir= z5wLZ$*%vuS9}?ZYBhZYspS-xA6v(^WkXhBT}LiUahL; z6n;cP%n0u~pIv1IXtT*-OcvyuprX#KaOu%zney<8lx(^7W+q9BD|ps=5W%4PjsljX z-GS$}zJCc_z3<~B!4HqsQyZ>}#)0u&#)3x;2{Q(>Ss98@&KCl3l>`v+0XhZ<^3y=H z<(nk%&zAqVW!|nbT={5TjgXLgcsPMVr)Q}K)nIl^2)un=8P8`W*F&a*W z?6RFHE?8RmM@t{`<6T?H-9E+7MJ3yJ#L}#Hs0Tfv8}2CH($isXX0jCv7RFbkz~Q=!jLBa`>THk} zWRw!>lAR=3ZO@MM1}1^?1xKezFKq!IT;>bkh}3SfC_D5Dx2?0L|f1xgaKZfkk^I z!S;4XvqnBYWr|J;j%cU2os)2SQ;$xYQBkl#5G9qSIED)zdUEelVwQ)PU!*4Sg8Bx6 zzAJSgxyfc$oD!kP{F*op<1wF^;_G$v6Paqc@I-tlX>k&`Po~;$PtCPHyJM%?yhz;$ zZFR*-%(A?H2@oxtQYdW705_S!7DC!nv=Anp78f!3S66t=z`*3QC&f}>fD{!#&a159 zlzcOB96hx&3*Tr?NB*_)Q`RStXwMvxePISEQLkT^F<#}p*TVh)`0g@2LatkEx~~KKZG9om(c$Q^H2VZ z`7!>R`3WQbVSdch|6~5tzlzV;KM@;P|L0FG*ngPcdE`HtpD^Oz%pbw=pUm$@ON39V zeE$NVSY*F(o*SWZ-JzO;rRqEO8 zYmxh5YXg{szNK3#jt8M&SbEgV?Q@kO?c((^Qaud# z3Yi&kD}B<5!F&lO(@846IVsRK!M9OPBY0(|tr@u;j!3(7iC%^ZKOy4ykA>IKY15r8 zS9fjjnO#nLsI;;egM%szlM2YuVveKk76@4g_fxEMHo$s%R%ZUi+hTih6z=58MwlYM z(9(s^?l)yd#{RrvCQ98%opjE#Ug7Dxyd^UMnkMcEZ0VJ>9ko785`^^GIF76sjjqOq zq3fF$A8oL+net@uP35{Z#Jq?kO&yk5l7Rf#nvMZZI7)_!3}<26)MjS$Nx$Sl=AaBM zc~F|q``bbnA1`qR;fvtO+@JW#wb?0ErtFb`M$;0IV%xMGY}A4s%4ysq?~sW2o9&xt zmyC)!wC;07U>H#6U>~m;S2h}Pg`YThClfdruZ#@E6s2Sy$m)#e_!Xo~< z$?2ecLc101OKby-b=2n@M_n(~ET1d>jBxBuA0ZMGeWy%mz4-pPXId8=-UTjw^$a8q zaF}gt(*DzK5QV=dm+y>hCNp&rVPiAqT@oNV+TSqnet|VB#&ML#B)PZTNE0-QB5(** zc7!{3{~os7yBqk1FGI?dnC&69CYF3ybg0jc=?wdOvaL0BLB?|-;>Bz96<7S0gWi!t zY|N!aEvUyw07M(^k6thc1D;EnYD6W5xlnRu@6#?5mStC_zDXU#?)1fTHcwF^+Si^z z>vR>S2a`dBsMf_glTWjC?PM4KHH_^RK}knB!dD!9R@n}i%zbz(6RD$46JO3_3B*204k4p+Y< zYvbpaY+Gk8@Y-*pLoyop7ga?Xr9ypvh#T;UmiwMZaL8daa{b|Mg$p-asIpOpVe@(Y zd;&@_wzebhBSy>Nab=u4({5afBKga22?_rUS;T0w-y8Oh9eC`DjXEizT4Ah#$GAn_ z2b$rlzc{FGQouxfX6)wAfZj7Y{1U&WcW?k9tDEhIS#lU^6P$@O`}5LLMmAZCr=N>l z#xv3s!eg>s*&K#03+_GP@K-w8fZL=cXjhmnrH;@X0j0a5RU+KmJGoiJ9CM zCz{Dk2{4t8+A~Z$||6@J9-u-=Z1uT4hB@)Hnzd&=tPx)E0GZs6!#%GrQYqp zeLS&5p9$EvPbq%)81w$sD;fK3ah0+Aba*e+#) zVZI(BdJ8vyU4G)UedSe)dIZgWb?XAWFpLx~U0|cl-3{Cb0O7T8@u&U-jD|4xhXDYs-Nrp; zu&kDCy_ufkM~e9D?`Z-eYDb}1t{sN;qaGR9=t3)O)xG;@nRo@DJiiSxPc@@0ltZco z-L|6dZy%OFL|CV=KC^^^3JQ5P3N(xB+BvO`ng+1HuFM~rY zBYiB=0jQoX#>8~C%Pj#k;kw=JPS(i`5_*1{I|Zngqum$YqhIOd219cVp{ja z>G}Bs^@;Wr#;}&{`vKiBFX64XTTB`hlbq~kt9pfCZl$PYd|+29XQ+^!07bK%mOLRdhHMg7po%xu`XjAr^{fgBzw0Zr2> zI6i`w^|ta(c`kv-(!@f@N`E%XNLwP6x84SD*#l{L=VW!=bPUcGQ%$zH|v%a@}%FKT6JBz`>D_We5%&|lL3w>z2 zzShMXtWP+Bcc2VDps3Nba9VmnA?0aDJXR=)>r9LT(nv)69+faB&yu#g4QzgOCD$lq zlEZ@7PXb;u1#;3!Ii4S<#LXSy7)I;oX@Iai_rO)3R z4M#pu2jB+xDx4+6X}!i_~G=UW*0>_V~)Fp{4e z)REKNJe%LqwKkLO5*{XwR9kN%}Zi``9$ z43;zL8$|VvK7+#;B{X;SP+fJK&4H4Q#yLpWRPP=g(@u{JNUEv_nBoT9b(A^YD(5}x zhGM#jn)G9+I~IuVL&=SFFHhd&A8ME0ebsNv>z{Kh^hPnvT$d!YQ$r7Iiw#u`QTpQs zkd!$u)&-{1j_8J$G(AnjV_u)nu<6`+Xo>jq{mys*3CtoD_%;c&wI;#bxs~dnHB%+Y z&PlXpl>@S{y<`>6ns8)2jc=KO_?jqdJ1O~Y9x2G*M_o0fUuyy_#I4zno0L*OcqTT` z1)9L?gZm_OmTgyTH13a|uQFuvfx6?r|}5 zGAbV*gIuiI@bBP4-E2gaU80;|J{yn6f=}%!XQFQit}&3y`LtD3PQ7PHb59zAOuNnZ zRE*g};@67^6$8DYc;|N*>evNc_KPHLdmosMu)D*Z(7lS*qhn!zkUxj)y zM*x2pR12G&>}7-rIAU7Mm@PaC1%Yh9Qql1Z+@3@GZ1tO?qPOwa)f56_?>~YFl z>zh^U%g6$2@2>Y7jF4LPm#8W=3QaVw5lIb)s(A1O`CUqEwQVqWv_r5_TzL17oIUqm zo1dB;*@Az2Ri#@S{}3M~96dy{-8MRKp5{>^mT8TaTSIIMOY=icFP+b!@#G7y(1iSw zW(hNIRP-j8Xz=V=IT8K!>x`3tZX-glLey>cR|oD#*q!`pNT?k*Jfn(_g-RVeppCsH zsl^Nd#GHN95N4$}#bb~c4fITYJ_SpZ|E63}y;J_cXDC&bofxzsK+d$ZfQA)J_lZkzhhIvx!4nfRRrJ~puIDFK(TBNlnk2ncZRlX z=YnI)kR;8g-Zp7><8UcY#*(G;T?4J$DbmxNz4vfZ%)WAt_Lu`|aL#auR(e#r%64%s zK`8vDE7|HmVam|^yH){wz%)Ka)@F;}vX?@E2lUwAW%bc=8vJV;TChs6lqtC^2Y_2- zi;j5OP}Qt>uAHR#!Lyeg>^53s8u~mn4wNhDEA0I z=xK}L!+@ikiliV3&lZLFr&N|n#^DWp&De1vi81u<{9|Ijfl@N&H=Hc$_AbD;i$-(W zU5I#s--s5nq#A@NQi{M~mBnJx)YOL7G+~D6Xy%PzRV5&X#dOrXxvu?SWzch9y?JKJ z3y11R@qJr_f=}dIUD%R@L0i&83;MTXcVz^F{xf9XCxmj}*xesgNnQE`t;l|nO z$ITq|jX=|LYamJx<|3_waQ5G$-i+gp^i;5u0CFC?6SbHD5O-DbVX1J2z}bx-9W~}} zqK!)HBIY>?P_oMwx=S_T7F7$SLyadWd44*We}PyY?A8CNv2Re_@g~L&o+tP;t8WY1 zqsqXdRU#D>14a%A|vpsyH-)LY4IRT$zD@p+1c+atSD#w)f2vmQ7(C+aV z);$Nl59!C9#{)qHX@S0r0u!&sBw!PfkP;2MTT5mF%osjf0>HoiCe9B0SaJQVcG*|0*eX9a9Ihx0>srpxY(>j?YdD!{~NI)JuW z%X3%6pT6EI#pvU?_-7j!{Uv=oNga3X3RR{`K`)F*^(wD7kCto z4QUwK+($@-Awf5W&~U%ntm2R70W$#j#K|UUhJdJ7a$2@+se-et9`gJPu)A;>)0Jg< zesi!`nuZ@8tQ8tty_Y}>(TehHb{Pr6^!%u2A5OBQ6+#p~`d{NMMf$Bh_Gg!M-VSXc zK^)4hOziMhSisB_j2tI~5-~cm^!$yX4V@W<91Q35-~;4cNW-XCBY~M%l}}w*}Pb_+zhq5kmkaZs3%5 z$yQF14@>8SA7>G_bThQs?ev1#450MIEhZb<@UQj+mzbh=N3>ZoF{24akuivX$#j=v z2V9Y0BF53NT&j68hgCGXEN=J}htwUbKId(yBT1E5gxQr+a1WI5wE9fN|~FLUHKKDXl?S+&My)kVm*i1t#PH^+CjcfUWuV=azD!uHx;iJb)j8Ur z4yntL_P}=Ua_rCAL)vU~9M>+BMa~h)a4$9x2dQ^Q~pVF73`Rj#&6&V)^xqmALx*LU4V4M~&?G&^w=cc001z-iSzKWuB$qOqeke zs3vIn29Iw>U0&=BnXQX_E4chdzV#K;#F?8Cd?(L;;3)ROdE(Vy7(y_h)>Y-0nrvWO zd?l`r<+ee5TqlHwxQ>6V|5>Ir{pG-x3gTDX9u?BNi%Rfbi{VQ35c)!DTa!@OiRQ&n z`Y?qCHLIl~rbziCo?V%0FT_uHfV63X=BLe>JwzeD#zUBZYjUnCARE||k&IGoEJmW+ zyj*-oFlOBJQw3pWG#=rn0yuc7YJ+ym3QL^ykCHO@S4sIF+RW6yv>EjO)@GOj{?TS2 zZvR`Gd1L#ZyFCd1+U-I4Pi=-N;NRK|;s4L?>RPinl zjRP#~U)E!#T>_suL}@VM)fLuh9ZxQKXd?aKe`@55@32g_q5&xl4F^K?@d0=Ku$BZD z!I)RdmDEI+WpmrTekV|l3FSyhqO~uR(otxQTMuer*;E1u%$$e0shMTY^4>5cIM2V9 zE^(7jViiu@=kg9@`mxR=O-)}G9#sV%;xrcDU%T|~eQuD02i^H-_|y0GZ91>tSB47> z@OjPTF+6qmQkcW&@^PavBoVvHzKm%2-EP)Bm;E})|AWzt`I z7k|XC19YF*FR%$^9Z1J4)tNcW5oqRuNbGJxgnw;u z!ZOy#DKf8tTOB*5bmT6^B-F;vfc;G^TG;S2+X~NXSi^&-ls6&41RSY+(PZW0$O}mj zZm8H-*m-|Bel=^lR_`gYFBbdk+G%#z>>fvd-L3K!?x8WGr1(E-lW?zqZBs0L> zVEm)oqb$JCfpWejjO=fNnQ6a5%Qe(Ub>3_wS4L;;2kiohNXfGSdki%`&z-p50F~EP zNG%=2Mnbr}V9WkTnsss~QAdaBUU|6AULL|Mf&Jt0{3A({ACFr8RA?Ck?sN+m_nGwE z-d)RchVP=sG1Fc{KYrdXUIuN;Yn|MMLeo?3!$x^)WujgTsp#s=X)GlH5m9DgUsL1) z?+T(&s7YeJtTR<0ZuzwlU{49Kyo4Prq_<`%@xOkJvtrg)PsB}{YIP;moeE1KN5zB} zUMqU-m^e)^<3*8T7rL9tcSeT`pH$ls1EY}Wf!CZRZ zxYO;giCND7tz`L_h zJ1QNJ+6+1Zwot&|5t<6%K@;XW+iF{Xx7Yj8SW&rPfa1j#P`1es4>Hat7LMQPiWy6L z@Zkr@Yg7=58up8om+34g73U;vC*$OPh+{d`U#^pw0l4;nVW}>zYq#rVy+(RnbRgci z2u%ktXxvOBba2f_e&a3vn>O;as z6f|d(K0f?#d4kC;Bw)OVgs}&``TqECzS2k<5mVQww`8}ED59}e!N7co@xBAbbs51$ zsx@&WT#a;8l6SDBL>H%O1K?v*>k_%?kC_7oe#%t&>NcI%4jgVi15!EQbPt;RC}Suq z@TvLys)OghOUdjxXr!7u4UWk@w4wQY6ugZl0}ZGf*=V&v|nVaQTdW0#eEE?^uAPIF+KedmX^hhl=`wo#CHaGRyuyH*paEwTWZ(pP8S7^52;sk@-JW zdEhjd%hkD?Ay+~tndsgDYBb4G%W{V_T8)Y9xYaa*h8F4=DmG)-`n+u|Q=D&XFA@y^?v=@W zYqQ@S{S1P6-;(R9nAxg?aB=lX(r>5_qlnIO4TNtwqfrBq zHTg%(u1R+fF%SM;T45Q!rTra(ms~%rZ0@pkT6dB3^qc=v!})>!YKf>D{8Kgmej?u7 z}6)Wi~kE8>%UGm)xTWq9XDib!o*- z<9A@tG3Mk6`r4HekfSiauPSko{kPo|6m!agOvxoUPoY2R9C%N4NM`N8DN`Zg!Zta6 z&fSjqh=F@?u!0CqI3ibb&97`o+eH*49n z7BDpWw(^mcZqd1BoHnv`*$hsfAKwh#nbNr?wL@o^jzyd7OWHP0oOsh10u)_Sz zbOB5$l-M0yjc6QNtPmptSn|`^=q1i&%`V?2<7E3>Oq`Dg&r;m)#;UmQv3AOhoTt$u z!88aQw`et%$fdZfD!`Upp7m|KMym?n{_qkZzKc)ZyO+lU&(9^Kw_OU=)&@yPOE=pJ zNnkUwfQwiupe(8*R|D2o2}$w%$?ezinIIAyfWw>3pBQfn`xOcoa;n{bFs==t$D{x?LWc+f_kc`mAx>06a^O90)DZ;YYJ;gqg6E( z?4cc-qJ^Gg2x5USGP7BR<;@sxn0xRILKdoUp&+jtZAx(O_k>q@A`{(+Nm$mn!0gbM zIewc;X-GMKLKQSe7=MT>&<@EuuD)POZKJK$Rh!hMm9p~oQamAQVGZvJR_r<81q<-b z&3aq>#kDXJq=PUKR-K{Vp5I6Jj9*0C^9rUPOBJ!b*P+xyhqARYz`M9mA$$NCo@sam z>o0FX1luOOqxs(ue|nq>k5hNkFdzn)wc zyyOs#$&JFp*}%r{WrR2(`z)!=4kIA2LXE+kiNd>~ju3-mq{Ig(0)iX2F)Ow=eR>w* zlGc*VhuJ#7BsrO-JLWqEa|Q>2x7eFcIr8=MeJ`i=%4kyLg(ffP(t{j^H2c|0d1D&e zDe^hBdk;Xk;50=_Tn^942Fs!&l~?;V;N~|3{P2`+m^Y~aQ^#y{??`<)^DKbhA@&w2 zUZ~m#wJwzK1{+VNuow%!xaMOQEV9^|dkG-vSr*gfA25sAOdTqP8{XVTKZ`fSIOG59d5D0X>T z#f2HW{7HPp?vav1iX3;rk=3M4j*u=X0Q?Cfk=!*o5K?Wdh$dE?MFHY1f3-A9_PoOH zmHbwB*r^36CrBE=2F8Kq8#c|uMZgMFAxg;$aq_G**))R^1J%$-0E$et7L}Tt4k(}> zKmG{iruZc-dWh#kd=UC zI}y?%vWZs9PP z{86GItWznQQKu>7pgUuV@m9KiTe^=^DKelMhOvGh9;wedWnBlN7-{C-rIx^{yTX@W z?rh`JuN%sC!Lab(zbTu=CV8G>K5W|L1#K)Fe0@)+s4lvS&|?)sb{r6&Rm1DkzAa{1 zeEO0dH*m%uD!IxSrL#K zNP50P`rHD70^yBlsMS^3HM`DTqJ@?#$MacEQ*~WJ z6g_l-fuHS$tGCxSqVRN6b$3Xu*D(H)G7B3!9h^THdI95A_3{D|BKs5kQxJ@#vBBH{NN?ALJZ zveO-Fo%HIEledY84Y_TwS4fv8x$l}>aUuPBvT%nFVW?lV0zs*iJnNEocr!&8vQ`EQ zSM?m6C7PP@V}??LAivvi?m({n-%ra=pgJJ*TN;j7h33aqPGj&A|2C@a%Zf%qjV~DAvI-!qDjUr9t}y&6yHo zQ0322ha22ss1v21Jz)JF>p+taI5-HSUWU!N+vT<#{lN4D`%*Mowbp5uPAV@(B`F@f z?ki{)SJ3^Zy`gyknNSI{5MrOdY=BTRo{a=9<6t>`Ur82rie73F8C`1U1vghVZ2F%s zzl}vBU@h+COC;{6jwUR+$AR}0pIMIm)+q$y=s($2RgikpQLcw%T-qU_5%6u8CM;B> zwr(lg&6h~;fOBP(xe@_V{_w9VRj|otc$x9PfEK?*!wKgDShnuT7YtlQ&ND534>xd- z>zD-LVBoeFL@tDI!hyp=5?SUmrbH^{%Ns7j?Pi4L=#ab#@bkX5Uu^$zxDYFgjE-H5 ziRXh_Y**98#!Fk0>kx>DmoLRyh{a#1$7uw^&sfnf^iun%qDg*-n7f=Ycep}}>xr>& zq<`5_+pgF^GFGNJ0t5ZEB{Hc&v}gv*f&KAf2-ID3HtDjpkamEH!H;q@ec2E=7le%T z_u>?x3W{!9&YU*|RH~NCD2LGUWzsv+xI?9)PZ;0v0i8^4CA0O3@D0+LD5%VStb4=y zSc6x*8z)k+4GVf8T3-qXT|PObR2s1V^bvc6?p{0VMeUocuNJ&EV8kYBJ5W&@{5ReB zVq5Vjqer{YAKFQAoA(esnyp4al?6RwY|Q~KN}xY&!$nZP9xtjh;r=1?&A){HZ?)(D z?L`j2Vv76^p@+2nC!q^_{F~6<2LF@L|A~0{{}=JUeAQVTr~joNq5ZdhB<%5ze)RJ4 z-}+Hx@&D{1Q2y0LnE!vhQ5^jL-gx|XpFd?%k!w)`PWF5JyQS+bFzTLRrZ-?j)7^Nz zA_G1swr~-Qr(1W|-D__7Ro*3E>a@~t9KjGk13}xFd~}DvrF#pLj@7H!XKn8LH+Ab{ zEQU*V$EmkOgczYNKp_=n{I9T}J?c1<v_eg52#z@kg`s82XT9_~ibC*odj)$XE0`vwGDS-j{%XG4JcgVM>wBcM&moM~6@6^v`tz+mGS zxZZ5eYj_@FXmS8f0H%rC>mO2HI#KH*;ZmASiriY)LA$-qMI@JRs?c`IVMIa3OYRw- zOUx5K2)*(Aa6j#n|A()4iWMc`vM`Tr+qP}nwr$(C@3C#$wr$(KhjafuVF3eIUAMa1p zPdII-REM)Kp>?APd^viBO@z6?g{+mWeoP8{en8~@6R;&5@mP3-_bx7}4%?#84yKHh zItQDR!~od|PETJ~2ce~VGIkuR!NxC>Qe5%b&VYv|{7a~urR+yBUb5)R=KWUqODFOa zdT3#Zf+}%eGm*Uo3uRf=nJORFF$lFkl$Dt80pqMU>w>j&5v5~@ zyS{20V>Do{7{?)LaszEADt|0~67J<7MGZhE9?cP+Skke2orM=P=*#0b&;<2#$j>Q( z?!=@bnNBsGw+kXrr^jD$r{~2|R%8?jF7Tl82jVfiTB+Rcv`3hx6K`eif>zfxex^>8 zQ`gJGk8(5$Igs);LB*iE)S&!*=RmRwf7>u?W3%^_*dS&?auU-U&*tK-18PeaV=+I? z!wdS?pdg<2q4}GeNli0(u!ssXQt_k*ze+cVW@|CoNYsu=^Mvy!wj(>TjclFs zcUDW9t;ScI{N2^$Z>OYkX4iGr1FrBzTQhXhj!IQ?hS|X|+G>{B;fE&mKA%@^tK0-Y( zIby3hV$@;JPU4L-C=~X45&fH(1BcNmX^QfK)rO&Fb0$$?>Fx7sI|)Y{u~lRwjF+N^>YrK$d0?|}ucTR1oQ(i5fUK%`~f{lo%quR%~?7XlFiX1Zb3{x z+vT2Yr6yJt7ZCnTD~b2DwSNxYias=`r8yFSG6RC-C%iC*`_Q2p?pB8P6DW7{GyT)O zWz?O+lF;2NCmwv1gX!JYf|u;;K4pw)U|f>@`aUWyc(ptB>*1~_@(_)Z(BzTRL|VJP zi~uFuOhgHpSGamVk2DFvnI3qHlU4W37<)St_J#%aIKgZaAjN#?%a|qk!bVnR*d=Jha0ijarsl!^{cMPrRzitzG)Kj(AR-pK9J9( zKGy>iZ9}r^2i6_RkbvIKH7g0X z#lWfHlzVAmmTEDcXC{luut@vpqb5*obogXofP1II9PJFG-F2>bgbbO;l^WK{Tse?5 ze@Ns zG!Z!Vb1!Zzf9;4gi9BuJq=xS1wBs;?n+-W0^`cVvQ1CsR-NeW0a>)T_f*VZwxV^re!_!G`SOV>p?UW>9Z+$8K$rCzPWX786D7{5yQagvjpH3tAiO?k)sJ zp-JHdBD$iKHW7EnqnVgjc+=eXC{ib_)?LEnc|pV^tPdrC&>?x-lMf&OVskQ83Z(f! z;;D@YMv9@Uv07|pei}q%-rwFy75`DE7vY^5w4PG#h5G>iid&6m8m7y$rjmAlixi`S z+@X)VB^{Z>*2}m)d6sbJT^oEw7zyVA>deT~LTO%Ay-SBJk}*R~-QpvuKp^=U(G#jSAa;Rb2fv-P!3L7V z;%7w1jsy%)WvTvO$3F6R25E9U;C=(?RRkrPVBjlXt zk)*hiwPpU{wQ?zEp*(9&KSjw#e$=2SbeB#1`VthjXBI+&*ckpG+L(l!=Zeyqdd)sf zy`vf{Cqun_4)cE z9X}3n920ojBBHqTe9F#do1)FP$faBD6AoZ8Ux77@=3KMWIv$X`x?)$sFuj=DXa0L0 zfi2vAqcnV$Y<6TRS`Rd>o7ayWBd>!u0_O}ofDEHQXR{rMC|wqgB12ccqR=0HM`at>rY@Q+nTUg>GH+~L{I&&UMx%S?w1=K?k zgF(qqK`xGK#FVXH*r$y0wJEg|ayGQSnqjhUJ4M5iFQTwbzHU-Xw5Q_z`i z?5VeDo@=sM@$o;JKmVUX|L-Z{|3~xB{g>uP{ok5jZsI?h|2q8t)%=B*$nMJn%^Gne`|uX76(c{ zF{mzC@b`MYx#Va9TZXIlD#~4ho7ospGg=HmU%|yIw;OQ!RUN@+=VVbOT7zBMI9yKO z_kF=C=+cIVrYb6np5G+u8@KS}vhZo1Q+R8_ZKD2Hy#wJUx;Bc4Jc>S#28+m$?z>fj zk#&4u7dw2;evlNnDfr}aFO2gU(t0-vy(Q7pngZVtPv0O<8C=ZXs0T$!3BOKYB?uFX zdx=E|4M|4qF&_7FD88PQm@N^v%qnwo5d!$eBSfErd47X`@ z76xyOD@HL%>}soDM6sm?0>EWcN;5tyMrfpmNt6X#9u;2W7WlLTU!}gL_YH+fMJnAv z886v7NTLZ)%_r9-as@9XdR6#Bqgript@q$fIG@85`$-rB{L|?ewx>*YwTh37p|;j7 zmvLa`5mqnVLz8Kv4m5Umb@eqBIehLcVMB%(>$5iM9}TLTB>!Q06rE=ypoJ3J#K8W6 z9Wv@Cu8a7ck7p$;iS}Y*hi7$|3rJ1GIM@7%a~o50%IzKA*9!shU!1RwE^4;y&wL0n zN%lKRS=8(Xm=AwWn@3MA&AjwJemYoHRSgJhH2p&`Lyx+S!qX{+6Zk4xNmU{|h)(0= zW0XTHEOtxkh}lrN%V6EKWKR8n978Q~W$j$~U|)q=_JRLAzv+>0!h~Lg0u6!_5sq6+ zdz=nVH1gmYxJE4<+*@7h1&rha#AwT3 z+&irTJ7L5v(@6vQz=Jr!%Cy{{i@E&sL78>3>fsU@(a+H`QYsX zun|%424K%sE;xI@D@F9T>|Htr0>jF`PCf7G1Ut8`KJSTvpmlOij?875xx~qrYw^aM zNGQT48J>HYPvOs_CU_D}9gV(X4*dOytSy~l_am;$JUV0ANmd4QRI*rvbuT^z!B1$B zpo%`B_0yiS73;g9cEN{HZ#s%b_(0Xzw&5JboCwNgovDa8WGHERz+B{n=fwd-bEYj> znH9S~vAAfck}_#T54Yz-b@6)Ph;6XtHf#KMyGS*9Wp%zHFhKJ|kzTgvX0l9v@`kj` z0Yg)v>ZEu=z#(.!J25aT7sl15gP)N(?Y?F-eO-iS&@1fjIP5#G8|q9drG<~`F_ z_mo~(H4ONLoDTD^0Vvb(LXB0yn2L2duxoGCU1{dhzJq~vx~3qH@|qz=k!P5FlS43n zT`D{R&vS--z*5qQ$sth6%Oc)8ELdTSA`G$SjqykX&=ESJ1*AB(se2$Ih=i&{z~YoQ<8&WYEKAq)zynyV>#4iN_M z!2LFH*M%0_9sQF0iMH&X%2EnF8&TtGiqRF^xdhXEo%R}Drz5^mW~a^YSaf7H?6O*1 z5Q5Q~G9XT;B$asm^*u`uL!7Whu=vj*r{ zmLMOs4H!-7r^HoWPZ6$!s%6{AWgf1;g#xhOfDeVrLjmgb?_z$dZSEn51ZN#z+cd`! zzYI_Pn0)X4PGU1*SyKzu1fp2uZ)ZqkS~S{8>Ag!j6?mPoNb3_}o;NR(#GB%fHBf#M z#b;Rfjk}TX*8IuS&w97za>zr)b43&IY5ao1@Qv(rEfq>i8jlH@ks9|+6@kfBV;Az& z&HiCvSZ6?ggPZN(H!v*i`UAxs;ywKd`A!Wyh*@CYJVe&x$%err4{T)>P;(c}w;oo0NT;4nl0m2w=flnt=p z(w>2gz9|sJRk}wJy9m8^YIhy;nPveb^PTJmpmu)(F&mbu1FKHy@C?~)M1a^IU9oVz zhp-$`bG7N+;i0R_ly&}J5eIzt?=R>kem6X=cwe_F_IK07Fj8oj_R+M69`5h3OV_F( zO%chf@mZrc^7=`126&T0^EM#cZBy$KNhk-Kf3e3xqHB!ak_hk`E`KPJn}C+z`RG^{ z-C&7xx(b1uG9sW1zGKcBMu-la@9$4m-euT+Rta%l_*;O1+gMBrbef`!md?+XcgtP^JHlA%I@|^J!I`-o(&;-kO^G_Q-uOq0r>KxTZ(Wfn)s2#nMdss1g zKx3I`L(+E;lgi9RWW4-OAJB938_!824kw#-S356|41VxNZtWA5a=Ql|6(wi+xx^v~ zy}Q2lij11HZNAEIQakRfXX!9y)k2-?kZ83(r)*rifwCOl8Ue9*>Xs2K-e|xTfD-V4aQ82Q((0;kG7HNjEoN4+k|>pR75`|nb}eA5x(WF_5pF^=V=r# z#PaO&{K-2k%n+mOCQ;7BBG()5EH+N|@yB6RRB-erNcNX*vulkP#h#0pagd7U zXT@S(#(7<=j=3oEsY2nlr{?Jk2r(ZK&F1Mi@w+RO=6zSSk=(q#!BJFij*E0S-OEV5 z3}XnSw;1pXBEIwl?o@N>ispd5l`&I5~w<5Axnjy+u}%>TE}RbzlLpt0nB81{RLEKX@9PCoVP zYpb-B*F;RA+v?NT6-K{!Y$I|8U(@$&eXHRV7jr7c#js|#b5l$>Z6haR*s2t6Z^flJM-T1ixQpuI-fgmKuHNIA;-l$$JxSFpTg z^;Ze@Ph5;PIo&!(g(E=j@Z=%Iv>mw`phlkP6i-*w?Xz$s$g3qQsy(?fene^)>sFVW z`+z}cDRR46EzrXVe!V=6W?`IY!hpz;wpd#)H24*lkuzD08(MU4oDFb|(qr^7%{sEq z2L~c=$tE|jtWRrT4;w!J8HSDEAtm&EY%$%bCLsL^Oem4x zTOba_4zLbV8%R|rbI(lqmoYIh#g){Xk0+;zOIKir zp3A*66jKZmpQ4O+SB>Y%FgfI9XYuQZ=C?-Wnkl)n7{+qoIao{Jk0Jx}nogJo4v*Qt zbWqX`kXwdwrhhioae$9Ut7onc87{Sa~^x7$v^_3YLrqgT7uZ04Sw`WWhhjL8#lMUgz7~$ig{Kn(+-Z6$(r*!Sw{WT9^e zx?B^R-D8E#1V#)nB*aaW67QO5=wXIr5+Ibn-d)IF^O_=Al|}0lMyMD}DusCJI&#92#h6D^@$TT=&dJE^HA#?K`rrYRG4w^%}35u>7V({{!+_M|Zuet_ixZr8D&=N~a()I#V{ z?SM@3wJ|Mzw64gU2=D57|Fx%_ zK_W%pjJqT7gu+LdypZLm-wzD;9!%jBh;|o%BQXPh=ZFhIorClkelhkc8Q=umKe&Jb z{^4%_CGC}X=)lpGZhH4w!k*wHE!yF~jtc$cd_vv%WNa9noDU}3*3GH1AqDzS#LUvY zsCF+k3d^Wuir7`oaP?EkhK$tZb*vNA9ms+h*u;~J_*Y7^TPPZ2>u-?Z`_d@%kx;{Z zZ0sBk1Pjc}-e+Y%fkGqo%g{e}Ye~TLtGSLodN|L!a1u-UZ0+dJv5GsGX(b9Pnvw~W z%>qlt3)`>ioy75pXe3jLGx9*s`InI+xdPlTpP(}@UEkNXNR>EizIWRVm3rcbYM~Xk zPbjw1It)JJJ0*}igOnz<-21J693=4`1tF|q*c437FTd-#o|ew_6Yte(pJf~GaT^bG z(GnYQ8A2gd$FQEt+^R3tzsp{sJFT%n020i~3KqMOxXKUi9u?V>tMmz|Ga-)V>lbob{LUCMTZP$TG{0h)o z7;#T3BW+PR9nLgc@()g2wlyOfuD8c`CqC{>U6P8_;dYX{XW3N%s_15|l!Nm@XX;ig zl{Ay5(e$;D91%jvHmT-IM5;NLNjN`lkm*m12RYsE_49l2wW!B?O|~@u z$(p)7LjX*+1;mt-8H7?g=C~0=E#1GkCE>~GRF)v?tFQ8_=cBrFL!fYs-l_I;oCS0F z8tKCtMnF{w2_rCZHkbC2#U|iB}U3-SYu8 zrS~|^-ZD7ghAwr9kXV3jx*XJXa=@1@A2dzEB?3I9pEAm*{jWmR4@k4z6gGgas@l5v zKmL-8^&re0rh3CBEhsh3cbjtii9s_^ag0@_jKW{_<NYU zkX3v$iMYWeu69y^1sIq@`O?)k*xf5G{gW$Vb<}?#6?0Jm`owB&tj0lGH5zGd(|;+BS=%pDh?QL8)412q~|tplbaD}`dM ztvpoGvK~@QCNN#a?xd>I3NA17_8HsE>c)xP%eKGh(^(9IHL1m7c+2Nc3E&&q3!x($ zh}(NyJkt2#$yRz2ik}sF;N*zX3G1b;n;8bi91S*KHNi`)ZUm7mU&(JVhFx`v7p%cQ z4zn)0;bAy~MgsKYOM=i|(~c(m-7##cMgxd8x9xqyHbzAHF=y)DvZ_xSXfO+Dh*k33 z&0W`d#675_U&qYi-38fL1m6=xmH)cSG{#A!%Ekd0*LQZ*#Rg&PG0vXheo|f z8Ra3)T!_eXJDS7{Of!*smcByMx7r_tWvkjTt<2DnA)LJ2g8*OxB~bGQX(MIP0)i6` zit9IJW4!Vl>zzCXmL5f|oyCegtRNYN!{l>;U%{tQ&|vgr-o}~jZUkp)3RSR%nM$aQ zk%%tVtkOAz4TBy%VPm83!o$$t2T~iWJ0jIM?a;oUmS|Ghj?k0*JTA?l`38n@Qgv?? zUJyWb_tmt#nGek4uN|?l0M_fILlM$sgn4~8M|6}vl6+~4-0rWY{ZXmE;O(r@O)s7e z>62$icinCE6KWX$Qdq6cH7eX=2z=hqsQ1_G_pOI zM|}{X0Vo@&xu&bPb=-ruB)KrHkjTe;2i#+K5?wn4Ha$iCuv8Gxx?Erfv!a>ZPn69 zA=|q^)?3oO11a39V{aql%ONj%XeNpdfR9p-8Z+nVf38>-B8S~*yaaTyveU)~>B51k zl3l*WJUk&<7%Tzy9bvmBm;Kl0sPXn06r-dnpI^ovHbS5NPB2&cc#8hZI_F9m`c#<$ zj4@6e)`}SD6a_~{H!Z)XW*$CZu#7|mQXUv}yDxwWUAmQGZl57R++IUnoSGTdMX!dw$SH^@@E}W118c)HZ31!#4EXxMj9sTuHp6klrFYnyLMe1j)ZF9NvOUFYYdEI+i9X z>V646No9%dUI?=hY&zs~w=sIcM9ioH-xb04M#jb6J9}3mwg6(T(oy-f$?NGB3QG|o zqmEqUa>J+_@Hdyn9ciG%L;jj~>%cdwc5$iO{n;@Vv})(fZ8&w5WZ0Dek4g8$2b~x< z`B6>~qpNd&=V^iv_HDXpe+Dt)}U7Y#7FdW$f(&Uh|Pajnk-1kL79OgJEdp zk)grofK>VTQR&W-3ay&8P9q@&0+u3ETr!Ag;ZmHgoz@^5=%>ZIl5btpw_ z?7|fEjFsgo*QN3Ov~tlW5MG@G2%X_ejBZ>hzR>_IJm#saQL!Z(0I{#giuB2&eMt!m@K5DNt5SF(5$AjsW! zVaE5;!Cir9AJU9GlI$aLMAvdg7(VdvP;`O+&!eMj(ju%BQ)tN z=L^BL(-OP>itn*2mZJB{d%4-K{7W1gUIy6cj_gE`5yevyEf6b~02uez_H}}uJimD% zV*w`#O-g9(81a$qQ_UxxB>)skeG^@uxsR&!1mU=_nw74!rLM!W>q) zsRo&~2=%#eN%qo++?#UatF6UL&x~jka|O0DG%8FvIA1ho4G4}L=$BC7Pp%_-rr$9C=B zdlzSswXE0eSd!@hNa6rMAOS)h-qEz^3s6kt&(2b2qWd})^C!4n>KD+m(hm*J+npK@P zv&EJ%6I?D6hnoDQFgh`_U~saJ+h#V*r$>V}`Xjv)?y0^;C=BVjBjQwL>ewz&@Xa*n zzXf}wEq|0@u^C@Yro!R*{Kx5f0S&c6PK6yb!lKnE6`K}|-O0Mqrdym#>)XipTj~T!hST)W^ELB^0&>jC~T)fAt3e`Mo6t_ez4-+2$ z8pX@>B2N2R_we}>zX=&!?@x1AkjxIdz9tkX0~?V+6;<-_p8^<~09DPvY)Jjxy-?m% zj>&@Ay`FZf`V)>(*XfvyUvZJl;SbTSVphhy{+fa~On|}?;JeH-Me@%+J zqD)uALC-QAQ0h@GATfn1am!Y%r*#Mom?&^%iGsv`{u#GC>~fjV9>6P3H9>zK6K}$; znp(^Yqg-bWany6=3?lp7HFlV^`8Ov1 zqC@9!UDe{2&Uk<06=(+hXg3}NS9H=+t=&@fzq|WNh4v->^)_uSj}neuNrsh_s8k}z= z6Aj2TOm@F+Yx6^Md|cHQ@as*r+u^EEahN_gwPe2Q9JMCvcymfe`5RW z1eY;NyWN$)YKTj4&zgE&PePUe1aXT3%H1`fXR&tI%FDvO0LvP}xwS3y4#WVY(vI(vnXASQDt ze1i9=Rz;%=c5r7Y=@2oGS0qRNdK<4`c6aAKm;Ea-CJ zj8R<%iO(+(G&0~qlHpu)TEj&v3%X&nseARR;a@hnx+|nepY=xjJ+`MqP{jTmh&68? z^dytzxwlK|XMl@r#ty)vi2>kbdHNKs?A-~c1kw9&{YPV$!6Fa|M#oBNgZ>jz# za)Pa6M*Uz_E9?iHTz={4V8_V;2iqr_@`W+iu(E~RY}RLzSXCccp4MalJ54g)ma@G` zu`!qDsMq{$5V z37Ay>{>80$oJn&avh`4UimzChGj!F}b*7>p@H8@=LR~gG7Cd;#RL5&1#s7rxZE}TI?MwEdu z`*TsC8nLlK5shLS=wXb}o2(mak$HF`?|z_O#w3IuphF1q0{P2xz-iiblH3g_27>y( z+(yo$Mt|0kx|b{Z5AsrPjPalJKeO7#p^L^9-P-@KN#DL8YuM#gc;XmF(y@GZBmQ<` z@K-mj2Jp>$RhhJ3xOcDqULRHXJNh~k_9;84^NuPxv#y|RbP6&@Iww&-bA`VcPopTo zH;tQn1SffROA{3Af+;6y&agx?-Lef`v^d|k6SpOg25mi4XNKM9L5$I=K%*Y)?M;-{ z*oR8AL>98L^30ZJex{e}&Z2=+F@Qz8nV6uN8>ZpHHG z8R2`caL6Zx%B&j2V~)y$80SjZ$os7S=9Ou*OS$g;PT(1qWSi zi&^leOl1iorTS{){>Lpv8*9RUA=djmD+)H{uMM)6M*;M1Y!bKOdx9yveu z3;28p*jWNk^WluYM41wT&IdxD%(Kql%4+XCN!kqrLwjHS07AIe9}H;&$e}(i=4Op! z1Q&j1)4A73COZ&>V0u0wU((C+N(%l6obTWowbjeW5hcrFV&<;$%KuD{(TUR~f+4La zx_E*Vv$Tf}q>RrQ)=sz5L;2(MX-}`HF`-xbW+a9OWmm z*5lzIBYO_V1G81g&ZL{@45k0Bca)U{gQ`|{%^@$o0LSxOWx+U@joQ>3Uv~Wu)X)s#JuF%QD){Z@s##kMH`I7VdbHp;mhO3c${4yBmaao2PkWi zlu;yw^-h_WUd?H?^wc-&>H?Fuvxx9vROD;$;+)WG-%9?X!kc+^a_j{yyMbccnk` z>06&d9bdJXMz;u?j%d=T+2{DT{Zs7+tUB1VdIkUX#U1x|hoh(tNQm_JY}G%PmOW}H z0;X;*i-Sz9AZp05FiGJ9lg40F2GEtkaQ+a>;@9VfJ~G;htlOiv@Bm zK?j0*3dEE-73SD`A@J0Isa&gc|7V3wHW-@6C0P76a8M+9L8YY}bYr>{Q{f0#1P4y% z$=6126UVqxgrB5cwGXXFHKZZxxQzK}D8WtC38q#C)*b#;hOuI`4K8YlT`)q+&Ly*X0 z1T@V`4<>d-Gc8@kxowwL11`vC!H=TGR0}4e5ewb0CT1^?qRYNQLHl2e;1I+_d@8N9 z8@WC)JC7>RoS)R0QVkraTl^b6JHYFFT{pEz&3q*IA&i-lE^8|D*8`oRN7xAUXxQL^j5!@;L^f0`t`R=NT< z3)O?~R4(j_p#u$>kW>x3I(R-)HxpS_B-aw66L7MWjt=fb)bw8BoMM?Z%P>(!%~EIo zP1m}Y?e0WX%7drWQ3)>#y~B74qf$H&qVm7_k#MiT0P%xY2);ypr1zkEQx z^o`$Mxu&%~5SfQBpR~S~nNkQ15Dmqgm?K*jRoc&Xy$9%JGYNfKC)`{i8mFX$ z@`URsn83$`(*ct=5?^3s#C)>9eAe?x$(usy`9pqTxU8s>`yJ~=H+s_$wnut2HIt+YUQ9Yps8liJ-Jd6z3P7WH9v)qoTYzTbB(&=v++3I6@(Y0 zpJg7wvrBa@k^CYZ)9M)|`HwSN%a|HBhIu2wI}!Z}{-6QUX2Vu9muLfIi%*`$Mjp1<=kJ@f zG~44z`^z08rdD#ZEYk@PB~4UuCN}10`lh|O{g1OmLVBWD+eQG?o9UCGd|1<5n> zZ{H@#^u`MQn|p)Jba`g*pdQw$n5$-W*90~Kc&Q89JM+H4?^`+ft_Y*}gWCWDH5irS z@FS~Wn4>rxp%*+IcO@LTCk^7)Ugnx5PK^RV33(ANZr^n&bE!A9yWYt2rXj}xyy#M>6!f3cw0WSD5K_wO?K!+QY$ z@%#X))D}H9v)by7%tFaT_e;5xzU5q~2*W_R2`2^SrT!8g4YsXjaJGS=f+Jm~tkm3w zu1>(aTH?&b>bs)wg*oUN|+=4TL~k&QK7w_)48~ zGp6t66TlXHaP$a*+;EG$s0FF_ko~%(HKn$-S9*;C-BHORmhlMGk2xn;=&C1~=El#9 z%x_}A0N{e2$x2~@VkdXfzO~ywT@xx7Zu>U$e47Mxef`s3k*~`FUKqP&dY%tVZvmg) zca&8g@45z(YYWg>k;J#3houv7xb_?jX+Y24>2k8)PsbcZ@(fDalM?PXq=apeON+j3 zbwrqn$9cI6pPN7XGO-Ze5ub{C1iLz*=&DO0eF6V3YZsl$#Pb?QAY32yk#)PO z!-rIjBqux<7wrTNa9tOt4v@|1Evyn00 zER#avwopo)`F7PWvDvoud6!2!_LgOo&7L0cTTlCw?5`UKIm3<4|h^-PDU+&b%51&mcRh2>BP8L-LzV zRjCb56w|3Je=3q>9)?<~hsrOe%NzSBGsnCR=4zo2;N{w;66I)s%WuWp8QPsk4nD6; z^Acp7b9hxKv|85MaBz16PRF$E!M@%+WkT$1JQ|s(k1{vVO{Fknp!i-;im^aEXv2LX zRkL@)l>H}AC}GV-n`F>EppbEJm+mv|#!$O_Z?Yj{6~9{UdU%ACrpPI%fSj_%$Y#8* zu-JrOnmfzY`@^b>n=#i1sA;1DmT?`=F>diPM0~%wewH(1DDc?s7fuB@UlME$b3qcI z2w_=U1lZDK7TPnTEY1;*)OUz3b%w^zjI<3UK=ca0DlviL$-8kgm9wPPUSN_LW z&y$vOrhzy+EER$`>?;UJo+#(F6MBVG@X{Ogvow3OdMHV%Dy%B;?&E*f{`ubKU`8dF&ALzdMCdyBN?1-$=wN6tp9rY zdO`W}6^5Y8*VWqJ(5U3X$y+$Sb052|QmMAab9q0Vtqq*7@Wbsf?$;_?NH@u+2GlCZWIE+PqT+^e6C~7Gxj+ zL3<&np=Fs&rw<3OA zJ4pzo{1}^Io;S?#_fW{U@EsIo@we8RlW*o;`paZ+;gs!|(XUmtAgO5+AuGaPIZDDR z?mP9a6)y1E8Q2e5$W9(ps|8AELgZn*@91LmPgvMbi!TLT_6(esidVHMtMwT zr^~0GOs;{W+vNl++dQtiiQ{kLq4*)1Xsh5l++H>}mCj{9*qIoMPx8;$MCBemr^5ak z+&=9@hS%*~4dl{E2|J~jLgEMGHy;Wr9nLE5v5LtpWNXfHadGx9#RZOD(Svk%) zez55~uMddyltUFBi?I>kUT?C&fn=RZthr5}RA=Ro9j4T=X5`hVH#0!&jL1^)@icPi z>{yifBSM*Xbj}|!XCiz!YmU^3U1aI;fUfNKjt^tX``5&YX(BjYFEeR+g?G~%Mj$mr zy*7MQc4LD;=EW&o7h@(1dWi0CO5i?3`EmJ!%mOV0(*X6&)h(kOqW<*>TP%#0;AtJ{qw%|0AuJSc8||BZwJerqA!=mGl@^GyGfEBb9bW|>z7vp`f55FBysN|p(cnYAa3*=->K|$?VT<7 z96WqEhdAbra>2=l^IQ6%azVI1SG;V-w>^7s@;~D9q=KDGZ85Gk=(L5gJ1+7bxXqcS zi30seE$nM2g$r0H9|UG3*IL$_i*T6Q;M|P#R%&fadr9cJBdEA74w1ctKLIcoay zdW+{25tRqYiUdrl_WVuwBLCH}50Z8i@14!(B1(I?UAdlYulQZUrKXuAvu7n2=MO%U zTy?b!A(+#4zt)9`uTY||Mb`*X?6VKoJ&@J;^-}?hZQINF{2!;0^E0}O&W*6Vv*K*- zGzkuqcnC^968YUH`_V+;peO>5BHCgrb%qO@_AQ8zNnL9OSlqe6W~&lKY*wiggCsN? zZ!yj}Y^MiL+pdEm#H<<8uKfwk?MG4m74XMCS(J$DLIy}jI?f6GQC!}IFvHM&Igex! z<60O6+u&zV@o>xs{e;~z@e_p^#NI-^I$SjLlu6a@@YTIowsf}OKLjSEI5^Trg#ZOo0x*UfS>|s^mre5dzF1(UmgT53Zxlzim z+camC+Egk>PsU5^{d1RlK)(sr>?lBQ{He{z68;Jmlc~%3oH4SESrTVpB$qLV%uRDd z1DE21R+**2J2t=NKg`|!ORvJ#PL37}FNygxNl~--*`4fuc>6*dXN6?$f>ix_et=pi zq7HseV$TOv%q*;i!jN9-c!tv*e(1X$Qt9?8B_f0J*EsAf2-0I&_+F;>?u*ead-$#^ z1{-LyH0M)8&MVVk)6dj~J%12r{Lff_4QXp04ah%R#f`qU_La3pO5IuQJ&tsB4B*)e z#&xMP1bs`ETl~o}Tk|mVi?+@x-h*T!kf$iR+z<&gXfOV=1^BNN{uXErEB@m&@#$y0fHXr|d^0+OH^^&Zc-O#}xfBE0 znRKMM{gFvXR;h0yzfG?c-z3Vl_2WOy?STIApQ$n>w#HcS@TVZ-ftA~t<>3R&;V>=Q zx*VEVzSzUY!JR>w{o{~>eP7|%cZvTGU+)xTS%Y=$rfu7{ZQHhO+qP}nwoz$2v(k2@ z_1D`G{hjF35q+_5*WDiTnPbg0Mr+lg^G=_!_-Id0ER#;d(cscWU-~bMD(W2ygC-HV zG&kvai{&*X0xIFR#b}5lbUXUVbq7;#VfiS;CJIqg@7CtH$-R+P2_}@)0Q&Q@?D?;Z z^}p-4%^F}64!^C~a1QR7%*)4sd;aj-_gs|a>NA$sJ_%!y;Cvz3eBp@S6@Cs;Rm}V+ zdb?dbua0iIj$|gA#BiW!hozJN)rrMg3PPg#-z;sOIGSG?ol(rgd%9wOh87>17ObpK zq-!C;bs;&(I8W0DJ3_2O$>iZfwxU7re*5K}z!p?1Rd04VZKl?;RBu+v_*Z>J1rj0d za+_InsDofr2oSgp3Zx^KNhQ~C!%gZ&M??NV$5+zBOP^VJGfS<&mv#_)(?u`2(gy0~ zZ+zFeUCMbtzh{dBcUbpO{a*Ep?PmI;K`UfzBBQb*t>%7uKKLU36McA)@{LoHv3W>e z0H3rn#666A2Gwh$u(`UASuxc!-d_*EUYlz;2TbfW|1dtvUc+41R>yu{vPnB1ej7(* zFVKScTLg&M)}RGxC;IZHmkSd$&!o3A5&RpFC`0=O^Fi#(Dl!cSd)PQOBhR(njWzS!o;enQgjYN1Xh6C)kQ>o zhi^Q|OLSiZ7vn=;!#B5HmU)_cFm~PDkE|J0hP=6gNHHdLb{L;TVjm zysB!qN*T5sHNP&rHgReu+~R<*)^eh{Pdo;V52m?u2|Y8%7wgi_oq2`c1PQGA^W)PGwXY%l!7{33q|{eLk3;=h<5>A#sjT=O61Z~p)CX8!Nn zQ=h8;nO98k5Az3r{3r8=YyO-0A<6%f`R&D1ITn@Y&x8pcsknXrrj$rLE6;;5_d!Xi zt-Se9G1ngton|c;PDrA>Qa&T|OzN7-%!hczJ+r#lwd3X!L#55}i{-S}0O`4|j{!ZvHS_Cs6us0o7@qyv zsEa#BwI^BcJ|pEKi?}KUx-ZdxR8F{Rrw0of?KMFL_fsu_U6Y1?Vm!rYD_hg#-|*3A zjI%?}9g8`|>KjC_m3=NkR|_MYY~N^aYE7tD$BJpjdQV7Aj{hMZz~H5O1(!9DI2)K( zjx^-U9N9#(XcW4tWP0K+mMspfDy~5 zSy2%T9evnwA6gr2T7}IvTlClh=_1(_-RpvFLc-+aSZ$78KI7$5YKe$l>?0a0lU(mY z*&-67i2T?H#R;JjPe##0W?e$rE(|g4!+ZeOoSvc)ecF!hoU>IepxDlBH&fr3XO$st zM>~6-eal7MFUykytq{}FCG$Ic<@NVM`a~j1@YTq+ zI5$d*iBQ6+iJa-51M{nH2V%TyAFT(SETneZn9)Yf3C|14A|W*+y8?S+PCvvgwOt4{&&(^CCS zw^B|`o^*otbV3yD5)n(n(s7HC#EFPH8xF{^pVFI^a@xb4>x}~+-`LJWvpY3Kg0RvO)5)B&s$>RehTP6N~c@0oPl^#jAQC z*QzTPsr!+v&Q1H zS`An!lC9#!7N1i&rOVHPru@RDD{PH~q?sFzuJcAz=v!0}?G+q6<*x-rw4`f=dP{un zB`{{+jlm0xz>h4iqj}A0PFJa6kC)a`7l7B(3b*ytrC@6#94c2}go>6_DZlzc(F3M5 zpZn%^@40;AQkjH{KVR8*Wx%@4c%=jeO8Hu9(G5gx6gv-4tmQa1fH88S{rS3P03pTSfHJ?;u-BS{S%n;_-m+^%py$oo8U5_af#aWLxq2r(^~A zs;Dm{WbzjEpz2aQRb!wAkv5XzgJ1V5IE58MVRGJ25d$;XmiD>hcX8?#KP9+eOs|VBxA(ZMm!3i5E$jcnmc5!Is9vXJixo{v$rjk;PW^uiLIxefMpyNyWVQV zx#f1=Xg8X4GF^&&zBtP-X&>T35mkJ3BC_cS7>EuV@LOs1m?5zlIJ{jtTyYdXHjbq+H1p#!M0Iij5QFT=wNz3nL{c9bJxM>+e3d^)MkE zQkuDyj8KRh@RyG0X!)Jbg^3;goQ{>NA+ph&dh%*KSKtM<5lj& za_lD&sWne>8&u?`%nE+ZYTWPO&;B~>d76Z%wCCcn5Z`LQTsG10QF1XQvP18I}43Eab)o7 z=%QnClq*Wz_ph{DkyzBN8dv3Fs6zPj#nebZ4#yPeB}P#l8DIEh}FW zPx8_1{sEgv7^1sL!Q%8pRm*^?T#b`+Qod4~M0HDKKXWFA3AmFtlW)t-;kHT`ap4oa z+_$J+#5Hm_aDZ272uz94DRNgn*Q5<9Npd;tMP959JA}-|r`(*Q?La^3{m?c#=C1~j z^YK3J2d1s1GK}`~eKFM$9xaQ)USgTlBWb^)+HiT~5@fNJzw^M?vlE7ud3@JXVNVcm zlcl*UW*l8B_Ztd$)c=^>QrL>Z5rG>Th?E$ub3I{?RWcK={!OSXGKski$O+~XTc2+~ zNywr{9Xg@RN^T7i;=gTN!ule@iwC{@E}9=B^ zG}+~NHho3*ewy8?wy#3_=zQE-9F8@v@Ob6E-ja=frQ`+CByT(QxtDF`b|&5PoQP|p zA1T!%Z{a@f+SyW{F+L{}nswv@IS&T=o`&PHf#wkXg9RpqHGt9u2%veu4fXj1UKaau zatwlZ({0nNL~&>r<8G!*#I*d%Rwm$w$oZ1KTo5h+nN5CSNAh98M|Y+yECmcLZp$we^j`$$% z!DmgHmj`7Ut$x4Lj69~93HrFDXXg}g6^@OoF{XYPsNa`c6k(=^FFciDs}pq?bBbc) zl1lMwAs0IljWZOR-MhA$WH;UtmcC3O_bmJX1ri9XPV9R zcN}Xtoq;2icwy%u18FC^mj=_ZUuBLD`< zBjH*XBh)HFlod7g0b0M1656}vTNzbR~Bq;1TXBKH+ z(de;?Wt#Pnom&E7l|4_q4XSm`?Za}Xa^s)X1){g+#Y_>@Lrm7Aikre|{Rd2uSWObR zJKi>0ht!eD-F1+HDh4w%1&^cdi~Qu)^yXg#-xL$d3QbyWiW^JJp1x^n&t;bps+bJUK&!>MF*y7kHq2Bt8VxrqD{%c@y_ z0+HJjgX|^wnvb#$es2Unel6ioj?&OT13GqLl+J(sjAwdXp9Dt<7Krx?G5kifX6kvJ zmE*$hzg~9wP~bYs1KW&qNt0ytP!Mtdty{rD#JBd1OiVnh*sr43x2O}xYEzp-Q zW01qR(n8qG{93~mwAio^iEHDAw>2EibnTs+>Q1a=6MfhDi0jiPPFNhe(sysA-KBg^!o zW$jr9nwfZ1lJgCEtdI-s5}W0o zgj(&!R2LAW9&qpQwhF{Fo_C&wR>@j0unAjgpoDx(Rb4cxgA8 zghn9P1bKmMV`;!vV>d(3y)i zV-Qr_vtU<}y&~ld(IRA@R&huYnT%gu)vchV?MbQcXSYv<1lGUj)7)M9mYA$Z25rr< zSLa)WK?h8vn1wf(5@l9WWeux6k-o4^d8@;hd##-4Zqzex{5G)$X+5~Q_ppBgpYIci zMFk-XBVab^Hx!Zdel}15c2SncV%&q=+bFe?GnMg3uliyd1da<0a^%ntCgfL32*I~B zdIlB|VL5zn8ZU-w=jYlClmzJHje|BIvr29;%sSUcqh%04vUZ+leEtX3ksyb9%jdqA zn06>x+7!bg=WY0hI}V%Mgg?8|G=CJz#|r3G#w-C!DDVWoi}X-`2xQgw!Uk+PNFzk- zYsgU5a@4i@o~}s__xFa%bop>OpLsRYn$Y^0pz%7v@S@DTsEI;g=NmQe~fNUOa%B+aXjh=7a#O&Ef@u3N+a?KIz2zNA5v4i z+Q^8QedK3AR~g;p*dV?eqpllebbwesM5n&oBf@g=MVwP#R$;bF`hxUBa)@J?-NvH= zy3?HL?)MZO3O?Z^76mRsQmse|VZLHC)CcaQB4p(XN40KO5KM{l-t2L4iGvgcQpKgk z>qRV;4qXoUmXwKe7e>3j2L382ejnAs9Gf@&#OH%4e)KBv@=fXv980YK;S+ewDM#sfm zJiI7*4wn)LC}|# z`_xukLaP7e_z?{ET*zj6e|A4+7)^4Zo*Dm1O{%(QGHrFxR7l5YA_9iItp;IYxQ9a3 zeV+Pp00bX4-yJvRrYdY`@867z#%xRC=t_Gx79gMY(YlOR?yU~j@XY4@kO+_Pzt34}PxqYR@)HBdcNlobX7vG8R7%o4%*|Jg-O{EzaxH2$aZ zXDI$#`5Qj|Q~4`k3j(I==8eK*TS19`_!+9HyUSi!uk8mL5!rvgMs9q@SZd9gb7xAf zv~g3Es_ZKIRg~jF^UMcWuw#m}U_d^CyVDuYL(pDmdB0>8b!|7N+r(ET`Vg-?yQH^F zJYQSiqn!F#N<8M~Xgu&5B$rin-IrO085CZv5N%77h#p7*UtJaB;rjUlvCu6nB&Kxo zEY!a)Hj^c5I5O)}UUg|MDQICbx796HaUa+hYq3bWn-xGl|D?*=NN|*|ipiX=-wWAn zo(51pyf|-3Rj{+qD#?dZGZR8t<-VmAVw~FRaM8>Y*vWzNL$ReQ4At$Jw+hzYW{C}L zR%BbwmYS#b^Y4)lya<@32YSo@+FLAw?dO!5dq5`N=-fsWebvL!s_bBwGN3~F@o7@i z8G)O$KZdcyVzUMH!5GS{bR>lG5{Tmv24TX&L~JLx9qhO_cdakQ#o?saRXgeg$x#Bb zlxw?(Nlcb*&=^@75ET(XVt~BgMmciUc|{|&4|EK8nKn^8%h!eYK>Zy%U;%(xw{d|O z-yzu2`TOP0f4ync#gnn{-5#PxZQ*JPv4jm!@^vp0-W%XJ?rdi@1q}q+etRFf!LH zXWIzKQibr=*On?0Ohpq#4Q1dNJwn|ndAhIVV9@dc`#?J{Rui3wD9tVki}d zc0ydd$g!PoLE8c31k~EzfU{rE;`OCUhGtfY6cKeXUW0(@gpPj&J4fMb&xgLi*FY$Q^=nhvX z*7ru~^(N!Kxr@2e#JHz-o#77lQ!NsuD(q(7QkKb6N5qFH|D4w%ja@E|2Fl zCqk1;DXkq4+CuwjdbX^$qulZ}FdmY+BwONZ~u4a(=mJ zt}=UVU7#{?@aF0B&_iA+eoqPmZnK#0Qzxo~5`$bC+^k#&upU>=FO}33sTQO-@wQ}k zgJA^zQeCyx+cdE`%g|B)gq;ZO}Dz-R$*a;I?SBvjcX0!a# z2S7z(vTXv482OGm{7%2rP@I~F9ksj(bn}6&%6vHOv89L)Vsv1m0;EA17}95t+}Zt1nLDyXwh!Tds+rWsiu1&DIX_;`>8Oxk~W1^>E5;BZiX@8*_Uu%pXUdN z5_3pJpO`TxTl**&4|`uk=|lpR5d_OaK^bu%=a{JD)Esm++h(w!qvoCQiUW~*V$$_y zzX=taGV^Pi@q?Af*F})iKjSV6i7L$={mFe@+#8dtP`}%Y1!92eMcXi$Jw?9r`z*sC zO7G%mA;msQiU@#jPQE58%+Li&e*GgTbY@-v zOMGp`_FyFC6s``d0mdf!xjPMyaW&48a*6J5GN0?2t=ACgr{*690m8@uLL>Y7!_=mX zV-8UHh^I0leL4e-CaC0aT#xOT-3hp2S+vF(w<$K&^qSX)BsX2faXrN1ym7z9;xQJr zL2`vGk!)oBV@Y;i$>%b}39UUo#55yoJ*rf9nD*9zwyxduMZYrZ1pfl>#?zh)A1(M@z+5jMQBdMmw zjqa<1!_82auiIzfm;`_2TuUaFY7O_<-j`e|C~zt6R?&Wh_ll4P`gEB=v@8% zuqjTur8$tIG;*>T^fH_g?dJo$UkLdFW)7{Q2F|I`i}n`2=6w6 zsRq(~FxW(#K)CKvRZ#r-S}9LDQfg9B8cG#UIy@7WVln`f&NkkhAFi+_nc04f;DC-q z8r7en_w*i?of`ebS%?^Te}`qom(6Q9R@x@Y8;Rs3 zTAZ}>yV}fJx}kHXdkPdo@PSYzTK%aZYx66e)q+H$=h`NAy<8Ui;&JpJY^|g?Mz97R z1e_z-BrmP*z)~KBqkXp;`(*!Y{r%gkyXqd-$4Cz*as5w&C+}G z19rWlGwLhI9E&49nsaG5<_+>E2vb6+=K$Tka|Mw*fXN6~CWbVFVKFM^SVuxQvx73m^h z`6IzI+;ZMYQHqF3WE)@GmIlSD9o9H-X43#KAI61-ZJFVfj++&;B<@i$1ipTX^jnli zp)J1EYn?NsOSiMqIQhu24n%00vb8efhY9#XL!yS>(dJ?^Y@m~hgF1OU?lMuMF<=jN zO8a?M@kC!{7PIx$Prs78in6ueV+aZNMWuS;rXw!FcH0@!TdmsczOGivc9dWqlr(b- zW#I1i1Th7Sq!)T}o?$wJ(zY~J+c}YgtM}m(${_0{&6&Y5hI_#l& zUhtgg(>}I7@pi+pw@svAS8GWbZPAAmCHrl%v)t?RS1L1z-V?y37S_q7QxGP89x2DB zt*ILuufMIKviwU0{fK~=em!La(p6uMy+(5vTpF|_giI$^GvOpT88psFHPB|v9Y!sn zU!aud0tlQ_Bx3lTEprq8cHhhnawI}xu~N(iX58huKPHwCRgk6G=|fe`TpfJhw7Z<# zyI)*IinFm2zEm@c`JoHB(o~fmmC&w@Y~XG|5L2xQZPV~u(Hons0jF6#_+)yJ;KtaagOq=9v(p2x{cNN|LnE#O}+fb{wSxK0LE6jWNK9IVnW%k=wiDwVbTQM9)FX+k)fLXj zwXci~Y*=+U4T$c_SDomZbSV*x59dHLseSo)3kj{)>FB&I(L7T$x$_)@Vw*=aH=aP^ zt{DV@_9(>>HbjrN)Zif~VjgCUUIMhUvRDCgK97vYH2!{qOzmWwFkE>uK+yBA{9UXY z_)VFNz>v>RO)4TKUejOOA%YZG`)!YYqi%y3EEjpoW z5S7NxCfQzwzXc*PjnI7{_Fm>!>yC*b`r@MdT(1b?4sVbCGvaHtpiG%lVk7BJ)U6o4 z;h6KLA{9ED7;;tk`%x>}^g;un^zC=U#vmyf(m?Tp`DSBhkQRWR{<59C3*_Bm#(9#v)_4$5+uMR~r=6)mqEQ`z>K8gZ}axm=bPl0mtAQ;Q0XdMwk!roF;y zH>0>k<)jYscU-2V%u?o_WWl(sGSlK>RVT;%hFwKe!#c%iIKVHwfb{N0Ws5-a*rZrn zgH?!J^y)fDjY>}xG}Tuh>l?)5Pr!@Pwx)IpPTyB+Qp*UW2!r6@2^a*dTSmQf)OcA= z6vjknM#@yk46qN z`Q>2d7!tfv(iSf{*O0@MIWvrlfuS}DBuW}C&Bcr!{2*jV`?yq2ABF^g?~GYH&W*ag z6p}?``^CyoTB^CFpEW}A&dvx7vI4|BXyR40K==lUCVB`3Qy&YgTS3?&Z@H>~Xt0Y%Yd&eXep zT__SI{X58R+dMQDM)6*1ynF!*HgluXVkDz|PlDX$aOZc%a(hIrH=@x0I4MSdos|D^ z+q3*HS03TNUHMAMe_Z**&;N7fv;XGG-~IE%h=u=o&rkM`H{+%DpWaNR%)PxDw-FTl%c{@vL^1c{XtKoQmpM zeXsId?u|vbFb+9mEA@wQG>cW1$B1Pg3dLA)Rypqy{o1 zCR^(96=;1t4uZ0yk^!ws>U_C7YD<93&DHh38y-|7&PHisUH@jz#wgY<(9j>CWK~@= zfdTSWR#S0uxUf$P`ndRz?MeueraRb?C!N_Nc^Ng(&L(IRe~+>kLNIiRrqZ-5%$&|# z;)TJ6a?vh0;hAt<@%M6AP3|}++)2XtR`@aG&C6YegMl9pNCX}kOY<4Tkx-5L1!EGI zILkP5S1Tlb9~4yn0;LbE%62NuIZS(7RsF0&VJ}v5c7@u{8aO{DU3+TKjAHybx@1nN z16yQ_w&#I{ktJJ}Td{sDftgx@X?te442!eOdc*!MjSOY_qQ~^tB?ey2RwlgUc<-egfoS z=sFN4AWsylE7^$IVS}*4!xdg-YE5}W=1P7L?IxPc2D-k|y@)!4n7FGV?<~KCZs!T& zR<`BcP&nH)#fqPO&B-zPCNO@%fuZ`QlFUx3P9FP*quOPB*@ieHhGx33{sZ35 ztZKmlgaucpyIkvCgoY|&$SGmu0q`wRsSbgoCB#wp&s110dQy%{1!AcuT7E?pI?_ zDU!hFe#4R3*2h(tNGuGQs3GXb^8PCcjjeYvG5aV0V6!O5*GvsmaB=@m0o9u`R6V{#G_8aH-L#iDn5dfE{0v8FkcBm&$K^T3mxOf*zj|Nuxw@**K0#}aOmSv z+3PYX1dSU*HJcHVwf({ZO9KH5*5e@hZ-}LvW zWf<4Je6`i9r!Gi2X)LTDr`$*@XY2y9%4HCv+y3SjOMl-M;OSo=T3m`TM1otX5u0z7 zl#t$WWyJd0kQQZUKtnGfJsTiy+S=6Q;R%(#69*-r=d^Fe4LxMq)*5}Nx|+W<&Xd4? z5TY04lU`L6mI0^3GKh94wlqAXgFHcIU%#_CrhR#J>+JsBH~8+id;~AlcZsCA(Y_Y> zg)@%YbGTl?fA529ddJwquHviWgk4JD8WAe&nW<2ABOKglKPc}(x3mBt_NfN_G*x$p zYSO%MqI(kp)nFut!H-R9NGW`NxEjP~f3f#mI0Wons;i5d-psy?5=Ge8MMQD`B9$UI z^cv$T2Yj{^%i%3T|K_Sr3qTf*lGZz|s1^FAvtao^dgych(~|w?wK2vd76L- z?o7H^&u=0Bt0`k~H4!%b;HkJdAyK@I+!97Oag4rrO#LjOnyrUF1R}rFxv3`7vzs9( zWlHbDtD3B)18{Lh&?U4W}VZfDx`R3bF@<0aFrmIDl-dkXvykh+kdd~L}r$W*?R>O#x z!xc3xj%#hmS`Sv+u_)Nw-9qPrb#gZl?ZJGQCLb1fNxxfb9&alpjq2@bS5d0PEM2KB zASJrI5hopW{{4l{+(YA{KB1sRS?)wM%-o)t0k_mu-YA>IJa~P%5O3mVNUgZAdZzS` zx3W$kDX?YE0{S*Y`!t$DFVb>x4CGqtx9VD8yY~#vrOo+FCC2m8#t|>3htS-;PaJ5* z3LrQR&S@Mu=yGtH;w>8%G4M5c%*9Y~$Rvx#_SxC<)SuN}hLm&g_=$NQZh@QN(Hxv2 z3d-hA!B*Xuo4ayHTf0~Lc$ECc#V&{;EKrgK0Edw{xvIeQhYPbx*{cX&B?3WT-W=vA z6s!np{!p93;5pb1jH;t)m@~^b{MOu1!*8TGp#YG#f@;8gmfl>+dwTl6j6r;Gsq+nC zM5&8xDr==w^mqyDsFFnzY8l~|3FwHWaLqgkl|Rhf<0D2TIHk+Ylf0)K@Dl|vn?O%6 z(6{l+##fvpU>;)qZ^uy?8P+8?ZK1H9?R)#*#;R$&<^kQY-eZ!eI`QCIt z#VYA?QAxKiwm*wqHrmko*MMeznS^OPClnN=q>t6R9nX%hr(`-^;^q3*rnxg6+KNY9 z25taK%+XbInt75mgHkO5?5CZ;%5$s@8w_Ecx&$WUI*CVc;-Ng4*~>3lDQiqa@45oE zE&hQQCsp=%OonhSajylmMF%y=IXVmkzj(NOc=LlwK6%$~FAMgsy?I*j^I>fY;kmY| zJU8DW{7B)Vgq=a;biRreHIs;KHp?%*^r)U_k|Uc(Mkd35j>VETgq;ORhCgvM`wI_0 zYNX+;V)%ov$Z;ijit7~SuCRv6y`F)*%!q|dX?jcFOsK+z+_a*!Mk{OST&AGu?NSI* zxHJ5n+4hjy z4`G7PxH$OwdI+|^b5-2i7XCIur@4&aA`;yl>K=*ZL`ZPTwH?;}L+Ckw3H^UC|H{9Z zAO63Yza{e@<`1j+Z|0w0{GZHE@h|3A`A_C=$^19-TMYgu^Vc{En{BejV{VBEF6Vtb zjp9f>0eFMa?K@Z=&jXt4+&uzj_#qLNzrvz(6xMc=uY= zSr|3_#H7Xg=pyp+xg5;_Wvv4Jsix==4O)(Yu~x@T1E@nMzwf5e-jwS^!C)kuBBFhd zhP@x%Xle*+WOI}I^(quNitkJa!8A-=@_As^!#o5ZPD_gaZX4)uB};%!PpbE#VgMbG z3M^iC(4$V-b~;dK6}yGbDviqH%XWE46CNkMN?2fx`nJzfsd<}L|J(&-*yV4QzMx%D zJ|%*`&Jk7^@jhb&>_4l97l z{Z*PxLprU|0f*9%1$_a=#*WJ6M{uX4)HJ9}>)~{uQFc&jUa2|Y7dWu*yKoY$dxy+% z??5g3J%g`Jr&H_u$JY?CyMM&-wn5zv&JtR&C1@vRK#j-~z}#71lAq7tCE5`rQQPXf zwQ=Ft-iU#j-h7=4mFbhFVZJ(v1@cXP5h>B=GQ8VIJfFUO&zuk9KnK!-HoBv{UKdujB)F;5Xy(yk;YO`TGvU z7r)Zl<GmA59xOB>ZFheKG@bLf`EnPF zuJ)kBi~KfY(jfb-kk2k+?a z@YiQ4Rxvxe{lmG$+kWNW__LCAcw9l!#)qF|(}b}m2?hEvH^1K}($lsV>?7UtV5Dk4 zQO%+OKR7@zc?V8H-~}6d6#Kc^mPKIVyuXjy1C{uc=t$M;^%GI?2|1J8$az`)naIv= z3^SQq2mm6Wkn#&&tc}E=L$Z@`lcuW*tW7S1T_I6$u>>q-#3~!RIrvUItsS8+#W1Q< zkiH5Cv-eNYZx!x=ybI|8CR(wtGKtGp6nNk<6Uwq77DsHgZSbx9Bd`nxt}7_t+Cq9; zr#pwRuH9g4&u2M^3v%u5Ku@G5-k3HWMu+~px-l~)X4k7edM)lEfg%@{dtKuUjP<2J zPNFw4ED=pfDMEH?Il%1%*9=;7S!3s@LVoO|@GTB`$ZPFb@$U_Jj-M|gMPT2t&vJN9 ztMf{gs#~14rc?;;vyb*gLo@3+#h*$|O~kpX{rW1R*o^Q@)=@Q&61BJ#SDd#DxV;&{ zokA>1eO|h+ad7-a8ZW;VG?FR2y4oi_w7!Sv-mB3nob_{}RMETACf z;eJQT>iPm-eh58onO9w56J~=|WV{X9fWgxR!kWV5hk;#e2wPjZZ)BB6!tIVE!cK{c zo79iWyJEjU1_q7CJ%2kW_k~I1s0q|*(w8^?*r%wr(*8}vtCM{d*mP_Ef2zQ*9$tR}qvGMqm zKF3wj6rVi?3j=qYDOX%0MriBbJa1{4Q7e5|I5YG|?1*t38Ke5yk8VGYo>Y!t(ArMA z2I~E6kKNwqtwF<>K7VU|vUgivYhFDCw;mb5A!R(g(2BjAy>br%#KeoIMbYH-*xtPa zHfzH6`uav*cQjv;c0EmZ`g1OUB5}^pi1T88;rQ_m+9XUI{p^;(rKo7N!mCy~YNABe zDo*41XP*Rx4rTW?wp~P>Oi2j|Z;vY*qe(R`^>&U{sq5z(VHqVjbNHXet*iUHl5#6Q z6m~eMnN0!voJw&AzV`*W_3JPp1%tBrPke+5jjhFDIhirJ37tJh`hgH#kZT4 zrXA!ELOJK3Px_QE=zT=6d_Dmp4fDxg#}iPm;@rW&g?GX&DfNUlj_?=1HrCTe{oSt$ zBh>o^V_%E_b~UDc2teM!ze_&4Sd>*XZ@82OKjKV;=Jn5n>v2R97ExEEx{f_wbYFB$D{BOoqrsm z{__dcoNl>mq%qTYhv(bJ#wLrH7-!(%qvVoCID`qq?{Z*n1?&jq^`Tm_B-z_(m5Kv9 zslQXZ^6p5j-1idUKJ(Ul@H(Wa9o$#`i-#ftlpt$#gW_3e9mY>#b*dR$4{*8;xI3x0^k*j#z;yx2oD8R%?N}PD2C_lq(5JEaA=v; zzpU1Wl%$2NLk4)aPWQ+8w|7iY%z-FmGzQh`h&J_8sp6AKhldJqU&kvNhrhgv%wa%4 zS9_5ht_2}OzqaRewO!($7_Px&uM$xV698~A`_LOPx^s(N`_gMwZ*=JeT;x4&nRG71wGBPAZ2U}Jfe~M)vOY9X7(6TNqWY&{I2;Vh+LF;sx=`+Z4@gh z8>^WBbsx>D=spU=w+DbyqJq175x6iv$~Sd6um*cb`s1pRi$_KMOKG+6moMq%5_o8Sl(N|L!AJ`%fWUAY1lK00?ikD2B zOTeOE8oT(TQQqIEb5I$vMxm@~2S3afqrvK5wvjgOr~F&%V`K0mA@ktmKy5^4nt`9v zxl7Y#q(I+R>jby7-eXK6*7f7UaMcG4)q~?&RhPs2f9*pE;UTz|8=4!29pwWJ;U-8l zn7<_xqO-c;52SQtoX54M{3z2wTud-QicF8#0VA);7r8~qgkH0%;@}N_$qfxh;yB7J zMo9KGx}~`=apLEX-Uvt#4mOUroG(Y_8BH6!GwUa7~nMiULi;ETQbR14|FsDyBz0lvI#z zGw)CC?Ixh*gB;TMQYMMJy3>+tQs>1N7c3;`+#wx2FtUGoAW+nGNq6?cek@Zkr_G!V zCU&A4LUG{@bEkO)16;`vCtuARR3arrT=99{_}q`Kk50unI9PT@AZ8at_d=e15XnjzB*D8 z)z)%^g)omy2!*5T*)SvWtPYqLi#nBZ$(`D0dE1qEQ2r1fSnOUm0lP|>-1Zk5FmyyY zlVZvpUeb3LNK0vI384d}9uK9$h&a~z7u6?}bR+VaX=yAd@|YXh&lXP_wj?)8Y9CO? zphi^-ScctPs4h9Gd$L`IRohyP=(VwA`#11+YwshEYOm<;wV~yyeqcc`kyN($gtBGG zpqI-Gn7rJeKSO%5($?4TL*d>dU?ca>>zA;D06igb`V~4BnMz*)5_--mo!OUzZM>+IFxZietfG%KW zWg)Oui#3Z72MWJo$5oPGx)HyV4?O&7y%DLvU}s4NSq64X*|>ME1=S`mEXpe2tD$x2 ztj{$tP=$0cqeFzvtw z(5ex@1HwK_VYgy()99PgZZv}oV>MyByh|A?Ao7I$O~?5>daTcU6)&xC^f6)q+#!d3 zz@#;1eM-|1o>0;^+!}WzWEHDxD`}2uhmpo-VrkuV+2ovEy;GS0U)f=R)iNJ2=wQ6f z9(PQ{WSRXO{%|*7)a&-Q=1jTm(49YVHye7HWiE;9z?mS8Jeb}MX46{W8R$IjI#&Mb zAT-l&8i8x;KZ7}(t5qK{r7x0^-u#JwWEWjFVpM<;O^T~S`3_T?D(;>e zPh+(kO~?K9n^==sW(52tozHQ?Tf*ipZFlTU)#W(Kt{jPV05Gc_wzSR&KLIUgiIDqG zMyf|B8@T61#Kh6sSPfevj7mEZeEkWmV)0mEiRN~7jne4h%+b8OkI1Xg6NaD0t6h!^ zT|=U=6x0~dvQ&_|AUP{3h!}!%hVRiqS-rJmJS4w=zBqJTEcw@qw- z6&;uNT%==VXl7^>4&+!kz~?<>Ju05mwz6g>`H$Y!tC@9ZK+9r36yw1c^;|FSHsbv1 z6tmw_O*6Dg)jzhNR2EgnqdUjUkBq(@ut`EZ8W1G6!jeU2ij&$?)BV;hRhOkb=GpiK z_6fA7Xb(6H)s0M<-wn=2zkcFamhBiJa!ctj_euzSDiT5mMrK>y{n2e)wK)qvZSwfa z4R1v<6>brM4Ev`&I}6X2su(<*WqM7!_8N|aain;44MZmNFDqv8C&@I|^$rpByCcV5 zD&6oVxVYGa3;>>VpK1eorVwIu|GtXWoGmlDK4UE$hOE=&W?zA-<{MhW5qXX|TxXWP z#Lrp1{yZpe?R7O~O>{dpZx40_FODe4SH} zVBNBA%eHOX?y_y$wr$&Hmu=g&ZC96#+y9PxPQ*StVn58+^*D2^F*EbScSskt*%@J} zlypWOLk##Seviw7WD`eJqaNdU8R@sJEE(n$BWhc9XbtDaZMoPv#nzUC2`R4acEWT+ zIir>6uPSFM+TT~GjxBcCkSslmoGk||##+EXVvei6xG6Vo{W~|`7fo<7@7&-|pjw8u z&d`LXTaMVG3kH6XqvAU}UNZuwaNDm`Nq-tu}x?8DvNk5A211w>9ijtZ5B3 zOwv4K6m$$=uxcC%Pvj(MkCLd3w{k33qChEf-~h7_S*_d0p<5k7?!6z&SIqC{%-Qpr z$9yamJSu6W*5Sllpc^cIP7Xs=C!Qu5Un0rl8KFSJRbAWqz3uYO5}{cY(m5*`;5UAI zbzjR?RUK~>UDi1hqBFfNHSY1F-$qO?N_r{$H7&r|jUKiW|7e`&z0CxQX8`)OQO1xa zl{;V&!75DoW_D+O9X!+-4J9O$u5wY84O-z6XV&dWXNV>}-QNs) z!_+G+4}+eRgVWmu=}pTn@CodTVtX&q%R+VrSSSwUNYzK|GPT??to9X%7Q>>y8S>)+ zAW@cgT2b*-Ic%!InnEPFC?8Jy6AsbWu*K4LRpTT?C zVjfHa8`Nkd&^=n_b}6-M=>V3^zo2JebjQ9E0S3+Iq!sp+q**&MD5yh*E|M|4SRo~! zy$*|^6m1;VsZQzxV$#SV7Be5=9vln<V!$s7K(mfQm#(B%|RPgd~O z4fzvVehMGVqc+{CsJOnqi-5{QK$r-nrPsLO zW0(-cO8~h=kpX~m*PEF;VEC~VH?!x7!nL+bCTVJ$bKctPWi;brWHwJ81HGj8i(heN z%tPM)q)cSi!4a#l@G3z1iV#(-c#hyfYnPs7ar{w@-T@%CNG%FN4+-%>4ZV(nChv)v z)=J@zvT?_~V^3y(tpoZv=4Dw`BO<@i&b#~cF8VTmqYbgXPKpLB+7#ZiD5rM6VtAK* z2&4k2t`W9Ia~u|FPCk-)g@tBurV#=;zL_=T(zjcnR#)}j-%XU z|Ef9+ajZvBAs0b z6`nJ`IS7yW)>UmQUM0VAYmrExw@8xPg_X(}f(NNrY&!2sEPBzR+hUa|STry^=$R>@ zoB>j`l5o4FAt=l38c{Y+iqvbJjU60Br9=Vvq@Hd4UPeR&DbPD_D>}-P`UiElCz9Xu zoB$H0&btVBL}xsnVW)S4Y^vQQDo!%UzHN59M*)|xD2r`KkXEaC*f2Qs*SGM~xfJPC z_e354l$f)#dW8~h7+igLkdQe6fFH6I35zboNARF(;;N+4HTqU@%0FE|34NN0ACjt%^EOG1#M<-GKHs(OnR=hu>{z>miYAp9BTiPibxmDSKbp(v#bNEu z08-}Z$M?^fi>yjB=zu1K9=5MUJS3OnsprV(?0a6GfyS2I#;!O-BU0`>CaRBpVMs#? z4iG51{Mq578tBzWxi|K+_SRFYo-OJ`bQ?)H)Lhh%p;E8`ck}WA2gwyHXBzvb@#^^Y zP)+rv{KosYmm~I_~B?B<9{$c*tzl8o@n1A(O%n$pY%s3p12vH$1mu!L{KCMn&a(mz{oRHWe z{%X&86)I^y=xERN1lMsnm7meHSCXe?y6Q8Tv?<;Y-c&!SZ`T|b2D9X>R?fWo*>J6$55Id8+gyA!v~Mr&}N zORGC+Y(?3#=j_G*%4M4 z^pSq_QfvlCG-qD{nq7dh-B&4P@swg`hLp$WA9g`(%Qf)W$d?a(j}eSFR@U~lnK*sU zKY9dCpWYFxE+6T8lf%o=mT`aA_ZYNzgChAoG0SotoDbyeuI)K`(Ke$HT~{>X-cTI# zt1@u}kcTm|`p~?p!q4uKxYSWUK4++P=KA7bsMq`8)6XLIOrZ*9-ah-L>@dHXPMvj9 zTI#z1GWUqCEpTqIvxt&`$@f%E*+yVJ$|}By537b|(D2DTnbNm)%@_rYX8m!(n_3F71jGT7?Vk76QF~ClF4RGB^uX_( z(|0;NC|@LLgHXfh2C>SX2WxWvdL4{@7Z)yel1U?omz#8SYOof?@g|K9de&UQ%vIZD zc1H4>0c^;O=@m`V`>iHn&bpjF1@@;Zc3N-Zmx(D;byEL+xQrQ&Xi7;A8zeVP-`?$N zp({u$&7FA|k6turEX&lq0pFeE>>h;ph!MiiMInc@VjT(ve8qruX->%s(|x48xTmEM z*0gwV3I#?tMyV;-QK~)hEd=l7;fEV!!n3F-OrFQm_`|p|2mbx8puQ1Hai~TE{cnXX z3al%I(mc%HE`9(G4>R1%w%KCn5Slax5f@5?sH$8te3RRF-^&y(JP+p(zm6m@H&DIU zC?}Ywzo9MHPoG474j%kf>oZ!fTdTaxE>Kb*@BqDSpnTcdxN{*KLRHf%nYsavGyB%P z#`A3&Ig2^Qk`qL^|G7*zO0lA8UqX z_yAZ1Jgpy07u}&s96fpDua|J%Ay?+&>YBZhI)HzsqB}(~3U@PM z&IH!*o6tbJ%BE?rC&VsV*bBsoyBx;darLJ?$wlivdX<7U-KzAl1xl()M@j;hD-GG0 zO9(vvy0=s`OBL5&jf$Ck-3G+DFWCsiHYo~y)37}wE6T2|Jr~vKMsN1|ff|wL$V4*! zr_USzm7FQFbBezCtfDXP9U zJgcNFu*^~6<;$OygE$s*&dxvMu^Hy?`EjBo?P&CSgr$G?ccHc1xjdA3P#1$nvFfyB zUt-uXHq{&cO?_t(GT{hVkz`7v@h?Sja(0oxs^oFjPQ^aSE-TSiu5lfP?n7Jae|bE`Ic znM_M?FXy6~8uL9BYK!sUSCS$|?$N+0u|3dceHLysT~la>f6-g`Xgkl~V=em&pd@B_lkY<`a89W_m>^MDa|H3f$fwz&^uOtGPMG zg+XT)o4H^lXRY)-YvAu`-WRs+CFC_oR8_lksm5LZWF0-ewBXP;_8 zp~t#vzI4}FR;ThQ&~c^niXb+>k^trPjGl_-8Hk8aZHha`6$y{Y9x12qv0^R7Kt8Yx zcErk}7r~AenlJN>^U;~mB2L`go~@~!t6La{kdEAK=K)Mhate|?@`sn;Ds|sWA(>=2GCuJhnFFC_<+$Do^I^u=eGmEXKe>B%CjjK-k0}r4fx1Mq z)Q}@HrrtU@l#Q~E9+)*fHpceeWz|(Nq;_4F^O0sqtjVxvnc)^(t*dYKIzGVB_#JjO zx-5w6R3`CB;j`)G6_t3u9pnN6o!2>(`TTxiW}yL?0g%ZSiE3ap^+#3I1I+8OG?&k_ z0c$L~H6elpCkO5}9o>#~W6U9#VjmFS^Q9csG)!lKuwq?J~noA?{iQU>-b^TGyLaB%Jmba+6R9ZW~Msa^mr3C05GDM(0mM$1E*)dGIJ2 z`H^oJfJ;~*|(8PYQAV5yB^z%F@ZqD$eKXXHRA;uwD!&3Un6*+k(dPwLZ4Gk zq?KyUQLebhrU;Zy^iQ~~*7-{uKNKYsHbR4K5vaJnCIk06zm2LPDsY(x#NoN;RAeYU zVL}LBd?hJh;u7yanW}n-Vb*gjXXaB1B?){IoL7YaGpL1bRI;;AI1=eG-I84te7;@R zjwB5)JDfqaDVpzE4t+uE3vXMY>v-Qj1nuejEB7rDbcY-qCN!x_h5wXTWk2?d;adwts#;p9CsQKUYsk zw|-Aw;Dgubs{8W&T90L~dL0IQmxh4a9e@Y@)h5kIghXxBz&W4~bTEJ8BS4i!r*e}t!)r4B#^c87=@tu3Gd2ri$b%AjkctnBmdZ%GL z*A|+pW5;T6qI?EGjd}B=5fr%fI8|?yQ+iEt3Hs*t(E$Kq-TnnL1Z#}bbf%{O8<@Vw ztsUzhh}}~JMK*-0?4ZGk;A>SFq5I}j80^3i$K3gKuZZTv)gu^gzmXFp~uTPQUP z61xN*6(&7Ao|b*sP(AvygCR60mEY3EY}b$sJqPndW3#s};YK~bLw9%8-hQRop=Cc# zgqXFkZ!2by+-QUg@Tec!)Q>|n$8Z~HLV1;`&bMD&R;37uI!ld9A~63Z!y^wo_|x7M z0Ya>6626^9jD(^ThbEwln3);)5&WUCq?9w}G)61O*IP&tc(kJz3ph_%bB!+Pia{tt z|92H3Q~a{Ii3aHKvz7fiq4oEQ8ZJIXfr1psB z*ZZb;o1b_GX5i?m_aYU*dzL4>?$SvR9oaxVFx1i)bg&Ltt&BmGOTSvF1S-%!d$LiL zEn#lDY>l_-!+SGp0uI2D_TF#mzHy$Ez&J#O#e({LWlUZ%U6D)$;_X~ z`}mB(_{!_wGuKAqiFK zF-;rr-fpN~Fl+Y!X!jHr3n2qA5Qfr10xDdNl{oeWi#Ll!x5jko)#iF-HbpMg_0Vt% zC!eW%BdUn}a<8ZY4iPG=7&O5O7)G&qS$x9D!BD|cY}LjZvDLRFSK>Gf%ImHv?Kfk} zv>t&Dw4-GqQW-K7-lBc>v#U3@)z_;AaCd!24t8Cz%6am+b^pN2S~(QduuKMI@0Vqp z#Gx1grx5L_eH{-{>dUeFZ7SVx8%ph7Le)C!S+g;hxj9&}+nhPOM%MTB*)TKz(I#vZ z1llPyTC8-#l1+%6m|jC6=GFDH zpnUmu9-JPqBeP9+vtuT?_8^TrAiuDNpEfEju*3Ap3+o4V4Y_BP#Q>8*e^h&)`aUUO z&{GWb<80d;kFQJ4m@xiB4FjA!V^_dkhqKje@6}7Z;K0^>^7!HQItrF0UUCCWCrc~= zuiHL;cZ#7t9IZFvn<78S=MgtaP7^|u$U_?7&Lwd5Nkx%4O#A@xtrkN*98N{SS=Qdf zQvy9m;>oIr%?p_N%1$9!4MX zc(B6NW*o1DIG`GW3n9|{8!|xn3GU53ahsuQ#jF27;_{b5x?U>U-3k;*)fuDNgHPuV zXX=Xd#uvEQTy;96WMOh{(s{Ae?EEDmj;c7ddoWZYmbgIF+$<30q-(kbhnP}>JlDtP zMa&}apV=PNhw_%%)3JqZgqa|~#TkS-B{HRUJmGZ!*@;2$2fUJ2_Q)$TvI|!Qx`FWD z1IJ-X&_r|M0Mj0Sd@4^7-RrM#H6B1FkhCiq$xb}w`XPlu6xaPe+zbIyQ1qhl5dCl| zrU?&4B{y1L?M-YBduFoVyO~}uor4_yF)4h1P0D|9Gi(2HGcf<@X0{mraWlIAKRNvG z%jy5R87}_+>SpNw#n$%_84t`gb>DJ6hrwZti9>!WoE!)NI8jp_^oRX1{HTc@FqU|iLa{iUt zZXh6tEhlFyZ(nSiPLAcsL}cr5GLxtZnv+m*P0y4x;!z|I}!^;A6}jQ)e}qn zhm_iQ#qBeEqGzGK02Zzfblzjl5-EleYsb zbS&?zL=i@+mjZXcd=o>`1?x z>KCL@E-uBm2E$1UmIie4S2SUy#Pv?BM(f1J5-6oTrs;6iX~N_B?}pZi!3;XWfkKrx zNEoI&I)vWbo!s5&p|zq^+~z9s){IU2RMh$^`9e zETJpWQz&&5?Vp=VzCv53DEJvf-1@F2!KX-7 zOpPq_FjN~Qr-eYUf+gws$}0boq}*5nlyemFNE=F2m>CW40>bw&1z zPYc(spuFxHBtAmnR}V#Xm6<4GB7_ zrqB>Y!!TQEa2BP$=M!jferg=pE4tVMj7d5=KDqe();u((yc#LpXp0~Xc;CzyKp+{$ z`L5IwiSmO{YPtpI`t7ACPJ-{~7;Ur9xLVez4G!j_olRydtUk)y(h^l;*o!dUb00kM zg;k|G_C_vP>U8MBIe0xsL132Q2?WEYlD}}^RCoP$`D9oZOwGN`e%%vQKQbPE$FijH zhj(;xxVR_M~KVAqk8~CE# z3*rf$oocTPju}z_x|gUtDDSDV@CBV?JGiYjT5hT?((b9hTFyDwE_bJ$*efPMD}kR} zHF$govI1XgPpVy|*c>g~XqR)ZJ}xG>@w-XLrrMgR)2EHwK{bSmu~G{zMdphU^$#~& zn#&2X;xHlxRBijC8zT;zVytd5l$b`J^ILSFr=+|^mhG(->K6Zz=UrgG8YQBiCIWIXnU|yi5neQZ}AyXQ)A+LXz5Op%(Wh3 zRQ9;?Nz5*M#uQexv@zD(ttO#{dIRJ#b)HAcCa#yaY|jcd+*hWIgIck_6Rcp!hbr9z z()*kiojXdgqW37<-{*fcl`iBq7jRq2(g?@b*CUJ#-m{n;FIF(ckm};!x5A(&_p&BG zgFta%tVQ9f48rT%e}@xb@zJsG(Y6i(@6Give#WTdL-8_eMQ4cGsBnP1IQomSgjG*C z4idFhuK0iwbMpv{sSA*V8l1EEzNQGnE+P^BV(iUR^@6w_tUvXs(c9thX}Q`n^WUf~ zeB{HaB}YpQ&X&YY24L#6b&CVQ*Z~7$ZCV!J>93g-Q1?^4GHXskk}YU}hzS^7$L!+5`~@97Kp}uY z4yuOuGcS~)JH>VZByX*=wK)Iloj9QZddyIw8mXt(WayD}$|V*#y*~_$*P|NN>rPk* zLoJT;3M>;lWnq+LIyaq?V(hyYt}-$?SuFw}Nt7V`6zLk-DsaW5Ox9@k(Hn=`m$K^26>lwaG{bQJxeEb-AGD~=t@$77;f65^f4HGHvIHq`rNldZ9JCR~_`SvM=I6wN z`l%X@6u24h?`i*=-~n-#8PtKbfUQTvY)~#zwy;ka`i&w($D{b!j8emwC8rCAiB>L> zt11}Lo2XrUp3^FftQ87)a!L9)YK*i+9nldD)d%C2@CFW0> zDBQkUqrw%=>LRHYcjIvR~h8=8jCJ+qqppX0}_w86r)|l zLh{MnxSXT*BPfpz_6q1om&23#O3lyg^B_g=5H1DCcVhkx<#PKikfzI~?@v=lqirMe zSArQf8VjTIqNgBHh=d(N1D+LKPZ}&8H%bx&$3pEgsvGICLPlf{1)JmA)aMBw+=N`m;fHrw?ocak~#4`9lCyQR}ZSTS^nAnv9gso@;VGXrzn+ zC%HXMD@8(t9OivtPyMXyd$j;+CND$)lDbpQmuQux)^D|jfUH#0EXmPa>8k|s^ez@) zM)BK7a*C*C0wg1mcsD!8_pp%zqN6Nzk*f*V$P|jtYfWVhq26OL8=MoyyJ;t0p$kQY zCoT>d;od+^kEltdEJ4$4&)ft2cTbdK-I_5(MAZv4Q1pBlp8!#ePK?ebjoGIMkpvHY zUxQD;i5uB{o7Gjj3uo}cg@p7bb&l8MhBfnh^Fqy_T{3C+A0b?uEFj+uAyEmEaNS+R z4%l=*Nfb-CK*_J+sDKmRnMY|b_F8VfGO!^CMVH3fBBewo2q=R0{U=galSKTbZ;Ru- zot|A@J^RvJ5XVn9BFdHVetA{XV205cI`rRSK0vAHgL|G-C#+p}xO|QLQ67(MYZjN~ z+0H5sqodB6)dLSNc1$m2SzBHV_dB4py>nzTwO}QcJq4@oc&(Tv)PVX!2l9Dy8|~}P zRtdd+zCdN84Bj3+t<5kpl$RZ(C*o%dAzdDRJw?>%%>}Pt{<+~3`s$T%j!7^dly#7} zLT4C&K*2y#*O=rco=&%J;(k!=cJ#_w>MNK07T5^;cK`weMoRvAHVroxpXVr}9C^~8 ze`72%r+O;|rK&a5oZPySHsd7Q@5F%;jicTKy8cAYKTpidreh&52T5e7wI575Y1w{w zp;LJ=uZk^;Exy30x_Xw=0ZyONqs}bZ1Y8j{RY#Zx3ECo zrD5Mt4s`1e`*RfdGT$UMMz9ruGa)$QIm?7|#kLFX2$NU5cN-05$k3q}uuD!goa8&m z=$=np9~tX~o?&6-k5iMYWp4j+>(gV_{PjMi!1LLFvp77Xo4I_bOLFW-6A6^4C1NRG zH7TvO7{cH^GgT>|-;R=ZWsZysUEi2mkKa=`C^MG4FYP|VpMF)+{91@^8{>U=ILG-( z@Rrusf33D;Y=t61Zd``+8W;5IGP8~uOob|NA4Lj3C%}J)0Ys0j)3rBdl==RCF(H&a z3~9t(~OEiERylo zu2c`AZyAF}lNLG>Eg_yV;3mHY2pzSsIz<^D6l5;Onje>s;Lb<+P5e~J`zaCDRF^G_ zd>$)oPg13s#vaKZ7J&$}pZqvPP;SJ8*e@dC?#Nt2@4Z8f1Pc!;%}U?dqyfB2g7DDW@Qj34P#Cr*SY0FjJ`w?8r(IN-h%eKT%S&!- zhuo!oj)gGg$5W=(k3K-_N4% zoNWv%rfiDm;5f$^x%B9S|{)DgL%+m;KwTEB(}PEF&{(U@-eX2F9^0b50o~!={gUmug$BCQ+aWvfl}q9gl7Du zgcrLmH^mQ(I}gFOJTD9uHTL*;&0@7}9y$Q1tU+5eL(D7CIWQ5H15krO_yi%|Q}u>Q zqD!b|d4;1I+ykqOzh4B5Nb5oT!AxMP_3}n>|xN1P>WMM~<4g9>Q+2JItF;ssXC<}i#wpHJ1;{{beYy6^PXGuaAP ziS)_0AY4-}ry$3y!mF{`7}fJ)V!W#>OobJ3p`H`GHf%*5Cz2|;H5ED%_){E~H!l;#k)F9j zva7I2G|d&2kXRDK%G)rQwq!aW@iEwJg6GB-gAEb9r3gl_mbdnl_6|GlQd&kMFr16^0|`()QR?_|VC z#XlkV<8+$a1I4Uyy_0t6qPs$l4J*XY#9*%Yiui1oV$Om&8q{w1pfOt_2_5A^3Tz;E zW5q=8ob5q%eQ@>gr{bPKX^{enVZ_WWo!L~Hr0a~<5F;0XR~@Lxsesj3lQ4VNaL`wD z9@kusL0wn3mndS<=8Z^PkfGEcGI7$jbYrZdthr7D`@%FugmJ4)sbYdtcBlYB4Ses?;4ou!!M&QB)3Rb6Fvr1ASB_LhZpvQg zF*sWH$YVzkA03QlRfyh3CZ4lZ{$0|M(6;bSr>d&6KZWcJHdJdl0WY)VV}*+Tdk#QX z(^ru{rj|He|{fUuv$J>BbsqE!-FgMUX8$4II5HNd2?{&um?3VEa>~Nl!GK>H@*%N zW0Tu9M=CAMXHP*WOv!v(b>ud7a0>_4D1KC<#t(62Xj1aY;;cC)#3?DQo&1+XQ(+OV zJYBOMiT8*e<=zGSrJtuchUP$Z&03^5Y{auZR9dVkL7PexVPSK+Ktjd7WC`o!)#J2f z#&$s*#FtlB``v_(I&5PLkm^utQP1HoaQI5BFNIsD;j~9vr?mh7|T3;gY`S8dCPcc!9GI!R4_N z=MhOoq_dKX>z(ZR2K&HkE;?(!BUl3It!F(?MVLdjWF8vXqFM+%T-Fw74A|>hY40>R zsy&YaZe1pHNbse&M0>b5NmPZD9y>EBJ8jXO8?35-)wE6H52ajiX{QB5J*ztK1i6CM z?_VPp=AT6u%Zh2SV-wlBPJ)>yw<0xzmc4sI3VLDo$HpFKEGvI`=(mtiPkfxRAWTnz z0x}3XS&}mQEp=uxjhP#4PVn+A?Hv09>Mc9Bi?V18WBT=jK=Xd-MMn zE5H6PD-ZpjR{nneA1g1e{GT0@RD%C?N{acPTH-13@3rK9{(ox8Z2G^~lBDcvrt(3Z zJE}a#R8UC=hzqPD66vi@$`y$&L-q*U%sZ-mOx1b8k2O7>yD$;`8h*CVv!rz~mR}1G zdOw_*1=)@QKxV|;rclHQ`n9OzngR0VbS#hzpv7u%<+g%vyOX${MR&VHh)g`)CvfUk zX=CwvwzCf#6MnhQ)H@LYto_0fO7`Ck1lHUdB{myIahXO^Sv~fe`aI*$Lt6^0L&lrY z%Ih4JjSrG6Qba|qI!D*}6ik*y_sRQ_2W$o}{Gz+`ExIJ$WWjquGOtl`o16c$5vWP9eIYw&~mWCzC z)ehwqF_&10c}+4+EPv8k46Mi(ppb7Ut(K07`4G!2)P4ZKUGT@DN~<_5$Rnh#d*gqh zSJ}hwCs>_{{DwI(%nj~pMkJy6#i0CX#hURZBREXAQ^yb5vA|0Ks{Z@s9ljn8DpqoS z&A@|e%LR1u7f_#{kaKF(R8k)zqjATKmK1E!`yaOgMOJ5;3BQpY+AX70*prjTAxPtt zHCb^T^xT#y+uD04E$PEmR3*mvdp+?@>MkL}SyDQMmN`e0JyS8*f@#XqXzI7#vW?h4 z?6CkVQ9r>u-=E~NvbiXsVeet08flX8!%dWDe_Bzo;43Sm)TsAEPIqJlS@#HY;0mt^ zo+&9(3_X|^;M&t}LdMWwRjQSpuETu{1^r;F2>^8RoLf3`lQi2f-%T%7$t?Ed*iPkA zT1~dDqM`a72LPEBk2NFbudfe+*=)D+SRSiC1xtHH1H=?)hf;lx5iF+ziL14J`-e|c z7okE=yQMxII8L$IWT^aX4D_!@HAVATKs8J9V<3BeS zOXD?C-3Kubt&N`(GlAKTrDi_hS-;`Ja)%k`bF-_>D1_NEHvRZCU%(L8JUJi_V6*(f z0=a(N$+Qu!_`SV@`c7bK)K9||SoBWo@7mi|r4S<*$Rdg`u`OV%^p7GP-n=~^? zo8-Bs8aWBRi*vG=dMu+HKEBEq8NZ<*dI}Vphzp~H9siRuh>j6&2vQN2^vI7F<}0pXnNR9v5o_6W zVDpbmPnkPH$48uqt6>6bBEp`af0)a_kW69UefPs|#s+*peeM_(Ds!cjeXBAqn^9ke zzP-w}m4nc=HNrQwwIcjw;rB}EkS?7<76+I-x5_~wajfX_Dam7*D(F-3PgC6(BHeCm zz<10%y|LS`s@FqY61lV8oM7(n05M(G>7|Ml&4(N%xeArrN>x=zfiiwUgW|w1Fg7;3 z-5ASrG1GFthmB~1&&b4yW#mh9S3SB)D8o^}Sg*Hr;N}P-uEP!!yPioTz(l_g4PH;C z(kpd_G4`BQ?(2M-Iw~K-{T!aZBajlXB)h=)B*D3S8PsX#!Y{WfZH`T z$J&c}IDseQy!zL>F8#gD89L#&Xu^fih3Z;fa7S#v`K%gNfbN3SrhJDUmX@{Ril!xP z*aL}tmb!VI%ieP#0fkI zn9UVe>auBdkiq5m$x|CKPDFTUXHlvPzY(D7eWg(;|ZZ8G~b|I$i zt|S6Gz4@3Uq%*N#yAp!)d1UeCgPgjuUQzGV&RLPwc3vvtDuBuTEE(+}iyq z*L$UJGQA_T^0tpq2wF9`7tm(fC718TRN4j%QuG{@N%G5LN0GIVF3z)-ec$2iijkjL za43Y{stPO2$U$P`ya9ku7@P;wxQg}As6=u0baBvj!46Qyl?YIysqA><#cag^S=b@q zhyz;~rakV_Cai+B>g-MAAf~`G&^gti2H|QA9k)z6z+_g|6nBO)HT6s&Fg@B~_@wOSj=$vpZcy4Qt&hEseNpbRBiYvkPo66KPlZ0f%r59Ck>+l81Qb zO|FV{9x`_`0=okJ#6ej$g;WD@9(g8+qm~%1jJRyzEr+XE*m|%bFkhl6U)^mn|z^F>UKQ{V^@tsj!6{|hcCjGSa@ zo$j7;ubj5^#mOsWkKR=>iZ^ziAuPFf8h%GTwpt=FyB9~sgX05+ew1CWJC*6SLb?-vCM!W3 z%!^Wx*N7&x4G@Ul5DAj}9usE=EAZ+F*Q!F39(ryft&=g^oFr^=^y5RF=^nPsQBk`r zzCZ`EZxSJ~&p;!7<8RWhhYC&QW`kBf#3vF`GGjKFRe#m_#c@Jzad#9MN|lXl!aqBE?WgJ{H#FnH-4~l%?6YZ)IvdllZChe)*z_#qyflu8wQ8T{DhrT%U$k*W^a4& zN)IoxXf0&uMLs#%nCcYof0G+ka5m{hUHYkHq`lcyRgOVK1FM3^4QN(j-!= zU?LOFM6XLmFH1$Yb<7tVuaj5Z0XNcMV0+JWf|;sO4=WOx#P7R#Z_9*9YQinq=S5#l z&v)mssugfd@0{c9Pkx8?nlY!|(*W(Doh}^DW5>>r7UFAa>#*tSF_3W^29l~8653*Im!Sb80T6$N* z(}|I~>l1wKJaK(OPv%AC1$b2BmcdrDS*#MLs_4YGT=o9+r%tLH3)}Bod2Coxct6^C z_gtXCj?lcL3K~eS*zz{TigD$>Hs0pF!)@le0Mx7IY%gcA28+sO&7O&G@tnUVH!w z_^>hhrl}O*4gvEBh-Z!8)2;?-4$_|+t z7W^jlb@QZrL+2V3_|ZRVmF61mI_Lck; zEtoduFusku9z7tBAyR9x*H`gO;=N;pH_EPS4Q;%cVE<}qyJ zJr^as=#MJ{uTxJiFlUB^{6AM-b+n zV!IhEr0JT7Un1edh@%+{HeD5vmuxH{oO~{?D zZ^ei$t_0C;(^O*1N{@mj*zU zb1%v@K*g(>I6w z{*=N+Sj+e!)5^xJJs6p)maV*Q?Yxjbw5z{v3AFNJxjI@}g<0>09lj<%t-l~nDt`q( zYOw$|076$yuYM11jA8qpj|{yo-@f7&bX0Y^r=M0fK&ftOAt9?McTzkd7-Mao{lfWq zM>>fSkJlF5WBK4Omy@wZC9W>oT_5&vb)Ntv@V7e$Ta|A)PIBXb;c$fp=)|+FDKX{%# zb#)Yf+sg^WaLwNMAWB@$d2s8H=I?q{{03i;@!K~yJ|03)eS(McZv>TL@tD4>13l28 z%v)p_^z;>iQ|VIS-gU4y;z0TZu*?1++1v5gERx)KH88kIhkD-iSYT$o540`*x0u^Esd#mX+`|SDJlQ#ZE7+QuX|lcm_WJ9eAAHqj5b6n#%k7XY>61XfW+%PiiY)Ji3gG7m#jBW=_0d^ zanRG%IU9!^G?QcFP1yUP+f#@4JB}nw*ZxokD2nTD^-tTQE1TL~-ifZLiuMw{wbpQn zr0>m?MjDHTEJ`p9cXfj-J}UlVr~<Px4!cbA-(PC>i$`r|dLjYOGB7pspgu-zk6!;97WFG13XqwN0e zQ$b1bDF<6n?sTb!l|l4HcVm}XFG_kort@pjozYNjo`h#ZPJxvccv9%sj@Q9zXD>eB zikS5$q;aKLvxx5m))Bzj%T$uDt%%z~)lR^Ojr+L0|Hs!k1qrsS-L`DoRb6J6ZQHih zW!tuG+qP}nwyoRyM4TJ3tVgEnPZL2Zzd(edKM=HqY{f+zCWn00fU%&R6eg+Al1$_E=5g%_e1r<2ezI zlMLCBZSduu1ph{FyIoE6}`!(Z=i-T~G(QRbu(qJ^gRR ztuxT5n*Dq!P7v^7K0WRb{j;gc5c1-wroT6g9&)N6ZV~vTHeYkCCj$#(&|BaO>z_?a z!S4-?fDv>kb?HT_(ec+lD+@@?JK-AVvABtPT<~M0@WG2F1bLc1Gyz>cMw|tdF|XD} z&GOOA2+GLH9gDKxpdKgH`G}~(8eUQr8~W-8s<_lTURqmn%o=Ex*)fk?^yOUpKU8PB z%^D=GDO7(w*}2Jh6#j;LYVz+^#~38e$#4QD&8KIcCXnxOTy%2_%^XjnPKuj6^V101;NLZhrbeX6K< z-L?DM>@b;jj11E(ZOGh{D+_Z{_)^9AY>N+dm2h%ywp;SXA$N0KPsI9^E7AB8f|P}W z-)FsfcdX`}q2Z18Sk>K7Jn7IgSQdt$H(uz#nNG~Igii6t`J6D6FcA+gULMyHO)tl1 zXbFqX!_exxv>zyGmcG;V$xw;_Px>NS333r%O-N2|n8Q(;fAQfN3IrCCaYg z*re^fN3NKlxdV);iyL+=scW z%+}h=)npatNYuipm`KRBea`Cs5&Ro(SZwS-YLll)vpo-*r=Z{G67TfV=ogHMe2W|T z$Cyw43Fe8qg3X&|_mBp+z!XP}m%Zb=G5-khu@oGSP?yQYEbo2z64f&O*Un*m##0g{ zfCZdTU6ul+d@|4u6B}<E9$VB%)zB z=`#ABl>BP}1`}W4t$reBOa2>1{v<$ZlNp?Iuc9x%v=$CnCmR;Q1cx0)w?HeRh>`>s z)`0~I{Eo^`vkBMQ@k|YLMKp!;>Xij#nA?X9?Q$;`ImcZ%O`exMenvtWR z;t+7@pXg}Ces=0KY{zo;K6O|d3yYvwPz z*=eIx7oC0u#nIIoFgkLvLUi_2fSWM|KU|HeB;61=T|8tFH{|K^iQgdA_YY6AbYc!3 zW0-1c`I+9OH3olD;z|wjZ;UB*m`DUFr$eDOe+ zIWiBtCCO>42z?Z(mQwI z1Xbyb3pb$^1i8z&C)kk4DWo;SPDl#UpIrB5`ee~Gjd+8adYb9CpdSUgO33-yTkGqGHb zlh7jkFEiQ@c0-jtZ`%{Meb}_Ml5b)b#+G(!{G7dwj4-CXjDiqjPOnO|n}z>95nJ9& zlre3C-IgN-xbl9;WkF}LlbZEvE{(&=CVqh3+ZCjd7M44aHdfq5`sdC@fLxVReZE3- z<;g4U-6FZ08Oz^p$o-r(E_epfWpi}r@m(!A18 zxhdJ=#%fAi(r_4IFMb%FEQd2YI1<n60o`&%y#}baRt%^&$^Hl z1<+^B_NxW$%FgHHTB#>*ZYrZ0`n9R8lY$F!FPktgux!H$fT-k?g?#0ggCLras-1mL zV(8EdHj}p6Xs0J*O>qUMWg~jHC}JhLMU`0iXg0d&>k@j{}){ z>guw9&@L^v1x;8VwO*N}inM@+y&V&ZZtweeEN0%dtQ*GRl-G4soH2(O4&7BUSHtb% zjKLE?(M0$f{mw+Ma5)_2x?{!FSN)Az=Yy(845yOU{*17}3^Onihgm=(#_EH*Fr%|} zsG5JnN|jAiT`mICcz_=8d%X!c5LwmM3qLe8{$*`GQ1RmBC&NbRQzl-jp-Q`}e2@{M zq?!ZK%C+KKo!V#mvEU+krfa#&gC`wi7QsVFM?1#lrOwMFV~fZ7wyONz`!1X^ieSHv z1aB-(CqnS~{Z;dhPC&Qhg7EocNy#5ffj=)1FQ-7@S2B*~T8+*ZT!3T?r<@ zoEeb_A$0X(tZP~X1w_9qzybg|kyqSS77Hb%p${+fT@Myu{c)M65=<%8P=3Pn;8+~r zgdbTUfusSf8b1i_rm5SP8s#ZN11QB+?!jIoMKzKKddi}2E4%98>=?l{q8xX$t85KZ zAL+68hhtvT^48YG`GjqzXs?qZJB4r{fb~Db55ipcp+{3QUX!yP)B?f$q#rwEmGNTG zc_>#mh5VUHo`|$haC+_^C0XgPjUEC32YCOM!#v{LJ8r)B73S+@hB%OasQhj;3Rfex z9e3cx^(rl*vFC=jtR<|;T;@;==a=!yjGZ2n>jC*zJ5L%O0Ku!Omv@3IRptL zUvuGkU{pW~6;TzMSQ-&Dq;BR_!485y9!Dg(P3$~n@A)W;Rhf=V9C}`V)g$J1O>)O_ zY!F3WsGjpQ(6$CW-Ztr)rNv{c6PLr8z8uoFwn~Gk3r&Abg9d5Tgz>Xs1zuLc+OrJ6+125~?5N%g(oGX^~npXI2 z5ABN)%gOjDj~^=t^5_rQkbC7Np+_ka<;53JF>FTw?JQqz2F*R%ADr4G!q(8Z@!#io zwBO+-di+xJ7orE;#EIr+-AGFiR5f~WEw(=08B1*Kp?R3^qE8=`q(S$h%zzu=9VKq7=?vX;(}V~`lB57D zTdY>HT{-=_F}Oy)5nDN+=^6+)R>9-fqRO?nWlIu`4+$(Rj`z{nHUU{ezY{!7puSU7 z!2Ih*i)9Qzkj?NJv$C8B_j%!c94Icf;z>Upc1XYsH?nS-?UJb3YVCs)!HZRUSraIt zjI)DNX37FvvQ~NuKjnTgzKeu>e5rG37L}-C%mMU3Kc$wV3ZLS+VsDOWWW?3I5vRI= z=HBO26~_5#yu8H<}4%b0+Slrs(c$r4@Xy~jt4^ZX3;1g#2H-44B$$F41m zD^^Q`4Y#?b0l6UHxN8FzIY$&qh|lm^y8o=)ANbd66k zknk?iI0WY)nK+IG&mo+_8(ZTjdJ9PARr&aGTY$65c2x=Y{=Z3s%S_n<1?S?TF8~Gwg_koeR8C`iLYVf>ehU<@;MoD;TZ5+ z1me`;aL&){gLj&7MSDb<0IcIDtCT|v9)1PiFwQ@B-vkM*wr53{=%zkC%%;q!zi=T7 zajTLtMESJzdeZZ1&EidHM@xpwZn!m71ez`|;U2G6_}xu~v@7Xp-4>0T7BL+8I_;(4 z!x~%=QW4Lp`)eogOgq&fl7tc8V;PNdKRVb;8epHR1rnfMbV?Gt52zvaT+W+vA8)Yj zOKs+CfMqz^t=a<^N8pY>8Aj!f(i``oCcLOpBvxug|5Q%}ovVj)+bUjv#_?3GS*U1j zUIO9EsJ3tfH840oH|t2n!uC6&LFG@0&YvEG+w0UApYmQ3&Ge$FKo)f81`gjk84r(5 zj7V{^hP3U=cL(XT7W8++xRMcxYI2%j2;;>LN0gYe0X^f`^3@wZ@6K;UGh)8ILn5ry zcnS!>bQsDj}Zb8F_& z6@%UpP$+I+X>Qh%U>i<8*Rcwzh$M5{1T{H+OmtyJ_4Af? zhJ(nz(7VOT+L;?>FmqhXL~u0rg;Y&c2%G$ti9M`kb;xi>gq<7@J$umXOaQfwe!V>`;N61(La> zi;yF`MlH3e1dwbVMm4qNYmwF=29maP3W86Zm2A zxVA!ZoQjvP`nT;5;9j;^+s#CzE-3V&g&^TlrozYa?1D|=Se4JX!loCWIzw~A7Asl{ zUM}2eAngcz(rV)&V&4-l8DpcGIHd|_!GD|{ULkel>vxA#C~fac829njNPJkvJSJZv z?gr8eVs-p?^pO$t_>B%$@GQdBd6H$iF|$Ug2UVd}kyIYF`Z7egEA04AwjBGFA# zKA%HO^Yak0$?@EyY&lZU0PyJV*atHcVWG=2OgJe?kja6{!<;Y^4N}E;G;;55OlE*9 zRfy*4HAirpO?qq&fvbjC74BZaC$1#G3b+OTKBG@yDxTjzJQ{*bo5yCX-IRv}D*Z%E zKTPea)aYD8f#b1Eo00(9m35d1x;zffO$nQ_1X1PA%b`p`sy>?^*qtg-fZ~TUgFCv3 z?!^E55pvUD5SKG&PVE&1wEXER52&-TEr(2Sn7+ky=K4w0d1q-rcHwj7z8kRqV~HKF zjg_0H%Qd6UV8uaSxQbq~cZzSwXhLye8P5WTMP2G2LeKw8=>Nm^Z2rggK>T0ZgJu4Y?IGy+ z|F$RRzde|tR{yhWf#V}Ub!0*oPUM@K?wU*$7{qdOhwoL;# z=r?NL9Na?^kHQ^?K0b8gqS=9)o(|UW)x<==t6B>#XgW0Ay3kN~g0XIessO4HO?rS- zRjMla>r~p4)9Po%9frZ*S}oVStCfq3q!J0~2SKty#<}2Qe!Mu4n_NN`^Q_HVk{*og z0g~ADqVnJ`YN(Ec#hYdAa|tv?>O3kuqnrySjHHeYkXL7 zYiYtIyUYZCvNzyZ9*t{s*Gyy)xVsg`P0>7{Hqklh{5KW) zQH7k%UEfF#B3VVmpP5sYgbA3(%+i?H02u(%zl>Z1EjN+qglXgb}dAKcCrgI%niB+9rgVKdgj#46R`(;i$B?CkcoK61GV%pin`zHX<9%Ta7WdGbpR^##tkWm{QGlRB|qMd3WLnl~uHN21N7GcL^+?c4rTJQ74H4Bbna0H4%ym zH@oXB8I{S$>`B(IXDS_h*1)jBj}`L`$kI0$}O||#B+ny`u){WSRTolXEoH*W?hS9WEaWy?BI2}5B-fOE8;X*sl=>noqWQb(l7c!+}$=Jri=S;hgsz%ZQWe^25 zdJUU}TdZrMPF#-VE!AvA4{F)rf`?hN&Tl(BUewm7G}xf>lE(n_SghFT;cg5s`sQG~ zz8lbEQK{o!+^YU*^s(wImM%ya7j9f9LgBxjUJsaxN38h#8Bj`FEQ$_P588<`K4Zx&0nCD=Kyh^IFO1LHtxELinK{#iTK6(u@sidpHa?I-xwqMfZeX*4_#AB8oLo zPbGm^u|k>dG^RLyhs$r6U|j!^`Y5!oT#TC+ooux^z1)%k7f?Qs85Q-*qVtl^P*QsE zk{-!zw%PmTRD@#*S&%?BlWpKP#1nFm0%DNR?7Q}@C`&*6wy5!Y9|fCBuVFP8_99)- zNEs9CASa1K^>_trLtW!La3e|b#FfnSV?Em9vLVX zK5QOrYAu&#i+1VNu4+6;RmuTnYeZR*_Fx4R7*jwMJ| zST55dLtK}vXZ_Ec0aP|>`V4${ZfQqy2$JJZ{1s!u!_kh(=X?1BN_MmCy53AbbfSpy zb&Xzr5max2(~gxlYglXSi{`nBlzLV-z<6o15}wxJUSPWoKL}amtN+w~`zF`P%KE(oRBC;f7{5P_l?z>6iNqB@VH#y&yE zW_A_75wFg@Ept%C?STD|oz6u-WWkt~GL;8dNg~|kYlDUM9V<5n4{FjZFH7M3=?h${ zaZ8PICn16IF3bY(@FZeKEUU;<>v%)!%`ELgUClG72+3lUg$WRgO5}n*NbMGlbUgFS=jJk?Z;Z>dDXX!5tQRbIt?X+|w z*RC6iZjSVXWPpZ;Gn{Q16w*SnTMIxXwA}yYrFh{X+hyi1rq>40(1zF8;@=IA(oVgP1!{#B zibnpL{J?6>zA;&NJZws9$i~Rc+Eidz(msR^s231N`h^x@YGA0Vc|caMgY;s{6Eo`5 zLvo&(E+~(vK5vl1RK7AOd^)^T@NYC&txlp8@;=cdyVUENS^DeU-*ZA*vH%Fi>*Ji$ zbQanh-wK-Uhw|k}P>C8GuF(@fVuCs=%Ss#2UF`6!dZUv<7cc{e=Kyn!Qe+7%NZ{uK zs~@hN9{PYL#}lI0xMLg9U_#R9*eP#-+K)2a>(gbweY*QzObFoj78qs>NGR4vGNP(k zt81w#NhDaIiq(2SKJQFp1I0he7z@C+1aIj29w213jruwF-FLRYU>)p(vOc4>X<}rB zrVgFe?*hN8tlErW(NIv}kVAk}z`y|T>kEW;nA5A+*VsiojP!oB7q{$dvUc1&TBIN6 znW)M$eKZoHeeF@mba>KO%{8@LCZ9JCyFLSb)3MO5oV5OM*el-m0FDl4RyK%8Daqrq zh;LJOhCnD^^4S*WYX*;4wUI*_$R<%5a8{CNVst@U)qp!HFfq~O9MZF{{Nl*neW6mX z4|d4-gxDdQ5y00i&t~O|`(Y$A`mV-`4L#5TyBvOE0(JCqI+dsnX zM{Xz04~iA?4TK*6PehaK&Kzdx@bS%$E0u|?dFJxm0{=!AghgwN3#Ghir&%?cHR7e9 zSw~^!!$^~H=S*}rzDuX9B+kxl0kz=n1)L!kb!cYrLlC{zz$ckWpS+!gDTr4K0Nv3Y zikgsPCr}ORiHhMRMl@$`M1Q#_jB}>F^O_)Dt?EAPxKbY)1&)g)-$L;Z(vXH*hk3!f zg+$*C(bJ91kGGw}FRQg=K24vxI~@#Gba>9=!oDOda=c!k6jyxZ3NJ8Pmg!d(hECKo zyFkjsD5&X0eYqNLSuc@Z%xTEz%j$&PK?609;15SXrh|)RPdgX6WrFF|g&e5QF(C^^ z{-jni7|um4)U}C@`kKt7VuwD!-TzJT3c1f%l-DGwvjW7-D^hnbc3wwq^7+bNIPoil z)ZP#fR&hl$aga+$Uu|I;$e${oteG&A84cR~Gp8moj@1R#Z2Bi#ZFR9o7SebT+9y1}WYEmGn2;N>tb{ znv!`kNfeDiy{h#s@KUxf%5d_tJ1IyLV4(~d$BUpsP@#UUXQx^&JFfScnCmvocBoRM zq)ANLk1?}{vfs4Y5REV0%!uCRiot53Y}yrKA+*jJQ#{w?9G@;z2qt(MP!{e7I<$Y} z{+zKv$X3TqpZLFkQUh7+p0SqOHbjX&V+DDr*?H8OtUPtNa)KrrSLTEIxfk1lttlR` zfQr&x^{ZtX#rWrrJ3_^q#!-rLbv!;ZNQ+;+Nf)!bE3;d+ zgGQy|+3oE7PLvq9;zhb6x_jtg0vRJ7T2-snahlth%5mv&T;s83FoJfCqF?g z+5p8|@Ct$q>WXsR8>jzKE4-_M|IX? zR+EWoqrmt3ks`+WJ;zc%Ue%NMjW4iE8AB*=m@k2C6fgu^ zbYPo^h#|zE+(w8&O)g$i;Kp%oA?}cdsmkV68s&CqyIIrgc|s$^C;AxD^A-PR3qOqS zF)J3@aD-Rz@b&Q|%Z>Ttsk%>R3LQ%Q2M{#(N zFk4C7KA_z%X&uYRuTW1KLLrKe&*Q0rH@{RNr$pp@df{Ns0GLb&+7KV0{cGi&_+-Qz z009TB^VD`9UCLA&Hk-@B7PqUb*|TXB3ayWiS}BM4ELcw}G>v=_BzW$*X1sM{TgYqu z54Ef-A}2yfXmQMGlMcBx)?2g|>7j`d%Y-E2uZ5SeGcw?;1K@d-)=CBhc=7Lb0!~1Z zl(X;Aq?eZlT!#b>kpyPLf`Ah%{?Seuh09IS^BvWA$~j`OJqDZL!nJHYdq!UihD@HPK(GZ_E8amM<8x*6{O zxS5oHyBR9||GJqx{eQa|l3J>PE=iiGeAo|zFw@!t+s>h8Rz8Gd_j)2XS3f+NHOfMs zuyQKPmvO&YVs#079EPl8?f7_8xZ7ADx6caBr`5b-i^j{x`X95_rOskj1NI42A>-AfFNt*QA4711I3>E$IQG0xg%l76mNsr1ohbc3m14jX}0I{bfs*Y`tj5N>OZ z{=^$dmx@n(TRyhvvFS#u$BU#|_Mb`MrwbPna+Y@iGo{ej>$4(9tl`D*NAPA1qcTDH zfJ$8nhOwlR*;PMQ60Bl0N|tAn6&QIx32WMJEKq`y-T?%n#GktF?w80EEZcc!1F)8#j2Y-VhgKw@560_Qao zR`UU!T85D9UVq&paVi{+WIrVq5zHiE+*Lu(i2ST04x)Xs{sccnav&gR=v@O zbTCHOkO#kL=Np7j-W|~UCzE((OYa6I>D9{&3KRQ4#ftT^rZsb3bJOY6t)2{Ma{gC1 zao^vg6tiJ@$Cw>M%`)YTcx?K79W3bEh{X(flrYalBioJ)++VY=0B%*uaAL#I{eGt+ z)9Ug%pCAM!H5mZq^?WNh*d(j;pu?$13O5HUBFm}kA5=5}%PH$-_TR@&YT*}cRkI1u z1rBk&fKr@FXofw8I{43RVzK(9@z2d7w1GG4WleR9G#kcJrPBOQ72C>x6pB+uHmgDb zS(rj_sdU*~#)i|5ENU3y`8h{wHB{hS;^RA6T0#`>P}P3UpzlXl9+)8rpt>}KbLQ1x z@ZLI`G)Rh!yA;xBnnF)eWvwsGbRgYh7dsRH;NH4Od=yltWE5RMYEHg1SR32>>g_qW zZSdhttkL(1X0`!yd1xJcKJ`K;a81liq2ZJ|evsje0*Ze_-R<3M@GzBDtw9L&F6Jot zQKGWVHoWt!n;J3kEgjs(&xnE5+4vk^__wKZN7fJq-YTNYXDUz<0WU?@0&F0mcT06c zocYGKYU_!>I2*a7HV9I^q6eH7^wdpXPax3zgi(5QX$oARQV(nW-HxWmPet7Oz%dX&&}NusG9+7H#-?~ucWk?V z25O_H!?LzmFa#~@ovW{SHm{*li)IW!;{T)W3Rn&XG+sVo8g`(18+Wc+&A9H+0-sP( z85X|fV*z!%!2CzoW1$kjx=#qg)W!B>AD%7wQ5Ox zVmFxH_G+6wdvZbaY`NzE(4pnIxG$efkQXYMqQ2easq~wUcF;BOfTEa2(SGb{)Zm_+ zI9?x4vRfn%2C?75j473a2hjNVK2hb zH7Hc1=N*@F*v}>hMj@HZ(}Bo8yOf5uA8$8y_{({nLhoA1gtqcND$6w~XemL;Xe%=$?D!KCdsAz6m5590P$Ea;YV< zk|!ANGmeZkpcW|ohbI=aMB4S_i7TX(kfR{ksmxk|uKu>w9n)7;eyx!h8+o;#uBjDF z?I@RH7ihkextRgQHpg0WeRefK`P_M!K@#2r*6e`suh!#iMajGERDkI56odA@yn`A6 zUo6POYrEur8tOpdwlTpM&@b%q%ZGalcRrU90#gV>RE9h(&Sm8?+|glYI7N4dQq*Kj zsX&f+gg>Rg^!#|D)#7r|wC;$z==uq+}Iq&L8nq#Ff5o= zLr_F79cL}B-1vwG_${5|oZus3vUZc#&jlKtyfYWHs3nj2R=)tnE)X(1Rtsmm^gO@5 zmqbnP&P5n0ir%%e;q^E^s3#@F0b%*iiUEOnky>^Lwv?+=P#1>xy@gAwlcP6!gpx;_ z@pB7syHq`w)E(n0CzfG=c+7yj8|7?biM=Pq@{ zC~BEwm)iWAAgpVl$+iA_o?7;wo=HxU=PR+iilO; zu0(Lu#wji^`*q$Hk#PRtV-rJ~-Y5Zw{dpX8U5aimK=7UY_j>|OOevFr$(Ugm>C+Gz zh)zx}N#k$O`Nu6v31dqA z7}EG&DWPK@ZOf*dkAgnqi3TJALG${DJaxD@w)u72v5_y4^~8SDhEL{{T3Q<@N!GGH zQOBf?5Icx8n90=G=9=^TF>9z0AnGpIQb7XSN_OJQw9hGB5RfEhnDb{lP`Al1L7$v) zfza+YZcw0n!BjZ7^wP7Z9(A90Db2Y3BgXTV$Kjt5Q2iq0lE-(I#-jVimuCS##*EZg zHrf~Lz}(H6IaJB7o!~cBe2`Zp`*j2tYu<(qV+sc5JB@Gh;683ncGCX31%^E5<)>hMviDvyx1A~vp=iQ)n%jKQ=`=TKp)?wYwsHa#}FX$x;&<(hb;#L zhGv`$wRO6AQiRJVF!FI)_VimM-ZtwP)e061egQG%#Kg5_K!pRP-g`<>7%kQBJN>;d6ad9f*R{GEBC#HPo9;9@IY1P z!Q=vF)fu>vxhPIvsNuC!nX-C)FzR2)CqzwdQ8<2!w&yq(H0AIYYh>k7)mt*8E|WS8 zQ8K~##d(#8SVzkX$o2eGiR{eh{c5>aEx|cqAwWy49Zo>dtun>nTDIUUhb})!m~Y2B z>m)w|W5yu0)NOjCp3ZJkT&ePmWNwZkZN=)TPWdsEa09uak5Gp{HB<=z;-@Q9CQX@7 z?x4nQ^Lz#oGs8Hz+PGTq@=s&vvg^0)W@xTX4y&kGpf`y_-rL;VRx(V@)|OxW_sJcB zD&o(++>rdYz@*vIAD%;bMdKBP6)l=id&~(ieb)LTqze~PUF~a&-tM6t_unm%?2VL- z?!>%#2h!;j?uFb%0In-*=ZIJS9(LPPpK)Gb^&=|{6NET>t*_$WtW{Ss!UnLO&_~oG zvD0#k&M~Eql{%&FI>=*u1Ye{@faG$H*aL%@1FY#vu|6-YrOZb0+3lmHo#=|R%D)k` zSwnKU%%){`-Qi>q3ZRR{S+|Emw|!vS3uU(V9#){F>NnUp>!RsUNM<9Kzm4GIj54j1 z=}dX2e7RWTB_KpqRE%OEw~IGLT;)`MTWKN}oPk5ci^N$VzRI>nYoti0YPgx|_h z?-#c{C8XjV7?siE5M{&>KLU2iAhoh>WkjZ5rdYt{!d~z_(GyD@htAU0!{hhcJ#)E) zpTAv*E*Ozi<OUDEAsdA{4NJUH`?R&rlc6;j=3zEi1ha5|5i_@-ZOL5c2$DOAFI= z|9ZhFn;kw`khg@ewa4S1OchV+Xc#Xd8G4;T9O`lf!^qfZj@dCH_<-_KYzo`bn*e!D z*`f_>YBhFVG5j1(fGwCM19blF_@4aK>?2~F98LWyhRj;=1p92{oh%=_@qH+`*?&yR z^i@Wz@89Va=adxRf2O1k|LtbD)c@;doL&FzW{z|5 zlHNNpr7V|49_mdMI0OqDXS0&7Mu*TLK?co)fk55R5|!EJJXYD8Ov9^=ZL#feVL0j) zN}mfF2{)#`(8maV_vmLZ{!)zXT4%wU85iU2P3s}Tel}sUCTEN>r!XN(%0$O1{x;uk zD-4Tzf0$5E7N-+|x#OGYlIb&<9R>UB9fVuG)aUUVHHI4#rKL%~)u}T`wwo}<5Ox^D zxz&*`)(EJM_t97s52(u_<9RW_JLmrjNVy#e?rHbWR}WnUqM$S=F@{Q9jc?M_z9|7j zpg=(%8Fo}1tZpNUuNS#e4-ICnaCv~Xn4hs9HvJgIx)aTF9pCTp(Yi)rYRkTI8CxMB z>4+AnqoZ&qCKOj|TwRSmfw3+G=as@uTqM0FGZ2>qA_j?YH*wNF;Z1Z6F_?lK^PI#~ zf0nZr0U<~Mq2fWGc!Hku0Q)YnUsQF2z5P}@1F8`JE~IzxdlOO_3f_cqpGTJ#F|=(e z`B614$%yDx8H%HXHd;{wOw&J|zcnT5v4%(mRz)e4adXGPs1PM`hNADW2gql01Kd(UkwJu_6Nm&cpDl5vhj^0KpK#O zC=GaO5i)%&A_bI`vn9pqVkI)GN=}p5XFXs*`bzTg?Ec|9rKWA<&7XmU=@ZQ=q%hT0 zZKdK6^y%n7WboptnO$(8z3TdTeIV7bGST0uxiL<=?nrJ2D)Q9!aQAty(^WL7 zskQG%7bwLxT7e^NX-mV%W_U2Vms-n!e7f1rIE~l~4~#+ccA@Hc>Gz5IK<9oh*D--b zYtOysirV9K*}!xc{_G6VUSFDr6SjRO^EtwywVWLacCTmuT-N+RAP-Z;@WWT+Zeq;U zuSgwV5#mNseUm^F-#O>d?v;@W8>VG-2hc-5B`=wT55F(=9c#4=HhX=k2yy>f>X5C3 zj5pEF9Hc9?gdAnHNE;ryXKu201&U?@oqBr;9-|BEd`jFg`f!2V22449;6Z^d7GF=4 zK(BdeBpk_D;4cxz7u0ohx9=GA-2UYHIt={-dz;tdMG>}l7S0E3ueEt+@a%1#V*R+^ zr=|k+s2(x3xt&AVal>=ri-`z!~G&b96pK$+F848txOPEp1 z*PSHu1Slb&+z}cK$is5Xnwrm60aa67kh3&nQ{TG?oyTq3l%VkON>-;lfWJFwltf?s z`onj06Ca5dN&=#jcsm2A^+yC$S56~YrXZ*cHB-CXC%yu15Wb-ZG~aBQSYnT08@+df zjP~+UU7OV3yuZ$LjIVBcddoR>^R$WXGU%kNm|KM_9Y0j< z;wnH6v)1JvH|1u!nJQd-P<^Q9-z2af>t;5BI0xmldPyyL9?3pE8ISfQ3&sUJNh>Oe z)AUBz%@5(J5rMWr*(k9A!x4$j4P(WRFPtH)Tk;ypR5D=t&MUp0#(>Y^lwI<9 z?nE*0U>L`4nU?}ta0OvwMO)Q;*#Pu7m={Qu+YoPq?~mTq0PZQHhO+qP}nwq0Gey4Ypgwr$?tJL10)Cr-q9 zSg-SGMdlb^&N*_iYdR~uaux6!;C=AMji^c=Son8w_1PXgq`Mq=?-Zo>LABpyfP*9~ z%}p5jgY$`r!91jN6x5J}*0(vXhi~9B?vL%1g93=OkGhTWdijiB-&%oIh4D!+nYe!QJlk^|PNx7Q| z+iPp)oZrWif?&d69gs1~f={;b;c?SS+#$XExi|u;%4d4wHd+bYDsua8-e6#}1fRJyq!-K=nK zAL?t=oz0H$PS%=55Iz~<2?>?|P|gh#4`}_(Bsyx%7z6-tqF72eiK7 zHoo>1ApDM_WisD`Sqb#{eo<%+|Fz%3{5g(F>6N-ZW3C~2tOzi>Kp&ZqFya-#E)SLX zVgc`0JUvR*EXE1jGb&;2xX?@``j+P9wAQJ#SvI1!E=BHXoq`VVBO@pn1^gt)Dsm5~ z*Wr%H0(+_B*&fyeEKIgAMV6AlZF<||Rb88VE9uHo9_#!ey2A93h?o4UrTRO@ z_6O)#pJAg-i}>8HzNL1;(IjMXqa>AY5WZ9uvFQ@e0P84v<_u?_dKZJ&F}hy#kH-ep zOJerB9Io>zI51LlN_GfM&Er-P;qDwY_mPe5F1fus@GO-1u=zWfp9Xnl_?WKddSJh7 zHC5!T*^j#lMKsqB&KSFQ1*(Pra0}vGqh|~wt0xoprXKzCv6nj9KvO!rrBy+uFHvhP zli_|I zVIfg^ci)fq@aUL9DFMu-yDcuv#_*Lt`JVB z#$FSwOt`lzFG`Lu@ z2_Q)WmtU4>85!^gn*E!$vF8ouAZDI58)vjrH;j_U28>J$$7O<<5EfO+eW?P=!U)ThMN zMle*3H~@@#!u2wtZVS1|BF0Q@2Md0Hf7+ZTyy9a!&RJL2JV$XDhYgDroE7qp??9o4 zhZmlkJ>l*|!wt0m$e_iVOjrbK*mtK%Erw5s((EEKbPpC-ZI+Y_$DWkkeINyX9!GYW z4}Lm}%X;e?$HYvyi3fDZhVj$_c%hPA=u_n+lKo=a+B(Lkv@`*g{+1#|nsl`Y7sp`Ky2g6@NjGwZX3wITBgDgr=TxS*i z&~iTE)*~JbQfp*WEL%#ZBxsvQP6&1Btn!pQVkFU9v4)6P$Te~zGkt%&NJeNjx?&nPv+W6Ac=CjTnGcF5)>cOII*P{!A`9>c_co?{f^M$|q5w^Me|0{Z#( zzEhb9NEmN7iZXb9+Lm8oo+set4N5BTo5>!K&90R$?bo$h>=DIrBMY*?j5j>=ZR1lC z0+2fYn}i_X7f##&&5}40#KGSk2CNIt`3;HgG4M0By&*&jvx3IZFr*{CLWs0X$x0JU zbq|7Qo`kv(@=OIG<}j);(2a1ymSw%&I}W0b?aGrjGM=hVx;_c?GNmSYemutca$6Q7 zZ}|xVGOnZxd`V>uT=k3a{Z2vdkB$d8w@#Y(6c9ZF515DbWh3u?-O(b= zG@+#7ScZk$!TQO z01@DEX@eWw=zk^5X&;bpJ7l4{m50x;TU*LciXvQ(W!3{yOQf7f)g22B7p~^odXQk< zU#?UoO3aLW00m-_`!ARca|E_q0NqBtxIrH{XPSM+HiP6wXPObZ1_31=VxhEmzP7SP zt8`hvkx|O#M@dXZW~C|-j3K=Wa)?YRcb@D4ky?ug*2r^Mv3v9F=)jUH1Bha*4(1U- zoHi0-_-KuYi3%_&Pra-Fq(~~JGUve;DNWEByY<`GvEV!4sJgyVzIiFbUvx!sr`R{haWUr~r_p~snA z>Bi8zy}xI%E4j1V7=RWBV|a?*@^3Q0>Lm$3(@a|j-w`thZl9+$HbB6Sigco_>;a0s%IK4>ud1g3$dBX_)QF) z92VUdCVyTRU$2ln>C$ZPb?kw>;X+XITedibGojYkZA^jDQnI~C z2*D|%1c5Ipl=X!BIsWfIU`#@kRK$p%gi#CW!Lc!fao7w1MdW}SuRhr-*!D|ND!A;q zY%gxRN;q{SYJ)8bd@KdA+STs?xo6%c(R1|e4;3b>Y3%Bgv3i**leZ-rbC86go2Op>d^Oiss)eo$1_IhZYAT% zZq8Na9SY>UgQXm8=m=Z2b{&kX4=yNu&^V*3yTe8(a41>PGs|NbhhS@1(ZOrrx7b~sOW}KZ)`=DFt z!XxaU7H$k5ongV38GZtTSW4RBqoZ>W8`5EY7d*ioa}3dPMlT7pY6b13qLjWqqN

  • vVrl>N0`C24N%7@c#g@i8fdI{QI2+Jlmheg^D+{eRPySZL8 zB%U->uo&eBL5;7n=J`%NHZgA`b%3tT3Z$2D7G>0-Mm6N)WaCP>367)SLEapa)fm_8 zU(yxABAqvTs!+rFa_p#>6?8BOv5xH7i==;LtJJWI>Lraqf#|&YRieLIGJ5R-3Ki^= z+KxEO)HW(LN9lYGzbt>6B6;FL&_;6Q{&O1r1${WP=QkZr!pd!DSZOS<*fh$~&2kq1 zY^bB_;rx|1SJm<4Ju@by1WNvbYhea{_iZz3DY?E-rY@dLF=0lV>6a=l!)Pvu>HShv zpLkK*%X&G?BilHal~Chnq*5Ad|2kQECA;X`Z}p#7O(Fw?>Fo0HSk?AAR33UZV<<6# zR=Qsaqn+;sz@=?MUm#}^AyD9a66I>V1FfOtc7FD3_xzl3;6ZWdJt|wU7 zR2$Y&Bx@u&aHxz*w_W0*^Qt!qrSLi29nAtlsAuw1>KZkBId82;UIvshs4OwYBYPUy zaw^BH$ok$zp*)k$6haFhGy$O+)VS8)$GL+;7c(QR5?I_Hvc0>l2WY;p>9WDfNBu0r zG_Jk)Txqj;l9NPI7!)EZQ7jl@sq>JS?UYos{)u%9S>Oc#KI*b@+GCWqb;-UT%l;x7 z?j<{e$C$s}z^^!8k8I^pIG|w<5q_Y=xlP#vBx!Dtw_5qIWy2^;%r!+TEPgu{kWzf$E8dIyJfs{RxuuW%=@SuJs|rb0S*;%LOr4PLM*7kehI^i<$Y5j7iICv_<%qEBHbvsfjL7qCe)e1(BGb2ksC zuf>OC}xYF*DR0m0p}nN1LAJ6I|xIh2C5@4JTbB}*tuDgkXMXg=_gw2 zcB1qcS>_Vp;bg71aB34k^wERyW63_O+mPjEw7+5Z>9^;=8Eqx_)Gz35O0gj%*mu%H zNKdCB!Qonp{don-)xMvE<-mZT8?ykIAn`VPHCH_z)4`9om2WqT37bAhq|Eg5yAN93 zH1|34Q<#AZxh!jnswtPa;My-i-7yO;nX5NT=x6qliW=Aag~9!iIs&7nv$En;xK^aQ z#3d#vdmz6A;%9Vg(Hls($(8m!_6Ilw-5JdYoBMH%`hKBr^==bZC>FkpT*)5#==*`| zd;`HKOk(B#9r~{tVifPRXn)3a&z{_Jm{+-B6*IbL(%*=u;e5?U!->Bm469`Ug>R7f zdJP3-C7yxFm<(q6Q|OH>+D*pDCy$cOI4ynb08yu5ZQlJ>TLTTp^XSaz+r$Nh|I>eqeLC|1AaTm( zF+s{iBNf~tf%;+VI|G5rE%CU7I6EWVg#F$`^&=kYraO@4di8UE5CDb5z2bRbNs@w6S(2 zxJ74b>eV7|4a*9j`*kXl> z6Nqr=$EI5eQFQI+NdQFOR8I42>ULEA0RM~pG--kDGl@766vbi+bGV%bt$*%HO%Z*A z|D&~z?!;_!NpI5QUpi8 zySN`-a95&$S*AFw0R4+dPrp&1eb+m5Q~x#VFW zJcm$XC+7CC3iQmBb~rVlJta>(H}BG&&26tU@sYq8%ch7v={NgH<-2V=M(`M3HJ50S zd|Q-{Ti`u<*tZ4kb&5B(U{^=&T*8I?K~de0SLs=PCPftr6*9!&*ZR@%r@rb^@q19i z1XSY*T9-f~(t0$=&aaV8ohMpZEbe+sHk5XF%OI~L<&mob*a#H6UtQtJ8BjI)b{5!V z@Oc@74*g!C_o`;5H_4Skc5Y?jf8Wd*OSYjE{^I6eGvYYd1z^E%D_PDk?)Znz@cbny z|AWo!{>x@S{+rEc6#m0z_T~RSn<@I6jKK2GiTtbolg)_!%Vy&Llg(%p{vVr>GW}0B zLodF7_8X^1&c|?H?%<-gv9w7Mwl1QF8np(DTU_D9|G|2}gC#uE8L;jNvtbWSM(#yt z-jrv)<6*#qp;d5;ZT2v&80I$R(VnL+C}c>9?hJxcv< zP(+Yd-6+tewY8r?gwP5Y*Coreg`g? zB7~JC0bGmXgY^pBwD2>n_L^q7j!=}~8d-+HK+*1ODQftzD(p);h-kb5Eg@Z$0ss<6hJ*~^v?1+T z>s)vb)HcQ6m8uvYMJ*Yb$SY}~4>n+_T^i!6i0ST!FhsJb7zUgsvTosnaBuP~J3Ls4 zms$B2{zVM|-Ebgqu**&R6JelCp+0;nD+`+))NP> zNl=FMB~u_&TJ_SlG=oaiLr_Oew_&3)bjDu*x3oxjv6X|mQkX#u7l}+xqP_E^(uegq zvQe(q#>=g30hnmr2L61_Hy^xg>hP?=GcF;$9~A#IqEiDBi-RM9pMz)qXj;YbkUrkc zsr8629`lndkGSt4Z`MSYE~zsy_rU+U;Go5wqrtH&92zjU8(Yr={OuBQWB3yIGVGn) z0!hwM$k;&rYDkDmS|^BWZ63trVE*XGL2{rAS)Kkh=F}PuV(EQN2q;kcElVkGH4$B5 zG-?JuW-5yjx6Ow9as7qPZ4wCw&uzqo4Ds*<%{K6KIWS62QdRw=BhAl!yfIv zhr}J{Q47YhmWs$vk~&UdsjS#Hm7D=!Xe6A~Q(9)YhU43O5=|-I%CBXf3%)4Y-_;tK zbAQ%#M>JnGQTJa&X5$X7d)hWslLG+pD83NX=s~AKItkAl{oMkNTJ7lr_jv6!Qm|<% zP|u2UUd=%MriMEw%WDQw^EJ-{ZQ&fwAn80jAO+6O|2+E=qBoAwH~l^ym!Y@ts`cO; zy@bktD?F3?!Lz8LS!V|SRELzCqeXCdBY><|*hR<{Q8aqwn8Lp+MOgqL&S57vFbS0W z6Xbr1)4R!c;pwmbn>Rd{8X*N;i!aAUo9?e4`c|F8>_z)zO>O``(7)5z{LN@8z&C?A zLNcd?vH~!eDv+_7Tev_#rwky&EPdtSrqwI3v1{lvEUQyG>t4}=R<&N2pG#ux}TE&Y>`f~o*lbSy%~e;5su#6 zU~((&p!B#*dbDf}I#P|lv?U$2Pt++L+oevGi5|nPxvv(}H2N7?6-RW8K0Cr3_c}^{ z{Bg+we#+_se*{$*s7_IO(0D<&$R*YqW32P-$GFuM6_1eOSN11`+J$rK2*264)rpg0 zN{FKbIXZVZ(CvO6DJ4D0Pl-<-r+c#`D_&@Dy84+-sD%A5XWS0U{da~*5Lgj$;pbq( zOK*79+33uLcLGd(N_}1KL1UW^E?i;4%aEAF?RVAoK9;x@uPlm|TCJeUF48tceOmaA zXIJmx%geMj8_y0u^Xbii>bg1VoYw)o_J>+&mt>6 z?ABfTCcXP*IL%#sYT_~Wh+Yh#@P8^w%+ql|JqwofIwyJX%40noLpYa~*Mv7B)Lt?* z#cUah2w)44iVcnyFCfzvUXXFZJxW~eBrzEUNhj=1vJvJhm&49=!$RRYRv2GUZF`7{ z9P$cT(@h`o7Rytnhpo~^5&lL@fsjFs8$M*|)@;-?^oWA) zTVhWy7N$s4l!=OjiW0}Dj;hdpB4d(KsS0U7qRD#QZm@2vKRP( z4OolayRw&Vg`*65wuoRidB8TIB}2yJTRQrsm)?9q;qjJ*OFQBxmIE|>tO2#+oZ_3R zIy4r@yzv)4n8L$|bkSI4Jg6Kf{iXxY==`IkB0CRhf|rIl0^7#BMGfuMJae=ixdIOU zv%LGJvms*x-pR_2SlN^;VdRng*(IAHXg=VcQiWx8dpNPez9l9`YOG=bXJw|+9J*#Y zPlGD6$Bb(Y*Xlix#o5i6bJ+u8Ohjx!VF^hBattDG`J%E zot7J8lON-KAf2*BY{JR5illXi_Q%hp;;?t+vk2^l>Dw?YiFB=r*ufYC`Xp{S1A5-^ z99JNeI)4Xb%oOD#H&MWoS#mI;%6ho&(rN#s!%u`_c*yD0#^L)EopRWYvyL`7;Im}0 z5}~@Wwl$QEwUq0lJY}Z*inKoYq|nC2eYcwF-*(j-SuQJT4EUvE1@ zoP;b#T5O5C_&@{f{h@U62X+`>=a}aRxmX?ij_^R_swOB)Cth&YEUMkXYxfn2-Dnbd zJ9{BhK2TduBux{l^(czUVM-Nybq;I|^me&<9L9c4U|Wx;p>TSjk)FfH(u7MP#21v= zhJ|oy7;=b@aRB4E%Bm(I6lXdqS^>W zsraN83Q>Jy)Um)m=8>ARf97zJ#4L?=GXrVct+S(Fq(G%A$BY#9!O79e2|)&*fF zEu(-&0S)=ZK4tJT2VU3WU{TSFtZ_Y1yI(lWpg|03?Wa2%K(J2!%FAgL>?CenO`W(L z^n}!_PmPT^2qgw$EglX5(*`kkr0b6 zXv(7-ElirJv+!W9zclFM$_riLsERLZkFjh32H>|@^(FKM4z z6^VYV{iTaO%Wg6Cb6$v(>p5n%&Y_TPtCAr(kO^^mW^@vDu{s_v!i~MsXo4SUH`uJR zC?5LMgx$l`^GVse-N&5x_{;!qEklG}^ zbr=D#w~Ms0ju_@ow^I$Itc$5+pChM*H)6Lh1-r1iLyU;q|1()=c*8n)l0B|}yqPWU z)87dl18n2Rf5hW!_h-|TKabh=m4TTcOXPcycGhHDQb4kDIf%lCQpEd-MMGNRXumU- zh}depY+e$DDMBTFt+~RNj+yPuuVBjxU^#8krRxGy0u6R)D3EXH6*^h^R~ey3k!C5` z;>ky%k?qFpFuR?>9Ajqn+d;Qm|_dw$&CXAsFdFq)3oo+^SGEU|600 z)eHTkA>G7BnR;cQ5J&l(7S*>gqe%XUrrG--kM|vujsT;aa_ zf5-mlzDiGG+ZZupskAVn$K~q^J3z}$Z@gCgWT$HvtE}4+QQC~JMai%!7SJ-V;mgFIT{Y6|GM2cFf#`W6wd$a|5&tTvf7!jOO zEzvODvM9N74GiNu4gclMGFO37+=Iav(?5n*jIpb*SwHZPZg@hulN5f&-V_Rd> z&q;tgO_sS7(+*)`EH-y44%I<8WuzG2w#X+E#xK_5Sg~ZwgvH_THj8m0ME>7$@iKJ@ z=I0qMfJvo{;ioyumXCG%AV!M=vPuahDj@W^)%VDZ-$O`@toc0piG#pc4?4E>{S!$n zEI%K6D8Vi)=df;pY>@H8rEyjsD|ayndC2RHEwGD(80Nb8w1(ALYQT5DWg%C;>|g0s zS?^rmMZFJlWGuRIJcLIJ;kWdUy_1HTRM6bO6At{o7Ny`6VGkgEC8Q}kBGnSbF z2tZ_W#Q)7^pw|9pQoY1KY{rY_KiQ0B=D%zP1Asts=0Dj?v=M4Tp(Hd@ZxKJ168iFl zryTq-1-t*ff*bXKy?kNx*c_aUr|4!&ZwH9sspiJSAT|YjFh#j}MTUp^6?F6g$4#xplD?5{)knufeP~IYCxRSlGs()p;BKFE1vs3N3}wX4A~xhX5gUb5z5$ z*hKWZr7Xc8Usc8j;F50_U7qlE(;(u3G^(W`>O+HD#k{A1Gt1=emFMQ>7!@7_6@dF# zw`IPxX;qccHKe#iK=42lG1!1d@s3<>v_wy-xQAdCse2nT35x)Z#JW7P9!Wt3#U_&3 z5L+QY3Z72G_lpEd5+g4FY6$%1v+i$3xvNiz&9DlArhi(MB4b73=5ZK8B8QfCr15%5 zhoS?AC@!RwnnQaslhQQmkGsF!*-8Ay(chc4*W>a=1AC|< ztEP2}7Apps7z#}?(wK=pvQhN+X_LJ}kFLcB}`lTfVrqtmNH+8yeJW5ZGTFCwL zVKfgjvWve^_c*tR@Wo0gwAn0F6}YEH56Ed|=+bJ`5_UHZpn4Mg_(5P0C8 ziRH*{Ybj*D`ceyUpgB7{Kg6k-2e}1>ze{FW=75B(8t84Oq>LEFpN*Wlabbs+@NBt; zNcTcZ#EhGp=qhPe#wQRW!tX!kd+`&EEaNt{D?yBh zWDa4a=l5MN29+`n{>G|hypX#OT~DYxcrIz;Z>FV^?-&P(h%d`j2D4UNb50i7Aw&%j z+}#4m+B7l5nM&53Kp2t*1&!|`T&HY4veE#f(Ywer%8P>N>=g^5Ik~{T`bsE8(#KIR zyp)2_5OFhWsfN=Bv=&bC+pY8+x7!1K8`jR;J8v?*E^B9Uo5a~7p%W75ci}L+JlFiF zodp96Olmc>c-TOD5lK;2jWjz8D#z^^YAQB^H-2$d*tO}F320OfYJtL~@-;AzCod6N~N z>d%!gL;$1yl17BBNALLi+=X?|sas2vsMiU1Y1U!A>SYWG<*f1Wx$@&cB>5y>L}LUc5Z{c1Egz`TS|0KO>T=O(QC%t{Evqu%sKRNHkp z)}_M_Ep>ETYpJde--fEsraUKk7*=yIQaIpOA5~q$a!Gv2#RgDY0sD`?!BCORKQ>DF ztOWQ=GZ}Hr_>$IhH+9 zg3)N;7hxmvOFOUV)g_aLqO8sb@BN2zbgVGqM>9lnh27*luKx7l3JN(<>{^~$tsz=9 ziWWkN$9^t_NDp8E9N9Tk$~-d4edvFpSdVh#EOC9GA{)c;&ued!ZP1b@dzj$zrY)KH zShp-Dcz?;f6q_n&!>+&&u2r&;z9k#c1@B6`+EeJ+%YwB>3bAxe)E4H9RcY^Age28= zMU>6)V%LX^M0~!Dp|$JYn6W_1Z;|AKox5dz(>`0na*r$UPd;kN#Gu%I(+z$yb#fD5 z0k(pQnk+tKqjE7P^0-l7v|jCOlhOkk{E@a4YNfGOnf|?zwr#;34?(FZg?EV_mY6+X z5dOMlx^aewLJ#OQNj2hTLKkdxf;r1zv-;HtYRQye3E)CVw%*%FZU)o_5P7Eexu?99 zg^>JNSQNfc+%M&pi$MN&`=mXszqho_TU`&EJeCvVnyQmA)XveOdS$0nt6Y)d+174TDw0oN?*-!N5XyOMx%_Ht^ zRURx5PNZ>#gv9-}Wzc&FwLufT+uQ0*S3h6h2*atRcA#a>l$%mncd{S@dnJ}NxPj$M z)(adzYxO~azn3H4w%$S=$5X=`8S-d{_n*W@5FJi-z`Ip9Er45!M@)7&) zi8l^e_8$ez@h*Q`hcP&pH+AD6>+^dH9q|cm$!7w$x2Qg$ILC1oggtsdCg|K<=|@h= zb-%sM?Wbc941}aD*nMWt5bBczRRHf94ON^wOM?;V;PiP-)Ee@KYEqL~7v z)<=KG*12rEE=*Ftyj0v&`3)D2W9=R+zIb8KGzY`-cLDr*oS1XZdCu-~6L1QSC{T62 zM)0`+#gsGN%c8aU;7oEtwnjn~9FzCjhpa^fr1UFejNze23d%2SQ+Vj*_{l{T+k*Cb zso5Hr-}HZmsT1#8aJ-5!(bImo{Oq*Nr;Li_ zHh%SaaHwg~>$^nY#&h}x4oz5!!O?w*sXcoYFH&PGH`UHgFN6Up_M36|uu{gc(m!ZX zj)zdJSrBGazl@B>h&}Sh=XP?1UNOB;kmt0`1uyBIzVgj16tZ!DX_GXY6X++qbUGyL zj}k&t2jD}HDZkDEZ9o|oV^&!4i`;BAO#A}jmQ|rz8Ox9cA3|M%T=3yg=K#%hBdO*= zDG`#0qV19X0Z3ck9UaSU{;kWvf=!;hnA&bII&`^e<*goAp2t1g$w0Gdj4 zBIGPg;OxXpN3X$o>>XMA(Ev;^SeR9Akir!~n5K)7gsY0^|LZW6?uo0(?qMLyAToC( z*^vzJ{H+D0=b$b_WuXe*g9V)ch`I|2L0~p8rqHzoeyt zT!K-RCbs(li{!vuURZZbEWC6fZaiS;VbE5)Qs}otP%~GfO@E`y!Ly)Rx`I_ssMXEe zp(|l-#9X73db*Avqa=jK@p7Ow*WbmjRN}#D-f^Sr{!uhpULMMWZbI0EW`)k-!QL4s ztM_#X%nhN0EOSJ(esf6{`*}y)x>+?A{RxDu#S+!KE^b zM&ko!=G+SL#DHTm*BFs|D+fY1y&{Vks5G@pSnHd0~`K6 zW1)hM7QpOx^-{ln8B-mGd1@a@O=qR$66f_9crDLUBOklE#_lVJi(gP_wWL7%?{9~B zuM#xL!RV98t99+OB4C#~f&kB4kBXp1E3mfTxy-@Qsl_&N;aU0|NhKf^aSLCv?BET} zK5M`!`HPNJl0Fg&8d>u$+Cx+P*IRm;RQH|+a6hJcuV$HeSc9@Uc%la?(igyP!II9} zl_kS6Bq;a*67Pg11}Jr=o*hg5JLnTnk6daa86)%1YG4hzG2&38f#&%6+e(?c8eHirm|W z`N{h-2Xc8z4f;};%J62eWg-nTrhIzyzf9;IP~V=q`N^P>+*&$n8VqXvfU|; z#-)*epaF#^*3^x}%}3ekN$)IR#Fxk~?@!ssHpjeD(w=F1kERpe<#>-nCaf}g`g1uy z53_lXh1T|!pG1=LJ6w%z3s3?SA9W69)q}d5E)6nvjX}3-% zXu$IK+ZqN@7u3*C6HH+6m`#V~i8;%$jHd+}TT;1tG43nDG*#;5X&Eb#O-ETYW(Z^` zP~4C5=WNeztfnWeu(`Fo-P&nOxT79b?387UomRv44ED_=T8hC}EoaK|=^jxH2>ZK*Xv4^Oho zz^gAOi?fe^-26BeYPN8a=a;O`Q+}p7QlX!;e~ewnI?{SbZQfc$nR>)G`>N$vm(~#N zRcwuAZA>EZ$^eFt?u2ZL80q>>bee>Wr8}sGA>Vq;>j2x67JkGb0boOd^s>&C<2Asd z?#!<|5Ufadwa3}XL?BPaq}SX2*u&!h{9`C2rwMnP`8Mx_%0FG&3xOj|9syR@DLm=Y zk-xexkWSOtWT9NAMy{swIRq$E1&TMzS0Vt%M2CWJ9KmMcE$P#YY+a&L>hZT&L>*rg zTxvI4Pc)vEm|bnA_m9Vyg565QxIi0nNew+!!rcuHA=2&2=~{@=O0) z`Pcrl@_QxzU**^Q`p?SG1u)xQgr;@n($)=rnhOAse)F0zj(ur+8#tRR8haIOFgoa6Pm`Ywd|h7yZwAu$uDE=TwRjBfzVLDHj@eF)z83y#$XjG2 z-|ufId20?+VDuZpa4T>!f~b&as@|8SeRIrE*6Ive^t+q0s{M3GBODO!>}hf>>;m9i z7bz+tquS*N#HF;Mx=6tBd?Q&TDefQXbt?3V*hbzt4$)H`gyK*qcl&%`sueH%FFHQm zSYI7=eTQ9hW|2|=AsG;po68G8*A!@xAZ|<+pWae73zQQTh*^rsLB5vD)*okIe|UfVB@Hi{k| zH3gYGieE+k5Xj9tUGM8}(%c>9ukmd5jzzBmm!V?unnCDGY__v9d4YtjgC-4m~4eMo%%Hm|gSgCFu1+|gvutc*0^v--Eg8HKoy za^3agPW=j=i(Eyrmb=}yBnwsVhxgeHH|{yaV}hq&PdnQHilnTe|9WW_tR@8c-2$6{6dj(CGGkvl8FpTN^0~^ zbRN{$i5ocHK=3N7j#TkI^rSr&qu^dV0l?oioV$m=1Vdy4Pb)Ec5V;GxhB)$AA545+ zxpk(Q>JX{2-2tl{)ST2!{JXJ#_d{s_4RJ+qgha`{dd$RE+vMVl#YpSV?we_4AeEYb zIuT!`YO9THlt3V+;H=2$&j>N?i6>d`?W0L(kzdsH|S{k)m`;-DB9H5?OYw^dd(IJy<^e2H^0KI$I7GM19?CZ>)10wJm%H zOy)H-@8)7qDE+aWCN<9dv936%$AoE|g{ebnC)^tZRl*!R znrOrUBuFcOz-oTse&e>vLY9#FfaClj<`&9BzD1KcmfO`Oxb?-IZI5pRUp;<1Fpkc8 zKGr>W2pME)vLsb?tMeq2_59-rwZ7AX?seEBVq-scUq)O@UWexKMANRN3gv`IaWc5FLNdV{n z^^)oC|Li4e`7)Xu_PQJz_>FrIgGLm^)dsC#th{ZgjrGS6d_WaCyBaU5AE=DnDyQa_ zCUUFGphgZ!3pE1_Ai?&X2z=gA3Wva*l{GR#VI?BD!-^p9vrEA6@=2FMP-R=m;5(Gl zABMqF+g1e$%6v;*F(_g-+uM%-PP&gKaVGNf7X{nKC{y7rP@trH3S3kEV6(dW0DD$u zCb)&ho{&6|7{ZuPkJP%q4pWxGUz_$qxm;0RO$?_}+k9vd(G2g=rZ!eM(0G#XO@FKV zw@Cw6G{X>>an4z;JA`GT5>xZgygrKaNSjbiJTw=24mKC!i>!DtsrQ{U#c)g!>_6`e zxzu`N*{sRe*mY&rx73ua?)a}|?dAoQ#`iauoI1}~{WQOQ5jxcxQ${!zyobz*3gM%x_bw&ffX_m715keFQ5e zCAoLQffPn}0HQP@zd~Vv_;-KN-;i)_G$(2h632PCM4*!B(qDH??+^Dm=RtgN{&}j` z;L|ryi`P~=oe!Oj=#37OFq%#RE~FeFFGHdHyiZ1$=F%{t*Pa_nT0d6c({^Lf0`zfk z@-Aj2yrYe}BWaM&0_XeZTWey|IVLaVStFtkk4kD>cJJ)Jp{j`*Iinc5DST$)*DY9D{gd2heIcB z70SC{INNI^I{b2#DxMTR^>~S$>V;69$*5HV0RA6e?-V2o&}8ejZQHhO+qP}ncJH=r z+qP|cw{6}1PsBMl=1jyq)N8#|L}sloGgk&|t%Y9@529S+I+r^oh`Ue>FQ2hDETd#x zvO2d{QmV@&HfOIPZf7$D41DPEaBK#A^`zwOhS(xm!UGZd@gpo_QuhYl_Lj_ufE8tITnaaJsBN*(+4ORA^1zSq!;n+Y6LoEw;~+ zgR{Z6so!wss6K<@4Ru8Zquto6OYBzAi3iu$eaEx~+3id7}2^BXek79`GTZbytkf#udO$eJ-6zmVm8OXP*etg{(AD zAXc0@lnyf;zc2S-D8vS9p5H?^&v02pT)M?=2(Wr8E4u8hrW%xForNVFJe9BZa>6{E z#0y4-WcH%#=MEmaZjBO|?`6d^91L7zzHe#=o>$fOchoOAC>YN0B#FLk}&Uh zXi#%+F<@*{Z4iojbW!hs@!EEy-SEAdo-19Fwl8FnJb#3{xp|r|qpHLe`5+>a6--cfu8R8VTfyT6d z?^=d0R?~|OqvCI*YR`K9{nEK1buXWqWPA)EH`)I83bi^^epUYM-0fkF-nJE1R%OS` zDW02QHys8JJ5cW3TRsI<3ESEQpJAm5WF$8JdJtIC(*Bgw;g3-ZO6{Yt!d2(wQ@0Cy zTIdXHrpaqInyCt)&dBT(rlYu`FketB@P63P^t|5HB z9V%DxF9vRVV%f+y3VeLpIM?cOd=x;;cD1OyQk~LZKhL`=aw!Y!3g)3U(VqGVL)bWt z8l?;@3YEo{t#kR^u%BU{ErI4V$Kl2PBs`e3nP-c2*^Xm9nhJkG$=qZVJxH2#xI zrg#6>$S?a}k$>&KNB+=*{}cIz{{Kyf|K+uyX0)=n6=nc_NYD7zp7HI`Vbt2xBqj`J zPjm`^U&$?Ws~EifV+g6+e)fjkCo)$|i2jRdn&L_G95&_|!eE2kVyr=K*v*r9;A4XU zVj!crCXSFFl#-Tyg4=F?+cUot z$c&)mrR=6FCa!EJKFVjPf#`F)iQdWB3b8+j=tvXaev)3`KeI&_#&R^JtNWLVYZP;# zHV8FYayo>AcVt#o%(O_{y{i&m{TINJx61t1ON^KYP_O~-yZJ=s)ubUZP>QA8s_`Yq zaODQ{)%=NW(Z-Fhq_3XGMXg2)B}ilc9Qu-U5L`!Hl? z81V$u-Jm&;jXj*fle06*&R_D!v>6qC2L#WjiMsyN#*mcueOv-A@(}LBgj)4_5Y=QJ^@F z^muZj5>48t?M=i=eOKYAR5mzoq?=wN2frv!oxLGy<4h~b{S5sw(T1NVGV-mTv5kOw zh59(~8>w~<=ELT!pJX!p1L_hQD zlixOjweH%0KKqLaGo2~Sn*A&pEr^$}bR)5ah8DKZHxc2Fu+Ahs(%&y&R`r{`3Ig00 zsrad3KY$x^1RFZ=cVt_Agt!`TCZid+$SLqddmoFnW*0A0R7EHkUgLQmkj){#PTAMSDMo)JJBIVF1n@0)@H_=xul7=N< za|+mnC48IuhRbaLLf9x(EY3PMf%s&?yS(O zUute)b68+6Hc3ncWGNF+!msUQ>vw?}&BVhRCn>4Bb2j>{O>Zw$f&wI`Q{+t2ILKUx z(G~yWSj1(W4ox@hq}ih-&K}nHQn+Umc97rN`2^PK4#%(nBa?BxyY(`Vc2?1T2OeNL z0{u?kDe%8~^|?|OKw+0g=pIe?Rj%*p7KEX#ML(-et0hiVYtUt{XO;uR&Kg(;Y^D;i}H16@i>- zmqjtEe6CU83U<_QdFL)$(`(^GTRb9z7F3KPqp>R_D9wY3-Bkc1vA zJQ?Pi^8!azKgK!i+|56ct%!^lRB=yfzGUuX;o%C=KrYMeGDGGr{Dy_^p(8qlz9-^R z*OYG@{*8+xc^9nO!RKYo5eVU*U0pnfh9lphmsy+P)qF%q2FD>@(7V>QDNA_Ip=V*S zfDo*uF69j74ZAjYUDDqmUBw6Omas_7O)B;R7l?raI85 z)Do;r3QR0W?~_yBn%-rSywX&c%zai404UJ_;K=jO01N6aeRl*cS?cB1qx50{jKkFG z5*HtWLQk@%3;9@LbnUmUtUNwHDits zWW~XP*nKWArK&jikl^LDM?h{W{uB8({zd-(r517gUn&CNf2xS+$p5H_I+FjXBKAPx z0k{wW{_Fg|wFpESGr9ld5|^<5o=c)5|4%MKB>TTALg1foPaZ2)RHQhzMPdaZK$a1tv1ZTc<~za=_?@2+1qn5<-OZ;}6nzS|;XW{WVcNa#eZ@am?qH zg>W4NB_a)1A2Ql!g$8Fwo7a}uR5FG>h%tk{%>qg|daSR_1J$sHZ#?WUp(RCm^D2-* zE^}4*B&I~zQv2)@jn7=k>MTjwLPp}S+=-r*60EFqS*@85_w=PK_xh zepKNNrf3fP?VN%dD}+9gG$j2W(=BRjJY<|WX<}1-%-AIyM{i~{Y>fRtQdS`M2N40S z*Lsy-iU3;1*K5JiBgO6!8{MDB6FA2njq~|H!%e5@r1R(srg?JCT`4c3ao3g}O4cmc zb$pa^H`IWw&$X5ANNl>3A1SLm1Eq)P(&S}-wM$l+r}eY=(?z1I^+-;T$XLZ3G3uMR z9>DxjQ5Dr}FMt$Mq5C>E+ns!MmH?rJ=V+{!A0CJ%%L}5@z#3`MZgN69>4-k?YYc}_ z3iSeagNo$83&(zUxE;^cMf`YD>2YlNI}u`G*_z}1s~8r(>5cfd`#$Z=+97FqkuplH z+X_RFYY7??tbIRCZGzox(fA-o5&5YDRM59?NTJI}Zw`KLTEZi3919yYKGJzIXF;og z8n$8NRem#G!t5tYUVUaELW#15{GMAHO)F~?@+8=?zh_EJ(1kVZ00d>m+#KI_lZpYj!7x8#F~7X@SUK@ka%Jv zu;9c)nW%=qHqZkiW3UeLXm1C$x^jyw%12n!pRod{CYetCHfggn0U|akCt04ksc)0* zn{Rh9uyI=uLM@KA`Cfkrdj(XgT69I3kM_Mz#Vz(H^K(Gv!I=~KHVp8@m(y$ z9Sn;P-H!2z{_kPW(Jf*1Fh60`)8u?s!hcyR!=-tLaAepk`khp@;#}$gM`g+y{H0LY z<)>fEnN}1d^X^!i*a2acD;hB6z4{r z`1JXvbTY_y4VK=RJRidAjE}!o^bGT1BkM!?+~K7-5$4W=jgV{{Q3a=z5R(XJ%V?kW z`_~3&&RvonsN5~Bb6Z_GDrDhO5Q;u05jnLwsv5vQ;wq1JqBEOC2Q^+S2COrGyb`ML z2;LCA$|TK<(V>zLQ)zP) zm2AANvHY}0ChP{FyJV#^aXVAVehM}A&;_!LB2p`z)HWAnL4$)*3u5_P5>e~u^W8_I zDK6RvK6qI>x5K7DCrEXvCC1EN7gP@a*3B2-9M2)L@11|oUw9g~)4afrPPWluH0?*5zAQkP9_ld^VHn__gb z+>KjiK`}P#$nSKjT{Dd$kXBLxML`b;f?$z!*r@@^<{{6l3g90!n(uoWA?5Oj6_MgB z<5eI3{s@85~5FyUJ~DQLB? zNz14KSC{3DP?IoXmu!JP@yVO9+Ui}UKth(SF`!6>1V)=+bYYX_U87+VaT~Ub1v&Ur z?1jk18t+8yfA9wk@8L~k7P0yc^5Y&&(tNrX+MpvW)$FS$V~{rC$^tvJ;>R);U9n4O zBJS3Vp7&+>zPLpppS4Le z5&G8E)hTSqk78|-zQU3%vgJt*`3Z8qMg6qAhrNbOsq@fI}a4GCdOTyiu@G1zqW{@co4^;tRtg>a!POq&C_L75Jy_ zdxTUTm+^ou6-o%YFv5!Ew-^{(C20czS)eS&2zX%Kvv}zeV^(f!p>zih{D>D=1UEDi z+A-q&3z;St?>k%KN%w$`9_O%#eGzGk{XcVbBDCLQ{x`DQ{-K+EA`$^$^&KTmEBSR9Sf1X~0s{Y-yNG7j~rEJ@&VB|*X>|MZ5y05i~L zlqHxyRC;d~Yc(aiBn>>rpHz1ZfgpwYN4ae+c~ll4>f5h6$DFLmmQ(d)dasj`Dg9Bc zBxg7=0JT$tbyKv(+RjBNlHZaG0$mqnTHoz=tbDK|IKsoac=Dr{>d|D~4G$8&6O7Mh z1|0eRmK$Koxd)ns)|S*MlFmU!l}`EhSo-*YP7%yP+)0crFidUK#J5-aHKwxrC8Z?v zuOUT*e9j+@*o)B#+X|Av^$oCMBGp3H(wQzwI5w|@0YAEisOVxKh1;+(45yaqMJWJc;T$vyvoI&bR>sDJSc}Jnt#WK)8LGJf zX=o@qHJoM2#N>HyT2LSv5|GpGSfUI$H`F(?lkZu;8dOVDXhTIS<59w&p$W(%y`s3vi%^{@>m=eCZ6~KHKuC%=+;vt{ggF- zHAVySevFjaxVSf*QE3MT(dqd@NWSu^b&oVu_+h}e%!W{;Q7jmT_BY#~3*{5oJ5KRl za`Dh7yEsF(wC>dAc${P)=91`$z>QcMaPxFJ)B`w{#k+kTnxY&CM4jS$`^06$XiVr! z0wJ_f%75=uQsQmu94K9iQ3#fC0m=(u)?^suA7+FlO-1OrjY@lM?8R$_6i3Es{|Z& zu)TaVPp|`R+UU+3rp_~IrSuOcPsEkldp3jN9XjN25d;>07zI@+q05)|EfKz*9&}>d zQO2v^vi1v|>vi(edWuCsyo!8Gb+Rob(S!4iST;0o+(NQnlu;vNjQKLnC?Ss>#Lhxb z27rqPYQD2{(fs=&eCN;NyQD)Ms$Jg~)YV%NM&R(?me6D6Da)T8>Ux05Q7*ExnpbI< zTC6Q00nqjNRn84=uI^7J^8?mOeufh)wfk|xB>|Qd6SCCCH%*FRNT&iUXn+V3L7$V=3HjBO8%}#u z75SJ-mT8r!)C$#w+SI;V-Bj2F1Shj}CKSz%Oj0ix&ZSNYYrj~a-2>u?eL!>hjYG@M zI^CSXFMkDyd1(38dXb<}^)Uo@k`AWHT2ttM4w0#a_u9CWu-AGLycaTK`H*Ab*Ym6% z2E2d-0(z4r+NS-KocEp_6o*3S93j_x3qdK*ySjb~Cahzu)^>Fg z#Lk})ZJ=WOkl&vI-MC3tSQs(+#oq-7a1 zuA=CXP^cY{%zjtx8b&A69I&R=H$lA|asG?ft9EG|t0*jE;UL{!aSb`7^PjL4}2F<@J)B zhQr?yc{~24LW&eOl}{rxJgeh=NUZU@O(m8mZ$(yZr5PUKn{fnb)!7#fRiuLjRFUVB zBR<3<;xA(`D3Q;(+O#}x!FWR_FdGB4Cj?^u{`R5_xl5QM#3k<|_U@&8AwvrcWIk)`cn$0|PQ;8u z{0c{V)DhMuP?ex?o0&_oC24~8{~&qjZqg7)9XW{74uU^v(IHT(E4PoJTC19N&t)

    2OfdIqqqhYu%nI{QwD#D!iFIE^?a*MlKOON>loO5Hi4}E0ofR+Sk456oW!2+<=nyEd5w;n#{9m1WfxkE&lfwk-Hs5- zWdX6h{rE`nkZF*5w!#N6D=_v`n2<+y z_VcdHY&9jC8008(xLI_?4vS%L=tko&m*lu>+j<-yz(P5UU5RP3c7Fqxlm4uTl)HB| z^0PJ`Jrn%RAr&79O{w;9D1TO@bUT+knVb>kRS1`6WT7fe`Y&Ep*3-^_)M)PQzH8oR%s z4(+ZS1`LGNRU}N!n063IUofatl#mFBJx47rDK_6l)dO~GN||VK6516BeN?b~Ri?Gq zc&Fs*oV?g~(Rz%dlIPDQXsB%Am5mW%(NL$(03TxnBG=yjb~DY?R{wUqnA>nFD)6v! z$)){#Bse~+Z&(EHx2eh!s z24bSAYyHF${x+wqC;xGKULnkf^)TA!-uwQ`C6JapNexC7qaOZn&L|Ma*WEuOsMv3^ z&y=E5YXF2NwE`Hds{JU+@EFY{zw-$#ZRjm!(vOky%jRSHQ`f`z?Bwi?7!Y6E+{}@~u+-fCNJ)qh*&}Qk zf5U_p;K6PVD^xuAdrGEM7JP*DEd^8WviSn~G1#SB z0sZI)Lo7IBN%*URmjuAqnjiOP0K@w2x;3KkmV9(axCv(|{;k{GW$L3Eak58a;&ADp z@v<^&TwTx2-Wa9AF8J$=C*fCEPVW7NKk3^P#43?Vu~;{L7i2M8x@oY2-+7w_InE zq18u?T2xaMG#Q5uMgglixF~RB{o{{K*QvH~7e3==MvLAvtExjJQAwH4qLo@wlh1J%yF~52z%^VU?oCQupQ4^L* zRAc$?pP6;iDH(Kd;=l6W{Y={NXM%vj4mo2HpZio7fVWw6S>RyGksxe9PUC{=@}ykU z-04~gVw^hMYd0HY&&TL-D2ExuJWv-hc)uk=eMjdwtHXi?a|>QqW#@CU0=PtDFdpr% zf}>Jdmx0(*z|Qa+IN_PiN!w4iN#K%fRVG~*Ix$pbCH_*TZ3i!n3nvz$u0<|on5~aB z-fCbS@vR?nUTr9DS~fBxPWV^sOS8_4J6#DV_ZCTue*s?4ND9QX@cQJq&J(Nc){!)< zj1xC*s_Yi>Jor;RR>}T+QmNz8W4Z}1NM`~VF^I~I@lf{it3}m>V_Q^(ZHUt=O42OB zaWa}Pm?b0T#INv%Qee+EB|-@P@^3w0URZQjYW`A)S9JrS(6~RaHrr2FW_lo*9tqvX z^i&3^b{Mp;HS+6}-NbsDLmCzwfW4Fo5y$-LrV4Z-OGRT35n^Hzm&?M-AZQfUtO603 z?)a+zTUu3cjjzjhxR2Q_Ix_83U#PEv70nfwNu6KhPteUSN8?_f4oY-O3PTPg6rDVJH=0z}+n_Zz=SX-q zlcdaZd`l}&o!f-X3NhrgYQb|j#s9QYfutZDGov5}c*iAdE0?-aE)*_}+Y-^1GY1+Z zBcIP|!g(xM7oetI5~6C!kqf!03xCH_7;l5K_ME9HBX_XSlw=0jb0cEnE-&Cd?ke8z zJXPz{3LU-MUE?W~Q09MGNCPu~!YF`ruM!&KoEpP?g5;GLM+Z@Fq>Iwoh&@sXX1(3- zE#9Z{xr2?&;d(&;c-9v~Z+YcVER=}ir8h_>nsH<6s7FxoybwM)6-e;4tf!27vt)|t znb7zf5P-uDK!`(RD?@gd$%oX7J%x_m|GAuLXyDCrr1tIWTyQq1_cK3HV%(KoTt!EQ%G#5x%QVZ+f%Gxe{?dq7q1 z*M@>-z*`%Tsw-<*qyt&QgMJvFe12qYnLL^OSMuS34puE(glg&CzwZQNc2uBf^U&&2 z6kDH@Z}bRl*j_P$c@nDo`yB&R{DR#pchIUl>*V3!NT!2%MrmqiqAkuZdGE?J^RoQ| zn`6l_eiHutK@C_GmLOkR317pCAV6{bVge7dA5wNd--mlSMAl?@ zO0Vo&;{&^yT&AMmcxwes{Uehy9Jaz>LhmhMr@VJJME?}<8I`~%HVuSbw*eb$cJU$V z%(fBpD{q>G7b6w0-Kt^%dX9i`J#bw!StY7K$?hIYGA6jC<0-_SN2&KDfYsRFf|-ys z%_}>=G-rHcDJ@fDJ&$X)&hyVuZxaRYtOkWs=|8k<0q&Qv3*##f9lR{06zs~0M)Vm8 zoSSLt6GP=Kb`^7$FNI-&lk!PuTe~}(Bt1y^>=cBA)6iBuUGP!yKmR(Ty+CroAbw8n z_jpyAbuumg_~0;neLO@L5a$bq@wutJq{LikC}#uy1}5U||51TQdC|`@uITiv25%}& zJBpGx@4}~eEqCuiS|Jo!hPY9-^C=`quhb2wxRLKZjq^`a@jEHWX5-?BiEpDBdP8`{n*`Y?WXH{`aPaLh}P-s zTxphoa_E6%St5%a)7eo_9h|349-ES!6w&gAq&M!~!pfKEMnz8Q7ZgA_k*_+a0K*vS zR4zaFZku*0qM)j?1NlaRVp&NIT4+vPi~7%pvNG|S1U#PT>n*{hgLe6KjRuO19=1yOF3Cm~jNYcQM;O+E zxGd7@ikLhnYk~7y_RqwGI__B-w1zg-@%&!gWbciSBJrsp{N2fsHQ9(3dRQ(0QTr>! z7#h1BZ)sm_DR3LuEoe@l41+rP%?znOl}W+6c{3qjZZbViq zgRHf55bzUfk7w|TL2LN9s8t%EQ%?B-J4l|=(?@0mP{Eyt0JoAuzZH`V(3Bb`{mExyT|rdTnQ_V}5tte!wU_01r6BHAMao&e^~zzZT9g2RF)=RJ^xcMPh^ZXWcEtfaL1S)D z9E!{ffnyC6w4B{XKK4p*&WC9bCYQdrt zkQR4t<52RTxGvE0fWuA&Urul+bVz8pFC#X(qw7IH>K#u;nFv5-i z4a%ITa{n_t>+d3#HaTCG(7x_Ag&hY{LLbGVlftdb0MM$q1>d$vP|hJa+<-?(w}I)+ z^?h{Im@b9Ky|C6ScQu9n2mg7;hjct(hqitNQ+A}NA9 z1C&SlmVG;Nw2l`BB?2?@W)wa=-4ezmJT9~}WmypO(silg06(OSYv%7>*o$_k7|NPGWy^3xG-D$Xgus z@Il;mGr?fT%hlT){v=G60E;Idj)sp9={LDm{xbmV(f7&}GGsa(=O>E{WQ}YgtU}X$ z+v>)am+!@m9_V0ykt>;=sO1V>nR(;} ziL<7ysu70}nW_~E{Sfk*x8wFDBjwp6_i#7G5M=h$8hDG$d+`B{8!CsmW(lk>XLLjApaw_2*B1Y@fa!JlT+LWY0*DMTNL7$LRckYGc+EfxY zz@$}dk6{~;0DaTUtC)xhX>us;bJ0W`C<;YQy6im-U?#iCtGHGlZ$T+}%&Pc4?Rr%} zcF;1s>}vvOlbA_Q|1FD$o2g)ilDIao{t+m|E|6>p(wT08cgX}F z*@iUZvRt&P%z32&Asu=4Z;qhhto+=l8)j}c_SZ0s0bC7XIrKkd?oBI3QQmZo(g**j zM_qnLfKk(_gU#&b9L45=|7rPs0-(Ycf8vdKB};N{3UUQ-8uVel{t$Aj8B3g@=p{%U zLqssx3?YPgLG&7w?5=cbJX_?QMgK&IE^BbNiGxJOM-Ku1Ucf!1fh@q2+#j8)I%b{A zbSvQ{RPKCi4cl?##453D3zLg|5^@B6%1^dD`8j6f82f=(0MZGEcO{MR30mNKY!S%a zL|G5|*sXUYcBLM04-JPF^m8TN4&c z=SNYVSjB8&2$WWPjLCXJ4q`$PXM397aDW2AF~rV%VWg;WVqeZ9Z=F|a#M?P$c7>ERR#)5l%qvj7|HmvS3pq2nP@i~dRfNHX? zv-T^WsRZCXNoSy+We!YgO=M~H#?aF}{Q4>WpXU(K4G_HZmI6PFP#CaUO>`R@2a;Xt zqzY>EN>relT6P4gIWM2hNRgXGi1hFVl^bU@FRunKwR>9Ua)@Cu%)AuEa&|EvMBZ;= z!2Qxk{9`4$WIne)`51nlM`OiP4L?!PDYcfDVBphRj~SV#lcsi!pN+?q23uzABWdtM zeA|fZ?N^cZKQyL&)(beuPiZhF%c4tn=HtMr77@|tvdJeDk&UGp0-D~(IN!W@@<4)# zWM0LDS6C>AjzJLxe{OUAifpZL5Hy*9&7HW&-k9DO1y zc>@fkuginnqTM=`^_vAIyv7}tlrEe}jtws1sRT5SCcQ0Ua1BsIjJlwH z11;+z32~(9`H}0dXqkJA;LC}b!Xh;BBaDVoGLgq{FuZ5zM+(~ka@S*e#gd1in@hc} zUwKW`%IBb>6C189q6X{6>D}8qn~wzF!dz3491Uz+Dl z*_LG6UGN)(-9l$*ubg3;AEL~dx_7gaLb(wI*AEtkuDuwcn&&FN=A+&WZ7p>yuW3|i zk8KOUX>W-H7MmFeSVd2(Wu`G{Selb+80TUmhz+=Qtzz%K?_ibg*`247k4DDTKqS%D z_@2FNsa|O&w%8;7L%f;(5%2$np`ZR2L;v}o484i)KMXzG?|(9M3yA-lA@!LF3aW$uREtX57p zd1*(!lDaFtjT(6q?5WDd3%DQs>!A7tLYVzRN1h3@ke(Ip);uMUYl%0x&e6enzmP*r zffn}R|Mi||7k8RhE-48QtP7VQGX*^Ti5y_fa1TFz8!h8=f1+E5I{^l%36ca*2yUMf zaY9&)j%4Rwkgmv}@s#>iM(UmrAADbx%N8BJbeej`_BkFwQbP22ug#q6VLykCDkLbK zMcpA8VXu_$46+a<5bdJW=fH0GgZh`KIfyE=?jpC6j(3MGfBqSNr`H!7%TwBLC@EZ~ zf>&JBFrIW>#ermp8U8d>?XQih{F@YkS%=EBQ_^HYQx~G2EzRn2-95xXtzD-&-S@1T zT8&3obD_UT&e+s$ldLyejERIF6q!LvPCA8Qh)`_|3IQwU72Jm`FQVTS%DXp5D&*x& zk5!DUPS^5IoG`7AjEQ2zs#vifUkP!w<(1`Bn^thHKiVeYj7F@A82&V)vta_c(_>e zM~zlJSZfX#VHDZNob5zbLFFh91LN)Nc8Z{nvU2j(g{vT}#iWRjDgwr*e6O6Oeli(K z&^%rP1amwY<24n0ZQvc)Ap#c$-EaT&dMsKgje#*IY{P5gGSDeFm>WS zif?`xVk4FmQE?c%H`9$}uC&W`0<5Mvfzce{f{stp;g(m>kFj8O zyX&6KEUr$*LLe|wcqPNAg_EGFq8Ox#XpZ**suf}UlM!ZUlFOR-9FWc z`g2e)+(U*ka`-$gOux0vYIt|K;9wDvtHaB3un@vei}spvCwJID!M@DY#xCbh-Tge? zPfkSCYAqfl%4+=98G-(l4lvF3j7Ur{FLmg-RiJXGCy}>V*_12W!_#s5lri0hNfL*T z>&o#Jv3PrHVKMn>faz(kk8|yDbO5a?VtOT~}(AwI@f@ftBWfQGQpZbQ9k`HL^ zLPtnnffU|$7Qx0scy+8ze#VOZ&m4y~JH@5>*oI(aQ>_lfS3VNnW9|zs3_vQU8wRpq zW^+NrI5wMUk|N=pF(SKY!t%uy%%f*~nhNqqSyB%R3hhdw`)4UgHF$P>>fDHl%&uETqA;% za|XF}5D?)31qo0Ih`OPJZwq&dGj4a_qqGClO5b=O*FfYv$+ABK(ouW>(F$Aq-1UT3 ztaH4|ir@nqS^hrP@7#*8z?cNMfYGjH_wgtPbM1ECd^tqP%<>o!1h9yIl7?uz;o^LT z*5s8h>2x!LaoIs^%6(tL8mMuoLo@}DoN{J72cn(>+2wJ}%rb#wy{#h<*F>wPeBS%D zdkMiP!Cq{r{3{*pmDS}0k2oA5e?}ayU}{M3|HLekcIRvm9U8Zo1%-{GBq!IjIj1^j|F9 zCGl}z>!0jT5PoF>OzrpR@^3{~+xWr3lWsbJT$55qTdl4lz-9+m)U<5&mR!ur%Bx~* zMxFFwP4MBnX>zJQQVa!@I?+hnl~ea3!@i-izW%el) z4f?0A1E=W-=8>CFC^=q6FK%qSoTqV&sS1XrIT4TS&-gKjt$}}kk?s)$>a7_CId#h2 z#NeXj3fcp?=um-~(Ax{9*5k}QlzKveh0(0IxJt9(_GP<%sH>b(#b4J=?sI?Vf_8K-{t@LXkLq_VjRDIUCl*#+U=@nNU%Y?$+aXa795Pbfu!DL-;+rxN< zEBq8A-FCE63e^N_s1PN+^i9Mfmt4#yJ`*4bRDSu+DQj$i*|S2!oawgkMY-tJrQcF{ z^5qoMS*6(|yn{@wc*S-pgd!C+D!Sug(lLi+t*X!X=Fjt6D_97DBIT=RAqjhp`BfZW zB1g+!Vu43TAv))=iryHC*tmP&;+HxK%kvYqmyyjrDGGJoqrBfb z;Ms<#cBmhM&BmOHIr%-`La1K4&>wTc}5+A`lGNBzxyXg9@a z@8w`N5dsHph6|lkTA3j!nHKa*d5>m@vAaq$)7^j6SeutTZ5kNK&iWU_3ZdK}4t;Em zr-AvTo(GG&o!HkrxqlM1&=bRu*sCPRShX!$i&BYZEFTbAfSzynI98QVAyAm+**=#y%ee#rt?cYdc z8Kc2Zgg(9cL{-S+&rz5!i<=^RIYXU9C49FSb>jUEl?h%9lyFfd}$Z>^^x!c ze2r_EIE0xnSB!zcGDg9W#Hn64xOMCMej4>K97a&M>h*KS;RVh67xcD_cyJMkR*UZk|WQj;et_269r~^vP#us{Z!J>F82o} zs<_y{w;NW?k78D%HK2NiVN1of25wpu5kx;&CQ3?aLWMCn02*rPYHAlwoazCbN^;0u z0ofa!Dr4~}sn0q71M3FhO!Fai9~S0F4v_n=clA8MppbGdx4y3NIR5f=S}ChRy-~*+ zdv;J^u&_9{KKpGFq0C=Y<)VK&BEap!^IRv&lf5YEzF8+_&9_&3FU?6a?t8H{u6Yu~ z48x>*<4JekHL&$$1dr{C2{T~tmBC%Fl#Samj`0jbc=0QSIvL#>XgRk(13h#3NB}oD z$|CTiHb(%t;ST40T7}uxIuJN(QC`lC{3^3cZUkKIXt299tB=ivc;RxBhS%`8HMy3J zSb^GX>A?V2Ok7D{X3A{__UJ!bQg-d|w&Up-3IYisl z$RtrHv9>617~nXU>qy6;z;Fl$Ay2rHQ%7tUbE2MRS9c=8WxxqewCAZYPcyGvoWWT& z$2;ZZfL&k0mxBeD&U8nyUHla`TD2n0{_JIae4X9Yx0=goGuW=g@JofCK{ta-fwfr1 zyYFInG7jfYin_{RUZX<7uI@Y4T33D}3W6w?D3#;t-Ot6a#K&(p0oD+Dk zw!4xnYt6`eWF!_5T5|pTI2aj2#)31^=T)?|)d963BMQ+~wSFvv#5Q!N;;hk39lA}*wWui}Nt;iRMZMD!Jsr!Gt$4b7ET~h(hv(aU&os*gKAOJ6(mJ+NPKsj2pt@0}_5|*3MaS z)!T7)P2}2J4C!b9a8b8>!mFMFakW@jTCSpHd9p4VR}Y5L^r@_|c0Y0krCFoPl1~;6 z%(bVVU%g5**sihxrf4$44rGDwJ4Fm&GCFe0FwyNy!VfN6ub838MG#O&a7f$4^;M48 zRHq4zoXy-<-3}I@J#UaI_$(>2Yr2B{Fho~8O8NXfH)7c~yfQTT|M+^RAW<4@3$tvW zvW-)=ZQHhO+qP}H>XdEUwr$P%`_7$+zCFHog!_e}qfsTJISp~D-9#^(J0crE6*#+nAc~||d0T0HPHPbFQba8itT#IJ7 z&x=*>6rl9vc4{UWsKQ>1hVH}rjXN--gTAF*Lw+~ZP#1OB=kw{Jr#@e~^eJkr9P3)Q zIdQ}}U5Nm%M>c|81xDN`t}4jJlXfLJ+L1kryLsx6*LU#BfU;sU@12k;+Q>0}c6>cRMgQ&=!?1@;=OU{G((n=%49(qOxoB8@rHZzFv51Vlb`A;?j2n7$201fc3=l|v#p@U4+{$Vp7#Q)A_1~LAZ&B(R> zJDZW~a8U_GyYjSc`V~ScM3FmJaUb7E@aEDmje=^U64J50^FtvYB*urhW37oZ%2BnY zpurnPGW`=4kwIb8HRW)#WGBxp(_X_-{76Is8dYfm>NXlW zCj)39G|^ARFt<{d2&Ms~kFk!HE$5A8&#UifKJj6+iDdOiFSN@3w4uw%qc5)&y*%_e zFF3=@>ybmvQIWiIsX)TEeg`sP{0jwvE&Xp4bC0C;cI%qH zA@f>yKp*a9#E3D&^?H{FA!c5E>%K|l4@f_}P-p8!j>_erH6pB(BJy?P_%o+(JZ@fA z#=H1wE+eh?MZQDX;)3Gk!_te3uo+v(W-cAJ&YAiv-u9Fw|$-+PyU)+Zy$*+#H*q*4;X3<;+O<9lTM_k0LD9lx|xX2|W*{)=r+J$*tgB$8VcU zh=cCayFG5uAEm@B(jC@NA7U6M@w`N)C+#E za*-r<0awY1l3gU2s$B^^O0qin=6=+vTK_aysmE;#->=1SFkXc`L_>)CHqq@q0Nvo; z14sZ(;sqR^@kZr$JXg0>@`%ea8Am}xMNUTnX8mrYSQP>q+P#ALydV~KlZBxv*(?=7 zvP;tD+g$%lSPe>*nkC?wokV)sJoGl-*_xXPK%&i2?e3r6;Y8D{6#)l7!$_A+(m00I z477`+)ZBF&^g;p~Q2=w!AHfuEH1SpbylYaG)efn_8p(#`TCPEPPB0wGd*dS<_>SI$ z@79EByIQ~<+mOeOt_Z_y{w|}?Ejg{7`vF_p`xzbPbgoLY_s~Jhq-YGi(@vyLRV45D zeETp@_V=9&3i9qVA)tsO4H{fX@Tlbl5z=X>35H>C?~U=Pn3C7%pQ+Ykd^`71CAL%7 z2bmcbuJxpaj`wbB<`gy$9ndSqQxe8p$%$p|I$7kdAODrJj0i@?_^&gF)|?SmmTwcu zSQ}ZY9tnKH80M4->aaC>Z4%U@V`V#%$&qu1v^5Spmm5W^6U0)-#Ej20+MH}^xsuJJ zh$gyuCsURL;y?MDpDJn$*a{rqYMF-i+8>@OXP^a(Hg2&XP&pP*PMIxBwL;EZy8C;I zfzt`fGng%GFx(+Q<`nj7N|i$OnJ1s@WQ%TKcylOVXREm9+m{YYjYqr$wXPfR6!s_c zI{N2T9}&X@Ed{jazakC=kqn){Zjw7N)-XTtv?8-Td-5tplP*=8NK53+SUnzs65~W2 zu#jg`vKA|AkqGzgXdm7+&c!le+4Ri-q>tdcTf;;3H)Xz?HjtgKYsg6*O1-lJIP+<; z!s>~%B`o@9g|e`j3~cwv52hsdZCvG$0`glLP7;4*^q@R zClpXJl)|Rpnj>@>b#+KT?!5~h)p*v1SVe(Pmn$W_kLIvktzp|_h zX)U}jbnvPx=8sX|`V}o*Kn9_}e5X*c4vD-Jq{pR_)ZxTQJQPyK%s~MZTz+b3KZ6Fy zg7UZHK)CCCZ2=|^tpLD*#MX-z;D1&Zwoa-yX6l?g2<|O%N1{a-xJ=mB$^z?PT8)m^!!^TVcIfK_V1^acB^dT zI~B*y;TIPBH}Z#yaV~%-Pj@8+3(F>QivJPO9{Z^-wp91Q7el`RT3NNolU(K-ehWmOdbi! zF<&lvfIQ4K*4?gh{K8Rs0mg-^21MzMBbfMHe=CYOkFv=&KC|zh3P0xsjDGIP!bt99 z3h#>!`{RuMB!odg)}+TQTSf8c_j$Y;&u~WIT_^qkTEL^SxwsLz#v8~0tF>itIw+Co zz>9f<2W{Lx75`Uew`QpVCHG;aafx6p1Q z{nYd|;?Ge4#KWJjPhXUGuMsJkD7wBz+)DU1n&Y{kG~8O!<~%jf2PVhgA{Be8FgWJA zJz%2hX_wooNJOsCgp22Q91g;(r&)9I7LP0rLCqV#KqFT&5!Z*<3ohT@Ob?Cl0~jTyb-n zd7nTjc)IED+rHzo4jzlA;eHBT&;s*)39R?F;G4EbaUUzy$RE$EI<&IDpUL;~94aD; z2w!L@bt=S%RHkeX!23lV+n!Q9s!SpX%7f3>e>J{RVOTl*1yibJ zxL*(yY$lW>3={Kdf6d!8lPg7xW$<*iLhe)xcLIEw|I8{8@OBbZ-ruaw3HA^WC`_3I zAdT8zH%6qT z+U?`7x}fq-LPLH_Y-6Q!Mput50hlC>MWv>8TO+N28RpNh=qC z4&iy?wAMb>>AvP|UZSo1Y0CKdsmX!e*igAPf1|Nx(~vbSTwTDO1eGoh6c-qHrCE&dqtXa; zS@VUSufWLk%0g2^?L41w7VC^h9~Pqxw;1^xdp1f?2t^JJwayW>IxO^eDdm<(sWKov z<7)iZo$36&9~}g)=zL{{xljZ$R~97(zFd2mjwDgTvi~8M2DSOvZ>WDfKgwT+{$D)* z>AyVx=YM+s8S{TUza`6mdj7Y+iWUF>|9bwX_5OdH|KIL=2mmdIvwtZr{QoMV1F@*} z|GQ#ZOQzO0+fz=$68#>G`Cc=|1}~1N#Va8*0)rLVfv`>r85(_^o>hq3-*-`_|DR2& ze>STA@3irEn@Zzf+f?)aK5fjH|L?S+V*dY48(M#xZVFULDxGO^FBD2a^dCKR&Kvc> zz-vkns_N}L4768nb|#}WvSZs|CZ*k~6XFpD{$LEbC&u3+%Pc&vzy>Rea65W0Do03d zXynka#j-&GDid9dp%Eo3&OM}T>B*83*KFfkX7>Uj&eJ{tG=q2^H>K{6TJNSvdP=X@ zJJX$eyJ*bhpS$JB;fvVsbF^8kb^!QUg^b7%G<}80A-S0))r3tbdsE$~-LZieu|U zmHGL7HAeta78hTLzZ7m?tqfxxgjdC@mL)i_H1#OOW8_KN3L`J7`ivB`ZCpuX6Uo?2j^Y>zFgZqoXH{OrYfHyH=B}^#LDyXHX zp1$1A$@K<(%NJnU{u_ZcX}TkkqB3szV_)!^0@hxPKBx!n_^E}BsC#kK8at~hM{HyJ ziDLw-gZH7*7yBsST4;(NPX{Y2X;hM`(+na>$me}Ha9qM5<;IET?zdMlN{vcTZW3M)Z%Pm&knhX(;0eS{To#4aqS$kl zDvZ}i=M%83@!LA=Ax+6FmK;*1QdFWP+K@aGu#o3OVg&c5@oERl^t zN!m@~LOEute{;Ff8`JVFYCrTvUlM#%_2VIBSlWoruG?3l1zo+foZb{avBZS3W;?#s z5x*~sj+`q)rEd3dZ>mbYMHnoZEr-HbU$D6|$)2liG8Ib8MQ)9PPMgyVFN_`w(W=X> zh7%t;Da{MLh|ReQi@gMLdH$pzCdOZVGf75vqEfd;`~)umW46qvY(s=1M?Es~G5Ck` z`J*^Y5Din3g4Xi?4i9^Frt}|g(po^DP;)aVOydTELO{9(;)j><21~?up4;IVb7aN|%VeIp)*Cr-U9L{d27& zW2Sh#NMn+4;A}%kxasXm29}?p%-=UHHjU1_KYTbLT~w3WU(6VC{XXISYq7^z2enZU zt>At=`r9q^@sF+LO%ctkG;Bby{-4Wr;83=n1x`3${+EG-=ir6;Eq!S1BH6NK{ z-zDGAV~XzRUBw!TOjA>M>iy*&UeW+s@X%z6+qZi>YjXR#s_3dwmqKb>Kf{23w398# z7CMQTTshABaK3(G(&lY8(mXKB#G@a2l$qOCELX3}-k2R|G2_f5P*D*hmgxlO z?nTQPXj@5EX;8TQ&T)>o4Z9tE9vf%0g5Fw(WIcE#RvWN*N~ka)HV~WeX>s{@kQ>sCFi}s;!8r+Q;c$N9?8m)jbEQ`=h;o2_WA^J6jDqkV6>xl z?$W|XUj$X5ta#PsP^UGOT7LsZv?=(t9vvDG5iW4ezTlQQvhGDAzfQTpzghQ~{4$If zm~=2aWwMkJd+6dNMr2&akNs`KEuq{DSw#gXF8g3vb(i>@o`&4w=)RW+r~>9$m!J3J z;~{SEhc@9g!GIbk6YT=T#7`ghYzWa#Z_0AA@hownj**zagLy0zk)2-Q;0(nuX#_~o z2zIf`9LkoNJqc)f^1QC~2afOE|G~ZN5P)7`_wSh}kW82}VeSW_V7Q8$qPYAi!vt@3_`~VW zmTF-Qig+En=gsI8LO@K}C?WevA>hGwcT#j{H2tA%k6U~a9JwHpB*PByKO68kXAcJQ zf7yB&@FOON{1YAjb;u~JFO**B-#p+CDO_3a!BAKPu8FBmbySLk%`UD#N>yCTe3Y2l zAgA(ZK*wDLcDo%=1;nuEj~5jpsTV^iyMVu$tKr~WzQ5)Y4OH%LYhUR@I#yM1FBE+= z{uIMjyF5tUT1iRU5}9pBE(|6IQ~_+sPLRixok#ydtgl?#PmoPusdJnqH4`~1wwE#| zY;vW`_iJ1MaE87a+;nd}PkMKD?p>xDr<~_PP2+&%d2UCd#r_D{0>C2VR%PB!bhkSv zYp=xxV;TmYCJq4@`3L$QtfsvaMI&{L}sKojdCU%vk z_QSl|=A1PnTvhc$UmSAh>e!q>cz1JLVdK4!l0zSJrF}DD&JTX>;FyMg1B2ni)%Ajwf-BNx_qw}y zH~PR?tlT;6NOgh33?3>~S_RS&)V56kFTKz zKL0Lt(WU;}P{Ur+0mZF5SrQFgJZ|!DHf>kk)bRPU2Yyew>x-r6+nhZ%fuHq}!2!{G zGFQl_4PTx$6@ z<||$_>#i;b9QJa7cF=$>%Cd%G^i>B+yTP7&l**S2eGZVFo>0Q<$DLw3^;w{dZx_vO zJsLP3-k)Qn4byB)b*Ni7I}~vA5CR?)LbeN^4LYDTRXzIoeb0P)rp`o5IP4e@3Y_9 zh*vOFasTMqowIjjTXWS5!5qJDHVGpo0cEkU4cd^ICPP=y`e=u@F1Nvmgjc@SsU*4B zGKSGMP~+S>uAUEMw6&);km@Q8e=k^)fs+WYr3u_)tD@f$`}={~m9`#7gcq_VKcgV| z^@Ag@QW33>ySlx$8GX%@0Q1S^vo&pMM)@HyIP{cR2g$uGQ@h43TWm{w}v?` zw^iCp1;)DaNGTEwV7G1`tWXUz7rMDFS`#G&s!RaE&nu}zaeJm%WRVu^>gtLJ(cS+J zSZ5?dmIiM(1v1k&CGY)tG~ZU{@TTvKHq3J|BskcdV1wo+vAZc)lf+qCR*|^ZVtCf# zXJxL1!jafxFRp$;b~tZJGn(F#)pwnPteMxJ-h~2cEZPwI1Em~q->4T&h27OMS7OW^ z*Kk{e#j>zS_Cx$DX?_bEb>7{gtYWtTGqQb+XIM0qmV6JNT{l?5q^)T#cj{{c$DFNO zGwq~AF-&TS!zEH%Uk8DI$K6mSaF(w`-a=4gF8Oe)AMjHD!J#80oP4(z%|UjNv;536 z@e|<+8Mau}t=Q^Ao621+-~JSwJ;tsvkf5H`DzOqE`C^nWkpjTs#>}ksCwsh0NGE~g z86KbF=W_q22@dmrhq+3VazTh5?cR57ofHLvv;AGWhwah zYg954u!l4=PSGUiLY!|c^l5|OpB5t;WW@nr>kg9po30m_T>~rqyb9u+9kWY@@M8bd z&{gb9iuf=7(Ks@Ynb;=ENOYHJVGWdMF(kB567$ut-A2OxQ;8k|+L@Ag@EMPTC*z~p zXiI;DOVUL>t|<`IU{M)}2E4j0*V@|q1sGFW`w!E4LiK2K8M|m(0t!fK$dCqfWIsXD z!d%8_OfX_ymQa3R)TehIeJ4@GROOP!O8k*8pBiZ1teifDB6LH2bLrd zt;4kaK}BBPJHU9xqRBzJubh*oP?69=TGMax?cIWcOfh8unvWIRL0#=O2~?)j(w67> zv65qIn_)Qw`_`l2_vjl{oRu=8C0P4ytpW)En={qB&P!`03m7*OdhW(r;{2jUOCRM2 zpnpdp=w5UgxcpmYm0QVhZt#r9^9WH0_Z^vILj!+#;8*_Y#0bidB)h?|i`nIziwOofj~BvB z7HcDiu~&S&D~MU#CdQl=uZr~hSo4)YZt+?vrTOvja5Rm@NY*9v&21g8#W8l1 z{h1RLsjZ}_`(?mX6+sbl3T@5vs8+mJQ`6&>=1gVzAw|=?k4-zlz+ZA?1>)PJ(B$R1 zp5$gL&T$mT<88nixEEg_@?1w_bohQCFVHXmA&kx ze3=Q!UP$y_W{cDBT>(lv0N3B@7v$>*g9gL*5lr$O43p5AYkw@{$xn#=+Z|DDF$FC_ z+0Ix?i%%0#W&8Pihv4r``$$aHDv1?MXBP72ey{7a2ARYnAd=q5duhu!D=CxD)Vx5h z`rk84UF1dG33`_Awoghwmw1Co$x(rs0GQC~E=cuJwfBPzJv5p9twFVmSFYtzq@Z2x zqK#`>P~$9&KD3L?GG=#*LDB(z!jn;YvK2F8*du1Gk@`K*kAkM+f2J$*8F2gka%pd* zit_soq*}DWigdE++}FV0XImlW0xS3JO1y<)b$jV)f{`qMZ6f6O(|<59-PS}=)!iYi zeI;zOq#n3*_6fmgcih4Qcbs?zTM-u z54Ks~Ku-@6BV04;%!!YQ@IhdFVv#F-3v}+9ZRJFtXz!V`ov}#+ON0?Z1Lgzp^d(TxjCU>~$Df!OVJJrM*z-DSdga zX8q1Id0D)gt6NWbep*zJ`NUbFd+-{oG_m4Rx)^S2gwfX<)kEv;FO);1>pl8#rvh2S z72&-f?O3Ajxr}Yw&HDcyf{SS)RVhWuL54)}FH*6K@wf*hWs8ZBg@bR*ue?kZFE}4c zRZF0`6)Xk;lAaDTs@$GZS44=P_vd=QQc&Q?d0=d7zNS1+dt~OWN&F?2zr@o(jK0^U zxy!-uV+q;GG#m3dq@cySvn29UmkTv?M`s6lMTiB5=-Oe1=wMfPw}S1zTCnI3is(p& z)Ebw}n-Spi6a*#K0@d#s>-r7iM5cDi*Eg}RN%<1*(HNwslsbwJLI|}qW&eEN&*cz9wq&aG^>Rkr< zb_dX8_eJDQ zgQ2Wv2x7DP56OrJm$()hD6`@mlK2U&m+iY&kP>3knf2B~QP9@I)lf;eIc)BXo?7kB zmGpNBeehQv=t7jr7gUwR6x$Nc^J7%zJ2E*d4zUFfuP>u)6D#2$kV->_Zr^Kq?q7nCEViQe%Lzn`7D zY4!creInHIAK!*E*_Nn-y2xq3{-l{Q5^2W^^U?tSgdgC# zu#%z*1*tTIM1S`L;B?EhDL+Z!EE;$m(Ef^e?on(OqrhBA+a?P>f511hwyJP$azb_b z#h#(IpT;pn5h1!nm_J$i zUB(kAKQ<~9y#Eky*T2O3ztH>hf3f!W|HIm2eYcJw|DpFvvi~1zFZtU@ruC0v0mJ{K zb^b~1{9lItH?gDhufz`Szcch>$bT_(bO8K=)qiK`Z7Dli9%M)Emog$)%x(NsmFrYs z6(LX+Zdl#XvRBuU@n05vxeAqOJLsXkoD0_9h$_Ee4*(FVx+Y8$taN;m1_HzO0y4H| zg`~Z^i{YX#6w?xcgR@;Ozvf;C?FEyv#Awd6lSs4x@kWa5&&p7i`)%_Smv^oHuwE}B&T)4XL=D)cy zGJI>$AgW{b8XWkS3b4-c@OLnFg0rArSb&sBJ2|pyYi~bahEDq16om`n5KU_)JMoeo zS3rl)b24z1lNrh0nTZT0P@r7(kB`lF^*so;Vo_fi{R`ppg6zRg3qmFfKiJE{pl@2q zbCA)GzH4L4zq`uE;_;9J@u)OMQ1M_0C`vp30C5HOlHBUj70WJ=(T(AN7!ZXmc3I4S zWH?klbX*;8Z`nVjprF%q13*+;zYM?cGb( z@AjkYyHj4Astvk%+#kiblY0~`lrP-5f&nTifAM)tO=mv^j$O{)0`#+Y5Q1Ny-KIFA zfL@joJ@nON@@Hj#Zu1pH4SHN%nUN-F^9{xHOp!w+b8{P>$<1BK{MmQEnw6QGz<5qmlvq98v}rs*~D9M4X?04{&r<||BM z31=4Vsir2W^2&}EnKZ+mqK(0R(<_ z0LSqdX}li}?}FiY7MPisbfL@jc91wznOFBTI9fYC*ew!449>D@GJ-mqo zZcgy@IHa9zx_DsThNuuCw_v}e@(5eC15gA=;*NcORb4gnz9JP|?JPXA`x z3F)xhi8%s$y5Q)$ty{+;YpR}Kw+EFKSZ8IiW{s^baYRr5k!9Z@t0 z$28{U*fZW9utxUgS~^84S>$FObj!wc!c}?(2&I>e5~x{Vbe=2ll!;xk{{#hd?^qLG zauL0WuqY{$$B5`}A}Br(fZR>Q%rkpp!hvl$8hh$QK2Omx-tdX*5uI&{1T~uC%kXPE zA`?ScQho_#g=MW^$d@wwCV%WL z4M1=hNDXCcNKuETH4*m{O1c8OU#@+9jNU4pO#5kJBa(ye71hxKZuMOK?~zYZ)jszZ_m>sByq3O5lF@C5smfFXcP{5z7A*(m zql}mg6!XO89y(i-H~oUwk!{IZRHcJs-K%%BV);b!>Ib>;6JwyXJd`4K-3KpD(}kF# z`R086k<1%;sf%ym90#wt&hJs#zgF>;}EBl5j#}7$ts*O>GK2<1Cs_*zz zSzTvJkpRNXfoTGmD;1n63-i~wQk|-Cil~j<CH=Z3G(4OfL zW}$M}^pq-m9RPfN>P2O;Z4Gr9d)Be_&~_fg!s2_j{hhhqVUSUgBO@BNm-m*E1_RgQ zb__0q$Vy6ij-*Dcmb5%se3*qN<C%~B zcA3Svs4Q71Rv6k|x`QeQI!MUb(_NEr3l1S*bDpP*fB=w5{d&hwFB?#OsWw|-q?byP zhwJpyj+3L;V#SKp7eg{!8%D+``{B8Apw&dqf2;8^&oof2ZHT37$eKO#ct}!A$NzA? zoOzy1wd7!Nqu?i*QrJ=R>65P>TICh}q!z$&|Ac;t#o{}m{Q#m;EobDA`PGZyN1bfy zo3T^nVqj=~xWX#F;ZJ1Ypmw+Kk9X|lZ_p6WyTuy`Lq{@f$auRd-2p{?uhg^4Oa#2S z7!$N?+40MOzIR18ydWq;ttMipdyg=|&|GF3ed{JLXbHXY^AP-Whbn8CbQvbG?Z|6S6E!CPA}4(T zWo6YRQ6Efyw1JmMK@`4$tz7jfe@$)rv=X9d*gh_xPkJr)VD5_1WK7z~5HV0eiCnrm zj_dtJ{1^L)E`{s4Wk~`8k>SYeQz2XpotGCx@aY;xqAs9OjP0kyNd8txxsGY7;qnGl;|(| z(x-lsO50C2B^1gyL7I6qC?`u0Qq;{8Cv$}5H7q?^rJJN4Ndq}X&tj(cT=In28TlOHzDXB(SsIxpB-s?ZzZ)N z$VcPQ!dX8F{-Y|r2}6=iobo)S7Cm7;{a-vioCT39fA`G;4N?xF?-# z6Y>TP`TjP4_Hu;(Ze|#9zEU22k~wE-(~eBsOCd9DM&iODXvephYp&iB&wc0&U@O1Z zO;pAEt^!n*>kb5W8Ldl-&8o~QrIFRu=6en{MSJ?Dke7I^4{hZf%xJ>7f9jo{aa`a-Q09b zvn3iyqW-Hi62F2a#bKh3(!Y&(9#D zLn%cshZG3Oc$>~fsFFSA;5hRihhFpF9lGAX96I*DJM=sC|4q5f{l6EY{_*?&q+CRv zu6cb&V-t%LsdK(fO6gQ#r1xMefioR%ksq8PTDes)IF(S4CiTYp8tI!zPuFUZgN8?K zsCX0rts@z!M+zBBx$&)&X}!WLpJKP5ug1H#VkY*5b9#8~eh64!xT7^gtkq}ezl<-w zEGYE@ti*BWK7N+h_puf)OcWo38j@XQtl^(f`P>aYuRaW#lS4tMVk$T7II9p+hyI+r zb$l*(*;v5xDs4O)NN{00cfP%_d8ziT*zE>hrWsb5&4c(#!}8p28mh7d9&)yUPxy|# z=MGFs!V#%O(^N$rf?xzD--o<>26bLw&|f7LMe$Aw~^HE zHNB(dOP2m;qX}NW=E6=^_;1-U$)^4dJ-Mq01@DK7I3P^D035c8&=%G*lDDj5GoJ1W zaF>T}wqV`cF9cIhX8O%aJyUcka>Vv`86h)1vxptQsxbyH`Q9I%!DEBnty#cP>auzx zEsrU3bOoxif%x&WEZ*KCvST%0?&X#_+YRV7hGa1#`O8g*P8zjn1!BZn=$ z3n3^Ta>{693UCJ{u#@8!JqjRC004~19vb(#fJq^{o1cW9A?r7LATHEh=qyQ(>)2l% zc&EgGFir&;zQ-xeZY5~Lxq4gro+@QijYSeNSWoF-$ z@(2ym$t{=Q_=sWw6!cjZ$aF;`aVIZ1iEmfd>6lFHaag@?JA1#f8vU4a#{bre^9G~~ z4_d!|C;4Z*Q{Wog0Npg8Qw!!MDBeTiyw}o&0#d!kYqf=}W_zf-H1_! zNNwFtQbd{F^zZZ+zi){7c?0|=J&RbjIK-GlwKr1y(+INs`}oD?GgD;3wMx13is?&} zOU0i@nx4$v$A#C#g2|OR%?HMSVrEwvxxi&CFgqon_SQK8w`@8#w)zX$J)=WB&`fmF2CE2k~`232DDKwvCzob=YV^f~! zsjiWG>fI^qfPMX)3v_^9m{JVIl^BMBEXs=T21z6z4&qVE&=D(B;SFxTbQ8k6HzYrW8yzNv3$VXLLc zQjw)09jb9Ujb%<5m#__R*_#LuVH!8dAI~H4c60h-%56D<8NNbi-p8jmzL7+u==&eS zbM(-gU3QBiU3tqGR$0SwK;qHrP^TmqWnr#jJtl|*h!k<97c}7W>NdyypybKn6)~yF z&xXt69bv(yMa{+XaaA1ZvIRg zbVWbA8k*seN&c)i%TEgW@p8CuK(xDbkTPWAL&_wu@8iP|Zxmh=wfV7=CCJ)92f^h<$Nz9Mx?eXB_LDAjZ`@NhZIJ5TBONyh zj%PC`Xwd35Ov9a_9V0~8?8K6}3t;VdFGe!Se7X~;zXkJ%2N;Jb-PXq@cq@n#AN7{l zYXt#o18^3^#G7h~9+KH|FT+)<;KuCHi6E5VnvJ51A;k3Iwb*!U@C~#kD7&T?PiWP6 z(kczUlea{Dwf8yh*@)5b<+^968%^8%cEpxewFdoO43z_ro?leg6^HEvgz1dcFtWctraUOS9Z$21Vmdt&ZZW6Yar6>bqMC$-B_o3lxD4G zf93&QAl+azeO9Ox+?Ic_%QEMgT@K=*dR7W9AQm(uKa6DaGpeJ` zLMluU*@N3BGizo0=}JGfj;oF}XIP&pYsSXKbyo>(rR|lC=exgtl`FkVI7Z+?L_|QW(>+tq^{D%%@#2bJ z8HG5Ry?W|hzahpNN+t{B?|x!mfJWKTAIEnp>aMw-dmi^COn@jK+zw1C~6MUh<##3 zVr7G$r^g)uzyMNAVp-JR{eb~vRKHF(7Sx95(Ru+};VNbFN&d(MbxRVS4)z!g+H+J) zg=XQ;^_`oO!8SU+lXwz9E^0Y3`4!%dUdNxWQhNqpW}LpnMcRs&<}gENag z&kopc9@M5M8FE2DzIYY;J~j;{+@zwjE`=OE?fplOw*l3BZq%HQCyEFyJc^E41SAE z)kp^SOg-|<$V_DG;MZm3zB;4qC{9DW*C8~LY8AF`fw?=rv$c)=mY19RwdONS<0$mY zdTfAi;nf>Q@7-t)cmBvimxWzpLyxedcj@}7dZ6**!;gN)4pOd?i?-lEUmME|)?`c? ziwPP?*SF2*ge3Uy!tvA)K^z?-i5A%*fJ^fAnJ9@{-`XJ=wrD4clD^1>IMe;Yq7At# z6YuTGUdw zao#b0UwSKQNp=C7O3@KiNrlJM2B%YQ++g2sG5QnRw6+!yWIkp8IP{jk4*kDS`HO#1 z`M3Y1@^|Y0PZWOED-u$Je9}Vr`YT7tonWdNHCiYnAMe&=z{V>48&{$uxt`9E)XPD`=nY{|z4eAO^7Gk4 z=K+~RtSY7EWb3*0xA_!6;>WObA&Zc~YypV{pwJ1Z(%7VzIXZBB(vHmVpTxj&f%H7FvgnCclzC3zb{mF2DRmbN7?TSKnX`s@d*Iv zLDKXk>JfA_tuv!9TG{({TS>>y)x=zpkVbPKA$>1MAQ4;?sw+P|`Cg5p%+ms8mt8|h>`pJcJC%AB>jbvH=8?mv(65N*96s-1i`V zvbVOH5efi~|5L4xBzd}*IhSD-L8(R*H_4)xlogfMGKxsZ1pAE+HtV887GZ(cIMRaY zj`5DQDc#vb3@6!7{_-(VZdotIfzT)nDwtP)MECv_fy=TdG*m{3wKuZ{0>8Vn2 znVm?1Kkz^t8C~49M3`bj(P2AxhZr2wUgMh!we(L8baNBKaqn;aEh7@65X_a_k!u&pBCG^<(^~O0OLgnxfQ)(@w)V#U{X7lAh z4&qCVWP)rroFH^NKHKgIoGbQBNB!f{BY6$rK0;@;zLvdPF;Fk5)LgFo1y zV9lUVf1C-$9i>^K=DIZRPqFEZN*i9QM;=F#<4UcmsHXXp@%6fE-8lU7eI*tEGIh%B zF$qAlYD;FtR+P9?ShD0CE@`UN#6{?6CU|La5WQr9n1}7fxnt5)6i5p**bCX%F9wwp zF}N4p`Jmo+isW$K%;*gCC_IbjwyKxv%$3&QO~=Kgp|GQqeSuhs1Cvuuj*M|TSx`=b zj0Y~dbeO0M1e}Q}>MBi+We_BATxvosErHOq1pVzle`sg>=71Jao_BPSDk(LvT|V*T z%lnc>pE|jxhm9yq3EadW1-K%CM8;So-kfO_X49#LBKjX3g)1^6u16Y`t0!&=TRsE0 z`sD7e+I#__)qWOw+j`+vh4*Dv|M2M5W>Gf|t&wg49&~GbQ-eL~3T@IwkUcw+W@z&E zGdg8rU}31sETDEkfga){+=;#8ND`DU(?zpz;o%Rh%NW-Mk~lROlxAo2xu~RKX1&fj z><7Sd;4#RI?Tu&&9mbk+48^dZKm*eg8TAfDJ8-kof=>1qi-@$<8Osk)%(8s)KnL|-Ch zZObv^fHB^$ihH(J{EYg?xtB2vikVrmXcWJ->5eUyA){wsFAR4NQZ8qUgPn6Hg=jVb zp_x#atdT)zQpbmOP9F)+B!o=GYWwS*K8YD`pLE%8_XgHV`8R#6e2nErv6)onh@taP zh>AgItg|lvNivm-wMXMah*zi@SD_vXikol9nc82aRZqIdyMXLPjmJxw;mqZ*uZn{l zh|yDR(0>Dcj?g_1k3#ZE1SkL`dD62=b#he+iIGal5^o*VpfyXz@1Nucv@K7YHanoQ zk2}jz-GJ%XOB1(fW7;UTH#MDr);403Kh}Ht6rPh2dJo6nDiDRkmQ{f)343t_MEDE} z+~)rrX?(J6@WlcwH5sl9Wt4Fvki0!u@j5rv?OS z4cuz#D}NCY_#5T|zJ!)Q0Bb#-0N`~o|JT-a{nMOw9tl1?4TbNy!yRs`H&C&BVb8yf?^MS*8QFfoUR|E3) z3z#bztLs2s2iytXdVm_ekE|i3I8QZW>>VCc(A?QM=?0~gWoVKckg77Woy(tT2OPkR znPTP@wt=lV@eO1|)jnAmHMleNcZ8H2ExtijJUfmN*r5L0m!pZ<99E05d(%n-W3!?d zP_3*Ryf$yJ>4)6`b#i$ITDHrO0Kk#eGibyD=Ipg?8~eZgi9dRsBlj4-)#5cX$YR(ueMTvi@cNkaG-!VNg-Ou^KF#k`5N zF!o;xd3I)Af7TbM5@44292d7OxeGsQnwBpVwgVUZ(V5!9>|ptM+~e+dLzcwJDKfkv#DhR?Wqf6BJx}T0zZ)r{kDSA&X6vSkI0r zDmP(Ww%nJ7Z$$t4Em*2#JT!u-UEOESUX}%|DD3Y~O3<9giecqB@l2F{rZ{RRXyiN+ zdPLHB0bSQ&>~78&+_QV+k5MUwIu-Tgg%DU!jh*O7IeJq%PzkGSP^Vapa476M2Cff_ zMN>!~vjwAq`-I|)?ha*;s8zZ3!M-QKG*-!>TTFyc3SQaLk_~I33#TPnG|mk;5w-3{ z&UB*ZM|VX|EKh#6r{F=|&qtG;O8~z?;qCP$b58gmOP?dnXW7CxxUUOOo93tq^_33b z6&VP@E*G-GYS|8aj=Iap8RE`-nv4+}RW5 zPB2_=K4jq;FZ?GQAHIl4utVxoCHe4)x%PzZQDppWs5#Tk7e9I?kUm7>xHB? z{&eJL8jMDsl1`DQRkyptyF`Up16ug(_h9y+y(|+k!bI|tB%s{tso{UB2>QPY{l8QZ zSO3!dFaM$Wx53~3(fo{h|Ec+rSO5UdLI3Cb|7UwZH%*QI(fodW|EBr>zV^SGADQmo zHUCk13kLO-nMej)xA4qbGxV|VpgIT;#t3l@Snk4@$I2SM-Y8%GuG+?_Zd%RLlx9d8 z@X_$y$Z{9i?R8~+K*5Bj_ZX2;N2hr(z!_#ScZaFmUbf@;qWK4eSCAWihcaB_(Sn{N{J$EUI?|UJ||O+AbPS_ywrWtjp6k;JE8U_zlrcRD*-V1YB+Y z{p|ZP6UF3n82iaP$BnojKOj!`gpn;lNow^eIxADT{zD^{RdEmv~BRZAm+~ z_Gj?$!qy~6cJL1lbQS2KSl!nnBabTyg4~EfvC-YpA}3lpi*jnX(;*zl`!TGe+XT>b z;GH z+j7|@v3V1yK~e>G00V!unB>jDAH_?X!{l&i!(ciO+w$XXc#BJ~uoS$Q)O`X*%~mD@ z8S01kiIj9+pYTU@TVWbGlLNCneWA)1ITcX9;F?*2);#Sv9h}NSu|hqxyzIW^D~C?9 z=5qmkNQ7C3u8R9T?PVy<-4deIHnu8EufOK*MDAstVm7N{f4eW33v}TqZ-FEdBx|Mv zeQgk{8`bS*+T)h;q&rL!csReUM9PIed6uyGqNJwHjIS-3LYOJPT&}h7looVud1E*W zQL5oTg=JFE^W9%NG1b0H80qCmxaI?3heK89&&{3d3Ut!uc~dyLI31TnEttLvUd_A~ zxRLT3YQfB^NV3a0m*~R|y&l*DLPY%swDTUji5km2=A|;8p|y2?DB$|ZEbH&0A0C7 z>->mLlwhsN$s(PTxqRU{L7-ZdZ9|c)AxK8u^(hsIZEN({Yxma&n}uJ<;}CrnNPylulr2 zYBMt)6`ni}5ND)rpJURhXNQhz6L+E;5k zgR@e|x&Ip+jsjSOUyn_|a1XemuwcZxIm*aJ51(_W{ubI2)ec7j=$2tu33&HNEPDwZ zY7I5~RJ8Y_>EuLZ#XfQG@5Yw)VK=eTU=QmJs2)gYZvl?@s5nH)`I4fbCV}QY_1A6{ z%yx(YZq7FokX%S%5ha#*TG5gi@mU(yIU6DIqxDpo%8kabR}K|%s1LV7?G;XSLQ4O^ zqbVCDrdW`GGGdsy{0$JmynsK#d|Q>?>BtK5b3rGcyVTyvc@k+LxR=k14IA(flofMia zxgP=gM6bf4y7H!gN)KYz>JlpXI7N}TPX78~U!S%3h)e%z9#|*%59T|@3k)=KOX%5X z_`7N~EF$7o9E?y@+;lCta48h#ddX4`P>0%lu^$Z7%E1c2?~ehAFmut_CDbum2i4bf zjOngbKD9D^<#4a~V+#^n?H7LCz%nn~;yP_`)EGgOH%a%$t)*kW3Yn@4h8MAaa>?g^ zkNhV8iu}F*9{FJl{x|Xu+5dawzu=N(Pw-V>x}gNS-wWKOb?I_)VT~2@wX=|v`R(Z_ z7@(d=ixAlKCHvae9pd&VA#i6C5daErmfl+n^Iese0{1EHAFAR)swj}MC!d<3_PTj8eCZUpwRQylCyyb^eBw^%o^UR%Qo|jx zv!I;!MKHL$YiQ@$8q7x`eoeK(_6p{AwDR(7o7^L+6?^#h>+Nq0hNtJ?@dz0BuFX^= z)s>lH;l6O?-uHICrh9sQpf_X($obZStu4<7P0WnMKdx&6fj*D@b?>RqFe@0Y_n}XD-FGnaf&?UgGKCKsfzXywfd7`$-m7P37?tIJxKgVkxHsBvVlPF%D85r!S90z3hKI2 zcIBrm+Lg5LE7BG1p2S;TAwA*+;h64Djc99`iKLHYNf3N!S*9dLK>R)D@W;#4y0E|e zLMW;2MZ>qDTzT7%a={9I3M61+)o#!TX+p`&tN)HUv8!zHn=P;{qeMpblLpzb1?SHo z;@k9Hfn~IJG2W_h<6Fap*|dEs0KnujYA}r#GPq}Qh>}dFw<4~tW}(*Wlvh#^JvbB$R0{yQ>DehkUF&iJh7F14|3LB-aO zd%HxSLTd_wPTCY6lSm-r%gZPO40uGUJ$O#soMf|&)f=%le+z62lg29#rHed8xm1i7 zJUaep60&^Nt10E5aB*jW?@fAYw7-O3f8+qk^=~Uy@JeeFHhW$OO?FkXa8njv$))MT z&;4fJa*pGPP>i6$0BzzPg)OxpDP-wSE|$0GV4Sak;?s|yr5pVoT6W5!4wi2#tp5eg z&@`v06HsvAh5Q!iB%qruBAy-Cc|o%?%RLuk^G?}&%KO3TIYk}cqUfpUxU4|U+YG^- z21Hs5;5zQ0472xIzUlZvW)UafBa_k-HV#$`;(3KBc+L9SZlAae0H)Wsg1*Oq>3y)I zK4@{g+d9c9mMxz&Ks`d!j3s=!5gv zJh!~R{)WjbK!i5AL$Q9|krQ3DMMP;*Go>6zBV@bA1GBgH(_F+1tatYGY(M?Qg3d*V z*^}N<)oCT?40d9E_dtKm{u%(^|1@se8XkD{3deBqFiOWe?#v$P8N*^-FI+Q@qdbvia?c=Q zI{|)&|7R7EZv+6qiTFR? z|6fHQ(wLh5lS`a!|2>x=OZ?3xasCJZ1Q{LwmrE@E&L0&8o0seij%?be-sJn6jH#Af z%-9eWx#lTpUCzh}V&4lUSED&cw>Ll*@z&N7A?>7az`|qeOPZdu7F~^*U%K-A?*BsX z8CqMbi24MFcEg#+zB)vsyA)uT!6fWJmhm(42A9d`wVSjs>_<^CE9x1x%o=*l2ltxHv z=}=8bDaTq-k_jZzq?63cTZ>M&$MI8aNL80g;ZOv0^~ys{mQC)*X>l7Ei#|r|qrSGr z3zbwNPV0qa;bp}HRlHXn@ObdvQ`D^S?n9L9`60N9U5ZsWdV(+-7?-mzn2ZgNfutT2 zQ{NU5qDh3!>oUg|P`r~4D#6XiGvD)Pr}LHpS)fpE)ccOYf>v==!Uo-FS*%!trx~2) z<+1Zwsv#_q2>;FHFh9I@1VuKS#Lt}cxUAC@xu7WZ2$Dm5l*A&q&wLPug{2dW-MxQ~ z8j3-iXu}L`to34y&w%~N1%qh((S?!JhR9`?sR83l1kEcwQcDiMdEwx8PWs9eF5=Z_ z$Gw}~;j{2iR9-ku%O{Z8$lDllQ-o=WH!g%u%tDjK1#R)+*xWSNE@d5FZI}u9apH6l*+sY%bfd(sCivOB&{Mx*wN7yvdor= z6&N*eN_i+l)fx82Q?$iZh$PE{(Y2~#*)%la$IVTo`^y*DF2G;_lEEkY(sJQ>b%{60 z^~_<NM}AjS`R*BGyT z5my4$gIXK}(v@P7XE|5e@vHYGruXkuIreW}5&OLs;9FmSPDnK(*+KNm9vYowE*Y#> zBBu&{43412>-W|fm+@B0wpsU2Cv49LbKjYhrH2UCUD77r`xD)7U-*KU;*BX0SS+;` zcg98dD5(TRQl$8F_?EBW<5c_ZA5co9CQXLW-X^v}hc^tBpzLkr$Jwz@#4m^ON{@c# zlIaR?3ms9|I#8)Iq+>D-nYc}*iAdrH47rUSl}$uSHu%^_e^`(MN2LH zxNSYr{}LjTlCXaHJX?njj+R`imzxPw_1!%j?Vp26$j#lg`w^2W%nUykSioR=M2I1i zU4LWt^kZp|e}20Hc5REbP2MbueL%aC)WLNw&s*WtYc>NoE_OI`_IEM}UXG8Ot}6QL zH!-+?vq`iJCcN@G8ELofQ{W!C0go57JSTomhR@*$?4?0w+7!RhXoocOn>iG9^>KVc zqr}xc0>4u^(yEZw?O<;#64$!J?ek*WLx-2N8Uvv7{9>(Y3hCvoRcq>~ zXA{L%x-@*Syb&Igd5?c2M_ck^ERCvRizw{@<9Gc1zi32AR=In%<}A&6o-fj~LR z;EQ!zD%-fAq$Zyuod)HUwKM>$Pcv%C!Ig!rZZFDC5w$1-ei7M#g!s&FOYRx+@at@; zV2$XbjD?=?oX12WEwuz7QKK>L08-pQ#bCdl8Y7e4Q7O0}&>iEHa1+``g%74O(%aW* zy2|uRwd+>|2fF$tL)N!Z3^a~H(cc}z6ihWQnz?}lpktvUB2WFT`sU>y9_T{;`E2mxV)(b z*)F*HR7IHpGu8zbi}=<#(NbRA!}d62Io@itlJD-qAH&B&W@S?`SU%tI!2Ja3S4ycq z1$3+cUYkP$G5dVDMZ<#R36hPUl=)9xBD*U8v$JlsT+B?HW+F*1*t?s)t3`enAl0$; z0Ux9ifjT2~hyz+i!g@|DU8`!Q*sm6lGcALWD_RvrQIbt{VyEMpD5Ly({AbIBe6@%O z3cVyAWE2z;k1>$$w&T?WxeHR`;opO-Vqal$By}^PrmIZuDArOH7fOQ&S(UX@HsMh@ zZmEe!D7DT|lA=x+MuzycrA?|_s(+v%Et2OjenLdbh}w`3BuV(Ew>S9txmB3^4(HJC zf67g-bY*n)$VSdz#(2e69&rt-H1=TxivPNzCXE@FG&cM1A`xDPxLAf@&gbyM6BW@n zx!;`~nVlV0vp02+M>1b$Et@x$0s=35hnE;(Z(6%iG=7aYub+kXJT0yt5o`w`aDnm= zy`L>aV4jGyG0t#uuIy*@wmC9<7x}zuzq0~>umo$qYXDvM79 z{`5hhULaTZ!6T4{IH#;g+bHpiNoGuxod7hqJ3*U~IF%W06FkkfQ8xECT(ySIgAwhz z6A(kE&dv}-j4r!1MH3i{ZVeAp6WCQit2%qjwn>|f?o+6)u(A zE~rqYb$eanBc|z?36lu3CLQOY-sfc_T#L0`Bi?AXR@`tjd0APq5(){gibT)Y6WPfhJ`U?R0Os_MsUolkw9LW~Y zQ!bb#>@s-6b_vUS7>?>NOLfpH82?_yunnShmML_3^iF=?>Z&`1csrz9gzpirMjBCw zoFGmZ8+ab~gh+a+;9bHZhDdNN(9QMg>dNC$E`GD--54aoyBn*O-KF8_eP-^B*ZB7kRD4@HlVy{s)mC?bqd~@Y$_1{{hPJKD`HXf1!DY5 zwb9-x@M%CjQB``!l9T4|aHtuZRQwXw4$j6rlfw-xCke8qX;u}R)noppbI5}!iYpGj z@6iViZSEw0kg*JErws_-oNcDvT~w}{j^5On_@%moGOg@kB7F)zm?!~|BPdBk0=~+y zMZxo}=L*X~)8oN$3Iyrw(BV&nQ=iAj%r#p3AvQ7^%<1tsK)!$6&kE!)w=K3a&-V=+ zThEEZYkQcva;5n?a6URxtiv3mJW`CP*R!Teyf2W9c0x$G-Jt;zNj+iL!ehG6j_SPC z$pFRb*R1PT<*&VjOwQ;+=TC7FIMHjdYLP!YN!c3K&LILcnl>|xP z9L-o?o|xI=o@Q}N-rA$*;mhEqx%Ky{&%A};zk23QX`4yi?<_bzM(z((_zKbSmR)mT z#uD=q6ZNn(Gt(eemcFZW6Ps#kiF_(KNV%CVmMc*}R~+la7^G3~J@H3EO-O-V0$lpw z+F@kX_6zDT_w(MJ=-E@W$3ybYy4)-Q@qJ)cc6N&gX9~+{Zgk$@h#bl_)Afo!(6nql zezn7(R5mXwt1=$CI1iPuI!9CVaFRz*zJut^de^9t-Dtj4n7FJoPx7?($-|()w=*82 zov;nv5`KE*AeBv7C@`)%6ccPuz!f^!uu*v(t}jsDCYUYeRUrbaCVf9!tBm*f&OD&` z6$!=Seo}Y52(~AeUQf0D!Z08?s|+TyR3@z}PVbNEZj;sxpFLo=pXYq4lYy4x{p3A! zOCT0iDv*fTg%nz>6?r)1*e!6pnQ&WMyrWB6w8|@R zD_samH=VU{{ax8f%4RWDV`L@1o3Nejx^GD_FYntVqM8V=s+M{~m>%8FPJ+d4tHBQW zE1kG22oCi-EOSD57y!jAm7?IP&6B>%4U9W;{2OwHjT-yv2(AfzWEwPZ37_`-WqNWY zAreR`1@Jz9rM%c6;vws0WxD@OdFJt#6(MY7 z@1YdAZj$6Vx3P=}8&Ov~BkU1swbJJO3HEo%2`(iuU-c41;N|VvVetwVY530Pr=FsD z|59o}*=!Y3dW*>@wE?PwR_&oFd6J2~W}ZIKi|q9=>OWd-VE6HRPYQDiB$XD&?>3N_QHX>(V~=2;y^Sa)J!pm4Pk1QW@82XZU!Qoi*3@ zq*~}&c)7aj{3S*-y$J2Bn-#?aHpRYaaANHWc4lqG99U;A z8SJy&c^6;H;3tnR_=;?xd4PmdXo= z;*ZO)Yw32(nVeHltH*3KJ!2pHJ@m~M_zq0?RVgbF1$DmktRrDoARs`_OaSoM#`SkwRpEYW;RwrXo23iWZk%- z=ccM+L%f)wRjS$X=Vh_PTjQc60P&Kvt7(ds2Ne$iNWd-9rQ(>lh|_;%(ScN3vZ8G$ zS2_rH;KFFF9nX4>5(fNxOvi4UMoeWtH);nEFo*rMM+Q{_%&qNQNF0rMdt6n<*p6L+ zg-2Em4eMdh;S_0_w_!9S_X}-a@!GE2MF9O9YM*Eq+GqaW`aqCxLq_vbJwV7vBClY+ z2_X-3Q##UFR3;C_7_cI}-bjQYYGWc#qN1FX!-#A+7*Wif{oU^>kYmw}c2Rnz@>kzH7Ujx8yzX_~y68wMnI zGWo=v3H$cY^wJHBP1LYb-edZ;Sh?N^F5#}ftK!v?4DojYTSSP25(9kJIaLbIBVL2E zHU3J>WK=mra8GN#K)Fj3?oNaK&ZHSb!UHYKTDQuVF{HM3n&w=Q_BdbhgPSYqg%u{1-zBKso(&2;^92!; zWv`8P-<&bC90yxb?>R$hBOAr?j_HP@>#aaVd{&c1;S_;dpSc5yZ0x_lZ>yTJ1eafA z-t~kCUa@QuxF)17<4+Et&NCHm&AS@e11HMO)ctIcVQ#RTB*vcxV@Qryzx(?MUKx9c zz$8-JqoCZj=jXKNzB-70)h2pLBYf^_x1qC4p-dPkvzEo6Ae)&rOu#NnF7sh9OZvFeVNS{I4*x3bX5YPDPhD-i(81ICW63i;}^! z=C?9wKJp|yg8wnB>kJpMh7p{X|LDwfGf3FobKzD z;{4P2=UdABIc)W>EnhRbOrP3gS{z%2rHGDA!W`-`_Co>)74>)IX{lWy@(Rh;W$DO+&@i?V5%Q?JsRMVNSF0QCj@_y8qIQ6J zgxsdyn1;B>{_-A339UNMSI=W>yf?;-0IcN_+rVN^0xJ!^?~B5^@W{6FNY1p-H^S8 zGa;~#;rhOMG={r$OP(mf=fX~KEnnl?)f1jjgSgAIoYyx$a}UW@Awm?_sn0{>HhYh4 zaqU4^AcDJ2O=i_pZ9EUAR3rrSj^EBD6gu(CO>!}yt~_Vayc?9MyJZL8kB#6W$^V5 zg`uh)81?XhX@z0OczQ%Ufv+`M5M%Lj;>_*r7qPo@5Wd8UIj>tQ-O`VEQdYZ}%9_AW ztVXRQ@G_zWh#uZyOFFw3LbsNnNyx^&Y`J2V69M>ld&M+jZ!P&ki_-Syu=jnj&2C~P zBXlHhpKaFTJ?Zd3TlZhneI8a6<5dX)T3Tbhy`IUU;FqJX1v&l8Re>IGxYh}~RdI$f zABiZxXlra(jKB>!A3 zgurTh>r?2>PW9$+jOZWF+$d&c!sKLoMaC9du12krO(}k8>USdiDd6xSfC;ekWS#vU z!D7r~aa1)&%;G+zCZTaLVYLduPlKQ;6*VWV3lzG?UO>W=uZsW_T^pp zD^9ZdX|(pos z?>2o75RXGaJ@pQ6m=RRfs;zQikh^PpIXvW1yc38?dHijh^7&F@)IIQpu^6v%053ys z%%`FBCsb|awsbLaXp*Ixbyiw7ahdQ8wC-jH2#CU?-VXIhEG>&4(iujshDF=Yp6FTML*92rJJ~j{D98H0yuAh~?=Y}?wI(r|#u1|Nu31PK<|T*g`((>Z zz8rj^g=C@=SM5$Gj-*Y*VyvmWTP682f3p#cLEQB0QcxZ{3jkSuz6I0Dh`cVEz^x?c zQ9 zR1(TmN$_NCdpeJ*k1kxoRU_SKA~r>TVdqqw(ki5f09?p+`Ma-C;CK~q@oRO32p(2R zij1TzfL5pgtVK(meUH&VrYoL@@^)j>HoidTLNhs+pr43Yp)#ZeQdq2YRogiHQL7rj zJ(tKJBTO0|5G#C)p~o*nPD%B0a64kWf$0aASp3EXwWjv#uifwuQhXWa$R~c}2Y7?VVhuG|fk>mXA+Rv>Y<@5L!#p_nv%W18|fz8W5 z^RAfPcCBAD7P79c7da41Z=WRfyelL29%@!op_5DBscpi(?D1CZeB!!_@j}a9)l#rY zw$HK8=Ts!Qor+(@ajXSU7~23IjqT7qfi-z#OwwMS*+f)ws^q|(1^|^tSJ;@_Wvmi{ zPfUN;Ch!c&WUvzV#f+&G6ES_l6-l~`Eoco3*F59ee)qSJEl#kvlv-ta8~#R-KXf1t z8v+{WV_`PFkDu(aS z_ywi8uk&L2?m!TgeEu}{1cGQ11^75b6tO`_NM9WX8f!~`2h+;rdk<0^jwg31bma%!8FTDR z*Ar&2e;t%UJG8(kcn9*kg0LLbY7J?7j&$cm7L`vL#L}>rYsodr4c>J9+-0j~SSWL- zv#nb@UCd^zgcMXu06NgQJ=S;?Y0OuINQ{_UHM9(ZO2?AfQLY*o@N+xGFiicppqm)W z8h)mVC}N}p=bb2U+BhA1p1B7WLE#6Nn(>Ry)GsNb=%5_Y%XeITo(e2xS6NE5XBH!e zamXrIm4nOHAVd-`X=}=sVW9w`cs1S`3VRxPr{x^hQQCf;emt?F-&NNi)loY3TF?UQ zS!|IZWPr6_(J z%rXnOa#SR|eD2)(rkTY-+Edhwgo~LoYjYmyoE?IExL(35Wq7!;y#T#-npyrOqE@AB{FOsoy-g%9p=K#w`UBu4Nu)IOJ>zIO#QB6RTH6>g z%Upn7O^Yf^Uk=s>^80nJ5%4fKpW+vrIbvxRW;(SRWl0*|x=Ua-8TC&$6YF;zYp3uZ zr_EjO!CjhG#*9^B0j;Tf6%(7llUR~fIkRFi=RUl{Gd>4Zpw6WTdX#um*C&@0C-QuTZYN*8bLT(%5b8<>?0AzAws-TQ$y~&x})A^=1u^ zlADtfuPYMWiNNa?+RhC3m<0;%A2J^2fnOG0=0R;9SuHjO^}d_~=#whTxa2CJvkU1)b(jt_zhJzu6wa>)Ou5GcSnSZiC8KL@=9qX8-iY*Px=jfHEPd$4 zoC0$ua?w?Lh_&dUVuqOWmEJ#D`SY-v?i_q606_TSKE^myXrD~> zO4Dzr56BCA6{K3kX_LB5<3yu>x$Jd`;v;S5hNJ=iq0mCXZ#p#zypTe7GB|#=4eZ^*<;}DeF=MB(b^HUXea)|eck{HTUkX;dC}%RaobjnXl($S{(amwl67 z)#~`3j#|gdx=YsyB#TXS&0|jxl_W!kf1N&WF+?!#8`I3`7Tr2ZbP2*Aa+3CRZ}q5C zPUkeyzE+NXDywQYx)Cu4x)!t-J=>o$lalF&uFIv;j|6_l~NA} z@$TEFeV8D@mi`v5Ca^1k z@CZmDXb_uX6J{djJ%LtwybxOybVE#K=Bsxi`7ZqaA#M(}7cu$c-T#nFx0m3SrEMpg zmHgA3%-OwkXT}t&h~{|5+z`Xz%pEquejWr)u3KbC{NzWK69pQf__<~wFzkDR32#oJ zIF*k?ss^QFkn5EVt36J%vPT4^fMUFhYs^d{Zj<}6=#d|3T9GA!=onnwxYN}~15w>T zO%7T;Lb4IvzwhW>7HA*r$7bu+-FWk+n|daZR&8o|Ml6Zofck}Cd6T%QTxGc|IM=Vu z+NC}6)}MtN-}FApxwdc-n@bstV`wNrJi{EmmUm{fK^<{vI7;sEfR)Ye3@L&>ak;@+ zj#KqZ9=e=?fnYgQD`yRN-IY?W9ie)}2UpOu;Tl%yFk+?jjd&sidmgA+`FEEfaD*l= z4`A8>>*Tr7*)paoUsf>mK2bA5ybs4}6YJevZCDC^$H-u5H!ebO4#feDg9{%U#n%#$}F2 zX}czBnWtA9ph9y$fg-`lLb!)DoecZ^jM1OjsBl@)qs3EHR7;pQm8iJ9&F!%wrZysaFQJ11IbJ6y4pSpwumPox!Y4>D3zYi z3?-%oG)C5%OiQ^H{e)TDB~a6BJ5SwpBN5SF-vli$_!XG|+{Pu^A~nX2G{wcaFK~lA zoaH3(BUU7BHXDZ1{_w*sltMd9N4m%w(RVxq?Q~HJs-j>jP@oPB$5(5=myK~!o*fV2 zv~xC+f0fhnvoh`N@;T$;aK60`vp+w*X@xM#$MW1U+pq8>RA(nRZQ39g#l7%W-Fc+IkkV*&-XTfCLMP}ia;4iT?s2rv;XuUZrgurk=db1;m1 zHNs^r+}k#*PWXhQz%I4WD#C%y8CJjj8qkBemqOS9l&E@?zK;aBc%^8!F#JsHQ>^d; zRurOSNV#}4?teG9p(lC!iw%-NV-qDksmr#4X2^Io(?uL|d%sE-<7DV4rNRG z5+&cfnFJ8n-~7l>$8!Lt@0>HOp9ucJG-UI}IWX4~9(lS<0&;5|MIn$VHe;+ND1JGZ zlnM8tqRe*r6`5yhOw@)I#)I?&8NDR4`RACCNEq=w?}ogrF%ZQ~@Ccl@W9U`=4;jm3 z!9+2Gq0!kRHlF{XVMin;4vF4?Psa}=^{^RLgO~676OIdWnNjJzLC`3bHn%stqQgl| zZ_|AzvsBTM@ucKILJ~|AE(@bH$rq8=~G{=LEN-4pM#;Tx*taKHi&ca%r~PjVEyFa3`W)}Z^rypgufJEWVFAbAXjiscZ-uhx@j z)3}hcRSTsvNs~u>K`n&MaCVo3t%@0b%g98cEuF6w=)TkPKw;jCKyeBhH`P0FJ(791 zl&@v2LQeOD=a%0rZ5j6|yCwJdrC6B`QI;%+RHS#LnL~g@XpRN~;YTPGBM4in8$tzP z3%YYf^~_R{ALO^EcsZM(ZI1U`EErAaeCBJ&ZI8uF)<&U%}2h zCiq_XeWt^0oq3RH&cIg^W&(BZy|+?JPPAzHCN7q9vD8cn&!+C~#!1^?S>)#th*rWi z_STf%;!y;yz!+|UYtT$l8i8cvzXc)L#YMGWl4GH3H3vKx1*WD?G;s3Lfa93AJF-AF zFmYe^+$-3cgx_tBlbe}T@b`GjlIAZk8G}nz33`9*rDmWBzzEKG>qe$o#DXv;S_3>V*DspxWu7!fF zLkt;K*f#xSHkCgZhh_O(Z)k$Oi}7U6tC*i?M9uImy&k(mG!Zv7W;RSy%1yqA4{|bk>4u&VGUf?r+{lYJd1aGacy2x~n8U$@r7g z)C_@>h*O}J;TDi7#lD4aWz#>$QL`95N8cts?KpHl+Z*m_zVQoQ;o9KBsB8reaauS}h37mCzmHa8$T6x_?gfb@ zXqWq46?f+(8!P>AU}FMu1@$s;=dtM5symd^nMaxesly853QsOnI|Nej%_7&H*61b3 ztGw8oEd@JwUEf|ld2Ek0KCloLDeU(pY(}7-t$emrW1=4eIGERfc{b!4xW%%y`?+#N zk{av!;VmTY8yXzo0kxuQGv=y6JdW3p4$lAM>m9oU>#}gmux;D6ZQHhOM`YMG zGwcl8wr$&XMCV(5>yA-fqw5dskL%1m&$FL}PT-`qT&6#DdOCaiKpLB1Js>ph^Kvd> z0XInL{NDN3Ng8AA z8JBHx0V6%##Z z6SFzfqqwWJa}Tu{G!GO&po%Bh>Yj5OnJjm+5uL)16vI?caKY3${mrrKNSPk|DPM3R z#*sljXw~u*8<`nWZ{^jcjC+w{XSV!D0k3-_d9bd|#4W#cGU(GzsxbNYLPf5T48YeM ziBMQE2>E(@V#hAQ8qZ1di=OUxt;LtH00gY5*Rt5-M*G-G!JVb252ui8hKSyNBSSzUO9FIf-#y)K1-BCS2xL#hGQuLgv1p7f9R^A~}5E`me$3mwi{ zk%FR}aOvCAAknur|G{zs&M)>Ntvi=!y5$>+w~tzkV+Q7*iN~e#eWL^kfL}Fk-qOs5f<2q`mp5ZbG-hi5=CTbepHM^xI*`Wbkp= zr8&UOBGs1!7~2y&Kl82g-mTP0J@ZJ||sNkeb-V{bY{>JR*2Wi^U47%tmii zT~k+jH^)|sEFbLg^!h(MQB>^d<6JVZGa8`x3`+HxoL5$b0{J4RP%6{fP__?XhVYpu zoy4o^QR6|VDQGD>su!>-;T69%4r{ltM)0vhs98Xp@^0AL)a=Wt`&;Xl*(p?sGzJy* zJ9Ybfn+gR)%i+PhQf|J`IHwxs&M2cb_BnU%-gh&l`kuS0brdP4d`VM7dGB@3Ns&`B z1?n7oURu}H;AS;^;fN2!e16z-jVMyDoU40NVi zOJ|%r>18JvNWU)cvSe+|=SJ(Lu_S)^%$j3!V#ysaXX^ui)|D_&iOviG1;aRe$D`Qa z?A{-r1{MTATQ3O*E*VZ0E+G{HE#A#D-Qy~`cF(~Hw<=}Pqc6~3r>CDz;F;OsFz_I; zLYOC&6zf+w(A0sSFz^LH^g*OWh+s^k*flgyu;K9}Pk8Tf=f|ou_2dGhHE(1P#Sb>N zS~_K}fr_Mk^i7ga&JMXsb~I5QM=x$=;@m2kNc#yIRl?qZX3G1Nr@1jF3M0-UnF?JbOE*T*ajG|g!gngn}wI>WxTSyCYc9$ zngiMx;&#`|KGA(#nk^!IaA6`-V-9g0`p$XCj8;jHinCz?}fPujVQ4!20E+9H_ zNfeO2>#H^`5m+GPW_`gB-0b&)U$dzp2T&q<>)Fh8UOMFVvek)&<`yrx_pno$xwghY za#66Mn-aAE3#xu^fx=BFLVM8r7||Mw@Z=C(2WL9YarS*fWTPPsRa8+|i zWc$wb4*&Rpu@40QvSEk`4YL_poyXS=p`N);KaT%KcM;XcKQB$%D8k$vaatWh+E+st zw|#Ba{x(sM05#>*LmlXSW_J+?2D}j#BE1MtRRcTGzs`Mmr+xP5-<&<@2h@5}2F%jP z?|AB`3Zz5TQ$nN_*6Hv{kgq$po3w-stVIDK zZ{eDHAVHM)%Y9ryHQQD^C4cE1P*x)ao@5f1vCbOM@PdP1y?(PGmi%ErnaCFpi#Q1A zTW0Y5Xe*_;4aj|2ltW-DEJGDDc_gnKMM{EW`IiW$;gHLlo2U-$vOLax3O+*` z1j>#LNJ|jSyCA_$!B46UB7$}pK@pJr8y)OQGtH=0#-EIVuQ{`O9#r2F4pIl@VQVwz z*jF=ABfx0%{?4OZjRsZC9%Fb=mTQ)HGQNeAeI-YDVNo>;PC4DpsAQ+Xk(TmfTIEV_xkoNZd zt*Gvzpf@dO9-;FVo{Gf7CpRRjn!6hcYq6s#J@WQLDvzdi12V*LiGfYR zi>adIY3MQ8=2{lvD7`-$Yg0KoI*uF5!At8q;I|^AX^IKx=_T8G+jelFF(T>?o7ap_ zj%RDgs)B;l7w5l!(*pLy`;|cHV#l@atxS5*hq-seW+R&Vl)&8_8Cfmlr>xbZU##f|h2Yumz7mql%5CTz=yIi{ zNF(du`rR&y$^_`~_JBQ#eM{ALR;Y(t6DV(QLWgd?@lZ)gyfHMmo}8twBFmOvyDg}{ z`trhWtr@YZGW}$71fjcflRH2MgyuL2{~FonWXQC2+lE60vuo1i6Q=0+@WWNZb-n^`%(w%HmGURwoyxsq>B0a(8QmR*H*bidVIq++pP@U zl_a$Dh7>oudzfnW9Qn2S)(rc`ogEY*K|&$ZVV++DVH$tRUNhBCLt)Li@G3=ExmZFx z7^hBT0KNb#`F4E9Lvd6WR>M{LOj*)ZP&DgHpL*bEchSp4`-7Ee$olK&iTF^~hHjZr zDqc|^;GicHR#NX~BEC#cU-6u`<2C`_W0tMcM9%H(NO(9`Yzj?;C&KlWC{->SYtY1u z^z)0Aiwim%&B*2|M4Xi&Ff;+w_6HHqN`(fHwdNjO4vt!Lt<`J#5vm4x+|Rs|B;W>5 zaBxHwQF`@h*i$wm6zVH9K?7&CGH2#10nfp}DE2z^nA&zH3j~DO@tZJvc4a|@AErP9=k?+j*x`fNTcJ&>cH~AQZMPnvY12x z(QU;`CIknK;xB%45tj%a9iREDJZef=4TAV#2hk{euW5efS%<0VGO+Q=2>NOYkh?QZ zv?l8-xsAN>VXi=45X!CqA{L&ebi4syIO(h=qxcFG7u#LAS~!6_7u-ENKm|Kcm!XZq zIda1Z_1@HDIu3)Kl{~4|W~}>(B`6O^!s;&c$)KOBlpD`RqM z$Lx!&XYgt58tU+uu-&U)fq_z#K4y;JR;^>B`WeMbv%iwIaPhRINXu$!1`PJEPkaw5 zlry!&-SqMdyqqtf9lgLEaSs?2b&IX36Q%np*9e%StWJo2C8G-#k@T&r6N_A8zvVJU zv7)^(PeSjnK+uJ00~`J_OV(0ex0f3#EV-rt0FHuliQ=Q$j61vfHEGxOU5fx;nZA@k zeZ$WMJz7%^s#WsEn};gfiYZ7{&M@XHfI?3I5D3B)hqHiQ?Kl4q#a+vnS5mKEr-lxXlk|o z?%tG&6c<26w1XF6?0CzXmP5p6a}kk3+}~_=8}w3AIefCiR)#AFiIASOS72WU2IOf+ z^>+oRv|zmEWG`3(!Q!@A%&w`zSpMj+7uz8*>o*0M-LRVCx$abQR?SMhgv{sS_Bg=> z6?#8Ua_y8aWInYuVH@}_B*Jo4{K)7L&)qYh&BA^mFqV8p4Y~C1SAipQ+TA9LUYEdL zo|$kTDfN6PUz)rL$w~T>;s!_`NUGaj28`#NDtGArSbl4FnLTt7)Ib$1ymVDDh0S&F^50h87ILzQ@m7q?CoVYBEW#kc z?aAH?UX{w*pCv4>cuxx+ZnsEAvA0jnbLwoP{YM#4VyB3KMrHHowkn%D&pIa(3DK9Qr*U7#fK_&6d`_+vRJ4L+7-L@vmI;2YuzhO+m?G|ch zS3H28gHJ^zkXYSD@;OTmgzv!}c|<_0a*cpL@+w;LCw#*w^4;Ho|`q{Dm6hfZx5ak>&+jT`K2VoYEwt(=nL`y?b zAa9fcu=C7G5^IjrY-Q~&5iT2ajHgmM(quYDv~BTn+Cl9Fd+- zEd>UpxQN^8j6tFcIOGVc%VSQ*tSR{nq1wi{*b3o%NLs=XEV?m4CMI*AAW;2vL?iswM6c|N1AlN_RAfD(u@M6x^@ z&Ce4zhcKXD_opQeQqdK50E^;q>K8UkrOdn82oVF^T&z z!yu7#AgvpscP&89GyK7qI8wp?{YRg>236)^U6RI1sWL?(27DVpc+M%bBQ}=Ff~Tr` z5rZ2l7#>^NA*|-Nuy>D22BbiT2wJ#L`11nyv*6fC2S_P4?1AaFhCCHNT<`OY_~G&s zGmyq(&5NW2mOV1wv6e6d^u1!TwRdCK<$HfIa?cM|?Kim5ubb&!jD@Iu+jyeD6S0pC z+MKS&RSL`x@34->Ls>`J)aG>B-qRKfY4DB1vnXkVjj%om`wuiZ1ZZ09=$eUcvmM`V z()<4Y;|7vVjQPR4cL!7pibpjUAm1YAX4H zZ8iv(<>&+@A?rPMQDd7ZCEcY=>^R!5?w?YX zi#G7EG+JdQ$nO_E(xi*;s+i|gp2aTL4J<^|lm=WdO$qq)`iW`EJDg%CSR%X5NgSB~ zjnfsHSGimEe>R?7#SVV^UFiT|y5A+$PG>i*_LU)En0p1U=TaT5UD-Jw-ICApltwRO zFJ$UlIj@c}f7L>)`{&PVobfl?sk4CzgnoR?J=GJUsLe&)&VPUGJWK%c_Lpyqrbh~s z9C%n%mEq}^rW7?iD$>{{uIpg~ek9c$J*ozT4EWSWWjDrW zlITo4`j2a>;xFzSy(LV>E#dzV#9tY!*2qv+p|Si9@N^6J<_-oTpR?y&t0~s8lnjFB z3@Yjrlt6d9+igs~#B?R62&K<0*rngwt-9TE!$4OviAeFBrB|T?TthJK9%9)_3dved zF6)hwp)H0cWy3;&05ZSc@0|fEy+2RFOXr>}^>W$YmHP>plQ$Ug1ocS#OG9S~y zc&(Ro0x0Y3Q?G|s;s5l?!}0J?HpnDdW8rIGy7n2BdoN8b{X#%8lGH}W^B~_9cQhuz zMA{nkhuez>^ep5;zvR5HisGr3pAduOvK>E@PF0U}zLe>^-pbK`{f3{B^};QvG9c{D zU=udmBw@V?%XHVuV1N=0{d{X>R3X6KqyVLvDlsuhXhYEuj+DE)-Fvzap?XBWd>1!o*nI8JcqoH-)!IjJH#?@|t3%a2eBR z1U)<;wE8SXKI3mXk_Q1eiHEs*^(qW>=a)=nIx`r?X%kbiC>jrlNNJ?mlyQ-As z#smJm2kh#Vnq~_`5+VViCV904a7AL#D~>2nxeA7V6Y360{MetexBG)pbbxl&G_oB8 zrEGl^QQIYz&TWIvLbcoG%cQZyV0kK>*ofe^@HWmCE2yH>4_nM#O!&A}pzN9+=M$5T zmiag=a)l^ZhwkW`g!m+&e(_yF^!`)?->OQwyXBow%G64Ir(x3Q4*=?$cr6Qj7)R)J zC;dE>@wfutca;l1+#nOmLO}8Y;U45DeNaLkWCP9`qN=O&n@j6p1P8t=qJ#aN0d#2( zJBpFJUU2QVW;HAw02KxWNf-Y`w>3na2UNQzMAjhM^tI`3iingtl>^SgyBF0be3c3W zO|KyO6l-@5AwB@L>U69&zE|V!+ zF&yHSv3@o&114>9mb@I;&Nu`(f?W31sNm}ul&w-Kqc2v@z&d|LW79iA`B}9dLbTSX z!;cEQ_DEykD_@_26#vd$E%J~b(X)1?*c#Tko;?y--46ODxZ7JJ$EJm^+mdx0LC@O* z!rT3Rd7EIRR{QfSE9O$lv$cpFYgs-@&}+fdufChnb;*7c1xnJ6$6_uS^a%0Gx*z8I zZRC5D&)oUirWr4Ob# z0wL6y&IHGBa~O=1_+EtHY+3Q-$%?Bqc!IJ09Iv}N@W%@{O%{I+tg#&JE7eb2e^v_m zzZ1sa5I$E--_6N2a=O#fu90@__(r}dKwtO|Hr))&8OAXIsCo)#QA7uTfE`jf8vuib zmL24zC$HrHK#)P2iSs=ZrQeL2rlK8GLvNk6qAok4BLC7v%2fV2;%)YvnmwuZbP9)a zY7i3X>pl%56HP0y2-nXw&q8HOqmj`wo&nGu0iLkVhKp8^wtFO#dg5`rc-?9;E^Ru+ z82JL3Nj_OSZT?7p3=ZLQ<@udu)hm)H%Yehz0tnF*2y{Q~DV8A#f;$ObaCSvbcy>co zA&ySnxX4XBzI)#nZ3)6hy2Wf;TI4%J+F-fYYs=SO z40_89`JYke`wGEeNXcI0BJ!HpHK8fe&FnT!t&g`kGXsZK#yOPXBs1#QdUb@ikO#yw zb4WMu$E&ut@IlBl4Dh*Gq6n99Idu8vug*q%B6@C{fHmgaOgyEp!yhBmMYvw(mJTd5R_d%f{r*@3Q{xt& zlTi5xM^5?c_X0wC)VJ(>%I%=9tBW7oVS+s%agfFH10}}O?hQ6>BA%!H$gJA4*uph^ zT#yjxww`;eA#yqa8uXA?HwRX*srv{lZxVIMgy7~eQY0@CL3>gu?PwYKVWf-4xM+n# zYrLBRqC|~*b=y7pQsO22*XQ^0kJ>y5S1AH_IQErJ@rl%*m-0>A?2S+=05TZo1D>7fFL??|FBVk5K>eT(c2E{IuKI-=7Zh!k*`VTf z`heYVuD8?yR&t|BXb;^wpB<~x#xK?DRr)tT6-@F0>D2nhsMS_dOW?$_ zeJ@oHC!4*sjt$U>(+%4)1ub+#f|n2T(--FL^(kl8Ce2#V1qFHH-kHBD>6fQ4{BG?j z_ekLh1z;*uF+)cg9;wE}7nvw-1(#I|knoSuJUZT?%IK49sXTNtS$H1SZ;Z_9c#$@`ZGxtRtv%$Ot79iqyb+$J&sDRj(;8TpI?`U~^22Ai62SMvp^ z(R{P{@6z)WcL^CV?SzXg{Cf<82hrqrOg^Tx4N$nbJr?bxvDlqihMDfGfveUdfmf?O zROI}i<%Tzt6ak$V)_~pDshJ6HgSS_i16xZg!p4<6H>y%O^jaWhg;`S``mZxGq7XjD zP7)U)D1%~i$y5XiuMFh>M58l2`&?g@Pg(F+{9U)xw$x;xGB8&BL*r<>X(B)V6fhtb zzgqYEhVNuB7O*$Xp#&P8yLWPLhYO!Vv$ep+w~`#gR=U#9=dQmp9D4;LmK&!zqPAg@ zSxM>P&cl2Ltx{45DzgpEs52x^O$^HAHIbE28CbfE9z~4*>%E`MzNm_)w=#dP# zTn75VtC`*3RaKxE^0^-YHf4~J$crPmK$0GB!!7P%p(u^WanwY@S|E%cs!#Xls!J4Y z;QgfB&-$}T#2BH6#39Zj+S|CO7DJ}o)Qg*6neA0|vlTqHC`-JQyoVoIeR3gz$+@m|y&*%NsELP(1M6&RY9Gr41hADJ3TQvu>h+(hH_heDxCW4!D(OA$G1|o`lT!$> zAdr7kof*5V_tZt@`fQ?9tr2sPMX&~}-FUre-73>9;7u%BqoTXt2G64pD9aJA<``%EWU>-z+^!h;EqRJx$FyPFXGh!Yu{B?uO(y$%O(92V(RaJ zrbg(C6fIdpLCw7*GZmdWJFfflV^AKZCklQjMFiZ{p8Yn4=kPEe+}(Vc_<=y*gT#Dm z8icegx5#>r@VC&5ilv-cZZNwX&*KW;@Vv5bH}R2625BWYM!`FOu z7IX-hpc_iv^M3ClV=)DapJB=T08k5EXB%JxM2i=J)Yv{DdflPi;UFxFm2aVin0G4I ztHOTjdr`5=os5Xsn)8s%NM=8xNn<%i_#0DAe9&e`x>{8HiFjT4M*ig2Pc;N(5UR^o z88oTqC!3f4tqqlNQ;_#e_u~L$&)6?tTUwkmUjNHbWxj!{NtiYYJl|`*0 zFqPuKBCyg48I$ZTA5YXtOgO16RMmJh=-QGA7Dsqi*`gt2x7pD2jzq?my&}$57$$nu zy<5Lr+fZpeGvfgGyb!L-Z!AB4^O?}<@>8X+wyXjnb+}(b3o;3ybQKA2c=6jf@9@qd zakunHSpS5DHPz2|1V98BP-LYJnYv#?kG_O{t9AIid>j8}G*UpRdd_gtbx+g#ZK4@ypD!F=_s9ZP5Q^BWEH_T>)*1+;L=Es47& zkc&yO)&%iV_X;GSwXa3^kwTDx6>333VQnl_8~f4EeVQUj6Aqds9Q&I56W7qtaLIqcBkkApwht1V%uvh=wwoCKFe@z zvOel0&Q&(T4$BYpk<~zy-skMoPo%!ypK|ja8(vviM(4cRGkiW2bHmk1aE>SM47bwZ(3s;$c2;J~6q5qrtNs4$H#9sej z@`nHrg#ci2dia+=y8CZ`WaRnRAJMHW{a=4n@$aq$yovvr=Xd>w`Cat?llhH2|9y)n zFZ#c?h<`EveGy_K0M#~UCLK8VPwa?6ENt)|WZmg#xHb6qa%}6&LD~G|_iqf8?4zsuaxk9Y77sD7f^*RWlFq{%)?scK$3*F36`C^01CqKxhiXg%iu$9Q291z4N8v4*G^1GWKhjS1XV$-D7&lrdsBymIzI(Z1Rp!ZNr(z6H2%y6IK<@04T8VA8-^ zr!&_etLDJ%1Zb>3_CZU)$+QFT7p0-Vsr?k^TkBTKczxz{2N63Oy5aMGjr$eiH_SCb zMjS5qsns^^9Hu}qH!XXpGio{Q5sBzTfI=#REE*3*LDC2se-2#3>(jIN3Kznw`jC}B zmwlt3C&qlNTA*DBY(i@YrKKV`kWDIn?^=tFu3C*EWC4NU5fbIqGd}mNW`-zBXm50Z zuQ9VEU7Ya9pOpOqRzHc#}84?xr ze~=KK#A&m%S2qCXdL#MkR@rz4u6g3GU6eQywBb050uLm_E(mUnI`@wS0qXdD&s;)V z=}`xa5viVkiIHtF*0JYOgQ%Gl;_hVYngEJM4MoF2YYXtM zh3sljyi)^)=Y@pauD#$^bLHDo9RsYq1yG|{T+%T;%rXDR=-s7Bg9e#hYN8QBnP!LfSYv0EN}56vL0l9Cy}6dN zUHe8G1V&km3RiShUI9gw%j^}35r$-_`DQZX2_=R3s`McFgb8Iw(*tS$nmezDS?6nw zQw;+PB{|<(iv)iGD?g5sHsTEFyARD*ZW(r|vEfpQDxQdZ*v|zZJF45+OV}chK|Su= zgb*Q>dKVz7#;hYY02O1hk&-_?%gFhj!z)3EfX}kv!N)xenYv}jNC=N+f)tLH=%Sc41Uvk=IsYrpSQMg5 zk`yG4p8Ud)MFJ$1@GmN0ZaEK%%$Ki(X`MYA0Rw2aIzmJiHiZ!lE+S)t! zVgb9heQ-1z?s)*H&->>MqE@|fRfDn2zC)SibWrg2;F*lL*a6yhR%I@SNPGH$NO~;o zkbU;a4qlz!5eEK6m!FXLqE?I*L3_<#FatkQiTk!#j+4M%#QrxkKFJL2+T1SqoUdE= z-qOhYPJZzTRnr(Pa)1Y%MMY09Bf$?Ll0xSR3T}Vkg|MW{{X8sEX^1i_1=!i)gk{OI zPw_Cc%5i_-Mr^EjZViP}qkW`c@+JeO`0;O;*MbQ#J9Vb-lVf#Pu|qS{{PF&fS$;pSP!V zq_GWW6lKfd=8g008`WT&_3rvdgO6(9!{B5)Mw4_#oU$%;4`9g8qdbm$Vs>D2 z{uM%FAQgj?uN!o8Xw(2X-;rKkZFc9zvVOnYR^4QgJdT4I{R%PpLRPKfHg~v!i}wbP zHDe&fto9vOIgjn|2kpI5$O2}TiaSp9=~UTT>`xeQ&aXe#RXxbqk|}=^1?>Ui;Yw#= zJ`NSv+vM1IkvxsT*!)37mMSY_;eJdiB7v%o!68H__(JlqO6FFA?dCl_Tui14c?^D1 zveqol&xTRdZ4Z_73zGc|*Dblu7o-OhTi`KfxC}b4!sy#^iAzr|r-siq)IsFfQYV=8 zqBD;JFiW={27{Q#gC=PQ41ZLOrO*w|1nR7DE<`$6->=NFtv~Y#3x0OBy}GSB`mQwN z08cjBqN{mwoMzy)JZ>0ARQmM*5f!Ns!0vu1h^;K_BnvC z#b*4s2PR^CsW1&dU{8(80sIhXQ?Z1YfDtj0!1uRXV$Z0&sZf5|#~Qeo`d{Afqkamu zUeh!6NcCCy0RoUE)?%@Kn%JgRu|9h;usgP~&^HuoJ&+>Fp!fW!Jct)u_qDN<<~e*B z>iwu0y$(#~qeqTj!eLiFd47e2fb=JjuplyOmX*A%&qnfD-j(9YPN;fgs+G8A!RgFb zn#CozaBm2 zh_-fR+|e1}+3c4y6p-SAwtKww$Wft4fewFL*-ykoaOTYDzWV$kvNv%^vXzs%XM)CL znyhf;u~?GKDsu!DuxY#~5l6gXjTP+{8b<^lluS&j)O1B6>#y?7yJiZ-#w0DumR9lL z%VwW2QV5Y|qj(Q{I&Cljbp=ovO9;va!^UdNY%|6s!(Gt`Zc3-m3hTs~@4}Ux|MPHp zscLF?SgVc_0A$}*g`3gCFg@kbv`t0y_l0$|`4I4jLETJTgm<0=L4Wlf&QHImtU zF5-q#N4LsyZD2vT8dNH>14{W|aJaKcZ(5*Z2;rvh&#v{~_E#?PTA8$;mtK@AWbXQW z_kngNy;%pVt5LE{T~O~FZCkN1+)JwTEZPlU z<;(UZo0YryrSoHFD=qTf@Lx`0^R(oYQuI{wF?n~~F;zJ~c5qVknYg}^M)pbY0f9i+ zl$;jrU6b;U?qJiv^#pLd1DU`FZQ>qW2ab{B?EpKRIBdXmman}OztSJ5(0o89f*@M< zfobaDBrByLAka5W7@nnedRX7$==~BB`17`sDKE~k(c$x*j-UZwVfna~a46tX8ak#T z;vwQ+2+D8u92mv;Bp{6K>(dF+D7;cEOFO?&5AWDUc4%6>fa`B?3tf$VZHiATOih9x zwXt2Q6coOU&+aaV?6J>9rx&&R{c>I$lS7TiJ%c`M)KEwF(OEhevVclO)mg%Q$r<2R zt{4te6t9MPG;fuF-DeR}$ZSFhP~J+%plNNiKeZ}fU(H@uf3qNg!fvJu_FM8y@8fd+ zW~!p~IK{2qK>AUfESs2s)wpjsG+^z9P-;4FK~BRrOAX;!3a3yD_DwnCPr*z}K*A#R z0sp=XwzEQS7~ct;!b95GFm4Hk2slcbAg?6d?9X_bsA5yS~#&?K>STJO-W^&3y6faGZqq(8M1xN79uhzZ%G0qg=(Wjd`AvD8Zvw5k?2jYFkjexbiyd?QZ) zMkg$fmx#LKNTXSiIAtFT4Hu1M$iSD7t=PT-#z%^FF^pk{+#g>cC8-B5q$f#oRMRtm z5YOXavtcf~`rRzok^qhy=K~o5Z@02%ueb#3HN*tY7!}x@7yVs;)#lnP8bd>i<;Lg5 zKUbUFWXwK@w?nh^qhn@ag^3ti#NHyeJ8${KBH};Y>8a``eW%k4-IdGf0*-0H=tdaK z8e&j{5hZkX=8)&|6$VYi&!t51ih zl_*CG&)2R>_~r>8jPP14{MdP_`pTIG49de=t&uR@L&}#u_sL`pq&D57!?j%1$0(O^ z3n?ll$%uq)QVYYzWVBx`%Xcm|4SKg_O*ju?)5@m{>q@v4gmZ-vY7llK9rTT)g8OHA z6RAI`-W*NiMz$gO?%MaQud|=C*2$O=_d$ZJS*8KZEqna|h(23`+1zvGaiPGyF1UV~ zTIsMBB(HunIh<1*C5o_iwzo{yMS(nTyM0?d9~n6&p==oLtMwONz!zEU`m1jhQz$aa z9V$F2e(spN5XNg8ll}T%Pt{6Uhs=OU1Ur0niz#tDrjJ+;SyKm3Ve&w@wj9@~;E zrCn0`vHxC~L#e$9MM-GEn4_UsNzDf6tm`o*l8|tkh7%MRQil!8eKY51JcaSuPhH3w z21Wm}ohSgf*DL1&%{Bq|{oZZM!!T!mC)0nJ8#@_^xoc*T2&FdlkDIalYf}D)n|b_~ zo4NgOH{ zB#?c7S9B(nEF7yVL50w0MQm7IEkzC?dnR}XuD_{M9k7bdjP|c8ES?WoSMEfpuPbHu zf;tEB#54rz_X8k!a|44oIn zI)|Y05<@npl6CqeK}$B-mk_{s5w}pj9f0`^> zw-lQEogb%BTK{M=;6JCv>=321w*d=9g!fT)mOi8C+34!mGM5Mej#PC*29U@tjc``~ zmJk0aot-xRgh5=BpKcxk>QxyGO)@kP{&}nMEq&rj(FuX9;JyBh1@&lyCj){@9hIVE ztX1Zg893GPl`c)zF}|h{viCd$g`jo7z>zEUdu0V~GVHy43bM?mAgJ>8nT93CX`TbK zbW$-Trl$}VW;%($TIW059J7MZOC&d9*u*|iY{ zL)4rXJAK6mGt?iJ<%fRe){$4;>4g$Cgrrk+=GlriL2YO8(z6F=4_i*~G^Mos=1=5^ z_IO8yg0>fN;S2X=)b7=rQ};kq-5V-8CyDE7Urey#%j(SXPDkb5hcdmDC&M&{=`HHO zv~bJl-dY|n+(J;QC_y$TXR5SrSclnN;c^wdc1&h=W%do{OuR~)WQY|x4ES2$tZ(?| z?0@TtEu}ksrJ}G~llL&x3*+S1oxVnZgM17R1e#R0KXuv$vvB$L%zJOdCfiCHb2xTM zi-jAd(;Kj^n1qa~`O#lxX@Y!|ju#>q_Fu`Q+4G5Z6R&#h(C^cj4RIHBfh!fZDF)qw zF@zY*2s!I3W*xOZ7@1H|Glic%HsxQ!h~4ro^iwRqdR$4EUFfQk5Y0x5b=lKniQ?19 z&eB$`THAEfPAcF9Kxj0AWo)A56@Ebbe5EgP{&r(WKUUdbWpCVfLuf?;+S`djdj&Gd zhW3~3W$EuhQbxO*V%1>F=#bAiUzE3_ku}GHzsEw0kvigUQwZ^nCR`)KDbi+kxtiNe zn+C0md4~ob3lr+Sq$}i64;6x1k|@sc{CaALbdC#S#*i36`VQTO+Vr^o`jd3pgP%Rf zS0TzuHj16Red3gG1%{t$htdgP1ak4@W#g5<8-m4GrrYdHq9KRFAVJymGXzY;1TbG_ z?lxKxNeX#>rJUhcP`%396Q9|8n-6F|l=%WoK?ZukCu|@VQughl@A&bIut zqX|I(3Fi@9N=3mI!6FCVb3J?N0%;GWXW%gMrV=_pKTv7M5Vx zCpZZoV7d+xW-k8IA(zgLnh^1K2=-IG(hsLTg#%M91fv##l^2eQ#VIQW41&w@+pIYH zQ%07^S0saW&?krXEE+YXRR{G>ufg7NXK7wCV2(n-ieNk&o4 zkRWCv^)@{KAgZ(VA{4eSfR80LQYW}dh8xBycfx(KeT7teTRMCI;II_ZaIj`nhn< zZv%DWB=f>!r%0!~>(SW^8!@juVK%rL!r=;rG|?N*`XLd4?Xkcu-Ar5%1BTu9Pq*28 z>2haub?wT-Gh#C3Wz8NV6vQ&=g-cCcSRaF{Rl+ySHWy;6QVwsy4Bhe4vkA&_`Xnys zwVZYJ93qB#L0?mR?p%YD0MrW^?RiDA;y?G@cwP9kzzrQxm9o@@6g|WrFb#>lM&amY znxKBx{>hNduCny^ra%}IYygC<;=;Ck@RJ(d;26y&if0(_4S!Cpy76OCY;Lk}( z*UjNc3Wn<^x^IFM!XL~8mC_p@eyf^CQN@WIr5!3_$ylO$L!-A<&6n1@`ic5@=>d~9%7c_W9cE*aQ7Qh(gcMWw<=6lcdi(qV7>bnq6QuO>+j;r*59!ZBUP>CUICF`*tw;Y^{^m9N|#A^Fmf zfy8ERSigC4Oosr2bAZ03prI&6+(==mjFd=aojGTVbQu9{59nx(tS3eT_e^jK!J=-~ z0Q*l0$Nvy!v-Q}%%k297ivIutv<0^PjhnE2D-|WQXM?-n5pNw#^oX+H^7DKTmGlLZ zY{QUvLmb9i<#sf+ZU4u>4s+7UZnwt%mpZ_L)n+npD39|g94tAhzbF33f?MQxiD(3l z$K!i;{l!I;Bq8?g25>w}YU>k=+Fq7=Vezu{!GYfK{uI3??@Dolkr2%SM<0XJKCnPQ zKghAdTrO&GshV0f>NIH2NM2oX2Z4<(!*hywm?1DEL70?U9-2me6oP{yS&?WqK3d^ZZ4#??+C^Pe)c zhG2X><6oS4$2JYNJPC5o7@LuU_ziVCBg5=BDH z?rKx$q64JOL{DPDj2ontUu;@-n_8s0A%;^o-0*75>mNG)saY{9xs#TfaLBba4lA0% zfyjZCbw=cNfCWUAk^V}^0+TFLceRl6#38zexr6CKW!9&<-6E1#gA>r{{4}%Oy}YeF z2EnkNPhLZM0k4|eO&$Iw%J1$9&@z_Me-NojZG<$Ybo{5i1_N>`mJJLe$|>~5xGcz2 z29^cHpO5k2TdjVpR7ZC?(H9@}wgi{a6Phnk@{sZ(Wfdg^RTsV zxSNDVS8hYjldW9&)nul^Tfmg{@`;QT;&b4Gu&KyLm(ETg5ks=WRhjYeWA|*8GD|Ux zlQ*qDStzOz14F zpW~9F_{#TbV0dA=h>h+_0gyR#_(ewT$-Iz`1{~KaQ0MIW z?s!0y?b1cB3g8@~GKz$8ye38{C(Kni;arP(VkcIxIB3w`T6QgkPM+QSht71wI_qti z`5StxtvnF+(u$z5Zd~b&Ty&kQH$BuCJ(Yp*qPOm9Mq2qSA3e)tEmJYTBGM{(lGZZ- zFS(f6eJFr;THhh+cK1EctxZ}Rh_X%V0LP^VBT0!14W8Ge_6U?1Bry~?g$ogbEUy9m zGT^{M5KzS-FH$dtB0?G_I3uyY2)jh`7t?j$M+lQ#PJmluKKWK;J?qIss!3sxe%!5m z*uWny+fbv$ZpNUowVK>R!tJL#Hwj+GUrNGYIv>2_Y+5qIRN5uL@{oNqyXGI{lwWoP zm0VA?%)|h@`sv%Dw@Nl#XE9lP2jROAk*sDNqWIGs&0oOl;MajGMt`33s)YB(WNys@ z^NXEnFUsm@olC+@DD+|pM&kA5(%O0pSiLb&X4SBf;;py32LhcDDr^0rzpW+3-NG4N z@|LTOLZ`=Q(q{9Z^3vmrHO9M~^E)@O){TY(sKBRTC_6$T^jX!sm!Rt)wTQJJ*h|Fa z(-J`PNUThhTd&}?3{bHTxLxo6;p?4(1WTK6-Lh@lwr$(4F55P`%eHOXwrv|-w(IoF z+5e81JrQ%UZoiuqk@@7CnQ#8OcDW;`jx**8j1@Bh)iO6EXA3a?B@NY!lZ$4AP1tc^2avUJ0A9Xv}@DTB|atTgvBr}4zVhhPnH0kL|ro<0An5%$=9>_ zmes=M^EYoivr~Ph0BKzfb1f^ynzuAbdU?uLId9=m&7ns1*2U)n%OB6Yhr0gS)rWj6 zt$d|3{Cb5D8RU1h!(D~DD{K_@wI2zjTQ|PrGzTNwe+;)qZn(2#U?%((o43)? z#{H?1`@d$J2RcvZh65fGNs63%0q zS4Q7E6*#ugYbovToKE4z6PCa}PLVW-Y(9_Q%UWL|3;Sq7z6}427(|Sb^ddmY2*z@a z@g#ANZT3zGYA-fSL^LcoAW*&RGs7i#$SAt0aiV24PHpr;#|08zE3RJBVzEfjnX3dt zA(dJh1F$dj*p0{6%vCwlz!~4k*K}{=btF#~-K9a^M-D!w#bI8;xdAWXm4CeMyQ1KnSeRXoywe{WlgfCd6U&pg8$+mK=)=z z`EE^ZdDF?@(1>ZHDE^^8cBDhAUl;W|HD*5hiq~+_$fd4<&V!?zjW`^gZqZg&irY3B zYQSoaF)Jz%Bmr-NgrOh-A z{9Bu$oBGdLd9S}`-Ngt<7Kn5E$wFb8hC7_PzdPw9NXxnqeA8`F=rAbS1!C(G#5>gYWTHM&V*Uq{@ z%A;%t?nqlGQXqXm-LkpvXI7p-2@c=dtL;iA($T(0rvoek*)OuSoB7&iEVeMnO#We^ z@N@%kF{!%a9h7U~45d;L!rOX-lZQ;$qltzFRh!*aX1pI^SRV6^O%bq0G8@)Zpn+Be zub*+M9i~`B-{2YaPF#wT0Aa`KV*3tK1g_?`horSNJ4(h3H{=8?J)!Sy_`P3|juNk^ zjtyHYrz60>Z=19OUEmCh2_MndI|W5vg8+@VDP{ce(LTE4G!y z+TVzCy0cJrbjP60r>WFgMxO|(0q&h_Pn!YHppV9#{niSuzs3$K5_{+wIBQlOyT-CD z+B}eq+gz!X^)3;2=1Wfzs>SINf#|`vcG-^XF-jol2Q#dA!qK^9c!45d>86NLNNfj0q?dQj$r~2fD zf!n;)o|7?U4aW0&ur=naDWecxuWFSztdciC-ts$22D*HSzT)ZEE_5U%mR87ECKZQu)O=Jo*?OdlUel&nR*+IJ&|1ndAiovGl=IX1mte$2>z$ z?l3dp$V9hkjYrHpsihh3U-R1wx%)=4)K7D!W_n+S_6R%ARUTQg!(Ar^;sis}Y4Oae z!{RY1XjERIgh8DY1cPKx>L)?qpaIYK$~Q(_Yw??=*^cOd$rggabZQ=hcBe+lOBuDK zPneAED<^4=KmO&G=I7D_n~rL6vRpz@8+yF!b9IUbMgy}3-<;y$-|Z9TcJ*x$=tS=A z-Q{^cu|Kn0!;Ar%)vL}GeM}YbYAu(ag3TW)-$Rfu z3e^DK`o?;I3oQ^7{8uZ(0u*@}RLe3jF!Y>CLZurAi3ir?WG0e;RhmlErvT{Z>WOeU zjwHvA4e0zqBgww9wMNXzB{DH0iQ~nJCoR?GKo_mIv}l2w zG{mM6kfw=}#f^@CLFF;DhgwA{zu6iiNXUi}F7#zAeSyCW)h74q$#DF=0%kd0RMYnP zHRLIov?M&972}XJ{Sn?pl3MIL8&5r&4u69sLIe1V10snMTzThVL{n^df_<4InN_QQ zv)1hK&dD+2fPFWiPk26{6=~PT(Q(M!K!KthoFE*Ha{g{42?8+f7?i_wEY09u_ZIj# z-3WzNFfEXX^0HyI(VWGmh}M;_S2?qDCbxWgD?im979JD8qfa~`FYmj*5-tdseWAtE zD+EFX)Z46n5pXF~nZN&oz6^;~U2mh&Q>|n>o!-Q0!XnPUrcC2!oE>;d*HDJq_GJj= zlC_j)m2x}XfCA!x;>1ebhUJa&=`#kB@d*U^xP@#(n!ztk&Z6FuIWmJt&+2Vb-9M)_ za{E26uWH2Ag_5_>Ev`cvQE7obp{LJ69!)C90OGXWGto>ycXn4oA5D}e2?!X(i5|d^ z{SHB93szh8Y?&@|V7cm#OWq5f3`0bni-a#^UX96B976eEhBjqA7xr>t&SPFxw&@W^ z7x`Q4+op*Q1ILUfYb$HhrGuQk>8)rPdTgD7Gii%fEYtCATP}qwPUB;KIj18qE{@tS zF_yL1&Nqhw;Bp3e?%8A@GKpO~x6djFM9|Vm6_9;UL967;^clsR(mkJtA3lxvMt-aw zvA~BmeJOoawtPK_xN)QlCrH8owvkP+z@HgVM`k$fGe)n47hVH!W4LdiJnbF3xITUG z;U5(0Uux|tS_1Ywiz9+-_c1lI{gltnfQU)rb_=&@r=*F%l4yEhr;#;exK=cL`2;Xi z5gudR=UGH!_F_LE4=t{7=Xf~;0Td8@G|xbIz4T_lR<5vXEADRZZQ$WXxerT2jTKOz z=`~DWJE_Y8bg{9&qHLR`ZqF~dFwviJr!ibQOp$GIhClxVdbBVF53X7OrqD)_G}hS! z->jJ8gFh9JtfK_lv?B9Ef^$Nrgg41xpnVJnRCXpr!^qRq25w;b+VQK zM6KbK=i7U=LGNubhRe$$h((pfgziIO{E3^a6~gd?lu=o(b+PgNmGWr8`|bmAt{7`4 zK~X}2{(4W3R-zaSSweLAL$O4h?BiOu;o&3RMVB37z&~>s4Oj(Sry8LST3%S7t2tz& z7|-qCzxVvCz`#-XY=!0r6$37wXk>*=8KYQVDCd=1zszexCrreyV~Q~gfn8+iQzF?& z;~RM(xKMq$Neb8CIW+Uu+n<)|dr00BHi?cpe?OK5=)6dYE7GhH9n%3s3*(DH(FAH8H~Md3s&DwkXJ6sF?-<*oZ7>yLz0O$XDKfUq8*d{Ke7Dd{~)*PwP6h47v< zeR_FO=SrokE` zFwJhMvO#QwR_9=160(iG!or5EGaBSF9qfg*C)AkqhmplEN`AMh$llguA zVt$YBe=>he+yDBp>4g7e{!T`6rGFELeU``CqCCYphqrV z2{fI=I;bUuJEH{c-(1HJQpD)w9nmBllY5Ut1wO;|@j?z}O$eYw)s!~}fKSsaE?2WW z9OC{F9}Oj3#SceC-4_MeoH)&T+>+WDVjm^16H&WWvel6j0n{UCaf;x+KiqAGd z7e3Nod4}2Q5MdeUm>S3`czIjZc4{6j3u^~}6THA7E-O_J zwq`Dol{Zlw)8hiPGlqlDDfc<^kAMlnO{)yy2!>iiw_PvH;I;_Vyedy=(=dt+9jfi$ zBhKfviEEJxfZ5?d_7{!jMET&pS9)1q-qp?G$1hP&KhZap@}(gbX{U#)E*~~okIK<2 zh7d|G{p97#)mMwhGj8_Q^&ORT+AB=&w5x8+DT;dpK-wd0T6;X#;gDnOd3tDMP@Q=Y zZ(!gJdIH7wCfBuav%D7=H}benr)P!lUZARl^YsCO=udsnhml7fVH+{Q<};lkH)1|+ zviZ&qYxFWqbtU=VG`rDvq2~3OS8(C{pZm%dY#&hw%2=6ywc1;iNja;&+4f4++VQ8r z!(Tnmyr zk}2=`RlGNaK9G&tdQuHEcnsvil1-da`YY{m5_`G9sbfnwI?6(eeR))1CF^{j&xE*g z1sg!8AGNjhS03&fvgEhSxz9GCS^Q5a*5b+)@1}-nC={tz+MZeiu6yJ^Qqbl75X}zR zF`lctL|i4LQnR=V_PIpsd^Fl~F!4S7anpJUTH<#ipXZag4-i6%`xuT^wF5u{vFaqT z_$uToN@i%&SgWb^j%$5~M@>1S9d{GJYIKTnMRrqR87`?Z45f}wtlvaO>2xqip#FA0 zriSuB!J0*(oRD zc)rcu5?A&VCFI*9OLOhP^*0fZ6gBs)U9|j`Tm;0PkLnQ91xsN1b7}>uvDE7by0=%k zt0L%Z2A4^bPv0{{1sEJEIP=Bzh@*)&;uFJy7ZV;)oORnTw=Mg$h`uUKH|_@trfMf` zyaf{?{Krq}s^7m`@Bp5dKN7+o=&{W z1MPy04W6XceJh-Y=BN6FyX0s5Gq&O~V^cUrdAI(DVmjD(G!cxS9lP_VrNTX5dZa^h zaxzPWpJVFfRj>M%w`+L!yXtfM0BBC%yXY9fZ-BY0xA%u=60?*yf%te!b$vDhbzY+u zS8kiJ{&CVmr;Nka^}$Yk;@Rw_25#8zT^SOnpH-y+9U4T9C~ z-Jc81nf5_Trhq(1Iv$M7$uq;v=5X`0yi^Kq@IzikuB@lt0=smqK?<9Tir9lDFs~LW z$*Pt6Uu3iLm+w3-=9yR>+mFkS#33~acT?gM!kaSl%|d!k=U|oyLvHazPOy|T-iOlB zN^fsNc=Gn+^m3q~nF#SzV@0jCy{d^ZBacLn&T zYY5(ifOwKv)403|e`H)9YV1s1;y#{ONO)TA0_Z@{&NSmcA@0BUQ^+QS%){k=DhQPL zxdRA|7?!v-1ZIq~RN4j;DntP}mRc=nzo?|+)IedsVkURyq1<%oQLzio?-`o_R?c3+ zHiSJ(|4xhJG`EL}A^E*y8Ie^#Dc*%6B5gc4kP(Y{UffB+Kat*PMW#ZAjehLasNN2y zfTryy)_4S6i|F{}k(<_`TBgZq^v8828PBS*WlnZ=U9~YIMq*jP>(Ny77wAbondlQw z;1vcLLJFT5it2h`h3<4>UiI0NMdU8omGkuFUPU3*4etaJo0M3~@ zxeiryK0Ole?vHjgaweX3dj-lHr=ag$2PM3ho2M7cixK~aYcrv0O`maV2!`yATB9VV zVQs9KIZlsD&-%D|(|poMq8F?yO=(|QCd3MGn>gD2vm?u19%pjM%ItX zy$sX1n(<7c;*MWeQ)#h1Bd?C6UZys_wu7)H8R=p!=Wb z{m#{5fBZaPSm_IIBVhoLAFtSDbTC9n$^vTm3i)=J0eqit<3Ku_C+#6hJp|*HGyq)$u4mXEoD`E z*l8}vb&m8=<@OavJm9}M-KvO{YlzLN?69B`re}^V(}0ug;m_O+Wx~30w+F2KT;l7#wTed(F~%ptq7)EyGF^Y*j?D-E?w20ShptKrAk; z--G!6Y~iL%c?c<`L$Z13H%{?PNj(V(+Dt(Ta8qN8EfH7AegiaVwi)hl3!&+wA1^S^ zXydb;HP$i%wWlOWDsq#r^pmms@Uz-$C3hi-RWzfCwTIMn$>Pur7pYXSBUI_3gzYZL zgaT;WRK>MrD`$pVewv5T*XZCqQE ze8UP-j&O*nQ_1}fF|04s{!zw}0cpeOKi+AYaSy+TZ*0G`eWy08hmu4zcG^!8Ay}4YGlABB#mWAj0;|ikfeeWtXwWY+B;Q{c1faS z6NVp&pBia_6nZBicmRr)1ZT}UEH^Yi{8^#5S~=f9c%^54v#0r?m6=Mev!`7vky(_hW+FXs0v`X}>eK>m;U zdmR4B{H46UpfU0T`VU248N_-4{3Q8}s_Jn+k(x|~KB$T0!P-`X2AZI(mfpq%% zQcw`f)CSC*CcX%K6ZG#X#vzh#LE1^?R5YBo;|<_2dH_l}`&8vwa!Qw-VDVz`UUeB*mB|XA=(MgCtp)e~(aE z4Boty3d8!5%Z#nq;mv$<)48ZPUKFCd+XPX*4;Arv296^ZpXu6U-;BJvY%RI9gfU~8dnJNGJv zE@FHxwS$)5p~T&(CFx#dz)Wrb&1!%qBp2wuSqBFGFiM?Gu($?@cU=ok5_4BNwxV_A}F|PVQ z;xD49ajxG>(Jo@tCUJH_%?!R4FwRXHN`lE+7v1?}_nrYgELa|=g{R>Adx zV@V(g=RD6e9wBs{j}C&md@p`xYF`QpI~=-yhH8RkHRJp438L=e0pQ4ms-D48->09b-+Z-iS^5NCo`KvoJs z@6Sg$JAT36YzTt=4x6a?F>AN=dlUi~@fMyuV-M-deyu91bJSU03#D5cy53e}GpE?+ zdFKU}V*_G3m;}KFZ|8N8J`>a^nWa@GLiUG^amaRsK(ZC8{R#9y$-2P}ExAsx?OQ@R zoQ!luw5XJK2EP0sODNkH;54^O=7M-vlRz{#Eydm%YZp(Cb^?w&tYZ-PFNfwJJP8j@ zKY&5l%ZS>dUWSvyp!Ua`8_nHTFW_`Q%bIS!9Tc!#OWBk+we7d8!~#LuD;kLl0sFRAhAYTr#$wxz}H1q!mpnH3`nE+HpcA}Jp?1upL4RV9tHlT2-}XD_*t zv-Iuv?GR}@~AerpR}7+XhP=MDel+} zFRXP2m9ef1~{2@WxCu)!jE(4X*C^z z7jR{j$+e3cb+z;%^S1WxohtjpIfDJayLLGTqDTyv4>}{*#%ws{r>tX?Vqu2zJ zwqzo`?-COf-Ymnwk=zl{FOfm5KqH%Nuqz~|ci3JK(&}rpsb#z_i1c+kp1+LI=qPlg z`F0a$)$YA*7EbO8O^@B5Icib#1B$SA9gSG>c8s@-qU860at`vfcmK#X_~Gl$EQHz$ zSq}Z6;X`}&Z(fwfPrSPVqbQ7EM#V;HzIBTo*b?tP1}#zNvQf+4JJmQOPPS7ub(yg& z&#u9dwhj2q1{bT}l*{UJOn_d&-|?iuUs2(w{FsOF7}e`Dj;|MMn^{>it~ZYWuV$cn9ba04>>fflf!alj7fS z*9=2-Nk21ND6lq1$^%>TirDJuVacig#lpU_+#C{=QgzOuf?}iVH1YEuuSB#p z%qL337{WiiX4yI*NVi)C{Kn9>hGEQx67*;fAf-&E096 z>XI6r1pT2pXdowP@YvHFKr0q1uAzx`H2#(?fO)qcM!UXuVbeQIQGz} z3j0!60Oq+vpcA)>Ly8|jI^e{uu=U3A^?aRCJpkeJCr-E(*(q7mV~Q40U$<0*C`XD) zLzY4NLmqvd(1+I4g^Nm~a1|ET1!I(Pb=EmQeKbh{BOCBzZ*6LC-n*UWK>^2DQe&3+*r7W4P>n*_qz z^BJ`E01Z|4I8HafBtI3jJBHP`rouzPw_&Sy*E~(Tmv}A-w3ygkS>NhKwmgjp_VK*t zfP#;-a188tBK;kfcI(?9@$g?FZ_dZACs1)2GVX!F6T)5&SqmEGYct?K9`>M~!U3(6 zKR=E+J&pUGx#%^G4%5r}>BRnu{9b<||9?~wFMn4N7yqsziZ%bLA`%wSB23BzdE(SdYfV_W+3iXdzeUebR8ZzlMSATh}A)=XQP;S(?>x15ifXx#$ zI5*^8d}A7lJ5~EV{*TF_z^ENN{LU+|2Y|hTHi?o~-8Q$YQHJ6Yv%oc&HXMQzWDwMx zBjh}%j!tF#O01HrJ+$j3EiP8yIc~3G5gRwX1qT&I2*1y`QWDig*N^D^&9`9FUv)VK zQZWePsifp;(g}X+oUmEqhcDH~ZT%U!I{OQ)vPP`u`|isDPXw)>JU_>(Si|=w*OXHn zLsrN?AbqvXm4(-)TJOqE)fz0wP8k+f!NWbFE6iNjGlgDWZH-5qSnYhw8}&gjv-xuu zFeiSd*?4qClO4UN+M5vN;ju}jGp^aAk&{VTNM;_LZe@pvwdh~!iae$bQh^C4Gu))> zlf!bj?p{hM`>TA`8L2=^88ema#v)^**7Q*%t}euA1Fkh#OUe~r~4F&(fO&+&cD ztRyd(-ZqXr0SVFy^{c5nbyBTXyv!pirLP`y+vn6)vx~2(hb~fl&W&&L!9tksu04t+ zadf-QU*K1X_-ToK2nNIJ6-jFE8bDhT?825;>t?AOwS_Q%9$OUT z!V=^-M0#}`-N@npc87Qb8K=lQ*`((%m~T1!v&2D6%Tzc#<~z2Th!IYrN>+nd=63-S zLME+9Uud(xAooRMCkMI6BzuTWi*k*9FxD?=3*wwrb4yKJbqO4v-!nO0~`=ca`N_xP!CA2RiYK zk=p#h^(hnM)RfP@h++F`Ra2!m#XC>Nvx|IGZefwBB&mD$)(*>~_tCC&gY@ZlQ$s&w z;#$Lha9DMtApYdbQR{x-cgQ=_KR%CgVlxdS;WdwJtbL3_b-QLz)8o(!g;8#M@gNaC z!R+-Ux1*2OMX~-_N3o88tB}}7@^vwu644lw2S+X)2@Q&NNVE)1aksy$bh+?II>vn9 zx}*%!r*MnM5`hW*5_yi8(g8!==tyHpk%T3KH&bnLY(O`dvtAv1&%!QBadVO+LZr%Q zw0HhC7Oi+jXc&XEw%LdZ{{lO89e|Pjlm9jaNO7pI401aBTA&y2(gKYgP3jFxZ2Uy9 zuthtb8Hb<-aqr>U*>PrYFrnuvw|jNby6I_uBw@6VI3TJHxD(RSca4L?s7dB-rMZ#{ z`bTK~9+@_Q4%3W>0|{*rxB#ymKJP6XARk5`{tsi3lILvx^snmoNjDL(a)bHQhoprhBBMUJ&bym6uc~w66el zbSv8_7FpoxW+q}x+Fsb)#0cNKCWH1sxs5q94G(}#L)JPO!|nH0@gDH#Bj1(ONC-Mb zy%+)3i>?pQQ>GTGpo`(Ss-fp>4Y~Q_yu~tr*X~0=&dr5`+ zcteN1P0#XaK$M>XEwD;ZD&*qmZoe5(mDF`v2l=ej%Wo(mqtS4ha({Mqe_h!w%$*rV z{Ej)LpF2*N%< zIj4I2#IGc4M_W@uVl0jq%*sRO);%7-1N&AGwch03B87^8k`f~?j*s8-x+(rfRG{L9 z8Rjnlf0PIB`c;*O=V=y}lq84?;9sH4_r)5f!qxxtacTP4^9Mdeq?N+8{6?s0_@ z5B{sL3(cSAGLvl0!B{9i&jUZ;W+)P-LS|mA-zhT?LxqDlKXf&0E@(;_#o7*0Y7g>AzS3X9hyZD<0q|TlewnW7Nb7QF5Nmnu#?TGm zuf`ogzhGrKL~2!B$3OG5w@Q$yPcmARBu4MaM5OYpc_IaIe|IW@DU&9ucFMH#R5znG z7CLQLpNLgoiNV)B{KS4Op1@n5iSAQCPOpf&t%d!?%DzQg{ShCCt8t(ia1UT}=bbq- zaO5UYM%Nx2<8?deD5lpcr?_5Qt;k(3GF1b@4`Z-!@IzUwMq{_)?Y!IuT{Ibmc6P2=KLC$TZzHIx(;6ADR>wt;d zucB4!@}%L1JxZnH0$2Uy+6=FJxof5(0Bj;Il$LIUKf+nj3f`H*Liv4$0|CzmT()pv9Wa7vSLk?~lM_JsSWb(4wg^L*Sgeex_y;vPo~42@)|2t|c1bBM{Pfmvq0l`hdd(ST8b?@^BLy!N}E)3J2jN2SiIvNyuaGz791qUj(Sdkf)+Ul+h| zKV*pO0abs^GLrf%YJTQW8uy&$Bq*Z-)^g9x;0Ro{&KW9(sLa`AP@{lj1cb)z=WX-^ zVjgslK-hDBN)Y7z#r)oX2>m~p|MhR?|NU>~uPghD`9od)FY{OY@mq-f>&1o7|78B4 zznTB_pUhuZ_CMx7{Xg?Zf4%k>^N&1a^sD2Dqy`Zc;994dj#`VGH*T+-^n-NBjOA_s zdyuwNdiIoP)APO>YT8+BU%PWeDLf35zD$g)0!rAw)Am{;M1Xa1oQ!RW->PL$;>(lYFu+{3^ zbB1c~Av47saIZ5?7_ql`(XqNXEj(-r!)RpODYfRrvD`>E{0f{m#%Ue7PkYI#Gdht3 z>%@slcPt4zlztAaBPZ~1$H7dZ0v@pNhU01m_t~Q;mjk}~o!M3ci|?g;%0i6+FNyp~ zBIvY&I9(Rndz2nyhGRINhTzHBeN5Wps+;5qu^tQ0VWhBu-}}&PPo4+109Mo=P#_Ks zGLLIQBuQ#rIr!AnJEiD8o5c59AaA0c5{`QiV)20dDsj(3^e4Y&M6dzsP9ibtV|ly~ zop$MQoTixCN$Q{=CL@vCUbMnZiBG_1*D}^eW6N0qRFmuC0D&1;lGuQ95*%8oa^?It zp6PCN&mD`P>|(XIN-VA;pGgM_?!n>INThE$RCjgFy}OhRKzuIuQo;dAMq+7~dLg*P zOC=uukBowK)AckhH6G*K6jrkfvKR zhhjvUwmtch4T?p@1Z(;AgE#EeO&llh5M69j`~51I3B64nv_c;r2%1HN5dYP3UT94T zp63GD!a^p}V87r@2grSM-Y(}JY|4gU)eT@w{ER$--ZcV0!5LT5XQ^MTR)95nSjW9+-tghi6{*t9X6^z$yTGfrdh64OSa|Oy zbATG`c8GnNAN%f^oXk%}Rwx2zMf*_1Enz(%*R%D9g4CLS{tYPWN{z$09?gqHzd=Mf zbsS=C5>Avjn1BtvmA(mXn<4HuIZ^qJr4H|4e)Mh8qSBm73U-3<=x^i~He-KL%C*Zb z%f`|JN4>U>*ZB}@mkSFZu6@VKG_Dkvr&XkqsC~H2P}wApf(F(y_P)V{7VDJc{UdDN zMGNgYd;YZEy5oV%irH~PRVRQz#&2oK36C4?fCtLW!~4gFpkqGw>>$NI+guKD5~cxp zFQ#CBJW@Tkm?AWlQB6nQ5o@_oI=vE%111A0cd1|ZJg{^>GtAo)5A`>GzU^N42Fqcq za7};(_Cg%C{HQF=#bI4yoCrzmE{Np@58kqfq!zrsm!26)=&qei*rL?C?J|OOXxU2G zFjO@)3onT6jp$!I=y8E7Hbv8Y_PvmT1Ipq~KLS_Zj??GBE216(*kJis7Q^W%{ibok z9}Do+yF6eNx=M@&(o9v@v|s0-B{M=~Zi36tz!Ubgw;BBwSompDtFCH-AFIWdm%nU7 zmuBv!ibek%yIYv?yE}>QBZ&+Rzf~M;y>~-{MSxy{m0G0}XlJCN{kIJ@TihbS4bn}j zC`L43%T<25;XvZc$9eRvj??PZX+(6~atsfZCVX3|p_87BRwpM79%Tt^!1jO7! zFP37#{tG)zyJA|7sQJj9ZmrnX-2lTU5oxGDZZYs|Sw!@B!V!qvM1xH8j3J@#Fp%?T zr(IS`1@;nP@14Ux;>wIG%AgOl6uqABwKN*6}h=&pti-ms9L$ z&e0pjt5Z5b!Fj+n-AZXW)dY`460n+K320^aN=x4-smC35_9EvhE}d9OQNRNG8%01( zs9y^qg-5v9fCBP+D;3z>2)pBsoM}>uxG7;hXZG+-tBcsEJSm90^hr z0aRKP|C#jWFoQ^ucB2zjeo2;%gVh$C^C2!p7mZZFEgh&g@?okfv?ub{dVNT|{mA;D zNSWWxI4nWiYLTrqxUr^KmB=4OdAouo}5PZYo#)+iLv?fb=%ZxQw=t%pDfYik|?p>V^eveAa;pyq0^fnz?ifEf33i z6T;glF;|w;=8)WSqVnF0|7MaA<_*xt&hHZvuZ=KUgttG^iA#h+Dez%x#K9+`m-Y1i z0}1YO_iQ?zJzY#Z_v-gp#p_oi(fr*x@waBK&iA(nj_MDo8<3`|(?@7q7fb$U3fnEi zp_I$^+G@=>nNIOgRoo%Udr~gM9FE5gt-y1$uG?n3gdh;o%NeX8$%nP|lD&4sS&s?b zwi>VU#m$2odopQzM6#n8D!4}&63Jx5{jmHxsbd--Ku#}uSoz13wX{Z^MSy`neb4A1 zv=)oc=ZOekE6iK_UJi!!`Evw!Zbp`oA!RT*(<0mbSYJHZH>mkYl7ko!eG(5n-cPoI z1$d-NN+)rTAxHBA{@s|{x&Gxvavsw7fIn`>RkHLo1^jq?R7YV@M(3?%vGrt1u(C)N zpwL3jJ$SES)AJmVcK6SDxNUt~!h}mL`&TuwwJ3)m1ibgLZR}>P->bpTrWkjjx%rs2 zQ+ID>7lUh~RY0|qL)v8D)9+IcydY;hk=`J2ze+~YVHLie_2Gb%i zTUKgr@7wed;NZ^$SAHt`F^&INZp$JEM5h(MlvLr;Ng!yK>Ngx?Va+8l&}oAa#QH|q zI2i}bOrDa%IF)il16P^1jD4mJOMpF8X@W%2h7Xy!CXOQ%aIsd_$tl%v%H zPc+naBwLOi-t`UcDi~;Akxs7(yD`ejGU>3xbjOjgC5;TTY_2l_jY03dDq;52MRV`F zai&QCXdbCXjk~S*u*k%{%;uTH++*Au6_du!a+fLorG%IK%`tyxIfV=ItLHY^+L!8k!Al$WDg_T|#Fw z1d%NIHsye{CXw_xHDNESpoLcPG^8qazo8sum2#1~M{+x1pCBX#HuKSQIqR?;$g}G{ zpa2M|O0sIqXzZ|#HT>K`Eq%iTdpduMJgoBr)Wm0|ot7_$#Dc(gU4@n9+TB}*JE=p- z%!}M@BBFpB=7En}gz}_a?xN6<3_>mrIvOaUn$^bcy$coeWa8SZa%rC`z0QjL4uY$o zkZJM!Y~HXe45h&?u9k3yM6~=Y>1x#0-QXDpv?XH@oILp)&gMWDSRd`XFA8S~)7Aad zGm>l;daY*6G9fA-;=e~_<%;NMAZNlCg67VNc@nh?J3%T%Q5BwIZZcv*Lb2#{*H|zv zmf!6agpb&zG5(9tPyP`4e=z^s-^_phZ|3iO{fqg1NdL|JNnZc}ccB0O_y6AH0zEYS z`FGDa<)6&o`T95W|Je%mEdQs@uX{{W2EEO~GgF1*5>4pk$ZGseG84?gA&(f$ z>pGPvUER1lFnPYY;u$9+B(Zv=EPTnGjm|%g zU%QTv;)7c<1}=GgtZ=F+N~mM(-F%%)ZJc}I)pbtX<*93e3>BL4PBGQT3}1n3T@nH#eB^68wbo6`)q7 z3hd9Fh|1O}`_DK`_#826_e!MUcw6fi6Cg=QKwypxX2rY^`g05V1Tx$-oFOJ=v{ZuqoUkY1XT( zcFS3hy`nk=OG2&crMNZWtUtHgbJBd!5^0#*5Kyl+Bk`KUXznBvmgM>oB~g`)4LZmX z$QpHXBQS{+uUmd368GRvcQwroA_~dwzf^l0J?pC>%eiy)IW~1MpG!2S4muLb1se%j z)j+ErI51ZD-oda)96*2WoaB#FUkekqupUy_jeGFnu!?W48bsi#kT9thEHp$XU)WM9 z|7=n8YDVvyyjr?J885F3-Ub67)G!+)=qL6`a-`*vsj$cIv6aju0{S`!dNCFbLv;2B zlqUaPKZfP#eaWTKkejArIlECq&z6^|J`rUy>DY5DUzmP$i!2hv)V&lkbPMTvAcxd$ z%rmdbaEqHsM(|Tho_wY85o%3pfbaPjjuiCfF2n%@obl*m4FCVPXAMw!)r z8H3dshbHg8pQgVvWXTj$Te0Kk^;{$w%=EuYZ%tY9bKmJt3=^KHJ4cA97)opw%_y0j zb@M>M#~Bk9Ea&a#IK11RFQcV+`9qy!VP~_`ocqw(R=# z&%w8^hsqXy-Vz$g?f5?K;Y}fZajp2$LwDD^>m69BkiN=inX>4HWXX5m=iSk=Z8nmw zn%;d=;@0y*=kHmfTn5i?FTSnG+7rI(V(Rw7%Mw>oJ+}FAg>E?a?OAx=owLE}ANPM) z@}0FY!}$n19E^ke0_y`}T?uH4sIkC*;z)1U6Uqat@%`Pqg=;TOa;HcZ{! z_g_Mp-Az?^`y=fmb+#>Lhi1yMR2;G2w^`+`ny#o*YNc7gx;WtNAS-IM?`~Q($uiSR zQ2NJnfxA+TS!?F)^a+%8m;3b8u#I_P(buIm68;k*T<#a_m?%6aaTqi z>E`sEInO~kX>u}u`uog7$8`S`cbaaGTBPCfNKDI2Q3zGb307 zRHtkK)&O|wl;7YwBw3}hAIXIFvhs^C8y{Q*u)K3O_X3Vv%Uwf zr8a=Zl3G9K@SJ$tUufUay=XN@vY}dgX{U~C`*f~SzNb?mk8!TQV~m;V8}98cQ*4-TWJ zXkm08cpkkcDAY@VLCeU7Zo#tZCZ_H(|54jfi@k_Lv{P(hDViI z8{VEeWWE2_iLV-Eg1eu{tme>DdbsuUwjhR6GDdFh^0U9HXT9}{177x)xPwi*%`LuQ z{Rfbr^MEeF9g4+FV3#~Xb%}yL*d>C%P=wyHiX4i2_9INhNKqzfo#1@wjGCejdxBGx z0E0rgJ3K|51epqQW8(q5CU${Mbi!id_Xd!O`j{q8!*60Y*hEK66BP_VCYF7}H1Wns zyl(6Po9KYmL_wg5pW!B+hWYvpl8G2)fC&RQH9mNP7BdFGnDGLo?-FSF1~lz7Fnyl} E05QV$3jhEB literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro index f3b54177e2..a764cc79c3 100644 --- a/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro +++ b/testing/btest/scripts/base/frameworks/analyzer/register-for-port.bro @@ -1,8 +1,8 @@ # -# @TEST-EXEC: bro -r ${TRACES}/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; +# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT dpd_buffer_size=0; # @TEST-EXEC: cat conn.log | bro-cut service | grep -q ssh # -# @TEST-EXEC: bro -r ${TRACES}/ssh-on-port-80.trace dpd_buffer_size=0; +# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0; # @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh event bro_init() diff --git a/testing/btest/scripts/base/protocols/ssh/basic.test b/testing/btest/scripts/base/protocols/ssh/basic.test new file mode 100644 index 0000000000..30e726e1f5 --- /dev/null +++ b/testing/btest/scripts/base/protocols/ssh/basic.test @@ -0,0 +1,4 @@ +# This tests some SSH connections and the output log. + +# @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: btest-diff ssh.log \ No newline at end of file From 29f78cf90fe28524686c3fb2a3712646c8457a97 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 18 Mar 2015 13:04:44 -0400 Subject: [PATCH 079/121] SSH: Add memleak btest --- testing/btest/core/leaks/ssh.test | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 testing/btest/core/leaks/ssh.test diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test new file mode 100644 index 0000000000..cf6316a231 --- /dev/null +++ b/testing/btest/core/leaks/ssh.test @@ -0,0 +1,10 @@ +# Needs perftools support. +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-GROUP: leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT +# @TEST-EXEC: btest-bg-wait 30 + +@load base/protocols/ssh From 01e5de82341b41dd18b48f7a5d17ca4291c45fe1 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 18 Mar 2015 13:31:12 -0400 Subject: [PATCH 080/121] DNS: Log the type number for the DNS_RR_unknown_type weird. --- src/analyzer/protocol/dns/DNS.cc | 2 +- .../scripts.base.protocols.dns.duplicate-reponses/weird.log | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index e551351926..378fe449b6 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -308,7 +308,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg, analyzer->ConnectionEvent(dns_unknown_reply, vl); } - analyzer->Weird("DNS_RR_unknown_type"); + analyzer->Weird("DNS_RR_unknown_type", fmt("%d", msg->atype)); data += rdlength; len -= rdlength; status = 1; diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log index 295de4ec2c..0592a777db 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path weird -#open 2014-02-13-20-36-35 +#open 2015-03-18-17-30-43 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string -1363716396.798286 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 DNS_RR_unknown_type - F bro +1363716396.798286 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 DNS_RR_unknown_type 46 F bro 1363716396.798374 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 dns_unmatched_reply - F bro 1363716396.798374 - - - - - dns_unmatched_msg - F bro -#close 2014-02-13-20-36-35 +#close 2015-03-18-17-30-44 From 90bc5add6e27b687d290e14799b06aec6d6bfff6 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Mar 2015 11:15:18 -0700 Subject: [PATCH 081/121] Make the plugin structure more... legal. --- src/analyzer/protocol/ssl/CMakeLists.txt | 6 +---- .../protocol/ssl/{Plugin_SSL.cc => Plugin.cc} | 4 ++- src/analyzer/protocol/ssl/Plugin_DTLS.cc | 26 ------------------- 3 files changed, 4 insertions(+), 32 deletions(-) rename src/analyzer/protocol/ssl/{Plugin_SSL.cc => Plugin.cc} (71%) delete mode 100644 src/analyzer/protocol/ssl/Plugin_DTLS.cc diff --git a/src/analyzer/protocol/ssl/CMakeLists.txt b/src/analyzer/protocol/ssl/CMakeLists.txt index f69b7354e3..7f4efdece1 100644 --- a/src/analyzer/protocol/ssl/CMakeLists.txt +++ b/src/analyzer/protocol/ssl/CMakeLists.txt @@ -4,13 +4,9 @@ include(BroPlugin) include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR}) bro_plugin_begin(Bro SSL) -bro_plugin_cc(SSL.cc Plugin_SSL.cc) +bro_plugin_cc(SSL.cc DTLS.cc Plugin.cc) bro_plugin_bif(events.bif) bro_plugin_pac(tls-handshake.pac tls-handshake-protocol.pac tls-handshake-analyzer.pac ssl-defs.pac) bro_plugin_pac(ssl.pac ssl-dtls-analyzer.pac ssl-analyzer.pac ssl-dtls-protocol.pac ssl-protocol.pac ssl-defs.pac) -bro_plugin_end() - -bro_plugin_begin(Bro DTLS) -bro_plugin_cc(DTLS.cc Plugin_DTLS.cc) bro_plugin_pac(dtls.pac ssl-dtls-analyzer.pac dtls-analyzer.pac ssl-dtls-protocol.pac dtls-protocol.pac ssl-defs.pac) bro_plugin_end() diff --git a/src/analyzer/protocol/ssl/Plugin_SSL.cc b/src/analyzer/protocol/ssl/Plugin.cc similarity index 71% rename from src/analyzer/protocol/ssl/Plugin_SSL.cc rename to src/analyzer/protocol/ssl/Plugin.cc index 0479c9c97f..485463de17 100644 --- a/src/analyzer/protocol/ssl/Plugin_SSL.cc +++ b/src/analyzer/protocol/ssl/Plugin.cc @@ -4,6 +4,7 @@ #include "plugin/Plugin.h" #include "SSL.h" +#include "DTLS.h" namespace plugin { namespace Bro_SSL { @@ -13,10 +14,11 @@ public: plugin::Configuration Configure() { AddComponent(new ::analyzer::Component("SSL", ::analyzer::ssl::SSL_Analyzer::Instantiate)); + AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); plugin::Configuration config; config.name = "Bro::SSL"; - config.description = "SSL analyzer"; + config.description = "SSL/TLS and DTLS analyzer"; return config; } } plugin; diff --git a/src/analyzer/protocol/ssl/Plugin_DTLS.cc b/src/analyzer/protocol/ssl/Plugin_DTLS.cc deleted file mode 100644 index 6820816e31..0000000000 --- a/src/analyzer/protocol/ssl/Plugin_DTLS.cc +++ /dev/null @@ -1,26 +0,0 @@ -// See the file in the main distribution directory for copyright. - - -#include "plugin/Plugin.h" - -#include "DTLS.h" - -namespace plugin { -namespace Bro_DTLS { - -class Plugin : public plugin::Plugin { -public: - plugin::Configuration Configure() - { - AddComponent(new ::analyzer::Component("DTLS", ::analyzer::dtls::DTLS_Analyzer::Instantiate)); - - plugin::Configuration config; - config.name = "Bro::DTLS"; - config.description = "DTLS analyzer"; - return config; - } -} plugin; - -} -} - From 58ed2eb9aedc9c7f8cbce06e0582f3d1364ea53a Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Mar 2015 11:58:46 -0700 Subject: [PATCH 082/121] add signature for dtls client hello --- scripts/base/protocols/ssl/dpd.sig | 7 +++++++ scripts/base/protocols/ssl/main.bro | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssl/dpd.sig b/scripts/base/protocols/ssl/dpd.sig index b888d84cec..e238575568 100644 --- a/scripts/base/protocols/ssl/dpd.sig +++ b/scripts/base/protocols/ssl/dpd.sig @@ -13,3 +13,10 @@ signature dpd_ssl_client { payload /^(\x16\x03[\x00\x01\x02\x03]..\x01...\x03[\x00\x01\x02\x03]|...?\x01[\x00\x03][\x00\x01\x02\x03]).*/ tcp-state originator } + +signature dpd_dtls_client { + ip-proto == udp + # Client hello. + payload /^\x16\xfe[\xff\xfd]\x00\x00\x00\x00\x00\x00\x00...\x01...........\xfe[\xff\xfd].*/ + enable "dtls" +} diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 2b448fec6c..75e41e4077 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -97,7 +97,9 @@ const ssl_ports = { 989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp }; -const dtls_ports = { 4433/udp }; +# As far as I know, there are no well known dtls ports at the moment. Let's +# just add 443 for now for good measure - who knows :) +const dtls_ports = { 443/udp }; redef likely_server_ports += { ssl_ports, dtls_ports }; From 5f557849a676be81dfea2fbb51e62955442b79dc Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Mar 2015 12:48:22 -0700 Subject: [PATCH 083/121] add a simple leak test for dtls --- testing/btest/core/leaks/dtls.bro | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 testing/btest/core/leaks/dtls.bro diff --git a/testing/btest/core/leaks/dtls.bro b/testing/btest/core/leaks/dtls.bro new file mode 100644 index 0000000000..3f3aeb62d2 --- /dev/null +++ b/testing/btest/core/leaks/dtls.bro @@ -0,0 +1,15 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls-openssl.pcap %INPUT +# @TEST-EXEC: btest-bg-wait 30 + +@load base/protocols/ssl + +event ssl_established(c: connection) &priority=3 + { + print "established"; + } From e180403e76ff6fb0c31fcf79aca1a07d530b7b51 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Mar 2015 12:56:02 -0700 Subject: [PATCH 084/121] update test baselines --- .../Baseline/core.print-bpf-filters/output2 | 10 +++---- testing/btest/Baseline/plugins.hooks/output | 27 ++++++++++++------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/testing/btest/Baseline/core.print-bpf-filters/output2 b/testing/btest/Baseline/core.print-bpf-filters/output2 index f843da2909..8022ebbb5c 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/output2 +++ b/testing/btest/Baseline/core.print-bpf-filters/output2 @@ -14,7 +14,7 @@ 1 3128 1 3306 1 3544 -1 443 +2 443 1 502 1 5072 1 514 @@ -44,8 +44,8 @@ 1 992 1 993 1 995 -49 and -48 or -49 port +50 and +49 or +50 port 34 tcp -15 udp +16 udp diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 63f0a87742..596b3c808a 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -12,6 +12,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> +0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> @@ -65,6 +66,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) -> +0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) -> @@ -108,6 +110,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> +0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {631<...>/tcp})) -> @@ -192,7 +195,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -286,8 +289,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -557,6 +560,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) +0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) @@ -610,6 +614,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 53/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5353/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DNS, 5355/udp)) +0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DTLS, 443/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 21/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_FTP, 2811/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_GTPV1, 2123/udp)) @@ -653,6 +658,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DHCP, {67<...>/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DNS, {5355<...>/udp})) +0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_DTLS, {443/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_ports, , (Analyzer::ANALYZER_HTTP, {631<...>/tcp})) @@ -737,7 +743,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -831,8 +837,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -1102,6 +1108,7 @@ 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 53/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) +0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) @@ -1155,6 +1162,7 @@ 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 53/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5353/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DNS, 5355/udp) +0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DTLS, 443/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 21/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_FTP, 2811/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_GTPV1, 2123/udp) @@ -1198,6 +1206,7 @@ 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5355<...>/udp}) +0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp}) 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {631<...>/tcp}) @@ -1281,7 +1290,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1375,8 +1384,8 @@ 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426708489.193732, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) From 443106dbdb85ed3033db62c631b279e96e47a3fb Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 18 Mar 2015 13:25:06 -0700 Subject: [PATCH 085/121] a few more small script-level fixes Sorry, forgot to commit these. --- scripts/base/protocols/ssl/files.bro | 4 ++++ scripts/base/protocols/ssl/main.bro | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.bro index 65f43ed772..90273639e5 100644 --- a/scripts/base/protocols/ssl/files.bro +++ b/scripts/base/protocols/ssl/files.bro @@ -85,6 +85,10 @@ event bro_init() &priority=5 Files::register_protocol(Analyzer::ANALYZER_SSL, [$get_file_handle = SSL::get_file_handle, $describe = SSL::describe_file]); + + Files::register_protocol(Analyzer::ANALYZER_DTLS, + [$get_file_handle = SSL::get_file_handle, + $describe = SSL::describe_file]); } event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priority=5 diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index 75e41e4077..326d8d374d 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -274,7 +274,7 @@ event connection_state_remove(c: connection) &priority=-5 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5 { - if ( atype == Analyzer::ANALYZER_SSL ) + if ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS ) { set_session(c); c$ssl$analyzer_id = aid; @@ -284,6 +284,6 @@ event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &pr event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string) &priority=5 { - if ( c?$ssl && atype == Analyzer::ANALYZER_SSL ) + if ( c?$ssl && ( atype == Analyzer::ANALYZER_SSL || atype == Analyzer::ANALYZER_DTLS ) ) finish(c, T); } From 981be3b670c88ca742a9ff76d4f3bd5d4b1d1d30 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Wed, 18 Mar 2015 16:16:24 -0500 Subject: [PATCH 086/121] BIT-342: add "icmp_sent_payload" event. --- src/analyzer/protocol/icmp/ICMP.cc | 33 ++++++++++++------ src/analyzer/protocol/icmp/ICMP.h | 4 +-- src/analyzer/protocol/icmp/events.bif | 14 +++++++- .../btest/Baseline/core.icmp.icmp_sent/out | 2 ++ testing/btest/Traces/icmp/icmp_sent.pcap | Bin 0 -> 134 bytes testing/btest/core/icmp/icmp_sent.bro | 12 +++++++ 6 files changed, 51 insertions(+), 14 deletions(-) create mode 100644 testing/btest/Baseline/core.icmp.icmp_sent/out create mode 100644 testing/btest/Traces/icmp/icmp_sent.pcap create mode 100644 testing/btest/core/icmp/icmp_sent.bro diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc index 393b5536e8..84df7ab0d2 100644 --- a/src/analyzer/protocol/icmp/ICMP.cc +++ b/src/analyzer/protocol/icmp/ICMP.cc @@ -130,7 +130,7 @@ void ICMP_Analyzer::NextICMP4(double t, const struct icmp* icmpp, int len, int c break; default: - ICMPEvent(icmp_sent, icmpp, len, 0, ip_hdr); + ICMP_Sent(icmpp, len, caplen, 0, data, ip_hdr); break; } } @@ -172,7 +172,7 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c RouterSolicit(t, icmpp, len, caplen, data, ip_hdr); break; case ICMP6_ROUTER_RENUMBERING: - ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); + ICMP_Sent(icmpp, len, caplen, 1, data, ip_hdr); break; #if 0 @@ -188,21 +188,32 @@ void ICMP_Analyzer::NextICMP6(double t, const struct icmp* icmpp, int len, int c if ( icmpp->icmp_type < 128 ) Context6(t, icmpp, len, caplen, data, ip_hdr); else - ICMPEvent(icmp_sent, icmpp, len, 1, ip_hdr); + ICMP_Sent(icmpp, len, caplen, 1, data, ip_hdr); break; } } -void ICMP_Analyzer::ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, - int len, int icmpv6, const IP_Hdr* ip_hdr) +void ICMP_Analyzer::ICMP_Sent(const struct icmp* icmpp, int len, int caplen, + int icmpv6, const u_char* data, + const IP_Hdr* ip_hdr) { - if ( ! f ) - return; + if ( icmp_sent ) + { + val_list* vl = new val_list; + vl->append(BuildConnVal()); + vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); + ConnectionEvent(icmp_sent, vl); + } - val_list* vl = new val_list; - vl->append(BuildConnVal()); - vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); - ConnectionEvent(f, vl); + if ( icmp_sent_payload ) + { + val_list* vl = new val_list; + vl->append(BuildConnVal()); + vl->append(BuildICMPVal(icmpp, len, icmpv6, ip_hdr)); + BroString* payload = new BroString(data, min(len, caplen), 0); + vl->append(new StringVal(payload)); + ConnectionEvent(icmp_sent_payload, vl); + } } RecordVal* ICMP_Analyzer::BuildICMPVal(const struct icmp* icmpp, int len, diff --git a/src/analyzer/protocol/icmp/ICMP.h b/src/analyzer/protocol/icmp/ICMP.h index d207b3813c..1de6a4afea 100644 --- a/src/analyzer/protocol/icmp/ICMP.h +++ b/src/analyzer/protocol/icmp/ICMP.h @@ -33,8 +33,8 @@ protected: virtual bool IsReuse(double t, const u_char* pkt); virtual unsigned int MemoryAllocation() const; - void ICMPEvent(EventHandlerPtr f, const struct icmp* icmpp, int len, - int icmpv6, const IP_Hdr* ip_hdr); + void ICMP_Sent(const struct icmp* icmpp, int len, int caplen, int icmpv6, + const u_char* data, const IP_Hdr* ip_hdr); void Echo(double t, const struct icmp* icmpp, int len, int caplen, const u_char*& data, const IP_Hdr* ip_hdr); diff --git a/src/analyzer/protocol/icmp/events.bif b/src/analyzer/protocol/icmp/events.bif index c471ca0ee6..bd55f17b27 100644 --- a/src/analyzer/protocol/icmp/events.bif +++ b/src/analyzer/protocol/icmp/events.bif @@ -12,9 +12,21 @@ ## icmp: Additional ICMP-specific information augmenting the standard ## connection record *c*. ## -## .. bro:see:: icmp_error_message +## .. bro:see:: icmp_error_message icmp_sent_payload event icmp_sent%(c: connection, icmp: icmp_conn%); +## The same as :bro:see:`icmp_sent` except containing the ICMP payload. +## +## c: The connection record for the corresponding ICMP flow. +## +## icmp: Additional ICMP-specific information augmenting the standard +## connection record *c*. +## +## payload: The payload of the ICMP message. +## +## .. bro:see:: icmp_error_message icmp_sent_payload +event icmp_sent_payload%(c: connection, icmp: icmp_conn, payload: string%); + ## Generated for ICMP *echo request* messages. ## ## See `Wikipedia diff --git a/testing/btest/Baseline/core.icmp.icmp_sent/out b/testing/btest/Baseline/core.icmp.icmp_sent/out new file mode 100644 index 0000000000..cf8fe9e4e1 --- /dev/null +++ b/testing/btest/Baseline/core.icmp.icmp_sent/out @@ -0,0 +1,2 @@ +icmp_sent, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T] +icmp_sent_payload, [orig_h=fe80::2c23:b96c:78d:e116, orig_p=143/icmp, resp_h=ff02::16, resp_p=0/icmp], [orig_h=fe80::2c23:b96c:78d:e116, resp_h=ff02::16, itype=143, icode=0, len=20, hlim=1, v6=T], 20 diff --git a/testing/btest/Traces/icmp/icmp_sent.pcap b/testing/btest/Traces/icmp/icmp_sent.pcap new file mode 100644 index 0000000000000000000000000000000000000000..0f0cfcb73e4c0d8791f829c4f1800283b162018c GIT binary patch literal 134 zcmca|c+)~A1{MYw`2U}Qff300DaYcSw}yow4#);!V`Cs8#=ucx!MLUEZUT_Qpu)iT yuK~nhV9-(CnZw@uQ0zYwgbyXftQc5out +# @TEST-EXEC: btest-diff out + +event icmp_sent(c: connection, icmp: icmp_conn) + { + print "icmp_sent", c$id, icmp; + } + +event icmp_sent_payload(c: connection, icmp: icmp_conn, payload: string) + { + print "icmp_sent_payload", c$id, icmp, |payload|; + } From eec7f77913e0385d83bbd9b086ae5e3e2c1cd4bb Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Wed, 18 Mar 2015 16:39:06 -0500 Subject: [PATCH 087/121] Correct a spelling error --- src/iosource/pcap/Plugin.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/iosource/pcap/Plugin.cc b/src/iosource/pcap/Plugin.cc index f0490e6e3d..af74b16ead 100644 --- a/src/iosource/pcap/Plugin.cc +++ b/src/iosource/pcap/Plugin.cc @@ -17,7 +17,7 @@ public: plugin::Configuration config; config.name = "Bro::Pcap"; - config.description = "Packet aquisition via libpcap"; + config.description = "Packet acquisition via libpcap"; return config; } } plugin; From 8efaae96cd3fa90ddffcb7d00aea10f0cba68d1d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Mar 2015 11:53:40 -0500 Subject: [PATCH 088/121] BIT-788: use DNS QR field to better identify flow direction. --- scripts/base/protocols/dns/main.bro | 3 +++ src/analyzer/protocol/dns/DNS.cc | 14 +++++++++++++- src/analyzer/protocol/dns/DNS.h | 1 + .../dns.log | 6 +++--- .../weird.log | 4 ++-- .../scripts.base.protocols.dns.flip/dns.log | 10 ++++++++++ .../dns.log | 6 +++--- testing/btest/Traces/dns53.pcap | Bin 0 -> 515 bytes testing/btest/scripts/base/protocols/dns/flip.bro | 3 +++ 9 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log create mode 100644 testing/btest/Traces/dns53.pcap create mode 100644 testing/btest/scripts/base/protocols/dns/flip.bro diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index 83c9682e8c..b8bc6d4eae 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -305,6 +305,9 @@ hook DNS::do_reply(c: connection, msg: dns_msg, ans: dns_answer, reply: string) if ( ans$answer_type == DNS_ANS ) { + if ( ! c$dns?$query ) + c$dns$query = ans$query; + c$dns$AA = msg$AA; c$dns$RA = msg$RA; diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc index 378fe449b6..0c5ef53000 100644 --- a/src/analyzer/protocol/dns/DNS.cc +++ b/src/analyzer/protocol/dns/DNS.cc @@ -19,6 +19,7 @@ using namespace analyzer::dns; DNS_Interpreter::DNS_Interpreter(analyzer::Analyzer* arg_analyzer) { analyzer = arg_analyzer; + first_message = true; } int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) @@ -33,6 +34,16 @@ int DNS_Interpreter::ParseMessage(const u_char* data, int len, int is_query) DNS_MsgInfo msg((DNS_RawMsgHdr*) data, is_query); + if ( first_message && msg.QR && is_query == 1 ) + { + is_query = msg.is_query = 0; + + if ( ! analyzer->Conn()->RespAddr().IsMulticast() ) + analyzer->Conn()->FlipRoles(); + } + + first_message = false; + if ( dns_message ) { val_list* vl = new val_list(); @@ -1064,7 +1075,8 @@ void Contents_DNS::Flush() { if ( buf_n > 0 ) { // Deliver partial message. - interp->ParseMessage(msg_buf, buf_n, true); + // '2' here means whether it's a query is unknown. + interp->ParseMessage(msg_buf, buf_n, 2); msg_size = 0; } } diff --git a/src/analyzer/protocol/dns/DNS.h b/src/analyzer/protocol/dns/DNS.h index 2d95d979b8..59f51812ca 100644 --- a/src/analyzer/protocol/dns/DNS.h +++ b/src/analyzer/protocol/dns/DNS.h @@ -220,6 +220,7 @@ protected: BroString* question_name); analyzer::Analyzer* analyzer; + bool first_message; }; diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log index 6e2a0a4699..7e09f39404 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log +++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/dns.log @@ -3,9 +3,9 @@ #empty_field (empty) #unset_field - #path dns -#open 2014-01-28-14-58-56 +#open 2015-03-19-15-44-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] bool 1363716396.798072 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 udp 21140 www.cmu.edu 1 C_INTERNET 1 A 0 NOERROR T F F F 1 www-cmu.andrew.cmu.edu,,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F -1363716396.798374 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 udp 21140 - - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F -#close 2014-01-28-14-58-56 +1363716396.798374 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 udp 21140 www.cmu.edu - - - - 0 NOERROR T F F F 0 www-cmu.andrew.cmu.edu,,www-cmu-2.andrew.cmu.edu,128.2.10.163 86400.000000,86400.000000,5.000000,21600.000000 F +#close 2015-03-19-15-44-23 diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log index 0592a777db..5b9f54dbf1 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log @@ -3,10 +3,10 @@ #empty_field (empty) #unset_field - #path weird -#open 2015-03-18-17-30-43 +#open 2015-03-19-15-44-23 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1363716396.798286 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 DNS_RR_unknown_type 46 F bro 1363716396.798374 CXWv6p3arKYeMETxOg 55.247.223.174 27285 222.195.43.124 53 dns_unmatched_reply - F bro 1363716396.798374 - - - - - dns_unmatched_msg - F bro -#close 2015-03-18-17-30-44 +#close 2015-03-19-15-44-23 diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log new file mode 100644 index 0000000000..3a86abc5d6 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.dns.flip/dns.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path dns +#open 2015-03-19-16-50-45 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected +#types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] bool +964953086.310131 CXWv6p3arKYeMETxOg 10.20.1.31 53 207.158.192.40 53 udp 25701 us.v27.distributed.net - - - - 0 NOERROR T F F T 0 206.109.64.186,216.1.205.81,205.149.163.211,134.53.131.135,134.53.131.192,128.104.18.148,204.152.186.139,63.77.33.226 900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000,900.000000 F +#close 2015-03-19-16-50-45 diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log b/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log index ba73d16c82..eb95e1dcc8 100644 --- a/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log +++ b/testing/btest/Baseline/scripts.base.protocols.dns.multiple-txt-strings/dns.log @@ -3,8 +3,8 @@ #empty_field (empty) #unset_field - #path dns -#open 2014-04-24-23-33-57 +#open 2015-03-19-15-44-24 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] bool -1398382067.286885 CXWv6p3arKYeMETxOg 192.150.187.50 51946 68.142.255.16 53 udp 28079 - - - - - 0 NOERROR T F F F 0 fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB 900.000000,900.000000,7200.000000 F -#close 2014-04-24-23-33-57 +1398382067.286885 CXWv6p3arKYeMETxOg 192.150.187.50 51946 68.142.255.16 53 udp 28079 flkr._domainkey.flickr.com - - - - 0 NOERROR T F F F 0 fa14._domainkey.flickr.com,fa14._domainkey.yahoo.com,TXT 127 k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPdPfyJM2R2GqMyZM1flTzFeDIU+e7KmiKRw5yz3Xht+cgEIiHmm5lIGBuWCc5rtiy0CcxePpqccPKjn TXT 98 HSrDI23PU+HOuqJ6ergE1IOsL6LOEgG6YT53vMb8Z6UiBSsYPlrDEC+8CUIkTLMLXJauRK5bNRKV1ATGzGFpf3TjZtWwIDAQAB 900.000000,900.000000,7200.000000 F +#close 2015-03-19-15-44-24 diff --git a/testing/btest/Traces/dns53.pcap b/testing/btest/Traces/dns53.pcap new file mode 100644 index 0000000000000000000000000000000000000000..2d97acad745fc065bd4f830055806fc721889dc3 GIT binary patch literal 515 zcmca|c+)~A1{MYw`2U}Qff300$J}CByqksLHjo3t3<7tGeBv1{Y?s@oz`@|kzesf#Zo^V>|D+tK(3kogT6LQ|0W zXJ+i`M&{f5Dn7#QFea#z*qHN*4G*k2uz~?u#0W#g7(>JiMT8Gz4ogyMaS3yBel7#L zc?X5jM2vwV#~}e@;lRLhF-d{%z)b|-fpht?1FsQ$a6tV<@Ie7}kRQxvdb0+oUt+4} XK}|59anBbZe{LH0L2D$w#8fQ+S+IRu literal 0 HcmV?d00001 diff --git a/testing/btest/scripts/base/protocols/dns/flip.bro b/testing/btest/scripts/base/protocols/dns/flip.bro new file mode 100644 index 0000000000..66987ee27d --- /dev/null +++ b/testing/btest/scripts/base/protocols/dns/flip.bro @@ -0,0 +1,3 @@ +# @TEST-EXEC: bro -r $TRACES/dns53.pcap +# @TEST-EXEC: btest-diff dns.log +# If the DNS reply is seen first, should be able to correctly set orig/resp. From 6ebd80a8b4b0b26cd74e96b8201f1e4235990560 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Mar 2015 12:13:19 -0500 Subject: [PATCH 089/121] BIT-849: turn SMTP reporter warnings into weirds. The new weirds are named "smtp_nested_mail_transaction" and "smtp_unmatched_end_of_data". BIT-849 #close --- CHANGES | 6 ++++++ VERSION | 2 +- src/analyzer/protocol/smtp/SMTP.cc | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 298e5a7c47..3022c72c6f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.3-559 | 2015-03-19 12:14:33 -0500 + + * BIT-849: turn SMTP reporter warnings into weirds, + "smtp_nested_mail_transaction" and "smtp_unmatched_end_of_data". + (Jon Siwek) + 2.3-558 | 2015-03-18 22:50:55 -0400 * DNS: Log the type number for the DNS_RR_unknown_type weird. (Vlad Grigorescu) diff --git a/VERSION b/VERSION index c5d9fa127b..71ed2d9268 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-558 +2.3-559 diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index a835672378..d2743817d5 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -896,7 +896,7 @@ void SMTP_Analyzer::BeginData() skip_data = 0; // reset the flag at the beginning of the mail if ( mail != 0 ) { - reporter->Warning("nested mail transaction"); + Weird("smtp_nested_mail_transaction"); mail->Done(); delete mail; } @@ -907,7 +907,7 @@ void SMTP_Analyzer::BeginData() void SMTP_Analyzer::EndData() { if ( ! mail ) - reporter->Warning("Unmatched end of data"); + Weird("smtp_unmatched_end_of_data"); else { mail->Done(); From 4c00729104e5a4cf8977eb6c69b2c0239010de9c Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Mar 2015 13:17:39 -0500 Subject: [PATCH 090/121] Tune parameters related to TCP initial window. Increase default values of "tcp_max_above_hole_without_any_acks" and "tcp_max_initial_window" from 4096 to 16384 bytes. BIT-1255 #close --- CHANGES | 6 ++++++ VERSION | 2 +- scripts/base/init-bare.bro | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 3022c72c6f..595bab9f65 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.3-560 | 2015-03-19 13:17:39 -0500 + + * BIT-1255: Increase default values of + "tcp_max_above_hole_without_any_acks" and "tcp_max_initial_window" + from 4096 to 16384 bytes. (Jon Siwek) + 2.3-559 | 2015-03-19 12:14:33 -0500 * BIT-849: turn SMTP reporter warnings into weirds, diff --git a/VERSION b/VERSION index 71ed2d9268..33e07faf42 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-559 +2.3-560 diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index c62549f8b3..20b05e3600 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -929,7 +929,7 @@ const tcp_storm_interarrival_thresh = 1 sec &redef; ## seeing our peer's ACKs. Set to zero to turn off this determination. ## ## .. bro:see:: tcp_max_above_hole_without_any_acks tcp_excessive_data_without_further_acks -const tcp_max_initial_window = 4096 &redef; +const tcp_max_initial_window = 16384 &redef; ## If we're not seeing our peer's ACKs, the maximum volume of data above a ## sequence hole that we'll tolerate before assuming that there's been a packet @@ -937,7 +937,7 @@ const tcp_max_initial_window = 4096 &redef; ## don't ever give up. ## ## .. bro:see:: tcp_max_initial_window tcp_excessive_data_without_further_acks -const tcp_max_above_hole_without_any_acks = 4096 &redef; +const tcp_max_above_hole_without_any_acks = 16384 &redef; ## If we've seen this much data without any of it being acked, we give up ## on that connection to avoid memory exhaustion due to buffering all that From 186e67ec1d8d04a9b5f82a0df07fb13f8e7751e0 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 19 Mar 2015 14:49:55 -0500 Subject: [PATCH 091/121] Allow logging filters to inherit default path from stream. This allows the path for the default filter to be specified explicitly when creating a stream and reduces the need to rely on the default path function to magically supply the path. The default path function is now only used if, when a filter is added to a stream, it has neither a path nor a path function already. Adapted the existing Log::create_stream calls to explicitly specify a path value. Addresses BIT-1324 --- NEWS | 9 + scripts/base/files/unified2/main.bro | 2 +- scripts/base/files/x509/main.bro | 2 +- scripts/base/frameworks/cluster/main.bro | 2 +- .../base/frameworks/communication/main.bro | 2 +- scripts/base/frameworks/dpd/main.bro | 2 +- scripts/base/frameworks/files/main.bro | 2 +- scripts/base/frameworks/intel/main.bro | 2 +- scripts/base/frameworks/logging/main.bro | 26 +- scripts/base/frameworks/notice/main.bro | 4 +- scripts/base/frameworks/notice/weird.bro | 2 +- .../base/frameworks/packet-filter/main.bro | 2 +- scripts/base/frameworks/reporter/main.bro | 2 +- scripts/base/frameworks/signatures/main.bro | 2 +- scripts/base/frameworks/software/main.bro | 2 +- scripts/base/frameworks/tunnels/main.bro | 2 +- scripts/base/protocols/conn/main.bro | 2 +- scripts/base/protocols/dhcp/main.bro | 2 +- scripts/base/protocols/dnp3/main.bro | 2 +- scripts/base/protocols/dns/main.bro | 2 +- scripts/base/protocols/ftp/main.bro | 2 +- scripts/base/protocols/http/main.bro | 2 +- scripts/base/protocols/irc/main.bro | 2 +- scripts/base/protocols/modbus/main.bro | 2 +- scripts/base/protocols/mysql/main.bro | 2 +- scripts/base/protocols/radius/main.bro | 2 +- scripts/base/protocols/smtp/main.bro | 2 +- scripts/base/protocols/snmp/main.bro | 2 +- scripts/base/protocols/socks/main.bro | 2 +- scripts/base/protocols/ssh/main.bro | 2 +- scripts/base/protocols/ssl/main.bro | 2 +- scripts/base/protocols/syslog/main.bro | 2 +- scripts/policy/integration/barnyard2/main.bro | 2 +- scripts/policy/misc/app-stats/main.bro | 2 +- scripts/policy/misc/capture-loss.bro | 2 +- .../policy/misc/detect-traceroute/main.bro | 2 +- scripts/policy/misc/known-devices.bro | 2 +- scripts/policy/misc/loaded-scripts.bro | 2 +- scripts/policy/misc/stats.bro | 2 +- scripts/policy/protocols/conn/known-hosts.bro | 2 +- .../policy/protocols/conn/known-services.bro | 3 +- .../protocols/modbus/known-masters-slaves.bro | 2 +- .../policy/protocols/modbus/track-memmap.bro | 2 +- scripts/policy/protocols/ssl/known-certs.bro | 2 +- testing/btest/Baseline/plugins.hooks/output | 639 ++++++++---------- 45 files changed, 358 insertions(+), 403 deletions(-) diff --git a/NEWS b/NEWS index 4d1539b33c..da6d7c36eb 100644 --- a/NEWS +++ b/NEWS @@ -102,6 +102,15 @@ Changed Functionality - [TODO] Add changed BroControl features. +- When adding a logging filter to a stream, the filter can now inherit + a default ``path`` field from the associated ``Log::Stream`` record. + +- When adding a logging filter to a stream, the + ``Log::default_path_func`` is now only automatically added to the + filter if it has neither a ``path`` nor a ``path_func`` already + explicitly set. Before, the default path function would always be set + for all filters which didn't specify their own ``path_func``. + Deprecated Functionality ------------------------ diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.bro index 73f98aa5f8..9d9ef15d79 100644 --- a/scripts/base/files/unified2/main.bro +++ b/scripts/base/files/unified2/main.bro @@ -195,7 +195,7 @@ event Input::end_of_data(name: string, source: string) event bro_init() &priority=5 { - Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2]); + Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2, $path="unified2"]); if ( sid_msg == "" ) { diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro index 10445ad846..a810132f8d 100644 --- a/scripts/base/files/x509/main.bro +++ b/scripts/base/files/x509/main.bro @@ -36,7 +36,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509]); + Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509, $path="x509"]); } redef record Files::Info += { diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro index 12cc9e27d4..218e309bad 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.bro @@ -159,5 +159,5 @@ event bro_init() &priority=5 terminate(); } - Log::create_stream(Cluster::LOG, [$columns=Info]); + Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster"]); } diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index 92d527101d..af4eb9fca5 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -164,7 +164,7 @@ const src_names = { event bro_init() &priority=5 { - Log::create_stream(Communication::LOG, [$columns=Info]); + Log::create_stream(Communication::LOG, [$columns=Info, $path="communication"]); } function do_script_log_common(level: count, src: count, msg: string) diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro index 9df8a45e5e..4586e2c02e 100644 --- a/scripts/base/frameworks/dpd/main.bro +++ b/scripts/base/frameworks/dpd/main.bro @@ -38,7 +38,7 @@ redef record connection += { event bro_init() &priority=5 { - Log::create_stream(DPD::LOG, [$columns=Info]); + Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd"]); } event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=10 diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.bro index 94a46578c0..fa4df59cf3 100644 --- a/scripts/base/frameworks/files/main.bro +++ b/scripts/base/frameworks/files/main.bro @@ -313,7 +313,7 @@ global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: A event bro_init() &priority=5 { - Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files]); + Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files, $path="files"]); } function set_info(f: fa_file) diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro index 4866766df4..4f7428de18 100644 --- a/scripts/base/frameworks/intel/main.bro +++ b/scripts/base/frameworks/intel/main.bro @@ -174,7 +174,7 @@ global min_data_store: MinDataStore &redef; event bro_init() &priority=5 { - Log::create_stream(LOG, [$columns=Info, $ev=log_intel]); + Log::create_stream(LOG, [$columns=Info, $ev=log_intel, $path="intel"]); } function find(s: Seen): bool diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro index d4d5c0244e..3e0faac21b 100644 --- a/scripts/base/frameworks/logging/main.bro +++ b/scripts/base/frameworks/logging/main.bro @@ -50,11 +50,17 @@ export { ## The event receives a single same parameter, an instance of ## type ``columns``. ev: any &optional; + + ## A path that will be inherited by any filters added to the + ## stream which do not already specify their own path. + path: string &optional; }; ## Builds the default path values for log filters if not otherwise ## specified by a filter. The default implementation uses *id* - ## to derive a name. + ## to derive a name. Upon adding a filter to a stream, if neither + ## ``path`` nor ``path_func`` is explicitly set by them, then + ## this function is used as the ``path_func``. ## ## id: The ID associated with the log stream. ## @@ -143,7 +149,9 @@ export { ## to compute the string dynamically. It is ok to return ## different strings for separate calls, but be careful: it's ## easy to flood the disk by returning a new string for each - ## connection. + ## connection. Upon adding a filter to a stream, if neither + ## ``path`` nor ``path_func`` is explicitly set by them, then + ## :bro:see:`default_path_func` is used. ## ## id: The ID associated with the log stream. ## @@ -379,6 +387,8 @@ export { global active_streams: table[ID] of Stream = table(); } +global all_streams: table[ID] of Stream = table(); + # We keep a script-level copy of all filters so that we can manipulate them. global filters: table[ID, string] of Filter; @@ -463,6 +473,7 @@ function create_stream(id: ID, stream: Stream) : bool return F; active_streams[id] = stream; + all_streams[id] = stream; return add_default_filter(id); } @@ -470,6 +481,7 @@ function create_stream(id: ID, stream: Stream) : bool function remove_stream(id: ID) : bool { delete active_streams[id]; + delete all_streams[id]; return __remove_stream(id); } @@ -482,10 +494,12 @@ function disable_stream(id: ID) : bool function add_filter(id: ID, filter: Filter) : bool { - # This is a work-around for the fact that we can't forward-declare - # the default_path_func and then use it as &default in the record - # definition. - if ( ! filter?$path_func ) + local stream = all_streams[id]; + + if ( stream?$path && ! filter?$path ) + filter$path = stream$path; + + if ( ! filter?$path && ! filter?$path_func ) filter$path_func = default_path_func; filters[id, filter$name] = filter; diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.bro index d7d9bd61c9..4b4a1dcb9e 100644 --- a/scripts/base/frameworks/notice/main.bro +++ b/scripts/base/frameworks/notice/main.bro @@ -349,9 +349,9 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool event bro_init() &priority=5 { - Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice]); + Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice"]); - Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info]); + Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info, $path="notice_alarm"]); # If Bro is configured for mailing notices, set up mailing for alarms. # Make sure that this alarm log is also output as text so that it can # be packaged up and emailed later. diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro index 474f021cef..627849a591 100644 --- a/scripts/base/frameworks/notice/weird.bro +++ b/scripts/base/frameworks/notice/weird.bro @@ -294,7 +294,7 @@ global current_conn: connection; event bro_init() &priority=5 { - Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird]); + Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird, $path="weird"]); } function flow_id_string(src: addr, dst: addr): string diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro index 8b1739acb4..b0a6f144e3 100644 --- a/scripts/base/frameworks/packet-filter/main.bro +++ b/scripts/base/frameworks/packet-filter/main.bro @@ -159,7 +159,7 @@ event filter_change_tracking() event bro_init() &priority=5 { - Log::create_stream(PacketFilter::LOG, [$columns=Info]); + Log::create_stream(PacketFilter::LOG, [$columns=Info, $path="packet_filter"]); # Preverify the capture and restrict filters to give more granular failure messages. for ( id in capture_filters ) diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.bro index 873cb15a45..e87407c89a 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.bro @@ -45,7 +45,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Reporter::LOG, [$columns=Info]); + Log::create_stream(Reporter::LOG, [$columns=Info, $path="reporter"]); } event reporter_info(t: time, msg: string, location: string) &priority=-5 diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro index 5b233d1db1..c0b57ba508 100644 --- a/scripts/base/frameworks/signatures/main.bro +++ b/scripts/base/frameworks/signatures/main.bro @@ -142,7 +142,7 @@ global did_sig_log: set[string] &read_expire = 1 hr; event bro_init() { - Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature]); + Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures"]); } # Returns true if the given signature has already been triggered for the given diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro index f7b8ce9326..bcb791b4f4 100644 --- a/scripts/base/frameworks/software/main.bro +++ b/scripts/base/frameworks/software/main.bro @@ -105,7 +105,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software]); + Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software, $path="software"]); } type Description: record { diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.bro index 04207618d7..7721ce3a02 100644 --- a/scripts/base/frameworks/tunnels/main.bro +++ b/scripts/base/frameworks/tunnels/main.bro @@ -89,7 +89,7 @@ redef likely_server_ports += { ayiya_ports, teredo_ports, gtpv1_ports }; event bro_init() &priority=5 { - Log::create_stream(Tunnel::LOG, [$columns=Info]); + Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel"]); Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, ayiya_ports); Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, teredo_ports); diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro index 1d3e37c691..7ef204268b 100644 --- a/scripts/base/protocols/conn/main.bro +++ b/scripts/base/protocols/conn/main.bro @@ -127,7 +127,7 @@ redef record connection += { event bro_init() &priority=5 { - Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn]); + Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn"]); } function conn_state(c: connection, trans: transport_proto): string diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.bro index d6bb0defd2..bfc3d98117 100644 --- a/scripts/base/protocols/dhcp/main.bro +++ b/scripts/base/protocols/dhcp/main.bro @@ -49,7 +49,7 @@ redef likely_server_ports += { 67/udp }; event bro_init() &priority=5 { - Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp]); + Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports); } diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro index c00934a65b..35dd012d75 100644 --- a/scripts/base/protocols/dnp3/main.bro +++ b/scripts/base/protocols/dnp3/main.bro @@ -36,7 +36,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3]); + Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports); } diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro index 83c9682e8c..7b8826f0fd 100644 --- a/scripts/base/protocols/dns/main.bro +++ b/scripts/base/protocols/dns/main.bro @@ -150,7 +150,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns]); + Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns"]); Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports); } diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 24195c1d7e..f98e33b315 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -52,7 +52,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp]); + Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports); } diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 2349635844..c8f06dff18 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -135,7 +135,7 @@ redef likely_server_ports += { ports }; # Initialize the HTTP logging stream and ports. event bro_init() &priority=5 { - Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http]); + Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http"]); Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports); } diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro index d861e88ae9..c2de29da6a 100644 --- a/scripts/base/protocols/irc/main.bro +++ b/scripts/base/protocols/irc/main.bro @@ -43,7 +43,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log]); + Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc"]); Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports); } diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.bro index 707c2e47a7..5a30d170e5 100644 --- a/scripts/base/protocols/modbus/main.bro +++ b/scripts/base/protocols/modbus/main.bro @@ -34,7 +34,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus]); + Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus"]); Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports); } diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.bro index 748049965a..e4ba07cbca 100644 --- a/scripts/base/protocols/mysql/main.bro +++ b/scripts/base/protocols/mysql/main.bro @@ -39,7 +39,7 @@ const ports = { 1434/tcp, 3306/tcp }; event bro_init() &priority=5 { - Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql]); + Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql"]); Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports); } diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro index 96d4bc1701..d9c2d08ca8 100644 --- a/scripts/base/protocols/radius/main.bro +++ b/scripts/base/protocols/radius/main.bro @@ -59,7 +59,7 @@ const ports = { 1812/udp }; event bro_init() &priority=5 { - Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius]); + Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius"]); Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports); } diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro index 925b0f4da5..5fb5cac4bc 100644 --- a/scripts/base/protocols/smtp/main.bro +++ b/scripts/base/protocols/smtp/main.bro @@ -92,7 +92,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp]); + Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports); } diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.bro index 4921794408..ec45d59440 100644 --- a/scripts/base/protocols/snmp/main.bro +++ b/scripts/base/protocols/snmp/main.bro @@ -66,7 +66,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports); - Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp]); + Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp"]); } function init_state(c: connection, h: SNMP::Header): Info diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro index e052962888..c63092f609 100644 --- a/scripts/base/protocols/socks/main.bro +++ b/scripts/base/protocols/socks/main.bro @@ -43,7 +43,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks]); + Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports); } diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 33b0c84147..1d97a9d5fc 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -73,7 +73,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]); + Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); } diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro index a1461db82d..4b232e4b8e 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.bro @@ -100,7 +100,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl]); + Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ports); } diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro index afe562c890..593c8ab9a2 100644 --- a/scripts/base/protocols/syslog/main.bro +++ b/scripts/base/protocols/syslog/main.bro @@ -35,7 +35,7 @@ redef likely_server_ports += { ports }; event bro_init() &priority=5 { - Log::create_stream(Syslog::LOG, [$columns=Info]); + Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog"]); Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports); } diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.bro index 42364e8d76..10dd242049 100644 --- a/scripts/policy/integration/barnyard2/main.bro +++ b/scripts/policy/integration/barnyard2/main.bro @@ -23,7 +23,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Barnyard2::LOG, [$columns=Info]); + Log::create_stream(Barnyard2::LOG, [$columns=Info, $path="barnyard2"]); } diff --git a/scripts/policy/misc/app-stats/main.bro b/scripts/policy/misc/app-stats/main.bro index 3a0219db6e..d80763c699 100644 --- a/scripts/policy/misc/app-stats/main.bro +++ b/scripts/policy/misc/app-stats/main.bro @@ -38,7 +38,7 @@ global add_sumstats: hook(id: conn_id, hostname: string, size: count); event bro_init() &priority=3 { - Log::create_stream(AppStats::LOG, [$columns=Info]); + Log::create_stream(AppStats::LOG, [$columns=Info, $path="app_stats"]); local r1: SumStats::Reducer = [$stream="apps.bytes", $apply=set(SumStats::SUM)]; local r2: SumStats::Reducer = [$stream="apps.hits", $apply=set(SumStats::UNIQUE)]; diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.bro index 089412020a..28f468a1c8 100644 --- a/scripts/policy/misc/capture-loss.bro +++ b/scripts/policy/misc/capture-loss.bro @@ -76,7 +76,7 @@ event CaptureLoss::take_measurement(last_ts: time, last_acks: count, last_gaps: event bro_init() &priority=5 { - Log::create_stream(LOG, [$columns=Info]); + Log::create_stream(LOG, [$columns=Info, $path="capture_loss"]); # We only schedule the event if we are capturing packets. if ( reading_live_traffic() || reading_traces() ) diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.bro index 68151e209a..5cbb34e27e 100644 --- a/scripts/policy/misc/detect-traceroute/main.bro +++ b/scripts/policy/misc/detect-traceroute/main.bro @@ -55,7 +55,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute]); + Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute, $path="traceroute"]); local r1: SumStats::Reducer = [$stream="traceroute.time_exceeded", $apply=set(SumStats::UNIQUE)]; local r2: SumStats::Reducer = [$stream="traceroute.low_ttl_packet", $apply=set(SumStats::SUM)]; diff --git a/scripts/policy/misc/known-devices.bro b/scripts/policy/misc/known-devices.bro index 8378d589f8..2f1f81524f 100644 --- a/scripts/policy/misc/known-devices.bro +++ b/scripts/policy/misc/known-devices.bro @@ -38,5 +38,5 @@ export { event bro_init() { - Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices]); + Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices, $path="known_devices"]); } diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.bro index bd6943e928..3b0b9e2429 100644 --- a/scripts/policy/misc/loaded-scripts.bro +++ b/scripts/policy/misc/loaded-scripts.bro @@ -30,7 +30,7 @@ const depth: table[count] of string = { event bro_init() &priority=5 { - Log::create_stream(LoadedScripts::LOG, [$columns=Info]); + Log::create_stream(LoadedScripts::LOG, [$columns=Info, $path="loaded_scripts"]); } event bro_script_loaded(path: string, level: count) diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.bro index a8a08bdcc1..215a3bb9de 100644 --- a/scripts/policy/misc/stats.bro +++ b/scripts/policy/misc/stats.bro @@ -50,7 +50,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats]); + Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]); } event check_stats(last_ts: time, last_ns: NetStats, last_res: bro_resources) diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro index e4fef85f87..a539885dd1 100644 --- a/scripts/policy/protocols/conn/known-hosts.bro +++ b/scripts/policy/protocols/conn/known-hosts.bro @@ -38,7 +38,7 @@ export { event bro_init() { - Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts]); + Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts, $path="known_hosts"]); } event connection_established(c: connection) &priority=5 diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro index 4e474f76a0..0c79db84f5 100644 --- a/scripts/policy/protocols/conn/known-services.bro +++ b/scripts/policy/protocols/conn/known-services.bro @@ -49,7 +49,8 @@ redef record connection += { event bro_init() &priority=5 { Log::create_stream(Known::SERVICES_LOG, [$columns=ServicesInfo, - $ev=log_known_services]); + $ev=log_known_services, + $path="known_services"]); } event log_it(ts: time, a: addr, p: port, services: set[string]) diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.bro index 84ea7ea35a..a49e1f81e4 100644 --- a/scripts/policy/protocols/modbus/known-masters-slaves.bro +++ b/scripts/policy/protocols/modbus/known-masters-slaves.bro @@ -35,7 +35,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus]); + Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus, $path="known_modbus"]); } event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool) diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.bro index 7714ce7537..fedda25ea7 100644 --- a/scripts/policy/protocols/modbus/track-memmap.bro +++ b/scripts/policy/protocols/modbus/track-memmap.bro @@ -54,7 +54,7 @@ redef record Modbus::Info += { event bro_init() &priority=5 { - Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo]); + Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo, $path="modbus_register_change"]); } event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count) diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro index 298c665459..1f27521e46 100644 --- a/scripts/policy/protocols/ssl/known-certs.bro +++ b/scripts/policy/protocols/ssl/known-certs.bro @@ -43,7 +43,7 @@ export { event bro_init() &priority=5 { - Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs]); + Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs, $path="known_certs"]); } event ssl_established(c: connection) &priority=3 diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 63f0a87742..6f06d254c0 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -130,69 +130,69 @@ 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])) -> 0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Communication::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=, ev=Files::log_files])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=, ev=Software::log_software])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> -0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=communication, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=unified2, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=, ev=, path=cluster])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Communication::LOG, [columns=, ev=, path=communication])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn, path=conn])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns, path=dns])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=, ev=, path=dpd])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=, ev=Files::log_files, path=files])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http, path=http])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log, path=irc])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel, path=intel])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice, path=notice])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=, path=packet_filter])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=, path=reporter])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=, ev=Software::log_software, path=software])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=, ev=, path=syslog])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=, ev=, path=tunnel])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> +0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Communication::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Conn::LOG)) -> @@ -255,39 +255,38 @@ 0.000000 MetaHookPost CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> 0.000000 MetaHookPost CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Communication::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (DPD::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=, ev=Files::log_files])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=, ev=Software::log_software])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=, ev=])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -> -0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -> -0.000000 MetaHookPost CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Cluster::LOG, [columns=, ev=, path=cluster])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Communication::LOG, [columns=, ev=, path=communication])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn, path=conn])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns, path=dns])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (DPD::LOG, [columns=, ev=, path=dpd])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Files::LOG, [columns=, ev=Files::log_files, path=files])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http, path=http])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log, path=irc])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel, path=intel])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice, path=notice])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=, path=packet_filter])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=, path=reporter])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Software::LOG, [columns=, ev=Software::log_software, path=software])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Syslog::LOG, [columns=, ev=, path=syslog])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=, ev=, path=tunnel])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) -> +0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T])) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> @@ -309,10 +308,8 @@ 0.000000 MetaHookPost CallFunction(Unified2::mappings_initialized, , ()) -> 0.000000 MetaHookPost CallFunction(Unified2::start_watching, , ()) -> 0.000000 MetaHookPost CallFunction(bro_init, , ()) -> -0.000000 MetaHookPost CallFunction(cat, , (Packe, t, _, Filter)) -> 0.000000 MetaHookPost CallFunction(current_time, , ()) -> 0.000000 MetaHookPost CallFunction(filter_change_tracking, , ()) -> -0.000000 MetaHookPost CallFunction(fmt, , (%s, PacketFilter::LOG)) -> 0.000000 MetaHookPost CallFunction(getenv, , (CLUSTER_NODE)) -> 0.000000 MetaHookPost CallFunction(install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -> 0.000000 MetaHookPost CallFunction(network_time, , ()) -> @@ -320,13 +317,8 @@ 0.000000 MetaHookPost CallFunction(reading_live_traffic, , ()) -> 0.000000 MetaHookPost CallFunction(reading_traces, , ()) -> 0.000000 MetaHookPost CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -> -0.000000 MetaHookPost CallFunction(split_string1, , (PacketFilter::LOG, <...>/)) -> -0.000000 MetaHookPost CallFunction(split_string_n, , (PacketFilter, <...>/, T, 4)) -> 0.000000 MetaHookPost CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) -> 0.000000 MetaHookPost CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -> -0.000000 MetaHookPost CallFunction(sub_bytes, , (tFilter, 1, 1)) -> -0.000000 MetaHookPost CallFunction(sub_bytes, , (tFilter, 2, 7)) -> -0.000000 MetaHookPost CallFunction(to_lower, , (Packet_Filter)) -> 0.000000 MetaHookPost DrainEvents() -> 0.000000 MetaHookPost LoadFile(../main) -> -1 0.000000 MetaHookPost LoadFile(./Bro_ARP.events.bif.bro) -> -1 @@ -675,69 +667,69 @@ 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])) 0.000000 MetaHookPre CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Communication::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DPD::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=, ev=Files::log_files])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Software::LOG, [columns=, ev=Software::log_software])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=communication, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=unified2, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=, ev=, path=cluster])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Communication::LOG, [columns=, ev=, path=communication])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn, path=conn])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns, path=dns])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (DPD::LOG, [columns=, ev=, path=dpd])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Files::LOG, [columns=, ev=Files::log_files, path=files])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http, path=http])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log, path=irc])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel, path=intel])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice, path=notice])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=, path=packet_filter])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=, path=reporter])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Software::LOG, [columns=, ev=Software::log_software, path=software])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=, ev=, path=syslog])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=, ev=, path=tunnel])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) +0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Communication::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Conn::LOG)) @@ -800,39 +792,38 @@ 0.000000 MetaHookPre CallFunction(Log::add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) 0.000000 MetaHookPre CallFunction(Log::add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Communication::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (DPD::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=, ev=Files::log_files])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Software::LOG, [columns=, ev=Software::log_software])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Syslog::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=, ev=])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509])) -0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql])) -0.000000 MetaHookPre CallFunction(Log::default_path_func, , (PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Cluster::LOG, [columns=, ev=, path=cluster])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Communication::LOG, [columns=, ev=, path=communication])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn, path=conn])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns, path=dns])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (DPD::LOG, [columns=, ev=, path=dpd])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Files::LOG, [columns=, ev=Files::log_files, path=files])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http, path=http])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log, path=irc])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel, path=intel])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice, path=notice])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (PacketFilter::LOG, [columns=, ev=, path=packet_filter])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Reporter::LOG, [columns=, ev=, path=reporter])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Software::LOG, [columns=, ev=Software::log_software, path=software])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Syslog::LOG, [columns=, ev=, path=syslog])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Tunnel::LOG, [columns=, ev=, path=tunnel])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=, ev=Weird::log_weird, path=weird])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=, ev=X509::log_x509, path=x509])) +0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql])) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T])) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) @@ -854,10 +845,8 @@ 0.000000 MetaHookPre CallFunction(Unified2::mappings_initialized, , ()) 0.000000 MetaHookPre CallFunction(Unified2::start_watching, , ()) 0.000000 MetaHookPre CallFunction(bro_init, , ()) -0.000000 MetaHookPre CallFunction(cat, , (Packe, t, _, Filter)) 0.000000 MetaHookPre CallFunction(current_time, , ()) 0.000000 MetaHookPre CallFunction(filter_change_tracking, , ()) -0.000000 MetaHookPre CallFunction(fmt, , (%s, PacketFilter::LOG)) 0.000000 MetaHookPre CallFunction(getenv, , (CLUSTER_NODE)) 0.000000 MetaHookPre CallFunction(install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) 0.000000 MetaHookPre CallFunction(network_time, , ()) @@ -865,13 +854,8 @@ 0.000000 MetaHookPre CallFunction(reading_live_traffic, , ()) 0.000000 MetaHookPre CallFunction(reading_traces, , ()) 0.000000 MetaHookPre CallFunction(set_to_regex, , ({}, (^\.?|\.)(~~)$)) -0.000000 MetaHookPre CallFunction(split_string1, , (PacketFilter::LOG, <...>/)) -0.000000 MetaHookPre CallFunction(split_string_n, , (PacketFilter, <...>/, T, 4)) 0.000000 MetaHookPre CallFunction(string_to_pattern, , ((^\.?|\.)()$, F)) 0.000000 MetaHookPre CallFunction(sub, , ((^\.?|\.)(~~)$, <...>/, )) -0.000000 MetaHookPre CallFunction(sub_bytes, , (tFilter, 1, 1)) -0.000000 MetaHookPre CallFunction(sub_bytes, , (tFilter, 2, 7)) -0.000000 MetaHookPre CallFunction(to_lower, , (Packet_Filter)) 0.000000 MetaHookPre DrainEvents() 0.000000 MetaHookPre LoadFile(../main) 0.000000 MetaHookPre LoadFile(./Bro_ARP.events.bif.bro) @@ -1219,69 +1203,69 @@ 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}]) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}]) 0.000000 | HookCallFunction Files::register_protocol(Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}]) -0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(Communication::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=, ev=Conn::log_conn]) -0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=, ev=DHCP::log_dhcp]) -0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=, ev=DNP3::log_dnp3]) -0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=, ev=DNS::log_dns]) -0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=, ev=FTP::log_ftp]) -0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=, ev=Files::log_files]) -0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=, ev=HTTP::log_http]) -0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=, ev=IRC::irc_log]) -0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=, ev=Intel::log_intel]) -0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=, ev=Modbus::log_modbus]) -0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=, ev=Notice::log_notice]) -0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius]) -0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp]) -0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp]) -0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=, ev=SOCKS::log_socks]) -0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=, ev=SSH::log_ssh]) -0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=, ev=SSL::log_ssl]) -0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=, ev=Signatures::log_signature]) -0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=, ev=Software::log_software]) -0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=, ev=Unified2::log_unified2]) -0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) -0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509]) -0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__add_filter(Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=cluster, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=communication, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=conn, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dhcp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dnp3, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dns, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=dpd, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ftp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=files, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=http, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=irc, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=intel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=modbus, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice_alarm, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=notice, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=radius, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=reporter, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=smtp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=snmp, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=socks, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssh, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=ssl, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=signatures, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=software, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=syslog, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=tunnel, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=unified2, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=weird, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=x509, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=mysql, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) +0.000000 | HookCallFunction Log::__create_stream(Cluster::LOG, [columns=, ev=, path=cluster]) +0.000000 | HookCallFunction Log::__create_stream(Communication::LOG, [columns=, ev=, path=communication]) +0.000000 | HookCallFunction Log::__create_stream(Conn::LOG, [columns=, ev=Conn::log_conn, path=conn]) +0.000000 | HookCallFunction Log::__create_stream(DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp]) +0.000000 | HookCallFunction Log::__create_stream(DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3]) +0.000000 | HookCallFunction Log::__create_stream(DNS::LOG, [columns=, ev=DNS::log_dns, path=dns]) +0.000000 | HookCallFunction Log::__create_stream(DPD::LOG, [columns=, ev=, path=dpd]) +0.000000 | HookCallFunction Log::__create_stream(FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp]) +0.000000 | HookCallFunction Log::__create_stream(Files::LOG, [columns=, ev=Files::log_files, path=files]) +0.000000 | HookCallFunction Log::__create_stream(HTTP::LOG, [columns=, ev=HTTP::log_http, path=http]) +0.000000 | HookCallFunction Log::__create_stream(IRC::LOG, [columns=, ev=IRC::irc_log, path=irc]) +0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=, ev=Intel::log_intel, path=intel]) +0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus]) +0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm]) +0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=, ev=Notice::log_notice, path=notice]) +0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=, ev=, path=packet_filter]) +0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius]) +0.000000 | HookCallFunction Log::__create_stream(Reporter::LOG, [columns=, ev=, path=reporter]) +0.000000 | HookCallFunction Log::__create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp]) +0.000000 | HookCallFunction Log::__create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp]) +0.000000 | HookCallFunction Log::__create_stream(SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks]) +0.000000 | HookCallFunction Log::__create_stream(SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh]) +0.000000 | HookCallFunction Log::__create_stream(SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl]) +0.000000 | HookCallFunction Log::__create_stream(Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures]) +0.000000 | HookCallFunction Log::__create_stream(Software::LOG, [columns=, ev=Software::log_software, path=software]) +0.000000 | HookCallFunction Log::__create_stream(Syslog::LOG, [columns=, ev=, path=syslog]) +0.000000 | HookCallFunction Log::__create_stream(Tunnel::LOG, [columns=, ev=, path=tunnel]) +0.000000 | HookCallFunction Log::__create_stream(Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2]) +0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) +0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) +0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG) @@ -1344,39 +1328,38 @@ 0.000000 | HookCallFunction Log::add_filter(Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) 0.000000 | HookCallFunction Log::add_filter(mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}]) -0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(Communication::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=, ev=Conn::log_conn]) -0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=, ev=DHCP::log_dhcp]) -0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=, ev=DNP3::log_dnp3]) -0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=, ev=DNS::log_dns]) -0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=, ev=FTP::log_ftp]) -0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=, ev=Files::log_files]) -0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=, ev=HTTP::log_http]) -0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=, ev=IRC::irc_log]) -0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=, ev=Intel::log_intel]) -0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=, ev=Modbus::log_modbus]) -0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=, ev=Notice::log_notice]) -0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius]) -0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp]) -0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp]) -0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=, ev=SOCKS::log_socks]) -0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=, ev=SSH::log_ssh]) -0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=, ev=SSL::log_ssl]) -0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=, ev=Signatures::log_signature]) -0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=, ev=Software::log_software]) -0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=, ev=]) -0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=, ev=Unified2::log_unified2]) -0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird]) -0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509]) -0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql]) -0.000000 | HookCallFunction Log::default_path_func(PacketFilter::LOG, , [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426273629.648148, node=bro, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::create_stream(Cluster::LOG, [columns=, ev=, path=cluster]) +0.000000 | HookCallFunction Log::create_stream(Communication::LOG, [columns=, ev=, path=communication]) +0.000000 | HookCallFunction Log::create_stream(Conn::LOG, [columns=, ev=Conn::log_conn, path=conn]) +0.000000 | HookCallFunction Log::create_stream(DHCP::LOG, [columns=, ev=DHCP::log_dhcp, path=dhcp]) +0.000000 | HookCallFunction Log::create_stream(DNP3::LOG, [columns=, ev=DNP3::log_dnp3, path=dnp3]) +0.000000 | HookCallFunction Log::create_stream(DNS::LOG, [columns=, ev=DNS::log_dns, path=dns]) +0.000000 | HookCallFunction Log::create_stream(DPD::LOG, [columns=, ev=, path=dpd]) +0.000000 | HookCallFunction Log::create_stream(FTP::LOG, [columns=, ev=FTP::log_ftp, path=ftp]) +0.000000 | HookCallFunction Log::create_stream(Files::LOG, [columns=, ev=Files::log_files, path=files]) +0.000000 | HookCallFunction Log::create_stream(HTTP::LOG, [columns=, ev=HTTP::log_http, path=http]) +0.000000 | HookCallFunction Log::create_stream(IRC::LOG, [columns=, ev=IRC::irc_log, path=irc]) +0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=, ev=Intel::log_intel, path=intel]) +0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=, ev=Modbus::log_modbus, path=modbus]) +0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=, ev=, path=notice_alarm]) +0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=, ev=Notice::log_notice, path=notice]) +0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=, ev=, path=packet_filter]) +0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=, ev=RADIUS::log_radius, path=radius]) +0.000000 | HookCallFunction Log::create_stream(Reporter::LOG, [columns=, ev=, path=reporter]) +0.000000 | HookCallFunction Log::create_stream(SMTP::LOG, [columns=, ev=SMTP::log_smtp, path=smtp]) +0.000000 | HookCallFunction Log::create_stream(SNMP::LOG, [columns=, ev=SNMP::log_snmp, path=snmp]) +0.000000 | HookCallFunction Log::create_stream(SOCKS::LOG, [columns=, ev=SOCKS::log_socks, path=socks]) +0.000000 | HookCallFunction Log::create_stream(SSH::LOG, [columns=, ev=SSH::log_ssh, path=ssh]) +0.000000 | HookCallFunction Log::create_stream(SSL::LOG, [columns=, ev=SSL::log_ssl, path=ssl]) +0.000000 | HookCallFunction Log::create_stream(Signatures::LOG, [columns=, ev=Signatures::log_signature, path=signatures]) +0.000000 | HookCallFunction Log::create_stream(Software::LOG, [columns=, ev=Software::log_software, path=software]) +0.000000 | HookCallFunction Log::create_stream(Syslog::LOG, [columns=, ev=, path=syslog]) +0.000000 | HookCallFunction Log::create_stream(Tunnel::LOG, [columns=, ev=, path=tunnel]) +0.000000 | HookCallFunction Log::create_stream(Unified2::LOG, [columns=, ev=Unified2::log_unified2, path=unified2]) +0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=, ev=Weird::log_weird, path=weird]) +0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=, ev=X509::log_x509, path=x509]) +0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=, ev=MySQL::log_mysql, path=mysql]) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1426793275.574315, node=bro, filter=ip or not ip, init=T, success=T]) 0.000000 | HookCallFunction Notice::want_pp() 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) @@ -1398,10 +1381,8 @@ 0.000000 | HookCallFunction Unified2::mappings_initialized() 0.000000 | HookCallFunction Unified2::start_watching() 0.000000 | HookCallFunction bro_init() -0.000000 | HookCallFunction cat(Packe, t, _, Filter) 0.000000 | HookCallFunction current_time() 0.000000 | HookCallFunction filter_change_tracking() -0.000000 | HookCallFunction fmt(%s, PacketFilter::LOG) 0.000000 | HookCallFunction getenv(CLUSTER_NODE) 0.000000 | HookCallFunction install_pcap_filter(PacketFilter::DefaultPcapFilter) 0.000000 | HookCallFunction network_time() @@ -1409,13 +1390,8 @@ 0.000000 | HookCallFunction reading_live_traffic() 0.000000 | HookCallFunction reading_traces() 0.000000 | HookCallFunction set_to_regex({}, (^\.?|\.)(~~)$) -0.000000 | HookCallFunction split_string1(PacketFilter::LOG, <...>/) -0.000000 | HookCallFunction split_string_n(PacketFilter, <...>/, T, 4) 0.000000 | HookCallFunction string_to_pattern((^\.?|\.)()$, F) 0.000000 | HookCallFunction sub((^\.?|\.)(~~)$, <...>/, ) -0.000000 | HookCallFunction sub_bytes(tFilter, 1, 1) -0.000000 | HookCallFunction sub_bytes(tFilter, 2, 7) -0.000000 | HookCallFunction to_lower(Packet_Filter) 0.000000 | HookDrainEvents 0.000000 | HookLoadFile ..<...>/bro 0.000000 | HookLoadFile .<...>/bro @@ -1747,27 +1723,17 @@ 1362692527.009775 MetaHookPost CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) -> 1362692527.009775 MetaHookPost CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -> 1362692527.009775 MetaHookPost CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> -1362692527.009775 MetaHookPost CallFunction(Log::default_path_func, , (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -> -1362692527.009775 MetaHookPost CallFunction(Log::default_path_func, , (HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> 1362692527.009775 MetaHookPost CallFunction(Log::write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -> 1362692527.009775 MetaHookPost CallFunction(Log::write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -> 1362692527.009775 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.009775 MetaHookPost CallFunction(file_mime_type, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) -> 1362692527.009775 MetaHookPost CallFunction(file_state_remove, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -> -1362692527.009775 MetaHookPost CallFunction(fmt, , (%s, Files::LOG)) -> -1362692527.009775 MetaHookPost CallFunction(fmt, , (%s, HTTP::LOG)) -> 1362692527.009775 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> 1362692527.009775 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> 1362692527.009775 MetaHookPost CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) -> 1362692527.009775 MetaHookPost CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) -> 1362692527.009775 MetaHookPost CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) -> 1362692527.009775 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.009775 MetaHookPost CallFunction(split_string1, , (Files::LOG, <...>/)) -> -1362692527.009775 MetaHookPost CallFunction(split_string1, , (HTTP::LOG, <...>/)) -> -1362692527.009775 MetaHookPost CallFunction(split_string_n, , (Files, <...>/, T, 4)) -> -1362692527.009775 MetaHookPost CallFunction(split_string_n, , (HTTP, <...>/, T, 4)) -> -1362692527.009775 MetaHookPost CallFunction(to_lower, , (Files)) -> -1362692527.009775 MetaHookPost CallFunction(to_lower, , (HTTP)) -> 1362692527.009775 MetaHookPost DrainEvents() -> 1362692527.009775 MetaHookPost QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) -> false 1362692527.009775 MetaHookPost QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -> false @@ -1782,27 +1748,17 @@ 1362692527.009775 MetaHookPre CallFunction(HTTP::set_state, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F)) 1362692527.009775 MetaHookPre CallFunction(Log::__write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) 1362692527.009775 MetaHookPre CallFunction(Log::__write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) -1362692527.009775 MetaHookPre CallFunction(Log::default_path_func, , (Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) -1362692527.009775 MetaHookPre CallFunction(Log::default_path_func, , (HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) 1362692527.009775 MetaHookPre CallFunction(Log::write, , (Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=])) 1362692527.009775 MetaHookPre CallFunction(Log::write, , (HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1])) 1362692527.009775 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.009775 MetaHookPre CallFunction(file_mime_type, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) 1362692527.009775 MetaHookPre CallFunction(file_state_remove, , ([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) -1362692527.009775 MetaHookPre CallFunction(fmt, , (%s, Files::LOG)) -1362692527.009775 MetaHookPre CallFunction(fmt, , (%s, HTTP::LOG)) 1362692527.009775 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692527.009775 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) 1362692527.009775 MetaHookPre CallFunction(http_end_entity, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F)) 1362692527.009775 MetaHookPre CallFunction(http_message_done, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280])) 1362692527.009775 MetaHookPre CallFunction(id_string, , ([orig_h=141.142.228.5, orig_p=59856<...>/tcp])) 1362692527.009775 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.009775 MetaHookPre CallFunction(split_string1, , (Files::LOG, <...>/)) -1362692527.009775 MetaHookPre CallFunction(split_string1, , (HTTP::LOG, <...>/)) -1362692527.009775 MetaHookPre CallFunction(split_string_n, , (Files, <...>/, T, 4)) -1362692527.009775 MetaHookPre CallFunction(split_string_n, , (HTTP, <...>/, T, 4)) -1362692527.009775 MetaHookPre CallFunction(to_lower, , (Files)) -1362692527.009775 MetaHookPre CallFunction(to_lower, , (HTTP)) 1362692527.009775 MetaHookPre DrainEvents() 1362692527.009775 MetaHookPre QueueEvent(file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain)) 1362692527.009775 MetaHookPre QueueEvent(file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=])) @@ -1818,27 +1774,17 @@ 1362692527.009775 | HookCallFunction HTTP::set_state([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, F) 1362692527.009775 | HookCallFunction Log::__write(Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=]) 1362692527.009775 | HookCallFunction Log::__write(HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) -1362692527.009775 | HookCallFunction Log::default_path_func(Files::LOG, , [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=]) -1362692527.009775 | HookCallFunction Log::default_path_func(HTTP::LOG, , [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) 1362692527.009775 | HookCallFunction Log::write(Files::LOG, [ts=1362692527.009512, fuid=FakNcS1Jfe01uljb3, tx_hosts={192.150.187.43}, rx_hosts={141.142.228.5}, conn_uids={CXWv6p3arKYeMETxOg}, source=HTTP, depth=0, analyzers={}, mime_type=text/plain, filename=, duration=262.0 usecs, local_orig=, is_orig=F, seen_bytes=4705, total_bytes=4705, missing_bytes=0, overflow_bytes=0, timedout=F, parent_fuid=, md5=, sha1=, sha256=, x509=, extracted=]) 1362692527.009775 | HookCallFunction Log::write(HTTP::LOG, [ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]) 1362692527.009775 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, F, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692527.009775 | HookCallFunction file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain) 1362692527.009775 | HookCallFunction file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=]) -1362692527.009775 | HookCallFunction fmt(%s, Files::LOG) -1362692527.009775 | HookCallFunction fmt(%s, HTTP::LOG) 1362692527.009775 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692527.009775 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) 1362692527.009775 | HookCallFunction http_end_entity([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F) 1362692527.009775 | HookCallFunction http_message_done([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1]}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], F, [start=1362692527.009512, interrupted=F, finish_msg=message ends normally, body_length=4705, content_gap_length=0, header_length=280]) 1362692527.009775 | HookCallFunction id_string([orig_h=141.142.228.5, orig_p=59856<...>/tcp]) 1362692527.009775 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344F11141.142.228.5:59856 > 192.150.187.43:80) -1362692527.009775 | HookCallFunction split_string1(Files::LOG, <...>/) -1362692527.009775 | HookCallFunction split_string1(HTTP::LOG, <...>/) -1362692527.009775 | HookCallFunction split_string_n(Files, <...>/, T, 4) -1362692527.009775 | HookCallFunction split_string_n(HTTP, <...>/, T, 4) -1362692527.009775 | HookCallFunction to_lower(Files) -1362692527.009775 | HookCallFunction to_lower(HTTP) 1362692527.009775 | HookDrainEvents 1362692527.009775 | HookQueueEvent file_mime_type([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain) 1362692527.009775 | HookQueueEvent file_state_remove([id=FakNcS1Jfe01uljb3, parent_id=, source=HTTP, is_orig=F, conns={[[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=[filename=], orig_mime_depth=1, resp_mime_depth=1], irc=, u2_events=]) @@ -1875,13 +1821,11 @@ 1362692527.080972 MetaHookPost CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> -1362692527.080972 MetaHookPost CallFunction(Log::default_path_func, , (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -> 1362692527.080972 MetaHookPost CallFunction(bro_done, , ()) -> 1362692527.080972 MetaHookPost CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) -> 1362692527.080972 MetaHookPost CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) -> 1362692527.080972 MetaHookPost CallFunction(filter_change_tracking, , ()) -> -1362692527.080972 MetaHookPost CallFunction(fmt, , (%s, Conn::LOG)) -> 1362692527.080972 MetaHookPost CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) -> 1362692527.080972 MetaHookPost CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) -> 1362692527.080972 MetaHookPost CallFunction(get_port_transport_proto, , (80/tcp)) -> @@ -1891,10 +1835,7 @@ 1362692527.080972 MetaHookPost CallFunction(net_stats, , ()) -> 1362692527.080972 MetaHookPost CallFunction(reading_traces, , ()) -> 1362692527.080972 MetaHookPost CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -> -1362692527.080972 MetaHookPost CallFunction(split_string1, , (Conn::LOG, <...>/)) -> -1362692527.080972 MetaHookPost CallFunction(split_string_n, , (Conn, <...>/, T, 4)) -> 1362692527.080972 MetaHookPost CallFunction(sub_bytes, , (HTTP, 0, 1)) -> -1362692527.080972 MetaHookPost CallFunction(to_lower, , (Conn)) -> 1362692527.080972 MetaHookPost CallFunction(to_lower, , (HTTP)) -> 1362692527.080972 MetaHookPost DrainEvents() -> 1362692527.080972 MetaHookPost QueueEvent(ChecksumOffloading::check()) -> false @@ -1909,13 +1850,11 @@ 1362692527.080972 MetaHookPre CallFunction(Conn::set_conn, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(HTTP::get_file_handle, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(Log::__write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) -1362692527.080972 MetaHookPre CallFunction(Log::default_path_func, , (Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(Log::write, , (Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}])) 1362692527.080972 MetaHookPre CallFunction(bro_done, , ()) 1362692527.080972 MetaHookPre CallFunction(cat, , (Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80)) 1362692527.080972 MetaHookPre CallFunction(connection_state_remove, , ([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=])) 1362692527.080972 MetaHookPre CallFunction(filter_change_tracking, , ()) -1362692527.080972 MetaHookPre CallFunction(fmt, , (%s, Conn::LOG)) 1362692527.080972 MetaHookPre CallFunction(fmt, , (%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp)) 1362692527.080972 MetaHookPre CallFunction(get_file_handle, , (Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T)) 1362692527.080972 MetaHookPre CallFunction(get_port_transport_proto, , (80/tcp)) @@ -1925,10 +1864,7 @@ 1362692527.080972 MetaHookPre CallFunction(net_stats, , ()) 1362692527.080972 MetaHookPre CallFunction(reading_traces, , ()) 1362692527.080972 MetaHookPre CallFunction(set_file_handle, , (Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80)) -1362692527.080972 MetaHookPre CallFunction(split_string1, , (Conn::LOG, <...>/)) -1362692527.080972 MetaHookPre CallFunction(split_string_n, , (Conn, <...>/, T, 4)) 1362692527.080972 MetaHookPre CallFunction(sub_bytes, , (HTTP, 0, 1)) -1362692527.080972 MetaHookPre CallFunction(to_lower, , (Conn)) 1362692527.080972 MetaHookPre CallFunction(to_lower, , (HTTP)) 1362692527.080972 MetaHookPre DrainEvents() 1362692527.080972 MetaHookPre QueueEvent(ChecksumOffloading::check()) @@ -1944,13 +1880,11 @@ 1362692527.080972 | HookCallFunction Conn::set_conn([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction HTTP::get_file_handle([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction Log::__write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) -1362692527.080972 | HookCallFunction Log::default_path_func(Conn::LOG, , [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction Log::write(Conn::LOG, [ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], proto=tcp, service=http, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=, local_resp=, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={}]) 1362692527.080972 | HookCallFunction bro_done() 1362692527.080972 | HookCallFunction cat(Analyzer::ANALYZER_HTTP, 1362692526.869344, T, 1, 1, 141.142.228.5:59856 > 192.150.187.43:80) 1362692527.080972 | HookCallFunction connection_state_remove([id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=]) 1362692527.080972 | HookCallFunction filter_change_tracking() -1362692527.080972 | HookCallFunction fmt(%s, Conn::LOG) 1362692527.080972 | HookCallFunction fmt(%s:%d > %s:%d, 141.142.228.5, 59856<...>/tcp) 1362692527.080972 | HookCallFunction get_file_handle(Analyzer::ANALYZER_HTTP, [id=[orig_h=141.142.228.5, orig_p=59856<...>/plain], current_entity=, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={}, current_request=1, current_response=1], irc=, modbus=, mysql=, radius=, snmp=, smtp=, smtp_state=, socks=, ssh=, syslog=], T) 1362692527.080972 | HookCallFunction get_port_transport_proto(80/tcp) @@ -1960,10 +1894,7 @@ 1362692527.080972 | HookCallFunction net_stats() 1362692527.080972 | HookCallFunction reading_traces() 1362692527.080972 | HookCallFunction set_file_handle(Analyzer::ANALYZER_HTTP1362692526.869344T11141.142.228.5:59856 > 192.150.187.43:80) -1362692527.080972 | HookCallFunction split_string1(Conn::LOG, <...>/) -1362692527.080972 | HookCallFunction split_string_n(Conn, <...>/, T, 4) 1362692527.080972 | HookCallFunction sub_bytes(HTTP, 0, 1) -1362692527.080972 | HookCallFunction to_lower(Conn) 1362692527.080972 | HookCallFunction to_lower(HTTP) 1362692527.080972 | HookDrainEvents 1362692527.080972 | HookQueueEvent ChecksumOffloading::check() From c27848fc32c9cbeb08ded522c2fdc34c0805d747 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 19 Mar 2015 14:58:38 -0700 Subject: [PATCH 092/121] Change the way the input framework deals with values it cannot convert into BroVals (especially enums) Not we do not force an internal error anymore. Instead, we raise an normal error and set an error flag that signals to the top-level functions that the value could not be converted and should not be propagated to the Bro core. This sadly makes the already messy code even more messy - but since errors can happen in deeply nested data structures, the alternative (catching the error at every possible location and then trying to clean up there instead of recursively deleting the data that cannot be used later) is much worse. Addresses BIT-1199 --- src/input/Manager.cc | 318 +++++++++++------- src/input/Manager.h | 6 +- .../bro..stderr | 2 + .../bro..stdout | 4 + .../base/frameworks/input/missing-enum.bro | 37 ++ 5 files changed, 248 insertions(+), 119 deletions(-) create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr create mode 100644 testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout create mode 100644 testing/btest/scripts/base/frameworks/input/missing-enum.bro diff --git a/src/input/Manager.cc b/src/input/Manager.cc index ac79257ad9..0de6efd782 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -971,7 +971,7 @@ Val* Manager::RecordValToIndexVal(RecordVal *r) } -Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals) +Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType *type, const Value* const *vals, bool& have_error) { Val* idxval; int position = 0; @@ -979,7 +979,7 @@ Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType if ( num_fields == 1 && type->FieldType(0)->Tag() != TYPE_RECORD ) { - idxval = ValueToVal(i, vals[0], type->FieldType(0)); + idxval = ValueToVal(i, vals[0], type->FieldType(0), have_error); position = 1; } else @@ -989,10 +989,10 @@ Val* Manager::ValueToIndexVal(const Stream* i, int num_fields, const RecordType { if ( type->FieldType(j)->Tag() == TYPE_RECORD ) l->Append(ValueToRecordVal(i, vals, - type->FieldType(j)->AsRecordType(), &position)); + type->FieldType(j)->AsRecordType(), &position, have_error)); else { - l->Append(ValueToVal(i, vals[position], type->FieldType(j))); + l->Append(ValueToVal(i, vals[position], type->FieldType(j), have_error)); position++; } } @@ -1079,7 +1079,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) { // seen before if ( stream->num_val_fields == 0 || h->valhash == valhash ) - { + { // ok, exact duplicate, move entry to new dicrionary and do nothing else. stream->lastDict->Remove(idxhash); stream->currDict->Insert(idxhash, h); @@ -1094,8 +1094,8 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) stream->lastDict->Remove(idxhash); // keep h for predicates updated = true; - } + } Val* valval; @@ -1103,63 +1103,68 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) int position = stream->num_idx_fields; + bool convert_error = false; // this will be set to true by ValueTo* on Error + if ( stream->num_val_fields == 0 ) valval = 0; else if ( stream->num_val_fields == 1 && !stream->want_record ) - valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0)); + valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0), convert_error); else - valval = ValueToRecordVal(i, vals, stream->rtype, &position); - + valval = ValueToRecordVal(i, vals, stream->rtype, &position, convert_error); // call stream first to determine if we really add / change the entry - if ( stream->pred ) + if ( stream->pred && !convert_error ) { EnumVal* ev; int startpos = 0; - predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); + bool pred_convert_error = false; + predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, pred_convert_error); - if ( updated ) - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); - else - ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); - - bool result; - if ( stream->num_val_fields > 0 ) // we have values - result = CallPred(stream->pred, 3, ev, predidx->Ref(), valval->Ref()); - else // no values - result = CallPred(stream->pred, 2, ev, predidx->Ref()); - - if ( result == false ) + // if we encountered a convert error here - just continue as we would have without + // emitting the event. I do not really think that that can happen just here and not + // at the top-level. But - this is safe. + if ( !pred_convert_error ) { - Unref(predidx); - Unref(valval); - - if ( ! updated ) - { - // just quit and delete everything we created. - delete idxhash; - return stream->num_val_fields + stream->num_idx_fields; - } - + if ( updated ) + ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); else + ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); + + bool result; + if ( stream->num_val_fields > 0 ) // we have values + result = CallPred(stream->pred, 3, ev, predidx->Ref(), valval->Ref()); + else // no values + result = CallPred(stream->pred, 2, ev, predidx->Ref()); + + if ( result == false ) { - // keep old one - stream->currDict->Insert(idxhash, h); - delete idxhash; - return stream->num_val_fields + stream->num_idx_fields; + Unref(predidx); + Unref(valval); + + if ( ! updated ) + { + // just quit and delete everything we created. + delete idxhash; + return stream->num_val_fields + stream->num_idx_fields; + } + + else + { + // keep old one + stream->currDict->Insert(idxhash, h); + delete idxhash; + return stream->num_val_fields + stream->num_idx_fields; + } } } + } // now we don't need h anymore - if we are here, the entry is updated and a new h is created. - if ( h ) - { - delete h; - h = 0; - } - + delete h; + h = 0; Val* idxval; if ( predidx != 0 ) @@ -1168,7 +1173,20 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) // I think there is an unref missing here. But if I insert is, it crashes :) } else - idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); + idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error); + + if ( convert_error ) + { + // abort here and free everything that was allocated so far. + Unref(predidx); + Unref(valval); + Unref(idxval); + + delete idxhash; + return stream->num_val_fields + stream->num_idx_fields; + } + + assert(idxval); Val* oldval = 0; if ( updated == true ) @@ -1178,7 +1196,7 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) oldval = stream->tab->Lookup(idxval, false); } - assert(idxval); + HashKey* k = stream->tab->ComputeHash(idxval); if ( ! k ) reporter->InternalError("could not hash"); @@ -1203,16 +1221,21 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, convert_error); - if ( updated ) + if ( convert_error ) + { + // the only thing to clean up here is predidx. Everything else should + // already be ok again + Unref(predidx); + } + else if ( updated ) { // in case of update send back the old value. assert ( stream->num_val_fields > 0 ); ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, BifType::Enum::Input::Event); assert ( oldval != 0 ); SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, oldval); } - else { ev = new EnumVal(BifEnum::Input::EVENT_NEW, BifType::Enum::Input::Event); @@ -1223,7 +1246,6 @@ int Manager::SendEntryTable(Stream* i, const Value* const *vals) } else SendEvent(stream->event, 4, stream->description->Ref(), ev, predidx, valval->Ref()); - } } @@ -1416,7 +1438,6 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * assert(i->stream_type == EVENT_STREAM); EventStream* stream = (EventStream*) i; - Val *val; list out_vals; Ref(stream->description); out_vals.push_back(stream->description); @@ -1425,9 +1446,11 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * int position = 0; + bool convert_error = false; + if ( stream->want_record ) { - RecordVal * r = ValueToRecordVal(i, vals, stream->fields, &position); + RecordVal * r = ValueToRecordVal(i, vals, stream->fields, &position, convert_error); out_vals.push_back(r); } @@ -1440,11 +1463,11 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * if ( stream->fields->FieldType(j)->Tag() == TYPE_RECORD ) val = ValueToRecordVal(i, vals, stream->fields->FieldType(j)->AsRecordType(), - &position); + &position, convert_error); else { - val = ValueToVal(i, vals[position], stream->fields->FieldType(j)); + val = ValueToVal(i, vals[position], stream->fields->FieldType(j), convert_error); position++; } @@ -1452,7 +1475,14 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const * } } - SendEvent(stream->event, out_vals); + if ( convert_error ) + { + // we have an error somewhere in our out_vals. Just delete all of them. + for ( list::const_iterator it = out_vals.begin(), end = out_vals.end(); it != end; ++it ) + Unref(*it); + } + else + SendEvent(stream->event, out_vals); return stream->num_fields; } @@ -1464,7 +1494,9 @@ int Manager::PutTable(Stream* i, const Value* const *vals) assert(i->stream_type == TABLE_STREAM); TableStream* stream = (TableStream*) i; - Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); + bool convert_error = 0; + + Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error); Val* valval; int position = stream->num_idx_fields; @@ -1473,9 +1505,16 @@ int Manager::PutTable(Stream* i, const Value* const *vals) valval = 0; else if ( stream->num_val_fields == 1 && stream->want_record == 0 ) - valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0)); + valval = ValueToVal(i, vals[position], stream->rtype->FieldType(0), convert_error); else - valval = ValueToRecordVal(i, vals, stream->rtype, &position); + valval = ValueToRecordVal(i, vals, stream->rtype, &position, convert_error); + + if ( convert_error ) + { + Unref(valval); + Unref(idxval); + return stream->num_idx_fields + stream->num_val_fields; + } // if we have a subscribed event, we need to figure out, if this is an update or not // same for predicates @@ -1503,31 +1542,37 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); + bool pred_convert_error = false; + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, pred_convert_error); - if ( updated ) - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, - BifType::Enum::Input::Event); + if ( pred_convert_error ) + Unref(predidx); else - ev = new EnumVal(BifEnum::Input::EVENT_NEW, - BifType::Enum::Input::Event); - - bool result; - if ( stream->num_val_fields > 0 ) // we have values { - Ref(valval); - result = CallPred(stream->pred, 3, ev, predidx, valval); - } - else // no values - result = CallPred(stream->pred, 2, ev, predidx); + if ( updated ) + ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, + BifType::Enum::Input::Event); + else + ev = new EnumVal(BifEnum::Input::EVENT_NEW, + BifType::Enum::Input::Event); - if ( result == false ) - { - // do nothing - Unref(idxval); - Unref(valval); - Unref(oldval); - return stream->num_val_fields + stream->num_idx_fields; + bool result; + if ( stream->num_val_fields > 0 ) // we have values + { + Ref(valval); + result = CallPred(stream->pred, 3, ev, predidx, valval); + } + else // no values + result = CallPred(stream->pred, 2, ev, predidx); + + if ( result == false ) + { + // do nothing + Unref(idxval); + Unref(valval); + Unref(oldval); + return stream->num_val_fields + stream->num_idx_fields; + } } } @@ -1538,28 +1583,34 @@ int Manager::PutTable(Stream* i, const Value* const *vals) { EnumVal* ev; int startpos = 0; - Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); + bool event_convert_error = false; + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, event_convert_error); - if ( updated ) - { - // in case of update send back the old value. - assert ( stream->num_val_fields > 0 ); - ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, - BifType::Enum::Input::Event); - assert ( oldval != 0 ); - SendEvent(stream->event, 4, stream->description->Ref(), - ev, predidx, oldval); - } + if ( event_convert_error ) + Unref(predidx); else { - ev = new EnumVal(BifEnum::Input::EVENT_NEW, - BifType::Enum::Input::Event); - if ( stream->num_val_fields == 0 ) + if ( updated ) + { + // in case of update send back the old value. + assert ( stream->num_val_fields > 0 ); + ev = new EnumVal(BifEnum::Input::EVENT_CHANGED, + BifType::Enum::Input::Event); + assert ( oldval != 0 ); SendEvent(stream->event, 4, stream->description->Ref(), - ev, predidx); + ev, predidx, oldval); + } else - SendEvent(stream->event, 4, stream->description->Ref(), - ev, predidx, valval->Ref()); + { + ev = new EnumVal(BifEnum::Input::EVENT_NEW, + BifType::Enum::Input::Event); + if ( stream->num_val_fields == 0 ) + SendEvent(stream->event, 4, stream->description->Ref(), + ev, predidx); + else + SendEvent(stream->event, 4, stream->description->Ref(), + ev, predidx, valval->Ref()); + } } } @@ -1612,29 +1663,42 @@ bool Manager::Delete(ReaderFrontend* reader, Value* *vals) if ( i->stream_type == TABLE_STREAM ) { TableStream* stream = (TableStream*) i; - Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals); + bool convert_error = false; + Val* idxval = ValueToIndexVal(i, stream->num_idx_fields, stream->itype, vals, convert_error); assert(idxval != 0); readVals = stream->num_idx_fields + stream->num_val_fields; bool streamresult = true; + if ( convert_error ) + { + Unref(idxval); + return false; + } + if ( stream->pred || stream->event ) { Val *val = stream->tab->Lookup(idxval); if ( stream->pred ) { - Ref(val); - EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); int startpos = 0; - Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos); + Val* predidx = ValueToRecordVal(i, vals, stream->itype, &startpos, convert_error); - streamresult = CallPred(stream->pred, 3, ev, predidx, val); - - if ( streamresult == false ) + if ( convert_error ) + Unref(predidx); + else { - // keep it. - Unref(idxval); - success = true; + Ref(val); + EnumVal *ev = new EnumVal(BifEnum::Input::EVENT_REMOVED, BifType::Enum::Input::Event); + + streamresult = CallPred(stream->pred, 3, ev, predidx, val); + + if ( streamresult == false ) + { + // keep it. + Unref(idxval); + success = true; + } } } @@ -1739,13 +1803,22 @@ bool Manager::SendEvent(ReaderFrontend* reader, const string& name, const int nu return false; } + bool convert_error = false; + val_list* vl = new val_list; for ( int j = 0; j < num_vals; j++) - vl->append(ValueToVal(i, vals[j], type->FieldType(j))); - - mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + vl->append(ValueToVal(i, vals[j], type->FieldType(j), convert_error)); delete_value_ptr_array(vals, num_vals); + + if ( convert_error ) + { + delete_vals(vl); + return false; + } + else + mgr.QueueEvent(handler, vl, SOURCE_LOCAL); + return true; } @@ -1817,7 +1890,7 @@ RecordVal* Manager::ListValToRecordVal(ListVal* list, RecordType *request_type, // Convert a threading value to a record value RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *vals, - RecordType *request_type, int* position) + RecordType *request_type, int* position, bool& have_error) { assert(position != 0); // we need the pointer to point to data. @@ -1826,7 +1899,7 @@ RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *v { Val* fieldVal = 0; if ( request_type->FieldType(i)->Tag() == TYPE_RECORD ) - fieldVal = ValueToRecordVal(stream, vals, request_type->FieldType(i)->AsRecordType(), position); + fieldVal = ValueToRecordVal(stream, vals, request_type->FieldType(i)->AsRecordType(), position, have_error); else if ( request_type->FieldType(i)->Tag() == TYPE_FILE || request_type->FieldType(i)->Tag() == TYPE_FUNC ) { @@ -1841,7 +1914,7 @@ RecordVal* Manager::ValueToRecordVal(const Stream* stream, const Value* const *v } else { - fieldVal = ValueToVal(stream, vals[*position], request_type->FieldType(i)); + fieldVal = ValueToVal(stream, vals[*position], request_type->FieldType(i), have_error); (*position)++; } @@ -2110,8 +2183,13 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals) } // convert threading value to Bro value -Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type) +// have_error is a reference to a boolean which is set to true as soon as an error occured. +// When have_error is set to true at the beginning of the function, it is assumed that +// an error already occured in the past and processing is aborted. +Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_type, bool& have_error) { + if ( have_error ) + return 0; if ( request_type->Tag() != TYPE_ANY && request_type->Tag() != val->type ) { @@ -2198,9 +2276,10 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ TableVal* t = new TableVal(s); for ( int j = 0; j < val->val.set_val.size; j++ ) { - Val* assignval = ValueToVal(i, val->val.set_val.vals[j], type); + Val* assignval = ValueToVal(i, val->val.set_val.vals[j], type, have_error); + t->Assign(assignval, 0); - Unref(assignval); // idex is not consumed by assign. + Unref(assignval); // index is not consumed by assign. } Unref(s); @@ -2214,7 +2293,9 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ VectorType* vt = new VectorType(type->Ref()); VectorVal* v = new VectorVal(vt); for ( int j = 0; j < val->val.vector_val.size; j++ ) - v->Assign(j, ValueToVal(i, val->val.set_val.vals[j], type)); + { + v->Assign(j, ValueToVal(i, val->val.set_val.vals[j], type, have_error)); + } Unref(vt); return v; @@ -2233,9 +2314,14 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, BroType* request_typ // but well. bro_int_t index = request_type->AsEnumType()->Lookup(module, var.c_str()); if ( index == -1 ) - reporter->InternalError("Value not '%s' for stream '%s' is not a valid enum.", + { + reporter->Error("Value not '%s' for stream '%s' is not a valid enum.", enum_string.c_str(), i->name.c_str()); + have_error = true; + return 0; + } + return new EnumVal(index, request_type->Ref()->AsEnumType()); } diff --git a/src/input/Manager.h b/src/input/Manager.h index 551eeaecf3..d61ed3a485 100644 --- a/src/input/Manager.h +++ b/src/input/Manager.h @@ -205,14 +205,14 @@ private: // Convert Threading::Value to an internal Bro Type (works also with // Records). - Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type); + Val* ValueToVal(const Stream* i, const threading::Value* val, BroType* request_type, bool& have_error); // Convert Threading::Value to an internal Bro List type. - Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals); + Val* ValueToIndexVal(const Stream* i, int num_fields, const RecordType* type, const threading::Value* const *vals, bool& have_error); // Converts a threading::value to a record type. Mostly used by // ValueToVal. - RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position); + RecordVal* ValueToRecordVal(const Stream* i, const threading::Value* const *vals, RecordType *request_type, int* position, bool& have_error); Val* RecordValToIndexVal(RecordVal *r); diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr new file mode 100644 index 0000000000..c8e56d4c21 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stderr @@ -0,0 +1,2 @@ +error: Value not 'IdoNot::Exist' for stream 'enum' is not a valid enum. +received termination signal diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout new file mode 100644 index 0000000000..e760668629 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.missing-enum/bro..stdout @@ -0,0 +1,4 @@ +Table: +{ + +} diff --git a/testing/btest/scripts/base/frameworks/input/missing-enum.bro b/testing/btest/scripts/base/frameworks/input/missing-enum.bro new file mode 100644 index 0000000000..0d37aae453 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/input/missing-enum.bro @@ -0,0 +1,37 @@ +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-diff bro/.stderr +# @TEST-EXEC: btest-diff bro/.stdout + +@TEST-START-FILE input.log +#fields e i +IdoNot::Exist 1 +@TEST-END-FILE + +redef exit_only_after_terminate = T; + +module A; + +type Idx: record { + i: int; +}; + +type Val: record { + e: Log::ID; +}; + +global etable: table[int] of Log::ID = table(); + +event bro_init() + { + # first read in the old stuff into the table... + Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]); + } + +event Input::end_of_data(name: string, source:string) + { + print "Table:"; + print etable; + Input::remove("enum"); + terminate(); + } From 1f33dd0c381a2ae3a6aeb38e5c61ac417eef038e Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 19 Mar 2015 15:59:49 -0700 Subject: [PATCH 093/121] add a basic leak test for an unparseable enum --- .../btest/core/leaks/input-missing-enum.bro | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 testing/btest/core/leaks/input-missing-enum.bro diff --git a/testing/btest/core/leaks/input-missing-enum.bro b/testing/btest/core/leaks/input-missing-enum.bro new file mode 100644 index 0000000000..66ecc7ae56 --- /dev/null +++ b/testing/btest/core/leaks/input-missing-enum.bro @@ -0,0 +1,41 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT +# @TEST-EXEC: btest-bg-wait 15 + +@TEST-START-FILE input.log +#fields e i +IdoNot::Exist 1 +@TEST-END-FILE + +redef exit_only_after_terminate = T; + +module A; + +type Idx: record { + i: int; +}; + +type Val: record { + e: Log::ID; +}; + +global etable: table[int] of Log::ID = table(); + +event bro_init() + { + # first read in the old stuff into the table... + Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]); + } + +event Input::end_of_data(name: string, source:string) + { + print "Table:"; + print etable; + Input::remove("enum"); + terminate(); + } From 8d4708300f908f8464cee478d8fe6ca94aa5bb9c Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Thu, 19 Mar 2015 16:14:59 -0700 Subject: [PATCH 094/121] fix failing sqlite leak test --- testing/btest/core/leaks/input-sqlite.bro | 69 ++++++++++++----------- 1 file changed, 35 insertions(+), 34 deletions(-) diff --git a/testing/btest/core/leaks/input-sqlite.bro b/testing/btest/core/leaks/input-sqlite.bro index 0de1069b5e..0683a074dc 100644 --- a/testing/btest/core/leaks/input-sqlite.bro +++ b/testing/btest/core/leaks/input-sqlite.bro @@ -26,6 +26,7 @@ CREATE TABLE conn ( 'resp_bytes' integer, 'conn_state' text, 'local_orig' boolean, +'local_resp' boolean, 'missed_bytes' integer, 'history' text, 'orig_pkts' integer, @@ -34,40 +35,40 @@ CREATE TABLE conn ( 'resp_ip_bytes' integer, 'tunnel_parents' text ); -INSERT INTO "conn" VALUES(1.30047516709653496744e+09,'dnGM1AdIVyh','141.142.220.202',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,73,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516709701204296e+09,'fv9q7WjEgp1','fe80::217:f2ff:fed7:cf65',5353,'ff02::fb',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,0,'D',1,199,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516709981608392e+09,'0Ox0H56yl88','141.142.220.50',5353,'224.0.0.251',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,0,'D',1,179,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885389900212e+09,'rvmSc7rDQub','141.142.220.118',43927,'141.142.2.2',53,'udp','dns',4.351139068603515625e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885437798497e+09,'ogkztouSArh','141.142.220.118',37676,'141.142.2.2',53,'udp','dns',4.20093536376953125e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885483694076e+09,'0UIDdXFt7Tb','141.142.220.118',40526,'141.142.2.2',53,'udp','dns',3.9196014404296875e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885795593258e+09,'WqFYV51UIq7','141.142.220.118',32902,'141.142.2.2',53,'udp','dns',3.17096710205078125e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885830593104e+09,'ylcqZpbz6K2','141.142.220.118',59816,'141.142.2.2',53,'udp','dns',3.430843353271484375e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885871291159e+09,'blhldTzA7Y6','141.142.220.118',59714,'141.142.2.2',53,'udp','dns',3.750324249267578125e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889164400098e+09,'Sc34cGJo3Kg','141.142.220.118',58206,'141.142.2.2',53,'udp','dns',3.39031219482421875e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889203691487e+09,'RzvFrfXSRfk','141.142.220.118',38911,'141.142.2.2',53,'udp','dns',3.349781036376953125e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889241409298e+09,'GaaFI58mpbe','141.142.220.118',59746,'141.142.2.2',53,'udp','dns',4.208087921142578125e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889398789407e+09,'tr7M6tvAIQa','141.142.220.118',45000,'141.142.2.2',53,'udp','dns',3.840923309326171875e-04,38,89,'SF',NULL,0,'Dd',1,66,1,117,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889442205426e+09,'gV0TcSc2pb4','141.142.220.118',48479,'141.142.2.2',53,'udp','dns',3.168582916259765625e-04,52,99,'SF',NULL,0,'Dd',1,80,1,127,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889478707315e+09,'MOG0z4PYOhk','141.142.220.118',48128,'141.142.2.2',53,'udp','dns',4.22954559326171875e-04,38,183,'SF',NULL,0,'Dd',1,66,1,211,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516890174889565e+09,'PlehgEduUyj','141.142.220.118',56056,'141.142.2.2',53,'udp','dns',4.022121429443359375e-04,36,131,'SF',NULL,0,'Dd',1,64,1,159,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516890219497676e+09,'4eZgk09f2Re','141.142.220.118',55092,'141.142.2.2',53,'udp','dns',3.740787506103515625e-04,36,198,'SF',NULL,0,'Dd',1,64,1,226,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516989943790432e+09,'3xwJPc7mQ9a','141.142.220.44',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,85,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517086238408089e+09,'yxTcvvTKWQ4','141.142.220.226',137,'141.142.220.255',137,'udp','dns',2.61301684379577636718e+00,350,0,'S0',NULL,0,'D',7,546,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517167537188525e+09,'8bLW3XNfhCj','fe80::3074:17d5:2052:c324',65373,'ff02::1:3',5355,'udp','dns',1.00096225738525390625e-01,66,0,'S0',NULL,0,'D',2,162,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517167708110807e+09,'rqjhiiRPjEe','141.142.220.226',55131,'224.0.0.252',5355,'udp','dns',1.00020885467529296875e-01,66,0,'S0',NULL,0,'D',2,122,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517311674904827e+09,'hTPyfL3QSGa','fe80::3074:17d5:2052:c324',54213,'ff02::1:3',5355,'udp','dns',9.980106353759765625e-02,66,0,'S0',NULL,0,'D',2,162,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517311736202235e+09,'EruUQ9AJRj4','141.142.220.226',55671,'224.0.0.252',5355,'udp','dns',9.98489856719970703125e-02,66,0,'S0',NULL,0,'D',2,122,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047517315367889406e+09,'sw1bKJOMjuk','141.142.220.238',56641,'141.142.220.255',137,'udp','dns',NULL,NULL,NULL,'S0',NULL,0,'D',1,78,0,0,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516872400689127e+09,'NPHCuyWykE7','141.142.220.118',48649,'208.80.152.118',80,'tcp','http',1.19904994964599609375e-01,525,232,'S1',NULL,0,'ShADad',4,741,3,396,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889293599126e+09,'VapPqRhPgJ4','141.142.220.118',50000,'208.80.152.3',80,'tcp','http',2.29603052139282226562e-01,1148,734,'S1',NULL,0,'ShADad',6,1468,4,950,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885916304588e+09,'3607hh8C3bc','141.142.220.118',49998,'208.80.152.3',80,'tcp','http',2.15893030166625976562e-01,1130,734,'S1',NULL,0,'ShADad',6,1450,4,950,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516885530495647e+09,'tgYMrIvzDSg','141.142.220.118',49996,'208.80.152.3',80,'tcp','http',2.1850109100341796875e-01,1171,733,'S1',NULL,0,'ShADad',6,1491,4,949,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516889526700977e+09,'xQsjPwNBrXd','141.142.220.118',50001,'208.80.152.3',80,'tcp','http',2.27283954620361328125e-01,1178,734,'S1',NULL,0,'ShADad',6,1498,4,950,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516890263509747e+09,'Ap3GzMI1vM9','141.142.220.118',35642,'208.80.152.2',80,'tcp','http',1.200408935546875e-01,534,412,'S1',NULL,0,'ShADad',4,750,3,576,'(empty)'); -INSERT INTO "conn" VALUES(1300475168.85533,'FTVcgrmNy52','141.142.220.118',49997,'208.80.152.3',80,'tcp','http',2.19720125198364257812e-01,1125,734,'S1',NULL,0,'ShADad',6,1445,4,950,'(empty)'); -INSERT INTO "conn" VALUES(1.30047516978033089643e+09,'1xFx4PGdeq5','141.142.220.235',6705,'173.192.163.128',80,'tcp',NULL,NULL,NULL,NULL,'OTH',NULL,0,'h',0,0,1,48,'(empty)'); -INSERT INTO "conn" VALUES(1.3004751686520030498e+09,'WIG1ud65z22','141.142.220.118',35634,'208.80.152.2',80,'tcp',NULL,6.1328887939453125e-02,463,350,'OTH',NULL,0,'DdA',2,567,1,402,'(empty)'); -INSERT INTO "conn" VALUES(1.3004751688929131031e+09,'o2gAkl4V7sa','141.142.220.118',49999,'208.80.152.3',80,'tcp','http',2.20960855484008789062e-01,1137,733,'S1',NULL,0,'ShADad',6,1457,4,949,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516709653496744e+09,'dnGM1AdIVyh','141.142.220.202',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,73,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516709701204296e+09,'fv9q7WjEgp1','fe80::217:f2ff:fed7:cf65',5353,'ff02::fb',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,199,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516709981608392e+09,'0Ox0H56yl88','141.142.220.50',5353,'224.0.0.251',5353,'udp',NULL,NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,179,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885389900212e+09,'rvmSc7rDQub','141.142.220.118',43927,'141.142.2.2',53,'udp','dns',4.351139068603515625e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885437798497e+09,'ogkztouSArh','141.142.220.118',37676,'141.142.2.2',53,'udp','dns',4.20093536376953125e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885483694076e+09,'0UIDdXFt7Tb','141.142.220.118',40526,'141.142.2.2',53,'udp','dns',3.9196014404296875e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885795593258e+09,'WqFYV51UIq7','141.142.220.118',32902,'141.142.2.2',53,'udp','dns',3.17096710205078125e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885830593104e+09,'ylcqZpbz6K2','141.142.220.118',59816,'141.142.2.2',53,'udp','dns',3.430843353271484375e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885871291159e+09,'blhldTzA7Y6','141.142.220.118',59714,'141.142.2.2',53,'udp','dns',3.750324249267578125e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889164400098e+09,'Sc34cGJo3Kg','141.142.220.118',58206,'141.142.2.2',53,'udp','dns',3.39031219482421875e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889203691487e+09,'RzvFrfXSRfk','141.142.220.118',38911,'141.142.2.2',53,'udp','dns',3.349781036376953125e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889241409298e+09,'GaaFI58mpbe','141.142.220.118',59746,'141.142.2.2',53,'udp','dns',4.208087921142578125e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889398789407e+09,'tr7M6tvAIQa','141.142.220.118',45000,'141.142.2.2',53,'udp','dns',3.840923309326171875e-04,38,89,'SF',NULL,NULL,0,'Dd',1,66,1,117,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889442205426e+09,'gV0TcSc2pb4','141.142.220.118',48479,'141.142.2.2',53,'udp','dns',3.168582916259765625e-04,52,99,'SF',NULL,NULL,0,'Dd',1,80,1,127,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889478707315e+09,'MOG0z4PYOhk','141.142.220.118',48128,'141.142.2.2',53,'udp','dns',4.22954559326171875e-04,38,183,'SF',NULL,NULL,0,'Dd',1,66,1,211,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516890174889565e+09,'PlehgEduUyj','141.142.220.118',56056,'141.142.2.2',53,'udp','dns',4.022121429443359375e-04,36,131,'SF',NULL,NULL,0,'Dd',1,64,1,159,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516890219497676e+09,'4eZgk09f2Re','141.142.220.118',55092,'141.142.2.2',53,'udp','dns',3.740787506103515625e-04,36,198,'SF',NULL,NULL,0,'Dd',1,64,1,226,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516989943790432e+09,'3xwJPc7mQ9a','141.142.220.44',5353,'224.0.0.251',5353,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,85,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517086238408089e+09,'yxTcvvTKWQ4','141.142.220.226',137,'141.142.220.255',137,'udp','dns',2.61301684379577636718e+00,350,0,'S0',NULL,NULL,0,'D',7,546,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517167537188525e+09,'8bLW3XNfhCj','fe80::3074:17d5:2052:c324',65373,'ff02::1:3',5355,'udp','dns',1.00096225738525390625e-01,66,0,'S0',NULL,NULL,0,'D',2,162,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517167708110807e+09,'rqjhiiRPjEe','141.142.220.226',55131,'224.0.0.252',5355,'udp','dns',1.00020885467529296875e-01,66,0,'S0',NULL,NULL,0,'D',2,122,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517311674904827e+09,'hTPyfL3QSGa','fe80::3074:17d5:2052:c324',54213,'ff02::1:3',5355,'udp','dns',9.980106353759765625e-02,66,0,'S0',NULL,NULL,0,'D',2,162,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517311736202235e+09,'EruUQ9AJRj4','141.142.220.226',55671,'224.0.0.252',5355,'udp','dns',9.98489856719970703125e-02,66,0,'S0',NULL,NULL,0,'D',2,122,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047517315367889406e+09,'sw1bKJOMjuk','141.142.220.238',56641,'141.142.220.255',137,'udp','dns',NULL,NULL,NULL,'S0',NULL,NULL,0,'D',1,78,0,0,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516872400689127e+09,'NPHCuyWykE7','141.142.220.118',48649,'208.80.152.118',80,'tcp','http',1.19904994964599609375e-01,525,232,'S1',NULL,NULL,0,'ShADad',4,741,3,396,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889293599126e+09,'VapPqRhPgJ4','141.142.220.118',50000,'208.80.152.3',80,'tcp','http',2.29603052139282226562e-01,1148,734,'S1',NULL,NULL,0,'ShADad',6,1468,4,950,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885916304588e+09,'3607hh8C3bc','141.142.220.118',49998,'208.80.152.3',80,'tcp','http',2.15893030166625976562e-01,1130,734,'S1',NULL,NULL,0,'ShADad',6,1450,4,950,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516885530495647e+09,'tgYMrIvzDSg','141.142.220.118',49996,'208.80.152.3',80,'tcp','http',2.1850109100341796875e-01,1171,733,'S1',NULL,NULL,0,'ShADad',6,1491,4,949,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516889526700977e+09,'xQsjPwNBrXd','141.142.220.118',50001,'208.80.152.3',80,'tcp','http',2.27283954620361328125e-01,1178,734,'S1',NULL,NULL,0,'ShADad',6,1498,4,950,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516890263509747e+09,'Ap3GzMI1vM9','141.142.220.118',35642,'208.80.152.2',80,'tcp','http',1.200408935546875e-01,534,412,'S1',NULL,NULL,0,'ShADad',4,750,3,576,'(empty)'); +INSERT INTO "conn" VALUES(1300475168.85533,'FTVcgrmNy52','141.142.220.118',49997,'208.80.152.3',80,'tcp','http',2.19720125198364257812e-01,1125,734,'S1',NULL,NULL,0,'ShADad',6,1445,4,950,'(empty)'); +INSERT INTO "conn" VALUES(1.30047516978033089643e+09,'1xFx4PGdeq5','141.142.220.235',6705,'173.192.163.128',80,'tcp',NULL,NULL,NULL,NULL,'OTH',NULL,NULL,0,'h',0,0,1,48,'(empty)'); +INSERT INTO "conn" VALUES(1.3004751686520030498e+09,'WIG1ud65z22','141.142.220.118',35634,'208.80.152.2',80,'tcp',NULL,6.1328887939453125e-02,463,350,'OTH',NULL,NULL,0,'DdA',2,567,1,402,'(empty)'); +INSERT INTO "conn" VALUES(1.3004751688929131031e+09,'o2gAkl4V7sa','141.142.220.118',49999,'208.80.152.3',80,'tcp','http',2.20960855484008789062e-01,1137,733,'S1',NULL,NULL,0,'ShADad',6,1457,4,949,'(empty)'); COMMIT; @TEST-END-FILE From f33e26242cb99a5d7074f586e6ec0b2ed690a81e Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 19 Mar 2015 21:43:07 -0400 Subject: [PATCH 095/121] SSH: Fix some edge-cases which created BinPAC exceptions --- src/analyzer/protocol/ssh/ssh-protocol.pac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac index 649db2c613..bbcd07d42e 100644 --- a/src/analyzer/protocol/ssh/ssh-protocol.pac +++ b/src/analyzer/protocol/ssh/ssh-protocol.pac @@ -6,17 +6,17 @@ # We have 3 basic types of messages: # # - SSH_Version messages just have a string with the banner string of the client or server -# - Encrypted messages have no usable data, but those never get passed in by SSH.cc +# - Encrypted messages have no usable data, so we'll just ignore them as best we can. # - Finally, key exchange messages have a common format. type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of { VERSION_EXCHANGE -> version : SSH_Version(is_orig); + ENCRYPTED -> encrypted : bytestring &length=1 &transient; default -> kex : SSH_Key_Exchange(is_orig); } &byteorder=bigendian; type SSH_Version(is_orig: bool) = record { version : bytestring &oneline; - pad : bytestring &length=0 &transient; } &let { update_state : bool = $context.connection.update_state(KEX_INIT, is_orig); update_version : bool = $context.connection.update_version(version, is_orig); From a119247dd3e56dc42b7689595ba53f2a590f3e02 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Thu, 19 Mar 2015 21:43:44 -0400 Subject: [PATCH 096/121] SSH: Ignore encrypted packets by default. --- scripts/base/protocols/ssh/main.bro | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 08f5eef38e..57f53a7125 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -49,8 +49,8 @@ export { ## If true, we tell the event engine to not look at further data ## packets after the initial SSH handshake. Helps with performance ## (especially with large file transfers) but precludes some - ## kinds of analyses. - const skip_processing_after_detection = F &redef; + ## kinds of analyses. Defaults to T. + const skip_processing_after_detection = T &redef; ## Event that can be handled to access the SSH record as it is sent on ## to the logging framework. From 0a7afab740fe81f39cc85d611b899279095823c3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Mar 2015 10:31:02 -0500 Subject: [PATCH 097/121] Add unit test to catch breaking changes to local.bro BIT-1207 #close --- CHANGES | 7 ++ VERSION | 2 +- testing/btest/scripts/site/local-compat.test | 100 +++++++++++++++++++ 3 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 testing/btest/scripts/site/local-compat.test diff --git a/CHANGES b/CHANGES index 595bab9f65..52d2d52541 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,11 @@ +2.3-562 | 2015-03-20 10:31:02 -0500 + + * BIT-1207: Add unit test to catch breaking changes to local.bro + (Jon Siwek) + + * Fix failing sqlite leak test (Johanna Amann) + 2.3-560 | 2015-03-19 13:17:39 -0500 * BIT-1255: Increase default values of diff --git a/VERSION b/VERSION index 33e07faf42..94e71b7279 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-560 +2.3-562 diff --git a/testing/btest/scripts/site/local-compat.test b/testing/btest/scripts/site/local-compat.test new file mode 100644 index 0000000000..6427bdc7ca --- /dev/null +++ b/testing/btest/scripts/site/local-compat.test @@ -0,0 +1,100 @@ +# @TEST-EXEC: bro local-`cat $DIST/VERSION | sed 's/\([0-9].[0-9]\).*/\1/g'`.bro + +# This tests the compatibility of the past release's site/local.bro +# script with the current version of Bro. If the test fails because +# it doesn't find the right file, that means everything stayed +# compatibile between releases, so just add a TEST-START-FILE with +# the contents the latest Bro version's site/local.bro script. +# If the test fails while loading the old local.bro, it usually +# indicates a note will need to be made in NEWS explaining to users +# how to migrate to the new version and this test's TEST-START-FILE +# should be updated with the latest contents of site/local.bro. + +@TEST-START-FILE local-2.3.bro +##! Local site policy. Customize as appropriate. +##! +##! This file will not be overwritten when upgrading or reinstalling! + +# This script logs which scripts were loaded during each run. +@load misc/loaded-scripts + +# Apply the default tuning scripts for common tuning settings. +@load tuning/defaults + +# Load the scan detection script. +@load misc/scan + +# Log some information about web applications being used by users +# on your network. +@load misc/app-stats + +# Detect traceroute being run on the network. +@load misc/detect-traceroute + +# Generate notices when vulnerable versions of software are discovered. +# The default is to only monitor software found in the address space defined +# as "local". Refer to the software framework's documentation for more +# information. +@load frameworks/software/vulnerable + +# Detect software changing (e.g. attacker installing hacked SSHD). +@load frameworks/software/version-changes + +# This adds signatures to detect cleartext forward and reverse windows shells. +@load-sigs frameworks/signatures/detect-windows-shells + +# Load all of the scripts that detect software in various protocols. +@load protocols/ftp/software +@load protocols/smtp/software +@load protocols/ssh/software +@load protocols/http/software +# The detect-webapps script could possibly cause performance trouble when +# running on live traffic. Enable it cautiously. +#@load protocols/http/detect-webapps + +# This script detects DNS results pointing toward your Site::local_nets +# where the name is not part of your local DNS zone and is being hosted +# externally. Requires that the Site::local_zones variable is defined. +@load protocols/dns/detect-external-names + +# Script to detect various activity in FTP sessions. +@load protocols/ftp/detect + +# Scripts that do asset tracking. +@load protocols/conn/known-hosts +@load protocols/conn/known-services +@load protocols/ssl/known-certs + +# This script enables SSL/TLS certificate validation. +@load protocols/ssl/validate-certs + +# This script prevents the logging of SSL CA certificates in x509.log +@load protocols/ssl/log-hostcerts-only + +# Uncomment the following line to check each SSL certificate hash against the ICSI +# certificate notary service; see http://notary.icsi.berkeley.edu . +# @load protocols/ssl/notary + +# If you have libGeoIP support built in, do some geographic detections and +# logging for SSH traffic. +@load protocols/ssh/geo-data +# Detect hosts doing SSH bruteforce attacks. +@load protocols/ssh/detect-bruteforcing +# Detect logins using "interesting" hostnames. +@load protocols/ssh/interesting-hostnames + +# Detect SQL injection attacks. +@load protocols/http/detect-sqli + +#### Network File Handling #### + +# Enable MD5 and SHA1 hashing for all files. +@load frameworks/files/hash-all-files + +# Detect SHA1 sums in Team Cymru's Malware Hash Registry. +@load frameworks/files/detect-MHR + +# Uncomment the following line to enable detection of the heartbleed attack. Enabling +# this might impact performance a bit. +# @load policy/protocols/ssl/heartbleed +@TEST-END-FILE From 792dedf718b9e7cc5ea4edf918b4bab2e16a5f35 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Mar 2015 10:46:25 -0500 Subject: [PATCH 098/121] Updating submodule(s). [nomail] --- aux/plugins | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/plugins b/aux/plugins index 172e0559ec..7a14085394 160000 --- a/aux/plugins +++ b/aux/plugins @@ -1 +1 @@ -Subproject commit 172e0559ec508c86abb81b371ee28e79130faec6 +Subproject commit 7a14085394e54a950e477eb4fafb3827ff8dbdc3 From df6001533385b04548e34efe0ddc2255ec2e4204 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Mar 2015 11:08:31 -0500 Subject: [PATCH 099/121] Remove "unmatched_HTTP_reply" weird. BIT-725 #close --- CHANGES | 4 +++ NEWS | 4 +++ VERSION | 2 +- src/analyzer/protocol/http/HTTP.cc | 4 +-- .../weird.log | 27 ++----------------- 5 files changed, 12 insertions(+), 29 deletions(-) diff --git a/CHANGES b/CHANGES index 52d2d52541..00e6a35c63 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.3-564 | 2015-03-20 11:12:02 -0500 + + * BIT-725: Remove "unmatched_HTTP_reply" weird. (Jon Siwek) + 2.3-562 | 2015-03-20 10:31:02 -0500 * BIT-1207: Add unit test to catch breaking changes to local.bro diff --git a/NEWS b/NEWS index 4d1539b33c..17c167ba39 100644 --- a/NEWS +++ b/NEWS @@ -102,6 +102,10 @@ Changed Functionality - [TODO] Add changed BroControl features. +- The weird named "unmatched_HTTP_reply" has been removed since it can + be detected at the script-layer and is handled correctly by the + default HTTP scripts. + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 94e71b7279..db48ace9dc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-562 +2.3-564 diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index 924c958e43..c8d62aa379 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -985,9 +985,7 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) { ++num_replies; - if ( unanswered_requests.empty() ) - Weird("unmatched_HTTP_reply"); - else + if ( ! unanswered_requests.empty() ) ProtocolConfirmation(); reply_state = EXPECT_REPLY_MESSAGE; diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log index 9b9ba53885..1721f8f79f 100644 --- a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log @@ -3,56 +3,33 @@ #empty_field (empty) #unset_field - #path weird -#open 2013-08-26-19-04-10 +#open 2015-03-20-16-03-02 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer #types time string addr port addr port string string bool string 1354328874.278822 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro -1354328874.299063 CCvvfg3TEfuqmmG4bh 128.2.6.136 46564 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328874.321792 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro -1354328874.342591 CsRx2w45OKnoww6xl4 128.2.6.136 46565 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328882.908690 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro -1354328882.928027 CIPOse170MGiRM1Qf4 128.2.6.136 46569 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328882.949510 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro -1354328882.968948 C7XEbhP654jzLoe3a 128.2.6.136 46570 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328887.094494 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro -1354328887.114613 CMXxB5GvmoxJFXdTa 128.2.6.136 46572 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328891.141058 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F bro -1354328891.161077 Caby8b1slFea8xwSmb 128.2.6.136 46573 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328891.183942 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request - F bro -1354328891.204740 Che1bq3i2rO3KD1Syg 128.2.6.136 46574 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328891.226199 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro -1354328891.245592 C3SfNE4BWaU4aSuwkc 128.2.6.136 46575 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328891.267625 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro -1354328891.287655 CEle3f3zno26fFZkrh 128.2.6.136 46576 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328891.309065 CwSkQu4eWZCH7OONC1 128.2.6.136 46577 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328895.355012 CfTOmO0HKorjr8Zp7 128.2.6.136 46578 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328895.396634 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro -1354328895.416133 CzA03V1VcgagLjnO92 128.2.6.136 46579 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328895.438812 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro -1354328895.459490 CyAhVIzHqb7t7kv28 128.2.6.136 46580 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328895.480865 Cab0vO1xNYSS2hJkle 128.2.6.136 46581 173.194.75.103 80 unknown_HTTP_method CCM_POST F bro 1354328903.614145 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro -1354328903.634196 CkDsfG2YIeWJmXWNWj 128.2.6.136 46584 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328903.656369 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro -1354328903.676395 CUKS0W3HFYOnBqSE5e 128.2.6.136 46585 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328911.832856 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro -1354328911.853464 CojBOU3CXcLHl1r6x1 128.2.6.136 46589 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328911.876341 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro -1354328911.897044 CJzVQRGJrX6V15ik7 128.2.6.136 46590 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328920.052085 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro -1354328920.072101 CBQnJn22qN8TOeeZil 128.2.6.136 46594 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328920.094072 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro -1354328920.114526 CbEsuD3dgDDngdlbKf 128.2.6.136 46595 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328924.266693 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.287402 Cnkr172qPtDAaK7Xd 128.2.6.136 46599 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328924.308714 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.328257 CcxZj6188NwHGl3a16 128.2.6.136 46600 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328924.476011 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.496732 COTmF91mGWcb4zV7W5 128.2.6.136 46604 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328924.518204 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro -1354328924.537671 CuChlg202P8sUFuXrg 128.2.6.136 46605 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328932.734579 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro -1354328932.754657 CY93mM3aViMiLKuSw3 128.2.6.136 46609 173.194.75.103 80 unmatched_HTTP_reply - F bro 1354328932.776609 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro -1354328932.796568 CXgISq6dA2DVPzqp9 128.2.6.136 46610 173.194.75.103 80 unmatched_HTTP_reply - F bro -#close 2013-08-26-19-04-10 +#close 2015-03-20-16-03-02 From 739b2956111e5c768f74afae5fbce0c15f6555fb Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Mar 2015 16:27:41 -0500 Subject: [PATCH 100/121] Improve documentation of 'for' loop iterator invalidation. BIT-978 #close --- CHANGES | 5 +++++ VERSION | 2 +- doc/script-reference/statements.rst | 5 ++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 00e6a35c63..9b660c820c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-565 | 2015-03-20 16:27:41 -0500 + + * BIT-978: Improve documentation of 'for' loop iterator invalidation. + (Jon Siwek) + 2.3-564 | 2015-03-20 11:12:02 -0500 * BIT-725: Remove "unmatched_HTTP_reply" weird. (Jon Siwek) diff --git a/VERSION b/VERSION index db48ace9dc..f5fd3f5bdd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-564 +2.3-565 diff --git a/doc/script-reference/statements.rst b/doc/script-reference/statements.rst index 2eeb1940e7..bf607ad0f9 100644 --- a/doc/script-reference/statements.rst +++ b/doc/script-reference/statements.rst @@ -294,7 +294,10 @@ Here are the statements that the Bro scripting language supports. .. bro:keyword:: for A "for" loop iterates over each element in a string, set, vector, or - table and executes a statement for each iteration. + table and executes a statement for each iteration. Currently, + modifying a container's membership while iterating over it may + result in undefined behavior, so avoid adding or removing elements + inside the loop. For each iteration of the loop, a loop variable will be assigned to an element if the expression evaluates to a string or set, or an index if From 4e5a3c8eb9ebcf586a693515a736624bc0537717 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Mar 2015 09:51:20 -0500 Subject: [PATCH 101/121] Updating submodule(s). [nomail] --- CHANGES | 6 ++++++ VERSION | 2 +- aux/broctl | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 9b660c820c..31ddf762eb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.3-570 | 2015-03-23 09:51:20 -0500 + + * Correct a spelling error (Daniel Thayer) + + * Improvement to SSL analyzer failure mode. (Johanna Amann) + 2.3-565 | 2015-03-20 16:27:41 -0500 * BIT-978: Improve documentation of 'for' loop iterator invalidation. diff --git a/VERSION b/VERSION index f5fd3f5bdd..c93efbe579 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-565 +2.3-570 diff --git a/aux/broctl b/aux/broctl index 71c86d87ff..82ba7ff6bf 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 71c86d87ffd1750278a185ecff0ba5f5ae8fcf6e +Subproject commit 82ba7ff6bfb17b9db0990e9b1d66be5d836e8b39 From 0b6e22575832f2a51b422bc0a42a4277f46af46d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Mar 2015 10:43:00 -0500 Subject: [PATCH 102/121] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index 82ba7ff6bf..df2f22d433 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 82ba7ff6bfb17b9db0990e9b1d66be5d836e8b39 +Subproject commit df2f22d43389f5d8ab00a1ded3add3094a2c6ccd From dbf58be0e5f38dbbbd1733bb00dd62d1e930e8b0 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 23 Mar 2015 13:04:53 -0500 Subject: [PATCH 103/121] Fix an example in quickstart docs. BIT-1226 #close --- CHANGES | 4 ++ VERSION | 2 +- doc/quickstart/conditional-notice.bro | 24 +++++++++ doc/quickstart/index.rst | 54 +++++++++---------- .../btest-doc.sphinx.conditional-notice#1 | 26 +++++++++ .../output | 28 ++++++++++ .../btest/doc/sphinx/conditional-notice.btest | 2 + ...oc_quickstart_conditional-notice_bro.btest | 28 ++++++++++ 8 files changed, 137 insertions(+), 31 deletions(-) create mode 100644 doc/quickstart/conditional-notice.bro create mode 100644 testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1 create mode 100644 testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output create mode 100644 testing/btest/doc/sphinx/conditional-notice.btest create mode 100644 testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest diff --git a/CHANGES b/CHANGES index 31ddf762eb..08a6fff2cf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.3-572 | 2015-03-23 13:04:53 -0500 + + * BIT-1226: Fix an example in quickstart docs. (Jon siwek) + 2.3-570 | 2015-03-23 09:51:20 -0500 * Correct a spelling error (Daniel Thayer) diff --git a/VERSION b/VERSION index c93efbe579..3ade82ed0d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-570 +2.3-572 diff --git a/doc/quickstart/conditional-notice.bro b/doc/quickstart/conditional-notice.bro new file mode 100644 index 0000000000..8cc01787c9 --- /dev/null +++ b/doc/quickstart/conditional-notice.bro @@ -0,0 +1,24 @@ +@load protocols/ssl/expiring-certs + +const watched_servers: set[addr] = { + 87.98.220.10, +} &redef; + +# Site::local_nets usually isn't something you need to modify if +# BroControl automatically sets it up from networks.cfg. It's +# shown here for completeness. +redef Site::local_nets += { + 87.98.0.0/16, +}; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note != SSL::Certificate_Expired ) + return; + + if ( n$id$resp_h !in watched_servers ) + return; + + add n$actions[Notice::ACTION_EMAIL]; + } + diff --git a/doc/quickstart/index.rst b/doc/quickstart/index.rst index bb642ee75a..616c94c261 100644 --- a/doc/quickstart/index.rst +++ b/doc/quickstart/index.rst @@ -156,9 +156,11 @@ changes we want to make: notice that means an SSL connection was established and the server's certificate couldn't be validated using Bro's default trust roots, but we want to ignore it. -2) ``SSH::Login`` is a notice type that is triggered when an SSH connection - attempt looks like it may have been successful, and we want email when - that happens, but only for certain servers. +2) ``SSL::Certificate_Expired`` is a notice type that is triggered when + an SSL connection was established using an expired certificate. We + want email when that happens, but only for certain servers on the + local network (Bro can also proactively monitor for certs that will + soon expire, but this is just for demonstration purposes). We've defined *what* we want to do, but need to know *where* to do it. The answer is to use a script written in the Bro programming language, so @@ -203,7 +205,7 @@ the variable's value may not change at run-time, but whose initial value can be modified via the ``redef`` operator at parse-time. Let's continue on our path to modify the behavior for the two SSL -and SSH notices. Looking at :doc:`/scripts/base/frameworks/notice/main.bro`, +notices. Looking at :doc:`/scripts/base/frameworks/notice/main.bro`, we see that it advertises: .. code:: bro @@ -216,7 +218,7 @@ we see that it advertises: const ignored_types: set[Notice::Type] = {} &redef; } -That's exactly what we want to do for the SSL notice. Add to ``local.bro``: +That's exactly what we want to do for the first notice. Add to ``local.bro``: .. code:: bro @@ -248,38 +250,30 @@ is valid before installing it and then restarting the Bro instance: stopping bro ... starting bro ... -Now that the SSL notice is ignored, let's look at how to send an email on -the SSH notice. The notice framework has a similar option called -``emailed_types``, but using that would generate email for all SSH servers and -we only want email for logins to certain ones. There is a ``policy`` hook -that is actually what is used to implement the simple functionality of -``ignored_types`` and -``emailed_types``, but it's extensible such that the condition and action taken -on notices can be user-defined. +Now that the SSL notice is ignored, let's look at how to send an email +on the other notice. The notice framework has a similar option called +``emailed_types``, but using that would generate email for all SSL +servers with expired certificates and we only want email for connections +to certain ones. There is a ``policy`` hook that is actually what is +used to implement the simple functionality of ``ignored_types`` and +``emailed_types``, but it's extensible such that the condition and +action taken on notices can be user-defined. -In ``local.bro``, let's define a new ``policy`` hook handler body -that takes the email action for SSH logins only for a defined set of servers: +In ``local.bro``, let's define a new ``policy`` hook handler body: -.. code:: bro +.. btest-include:: ${DOC_ROOT}/quickstart/conditional-notice.bro - const watched_servers: set[addr] = { - 192.168.1.100, - 192.168.1.101, - 192.168.1.102, - } &redef; +.. btest:: conditional-notice - hook Notice::policy(n: Notice::Info) - { - if ( n$note == SSH::SUCCESSFUL_LOGIN && n$id$resp_h in watched_servers ) - add n$actions[Notice::ACTION_EMAIL]; - } + @TEST-EXEC: btest-rst-cmd bro -r ${TRACES}/tls/tls-expired-cert.trace ${DOC_ROOT}/quickstart/conditional-notice.bro + @TEST-EXEC: btest-rst-cmd cat notice.log You'll just have to trust the syntax for now, but what we've done is first declare our own variable to hold a set of watched addresses, -``watched_servers``; then added a hook handler body to the policy that will -generate an email whenever the notice type is an SSH login and the responding -host stored -inside the ``Info`` record's connection field is in the set of watched servers. +``watched_servers``; then added a hook handler body to the policy that +will generate an email whenever the notice type is an SSL expired +certificate and the responding host stored inside the ``Info`` record's +connection field is in the set of watched servers. .. note:: Record field member access is done with the '$' character instead of a '.' as might be expected from other languages, in diff --git a/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1 b/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1 new file mode 100644 index 0000000000..7217abc421 --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1 @@ -0,0 +1,26 @@ +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -r tls/tls-expired-cert.trace conditional-notice.bro + +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat notice.log + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path notice + #open 2015-03-23-18-03-21 + #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude + #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double + 1394745603.293028 CXWv6p3arKYeMETxOg 192.168.4.149 60539 87.98.220.10 443 F1fX1R2cDOzbvg17ye - - tcp SSL::Certificate_Expired Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000 - 192.168.4.149 87.98.220.10 443 - bro Notice::ACTION_EMAIL,Notice::ACTION_LOG 86400.000000 F - - - - - + #close 2015-03-23-18-03-21 + diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output new file mode 100644 index 0000000000..8412154ec4 --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.include-doc_quickstart_conditional-notice_bro/output @@ -0,0 +1,28 @@ +# @TEST-EXEC: cat %INPUT >output && btest-diff output + +conditional-notice.bro + +@load protocols/ssl/expiring-certs + +const watched_servers: set[addr] = { + 87.98.220.10, +} &redef; + +# Site::local_nets usually isn't something you need to modify if +# BroControl automatically sets it up from networks.cfg. It's +# shown here for completeness. +redef Site::local_nets += { + 87.98.0.0/16, +}; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note != SSL::Certificate_Expired ) + return; + + if ( n$id$resp_h !in watched_servers ) + return; + + add n$actions[Notice::ACTION_EMAIL]; + } + diff --git a/testing/btest/doc/sphinx/conditional-notice.btest b/testing/btest/doc/sphinx/conditional-notice.btest new file mode 100644 index 0000000000..ff3eea1132 --- /dev/null +++ b/testing/btest/doc/sphinx/conditional-notice.btest @@ -0,0 +1,2 @@ +@TEST-EXEC: btest-rst-cmd bro -r ${TRACES}/tls/tls-expired-cert.trace ${DOC_ROOT}/quickstart/conditional-notice.bro +@TEST-EXEC: btest-rst-cmd cat notice.log diff --git a/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest b/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest new file mode 100644 index 0000000000..8412154ec4 --- /dev/null +++ b/testing/btest/doc/sphinx/include-doc_quickstart_conditional-notice_bro.btest @@ -0,0 +1,28 @@ +# @TEST-EXEC: cat %INPUT >output && btest-diff output + +conditional-notice.bro + +@load protocols/ssl/expiring-certs + +const watched_servers: set[addr] = { + 87.98.220.10, +} &redef; + +# Site::local_nets usually isn't something you need to modify if +# BroControl automatically sets it up from networks.cfg. It's +# shown here for completeness. +redef Site::local_nets += { + 87.98.0.0/16, +}; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note != SSL::Certificate_Expired ) + return; + + if ( n$id$resp_h !in watched_servers ) + return; + + add n$actions[Notice::ACTION_EMAIL]; + } + From 1dbc5ed523700c5cb8375cf7f0cc6e16e88f52af Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Mon, 23 Mar 2015 11:22:47 -0700 Subject: [PATCH 104/121] bro -B now supports "all" and "help" for . "all" enables all debug streams. "help" prints a list of available debug streams. Based on patch by John Donnelly. BIT-1313 #merged --- CHANGES | 21 ++++++++++++++ NEWS | 2 ++ VERSION | 2 +- src/DebugLogger.cc | 69 +++++++++++++++++++++++++++++++++++++++------- src/DebugLogger.h | 2 ++ src/main.cc | 2 +- 6 files changed, 86 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index 31ddf762eb..e6d704e89e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,25 @@ +2.3-582 | 2015-03-23 11:34:25 -0700 + + * BIT-1313: In debug builds, "bro -B " now supports "all" and + "help" for "". "all" enables all debug streams. "help" prints a + list of available debug streams. (John Donnelly/Robin Sommer). + + * BIT-1324: Allow logging filters to inherit default path from + stream. This allows the path for the default filter to be + specified explicitly through $path="..." when creating a stream. + Adapted the existing Log::create_stream calls to explicitly + specify a path value. (Jon Siwek) + + * BIT-1199: Change the way the input framework deals with values it + cannot convert into BroVals, raising error messages instead of + aborting execution. (Johanna Amann) + + * BIT-788: Use DNS QR field to better identify flow direction. (Jon + Siwek) + + * BIT-342: Add "icmp_sent_payload" event. (Jon Siwek) + 2.3-570 | 2015-03-23 09:51:20 -0500 * Correct a spelling error (Daniel Thayer) diff --git a/NEWS b/NEWS index df1b71ba20..e49d4ed834 100644 --- a/NEWS +++ b/NEWS @@ -61,6 +61,8 @@ New Functionality - [TODO] Add new BroControl features. +- A new icmp_sent_payload event provides access to ICMP payload. + Changed Functionality --------------------- diff --git a/VERSION b/VERSION index c93efbe579..964d3f0583 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-570 +2.3-582 diff --git a/src/DebugLogger.cc b/src/DebugLogger.cc index 3ce5d92888..4e3dba9d81 100644 --- a/src/DebugLogger.cc +++ b/src/DebugLogger.cc @@ -55,32 +55,81 @@ DebugLogger::~DebugLogger() fclose(file); } +void DebugLogger::ShowStreamsHelp() + { + fprintf(stderr, "\n"); + fprintf(stderr, "Enable debug output into debug.log with -B .\n"); + fprintf(stderr, " is a comma-separated list of streams to enable.\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Available streams:\n"); + + for ( int i = 0; i < NUM_DBGS; ++i ) + fprintf(stderr," %s\n", streams[i].prefix); + + fprintf(stderr, "\n"); + fprintf(stderr, " plugin- (replace '::' in name with '-'; e.g., '-B plugin-Bro-Netmap')\n"); + fprintf(stderr, "\n"); + fprintf(stderr, "Pseudo streams\n"); + fprintf(stderr, " verbose Increase verbosity.\n"); + fprintf(stderr, " all Enable all streams at maximum verbosity.\n"); + fprintf(stderr, "\n"); + } + void DebugLogger::EnableStreams(const char* s) { - char* tmp = copy_string(s); char* brkt; + char* tmp = copy_string(s); char* tok = strtok(tmp, ","); while ( tok ) { + if ( strcasecmp("all", tok) == 0 ) + { + for ( int i = 0; i < NUM_DBGS; ++i ) + { + streams[i].enabled = true; + enabled_streams.insert(streams[i].prefix); + } + + verbose = true; + goto next; + } + + if ( strcasecmp("verbose", tok) == 0 ) + { + verbose = true; + goto next; + } + + if ( strcasecmp("help", tok) == 0 ) + { + ShowStreamsHelp(); + exit(0); + } + + if ( strncmp(tok, "plugin-", strlen("plugin-")) == 0 ) + { + // Cannot verify this at this time, plugins may not + // have been loaded. + enabled_streams.insert(tok); + goto next; + } + int i; + for ( i = 0; i < NUM_DBGS; ++i ) + { if ( strcasecmp(streams[i].prefix, tok) == 0 ) { streams[i].enabled = true; - break; + enabled_streams.insert(tok); + goto next; } - - if ( i == NUM_DBGS ) - { - if ( strcasecmp("verbose", tok) == 0 ) - verbose = true; - else if ( strncmp(tok, "plugin-", 7) != 0 ) - reporter->FatalError("unknown debug stream %s\n", tok); } - enabled_streams.insert(tok); + reporter->FatalError("unknown debug stream '%s', try -B help.\n", tok); +next: tok = strtok(0, ","); } diff --git a/src/DebugLogger.h b/src/DebugLogger.h index 13124657e7..ca947ff03a 100644 --- a/src/DebugLogger.h +++ b/src/DebugLogger.h @@ -78,6 +78,8 @@ public: void SetVerbose(bool arg_verbose) { verbose = arg_verbose; } bool IsVerbose() const { return verbose; } + void ShowStreamsHelp(); + private: FILE* file; bool verbose; diff --git a/src/main.cc b/src/main.cc index fb48bdc14a..24c19c19d9 100644 --- a/src/main.cc +++ b/src/main.cc @@ -188,7 +188,7 @@ void usage() fprintf(stderr, " -x|--print-state | print contents of state file\n"); fprintf(stderr, " -z|--analyze | run the specified policy file analysis\n"); #ifdef DEBUG - fprintf(stderr, " -B|--debug | Enable debugging output for selected streams\n"); + fprintf(stderr, " -B|--debug | Enable debugging output for selected streams ('-B help' for help)\n"); #endif fprintf(stderr, " -C|--no-checksums | ignore checksums\n"); fprintf(stderr, " -D|--dfa-size | DFA state cache size\n"); From e6aee5e159422e0480179ba0be25828aea4f0f4e Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Tue, 24 Mar 2015 22:34:45 -0400 Subject: [PATCH 105/121] SSH: Add 22/tcp to likely_server_ports --- scripts/base/protocols/ssh/main.bro | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 57f53a7125..1dd49d7004 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -76,6 +76,8 @@ redef record connection += { ssh: Info &optional; }; +redef likely_server_ports += { 22/tcp }; + event bro_init() &priority=5 { Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]); From 75d7f3414f140b997677e8530900b3529ca8bce3 Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Wed, 25 Mar 2015 12:37:04 -0400 Subject: [PATCH 106/121] SSH: Register analyzer for 22/tcp. --- scripts/base/protocols/ssh/main.bro | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 1dd49d7004..a052eeec1e 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -76,10 +76,12 @@ redef record connection += { ssh: Info &optional; }; -redef likely_server_ports += { 22/tcp }; +const ports = { 22/tcp }; +redef likely_server_ports += { ports }; event bro_init() &priority=5 { + Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports); Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]); } From b348f683ff9c0ff026171fa670f8c936c8f77a3f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 25 Mar 2015 10:23:46 -0700 Subject: [PATCH 107/121] Updating submodule(s). [nomail] --- CHANGES | 2 +- VERSION | 2 +- aux/bro-aux | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 185853896d..cdd8457627 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.3-599 | 2015-03-25 10:14:57 -0700 +2.3-600 | 2015-03-25 10:23:46 -0700 * Add defensive checks in code to calculate log rotation intervals. (Pete Nelson). diff --git a/VERSION b/VERSION index d12f607b2f..82128c2468 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-599 +2.3-600 diff --git a/aux/bro-aux b/aux/bro-aux index 52b273db79..462e300bf9 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 52b273db79298daf5024d2d3d94824e7ab73a782 +Subproject commit 462e300bf9c37dcc39b70a4c2d89d19f7351c804 From b9e2b7bef924d07b8a5555430a07f8b77e47da31 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 25 Mar 2015 11:53:33 -0700 Subject: [PATCH 108/121] Log::write in signature framework was missing ts (Andrew Benson/Michel Laterman) BIT-1354 #close --- CHANGES | 5 +++++ VERSION | 2 +- scripts/base/frameworks/signatures/main.bro | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 49b942fc85..033ceef5b3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-632 | 2015-03-25 11:58:58 -0700 + + * Log::write in signature framework was missing timestamp. + (Andrew Benson/Michel Laterman) + 2.3-631 | 2015-03-25 11:03:12 -0700 * New SSH analyzer. (Vlad Grigorescu) diff --git a/VERSION b/VERSION index 029742c5c6..409e1d8e2c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-631 +2.3-632 diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro index c0b57ba508..51d01f8f34 100644 --- a/scripts/base/frameworks/signatures/main.bro +++ b/scripts/base/frameworks/signatures/main.bro @@ -277,7 +277,7 @@ event signature_match(state: signature_state, msg: string, data: string) orig, sig_id, hcount); Log::write(Signatures::LOG, - [$note=Multiple_Sig_Responders, + [$ts=network_time(), $note=Multiple_Sig_Responders, $src_addr=orig, $sig_id=sig_id, $event_msg=msg, $host_count=hcount, $sub_msg=horz_scan_msg]); From 4f5217938bb34f947552ba1f52d6e6d24a5903f5 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 25 Mar 2015 18:32:59 -0700 Subject: [PATCH 109/121] Updating submodule [nomail] --- CHANGES | 2 +- VERSION | 2 +- src/3rdparty | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 033ceef5b3..7acd445182 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,5 @@ -2.3-632 | 2015-03-25 11:58:58 -0700 +2.3-633 | 2015-03-25 18:32:59 -0700 * Log::write in signature framework was missing timestamp. (Andrew Benson/Michel Laterman) diff --git a/VERSION b/VERSION index 409e1d8e2c..b163797bbf 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-632 +2.3-633 diff --git a/src/3rdparty b/src/3rdparty index f2e34d731e..d4c305df93 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit f2e34d731ed29bb993fbb065846faa342a8c824f +Subproject commit d4c305df93d555ab468dbad4a5b69412bf44a833 From fc190eb9f1498dd060839cf094fd447ae5272ac0 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 10:22:45 -0500 Subject: [PATCH 110/121] Add a canonifier to a unit test's output. --- CHANGES | 4 ++++ VERSION | 2 +- testing/btest/core/check-unused-event-handlers.test | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 7acd445182..a739fa1564 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.3-634 | 2015-03-30 10:22:45 -0500 + + * Add a canonifier to a unit test's output. (Jon Siwek) + 2.3-633 | 2015-03-25 18:32:59 -0700 * Log::write in signature framework was missing timestamp. diff --git a/VERSION b/VERSION index b163797bbf..05ca34c4b0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-633 +2.3-634 diff --git a/testing/btest/core/check-unused-event-handlers.test b/testing/btest/core/check-unused-event-handlers.test index f9ad105ff6..3836414054 100644 --- a/testing/btest/core/check-unused-event-handlers.test +++ b/testing/btest/core/check-unused-event-handlers.test @@ -1,6 +1,6 @@ # This test should print a warning that the event handler is never invoked. # @TEST-EXEC: bro -b %INPUT check_for_unused_event_handlers=T -# @TEST-EXEC: btest-diff .stderr +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stderr event this_is_never_used() { From 97962d25f2de3b95255f04c2b4c4f6cf7870a1ba Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 11:02:45 -0500 Subject: [PATCH 111/121] Fix outdated documentation unit tests. --- CHANGES | 4 ++++ VERSION | 2 +- .../output | 2 +- .../doc.sphinx.include-doc_mimestats_mimestats_bro@4/output | 2 +- .../output | 2 +- .../output | 2 +- .../output | 2 +- .../sphinx/include-doc_frameworks_broker_testlog_bro.btest | 2 +- .../doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest | 2 +- ...ude-doc_scripting_framework_logging_factorial_02_bro.btest | 2 +- ...ude-doc_scripting_framework_logging_factorial_03_bro.btest | 2 +- ...ude-doc_scripting_framework_logging_factorial_04_bro.btest | 2 +- 12 files changed, 15 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index a739fa1564..160ec42f8b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.3-635 | 2015-03-30 11:02:45 -0500 + + * Fix outdated documentation unit tests. (Jon Siwek) + 2.3-634 | 2015-03-30 10:22:45 -0500 * Add a canonifier to a unit test's output. (Jon Siwek) diff --git a/VERSION b/VERSION index 05ca34c4b0..49259bdc23 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-634 +2.3-635 diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output index e60bd18ecb..da2261ebc4 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_broker_testlog_bro/output @@ -19,5 +19,5 @@ export { event bro_init() &priority=5 { BrokerComm::enable(); - Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]); + Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test, $path="test"]); } diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output b/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output index 0e97a0b14e..10c7b6bb34 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_mimestats_mimestats_bro@4/output @@ -34,7 +34,7 @@ export { event bro_init() &priority=3 { - Log::create_stream(MimeMetrics::LOG, [$columns=Info]); + Log::create_stream(MimeMetrics::LOG, [$columns=Info, $path="mime_metrics"]); local r1: SumStats::Reducer = [$stream="mime.bytes", $apply=set(SumStats::SUM)]; local r2: SumStats::Reducer = [$stream="mime.hits", diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output index 34af08d8f1..19932699b6 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output @@ -27,7 +27,7 @@ function factorial(n: count): count event bro_init() { # Create the logging stream. - Log::create_stream(LOG, [$columns=Info]); + Log::create_stream(LOG, [$columns=Info, $path="factor"]); } event bro_done() diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output index 631875ba2a..d5d1c23b2b 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output @@ -4,7 +4,7 @@ framework_logging_factorial_03.bro event bro_init() { - Log::create_stream(LOG, [$columns=Info]); + Log::create_stream(LOG, [$columns=Info, $path="factor"]); local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5]; Log::add_filter(Factor::LOG, filter); diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output index 035f8d90bc..c0f8d8ddac 100644 --- a/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output @@ -26,7 +26,7 @@ function factorial(n: count): count event bro_init() { - Log::create_stream(LOG, [$columns=Info, $ev=log_factor]); + Log::create_stream(LOG, [$columns=Info, $ev=log_factor, $path="factor"]); } event bro_done() diff --git a/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest b/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest index e60bd18ecb..da2261ebc4 100644 --- a/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_frameworks_broker_testlog_bro.btest @@ -19,5 +19,5 @@ export { event bro_init() &priority=5 { BrokerComm::enable(); - Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test]); + Log::create_stream(Test::LOG, [$columns=Test::Info, $ev=log_test, $path="test"]); } diff --git a/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest b/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest index 0e97a0b14e..10c7b6bb34 100644 --- a/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest +++ b/testing/btest/doc/sphinx/include-doc_mimestats_mimestats_bro@4.btest @@ -34,7 +34,7 @@ export { event bro_init() &priority=3 { - Log::create_stream(MimeMetrics::LOG, [$columns=Info]); + Log::create_stream(MimeMetrics::LOG, [$columns=Info, $path="mime_metrics"]); local r1: SumStats::Reducer = [$stream="mime.bytes", $apply=set(SumStats::SUM)]; local r2: SumStats::Reducer = [$stream="mime.hits", diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest index 34af08d8f1..19932699b6 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_02_bro.btest @@ -27,7 +27,7 @@ function factorial(n: count): count event bro_init() { # Create the logging stream. - Log::create_stream(LOG, [$columns=Info]); + Log::create_stream(LOG, [$columns=Info, $path="factor"]); } event bro_done() diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest index 631875ba2a..d5d1c23b2b 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_03_bro.btest @@ -4,7 +4,7 @@ framework_logging_factorial_03.bro event bro_init() { - Log::create_stream(LOG, [$columns=Info]); + Log::create_stream(LOG, [$columns=Info, $path="factor"]); local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5]; Log::add_filter(Factor::LOG, filter); diff --git a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest index 035f8d90bc..c0f8d8ddac 100644 --- a/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest +++ b/testing/btest/doc/sphinx/include-doc_scripting_framework_logging_factorial_04_bro.btest @@ -26,7 +26,7 @@ function factorial(n: count): count event bro_init() { - Log::create_stream(LOG, [$columns=Info, $ev=log_factor]); + Log::create_stream(LOG, [$columns=Info, $ev=log_factor, $path="factor"]); } event bro_done() From dcbd0819a616feadab7f070b03cf63b72d2694b4 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 11:26:32 -0500 Subject: [PATCH 112/121] Updates related to SSH analysis. - Some scripts used wrong SSH module/namespace scoping on events. - Fix outdated notice documentation related to SSH password guessing. - Add a unit test for SSH pasword guessing notice. --- CHANGES | 8 ++++++ NEWS | 4 ++- VERSION | 2 +- doc/frameworks/notice.rst | 21 +++++++------- doc/frameworks/notice_ssh_guesser.bro | 10 +++++++ scripts/base/protocols/ssh/main.bro | 4 +-- .../protocols/ssh/detect-bruteforcing.bro | 4 +-- scripts/policy/protocols/ssh/geo-data.bro | 4 +-- .../protocols/ssh/interesting-hostnames.bro | 2 +- .../output | 14 ++++++++++ .../output | 2 +- .../btest-doc.sphinx.notice_ssh_guesser.bro#1 | 26 ++++++++++++++++++ .../notice.log | 10 +++++++ testing/btest/Traces/ssh/sshguess.pcap | Bin 0 -> 90921 bytes ...oc_frameworks_notice_ssh_guesser_bro.btest | 14 ++++++++++ ...tocols_ssh_interesting-hostnames_bro.btest | 2 +- .../doc/sphinx/notice_ssh_guesser.bro.btest | 2 ++ .../protocols/ssh/detect-bruteforcing.bro | 5 ++++ 18 files changed, 112 insertions(+), 22 deletions(-) create mode 100644 doc/frameworks/notice_ssh_guesser.bro create mode 100644 testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output create mode 100644 testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 create mode 100644 testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log create mode 100644 testing/btest/Traces/ssh/sshguess.pcap create mode 100644 testing/btest/doc/sphinx/include-doc_frameworks_notice_ssh_guesser_bro.btest create mode 100644 testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest create mode 100644 testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro diff --git a/CHANGES b/CHANGES index 160ec42f8b..c84410303b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.3-636 | 2015-03-30 11:26:32 -0500 + + * Updates related to SSH analysis. (Jon Siwek) + + - Some scripts used wrong SSH module/namespace scoping on events. + - Fix outdated notice documentation related to SSH password guessing. + - Add a unit test for SSH pasword guessing notice. + 2.3-635 | 2015-03-30 11:02:45 -0500 * Fix outdated documentation unit tests. (Jon Siwek) diff --git a/NEWS b/NEWS index 6767537170..a0248d4966 100644 --- a/NEWS +++ b/NEWS @@ -30,7 +30,7 @@ New Functionality - Bro now features a completely rewritten, enhanced SSH analyzer. A lot more information about SSH sessions is logged. The analyzer is able to - determine if logins failed or succeeded in most circumstances. + determine if logins failed or succeeded in most circumstances. - Bro's file analysis now supports reassembly of files that are not transferred/seen sequentially. @@ -123,6 +123,8 @@ Changed Functionality explicitly set. Before, the default path function would always be set for all filters which didn't specify their own ``path_func``. +- TODO: what SSH events got changed or removed? + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 49259bdc23..b7ffdd164c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-635 +2.3-636 diff --git a/doc/frameworks/notice.rst b/doc/frameworks/notice.rst index d8197c13af..eacf9c917f 100644 --- a/doc/frameworks/notice.rst +++ b/doc/frameworks/notice.rst @@ -88,15 +88,15 @@ directly make modifications to the :bro:see:`Notice::Info` record given as the argument to the hook. Here's a simple example which tells Bro to send an email for all notices of -type :bro:see:`SSH::Password_Guessing` if the server is 10.0.0.1: +type :bro:see:`SSH::Password_Guessing` if the guesser attempted to log in to +the server at 192.168.56.103: -.. code:: bro +.. btest-include:: ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro - hook Notice::policy(n: Notice::Info) - { - if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 ) - add n$actions[Notice::ACTION_EMAIL]; - } +.. btest:: notice_ssh_guesser.bro + + @TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro + @TEST-EXEC: btest-rst-cmd cat notice.log .. note:: @@ -111,10 +111,9 @@ a hook body to run before default hook bodies might look like this: .. code:: bro hook Notice::policy(n: Notice::Info) &priority=5 - { - if ( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1 ) - add n$actions[Notice::ACTION_EMAIL]; - } + { + # Insert your code here. + } Hooks can also abort later hook bodies with the ``break`` keyword. This is primarily useful if one wants to completely preempt processing by diff --git a/doc/frameworks/notice_ssh_guesser.bro b/doc/frameworks/notice_ssh_guesser.bro new file mode 100644 index 0000000000..34ffe2e95e --- /dev/null +++ b/doc/frameworks/notice_ssh_guesser.bro @@ -0,0 +1,10 @@ + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro index 42c323601c..a64a4a0e21 100644 --- a/scripts/base/protocols/ssh/main.bro +++ b/scripts/base/protocols/ssh/main.bro @@ -57,8 +57,8 @@ export { global log_ssh: event(rec: Info); ## Event that can be handled when the analyzer sees an SSH server host - ## key. This abstracts :bro:id:`SSH::ssh1_server_host_key` and - ## :bro:id:`SSH::ssh2_server_host_key`. + ## key. This abstracts :bro:id:`ssh1_server_host_key` and + ## :bro:id:`ssh2_server_host_key`. global ssh_server_host_key: event(c: connection, hash: string); } diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.bro index f0c76ec904..55687e2afd 100644 --- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro +++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -69,7 +69,7 @@ event bro_init() }]); } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) +event ssh_auth_successful(c: connection, auth_method_none: bool) { local id = c$id; @@ -78,7 +78,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) $where=SSH::SUCCESSFUL_LOGIN]); } -event SSH::ssh_auth_failed(c: connection) +event ssh_auth_failed(c: connection) { local id = c$id; diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.bro index 00b52058a1..feae86c8f6 100644 --- a/scripts/policy/protocols/ssh/geo-data.bro +++ b/scripts/policy/protocols/ssh/geo-data.bro @@ -30,7 +30,7 @@ function get_location(c: connection): geo_location return lookup_location(lookup_ip); } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3 +event ssh_auth_successful(c: connection, auth_method_none: bool) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); @@ -45,7 +45,7 @@ event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) &priority= } } -event SSH::ssh_auth_failed(c: connection) &priority=3 +event ssh_auth_failed(c: connection) &priority=3 { # Add the location data to the SSH record. c$ssh$remote_location = get_location(c); diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.bro index e43349c030..af6f441646 100644 --- a/scripts/policy/protocols/ssh/interesting-hostnames.bro +++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro @@ -27,7 +27,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::ssh_auth_successful(c: connection, auth_method_none: bool) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output new file mode 100644 index 0000000000..11b77dd1ba --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.include-doc_frameworks_notice_ssh_guesser_bro/output @@ -0,0 +1,14 @@ +# @TEST-EXEC: cat %INPUT >output && btest-diff output + +notice_ssh_guesser.bro + + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output index af9ea0dc83..7905ffd953 100644 --- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output +++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output @@ -31,7 +31,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::heuristic_successful_login(c: connection) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 new file mode 100644 index 0000000000..a8d9ce96d1 --- /dev/null +++ b/testing/btest/Baseline/doc.sphinx.notice_ssh_guesser.bro/btest-doc.sphinx.notice_ssh_guesser.bro#1 @@ -0,0 +1,26 @@ +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # bro -C -r ssh/sshguess.pcap notice_ssh_guesser.bro + +.. rst-class:: btest-cmd + + .. code-block:: none + :linenos: + :emphasize-lines: 1,1 + + # cat notice.log + #separator \x09 + #set_separator , + #empty_field (empty) + #unset_field - + #path notice + #open 2015-03-30-16-20-23 + #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude + #types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double + 1427726711.398575 - - - - - - - - - SSH::Password_Guessing 192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections). Sampled servers: 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103 192.168.56.1 - - - bro Notice::ACTION_EMAIL,Notice::ACTION_LOG 3600.000000 F - - - - - + #close 2015-03-30-16-20-23 + diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log new file mode 100644 index 0000000000..ee206db117 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.protocols.ssh.detect-bruteforcing/notice.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path notice +#open 2015-03-30-15-43-30 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude +#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] interval bool string string string double double +1427726711.398575 - - - - - - - - - SSH::Password_Guessing 192.168.56.1 appears to be guessing SSH passwords (seen in 10 connections). Sampled servers: 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103, 192.168.56.103 192.168.56.1 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - - +#close 2015-03-30-15-43-30 diff --git a/testing/btest/Traces/ssh/sshguess.pcap b/testing/btest/Traces/ssh/sshguess.pcap new file mode 100644 index 0000000000000000000000000000000000000000..7408acc94835c683af86ec68ea1b348020182d65 GIT binary patch literal 90921 zcmeFa2|ShE`#!pjMTQKS%b0nd6`~Bu98rdlA@dv}LL@Rr<_rmyp(v4|fs~M;h(rjf zWK1%jwYJx=ZSC**p7VbG|KItaeBP(m-p_We`@Yuw+-p7Sy7zkC)f8u9BXAKLKez}i z@WRZD_QbOzI0y~!J3MwGIGA*C2oW5}-xU!Exjs2LgdDzg_0v2_EO4CdEJRSL69%P# z4T zpcxM03@{oVXo$MJ&PYU`Z4qez;>tRr8YCFqa0zE2CI!ngHfD}|BC9^^IkVvd8daji zRyHj+dBY%&bm6CbLO-3GPgE!JZs74 zW^E=cCeHgGKP0s6M}$Nnz#q;bPXP-qxw%>Mxw@J0nOnNL^LYpg$vJ@t0dMk~J2~)f zIVrf^N#utt+}!?*u<0Z^0yqiGXfU&M6B3r>Gk168g}+J(ul))LSpC)2+{)>kE9Ap$ z^;htDgM}EMr8_Fo z$P+Ni(9WELeg6n8So8YBj&T<11LYxLslys#5@iHd2Ah@aYlJvpocUATgGPvMdZhp?y!%|pGOi1dVflLlq3`Z6x*R#Bq z<`&k-xA`1x+}xdETHo@Ph@|M&x5R|EAI<)6jhO!ohrlv{e}=WSkqb5hMnE{)Zde09 zV`+gjAN+|u91Sp!Ppco;X2{uYBmx6G_)l1n&)LcTypV{X*ygVN-_TzB|N3-|Y1G)v z#_F~GUuRbc4~YCf*0DX?W(DB!A5VaDn|@#>I0-VrVelS2wq^o^D6cEb1Pn>2nSgRp zoiOaH|8A_^o96z=OaKv=HX)*APtk`X5b@fUo0hPz;Rwn_|J|gs4sz?+6Wr3ts6)hM zfM@{hg9jR-S|#$vDx6|VK3+wn*^M~RkBSIDDDhdq4IvT@fnWmvhd;2TB4^MNxDSQL zRyMHIc-^4w^l;9<>E;l!aTUv-25a}!?0R0*0C^GEk43qY5x$4$VN!1BF8%$Lw$i-! zilJ!BlA}!V72m5$%WR34^MBYWeQG+PLlqFbBw@xv&CnU^XG%_**TRU^B72gP@mn%o zb%HrVV5EG2iRe<(Y>0e%{{bNhi{#rf`-51CXQot*5U;NK`VNYFTss`@hT}0sb4xb( z;7;wwk6uXc`QRnh(9daHddMl;i2h-E|BH&4DAJ%)@5fE^SBywArWXqsOw?<6{#iq7G&?SF_SrGpP>G;WMRi zRvl%!E9>*sp1m;4Ke;D@&R`cJGTwP!O(~(Ds*Ef#whos|Jg7U76!41$?xj|LAk*Jn zHsTJgPet{aAk&lIQ2X>MRycx+5=MzV@ha1R%U%Oz=I#W$8019=765(uXN8vLFAw%*6bXq}T9r^>B&YvdQAi z>!tWBLAn(d$}VitReYs|gX0aaj~t4-XhTcr+SR|J>@a4Lqn#xn6A^RIyyN9jgxkc& zi?LWDz3*E5-42`_A0pG@$W&&`A9-y$+tbyz%$yvnG%?331?$#vpQ+1TYUdMcPgSFeujC>%sAm^Hv->(zl1#On?jrd3A0I;bes z3B$?2)xj|%u*xuCR}=IbU>QexCo_1D8o=-PXFLYK;$Xp*Ai(>?a=h3pjT-HPE>@)V zekpx9)bj3k_uuoDY>70PzR)`$A}+sQLs;tVy;L8GF00Dk&j(9(V2{Xi$KdQ7R|oUG9Y~Sy*~stjo-fbAAdLj){)6 z=Ud>;C>RqEJ*%&HLtLol(l~a^Jt>y#hYS2C2@M=hGE-WOS|vEiCA8wT+TD;}@={tx z9RJGYqZ4Eocg?82>LcC9zQDAG=WVxY4Sr>kmEBY>Ou5hY3a|LkIY0u!8kaa>pmNrh zx!;vP5H zKdVD-am;}zBUwMXplPP(paLbK+$@LO-G?*+SM-kN-CdNHNNk^S&2XM(;7(+xt<3#; z$m>yF_OKXUe%JB%smYVq2yL6XNEVbD&oqrFI5Dvid>*dBS#W5@=j@ES+6fj&uwd@k z2oEeoaL7!qwZF%w-}8~hn=ig2}XsJ6uwjg z*LMhuOKI%%x;kBBo076GOLzGixmYsZSaT}(sTZ;Z^#fM*Jeo%kTzz&7rOH&npRvkH z21*_Z{wTWO|5ixhTz7lU&sbZdBgGB7dT^>*rJB4y`ry*AI~`pK4I1VhbulB_rCM$I zJ^8eAs%rNGH^-F2op{e)DHR?IBa=vcf1UECp?7+z>v#@Pq`-Knk5HGIM|otf*YQT&bgcal5rTEAwI7%RMPe{z)fZpk6?%yoH3x>1g(GM!Kvo?(`v_il$R*Qk zc$GrLxGa!WK@;%UnpF`BSCDIiPp@u^2(qfN$vR>lLo!*aH3` zm`eClZh5fu&SV!|R@A#`?igFhwzzNlcQkD%`5W0A4-2MF^bcb9hiD$!Z}qHsft^$0 zfoU1EBu#w7H#C+-LlMxDr-WNr26xG{sUX&tt-hkN3=y3qaS>s_BzT}9Ua&?Y_C4Pg z5%iniK2$^iB6w}`lDYYjWZak&!`~?eZ7Wvfgmt|8^a3vQDk&p8o)+u8e}16rSLNOw z{e{+FW7$||ZN*X@9@CWXY44s&{x0Aj>Hm@nTIQ{ck##R5>xNrcPX#fW2}iz7tQ)Pd zPA8KPK50xzk!?b6Y5YrjIghkcRU4Px=+zp4T~0`yaM^RZhRsZz z=%Jxz%YIVb8gi_s=gapR)<<G~{=aO;(LTaGzp#_|!m+N30l z(xsZpgB-tH^REu)5taE@X(i+CbtQ6_%TkNy(2K1b+rw}8*7-ny^qJ&$bYf3-+%cJU zuzY_fk?i)p%1=>;AM!P33#3%KeV=G2Vz@%n_l)-i+ni0Hh92=b#A_B80tavH^xBH6 z?P<8Jxgt#Xu@~=N`Eew=LSc}CO5Z#|~ofhaXT0}#{L@em(?N$}Vj zrHICJtq`#-b6Z3ZrLnbZh$p^7L;&Ki5$e=&4XbL-3EQFj#mrSYo+@?$k*vO`LrO%8 zOEuwRRgpV;iR&euZVS>hyS*Omj8qsSu0LexL*RMq8qW=ukssc8`|c5b$#?m3wt#|Q z>?jyqNl1ee>D}`wDt5HGVH^9 zwP<=MqULkD&Hbd3{Ak`G=9?-?687Bw;Ue~w1mn<>*jkcx-_UwdbdnERqTjQn7lBGg z2UI%JWxbBIUNn+JAPy~90K^LOT^Qn`CKw_H{n!=}#6_6M8luTDhzR4tdMAlnsQ0I@ ztv-88N z)aSqJ(ha`T`*Qp8f!yVwg)@K=xwP zmRQthRx?k-<F6p{& z=yAa+2rb#)joOP*Dj+T{z_?J>TkFNM%U~tz$60`A_XSg22-iWxJq6n$g18tyu!d+y z2N7Xh%=r~ClHsaSEcj-**ZN2xeu~#l)+QN>93^DLzI^S|C56k*OZ+3V7n+=mKAef`cq-=Wv>bM&cdkD; zA^GCNoYo&K(=6{Me1i(PxY=tpX-9~KePs`1omTSg$xNQ?4Yl+(X#7Sj{!KitMKtv` z^fVQCiXkriki8hOr57)NxabFQ5wH;#M;>wr*wNVl#1ql@nDWI%B%&H=-Bx9I~WF zlx1s4je9OU2TN)odIUg+mp?qv7}&0)rijEiN@{{g0wniB#Lak_3>L{L&w+=q&YUYP<)YG5j|6NCOc6EIalTL&UQg zTYP9lvVtNzB7Fd;P-v$hquIotatopvHMgu5*EOBJ7M#PBKTAyQ`}LhD zKDb%$%r6WwKU`ac2imN%mghH| z12SAf&HUF=k+VurTxTTbN^j&9rRFg)4X|`xqk_Arml}V%S{g=$&KR$ zH{_d2YF1~t5RtJJ(@dP13Lryxd5_B6zh{QWKG*euA3&O`2El(M8%%ZQVHfJ)CSSHw5lgda8);HgO|p$gO^O zAdGhxeNdLdbp|7|x$@2jn#LF2b}9$I>6KWFu(|#k-=yC+_VkFYbbJAh9*-yow>;01 z+sSk6GW$}5y~)}dC(V+hX6^kd#Kbbc#4ypwx6rtX)swr6c5yY@zwHX|$8Ou-t-xCB z?!kVz;_SX87d)OuDGS+&?u@jqaS?{Ri=XVO%K8|zZuILF(OB%`a`Ez%3z%aokeT-;Mp~-jDb+yQs-=ilo&&zAo&xayjnAEmn&arJ!=@y+Mu7)jiZ& zd~R$)qu;9%J1^H2-y}E>`fhdU{blA4}}kYQ^))T<*Sl_WP_7qz5Di5XlSfaSj> zHUF`s23PPa=_}uF(OFEl9ZJTZB5DnzoqB#f_OI+=DGIWZ!`^@6T>R0+bNXV$yM_H{ zRO7#mU@_ayM0`I{Pen~XZT%F-`jPglf+HH@<{s?TwYTS6uj&YTI|$Dt95}6u=k=kk z*W-JjJw6j#uS*#JXrhhB{a1?$5qtBzoeTq~bsg0%?u{=zW@W&>OFYEy2>lptc=^Ib ze%AN&>|=z!F;@GplMU+z*z7k^h-YpxdQ$au_nl-{`UIn}o}`Q{W-43uXvcHd&Vk11 zVo68pDzzeI1o|wDk2KK4dMbAvx*=6N%@&{A?8Pz1`oUyzAv}suuZ#Gcmu^+U`76|^*^g2aF!x9gIzRM$+qJ~N3MQHh($qJ zf2#KL;K^1hqY=aJ{4B=aL+UiOyho?hJ@Y&Bv+Tq=v2C!ATq)tge@<-DKqn+axX<92 z<{R}FD|`ur!A0M5o_?)y_=db3SN}mNPk}jb=Mtu@O7j$6p@OQYIWS(A#Q5eY$f`pY zyVi4H8OVXm5b+fWE{2ktZgYs}kgzQx$f~DG))6ZqA}|}xX36Xg`E{EaNGWW=Zu0^@ zSS!3a3bG0)1KM0tqr?lcN+q;;;?{<=j5c4e_dp7FZ5v;&LoOi4TOe5gHh279x49qK z%nNL0;#aoeJ+*M-Oy3P|Pi>Rv>|n4yjFRhTcJ|r@~s!I zt5|-NJiY}j;m^V7+asiJI;a^F=^Gg3(0uEMh+MfFzM-*Y-&2M}q}vt|rMLsh7VrVpQtIPJZCSib|EyuMAc^YW?mQxo{+Sqo|KN0poW?qzL#T;KA+_$_5O z#R#+nCvU?yG?qng%s@--?Aa0-U~Zhv2IUTOSyYxGV&ZK~B{c=v5HV%nwuqqLctueW zfp3E2SO?YHod$C8I#WGDgNv0)WA;W`iWK+Zxt|MheaHQLXX>wl;OF1$X9~a78peL> zAzqPldikNs_Z%gH{Cg(N?Ro!eT+p(?GK{R3BUz_KWj&h>#ONSuNsSU8h*2c#hgKLv z^-Q!D8M4h@-{ZA-tvsK)tGhcB=gEikqPy7A4>gMtmUP_h#npd4Czy|E>P&3MX-0DN z6cg)C*P$g{8->HGu{{V_H-fC60oV0v(VY7*h;6<##6OqR81+EJZx6SyzKRG~$G1jB z1g}h8uS@yKah34+=Q&meax>w7Z8&eD_)X%NhGPd;4&llEGFes}@zLz;T zDj=*Vx^zBTGYChMv!7j)TdD2=aD$dB`=91 z)oe%ZVMA#7^ISK7+1FB*iyuar?-9PiV_!~|ea7nD%yL?_xOLI<@x-r|ZVqX;%pJOQ zGNS4a>gek|Tc7+$^RekOUuKbv&UJe&*PVY$^LupjD)JZyJ(<<5Lt_F7MRgRqCkHo4(3GD>N-M5z%;Zh{eNNsSUeh*A(A z2qtau@DjU@Lp!iSX&PuxB1EShm6Bb~w%v)u9(OFaI-_Nr{>@oT5eo~ zVO6HklF!dDMX6ywwB!dDYD^^#e>2X)Hyvtk`pV@z;p z=eYJTgfnC3-g4!kvWj=#J@~FDYMwD!?(ngD@gZsC?H5^>6vUbcum-yqbQu}h@r^7h zEca9oKAKdBwD5wS@|JFl;b^@m+Ean-Ma?a}7zcV0sBxQ1YLuxt1iZ{00OGjHE({WR zPbCtOYFk8$uA zkaLDh8^r>vOspaTiQK#x6%k!&1`;`J<~(Qy%H!}r4~iTHXn5Axrl5e7Tm_VXnxD

    rEb24QR*A0q0)`tH@sc?%*ZsBGMfxGIc|MwWTV8~d8F zq*0qq&QgG?n7_i-90KHv3do(9#Nn}speBrrbv zK}0q#VhjakIgAi7U1VEC@O|x#eJoZHR}0EI#W^PQ!io2fuUJ}KDx{DEqvhX%vcCmo zU}KO!ZaegMAB+EI+aLW?Dfh?iD*ku^T$7uAU?!LWnP4rqpwGl-ieM(tf#1;EG;f}M zz*#hD4sL^I>CUca&x>Fto&*uGxrs4Iy&(zh&7Q1XRMW^=mxZNz_ z`57_5cumPyH{0|i>-j5Zai4Nr<}tO*5FDMB+}CUvg-da6J3u7g_8Me3U4t0It`j-Tkm2+s)T?94$D{e@M^uSiH3eK9faSju`G1ti z?QS+0p~`}sIkE8}fy^Sea)quQUyvG9+Zn@)(9NM8!0y`ythZ)joYRdwa8 z1XfRwo>}CR6Q^5-=?I&6`|m^?()w`5nf9ic_3}lV!lMO}FCws4Y9@Yv{cx#{S|sS} zRr7Pj*-G(}SF^HfQ+Cd)H|5wpxMapX=JLsBrnx}#(d==Oq5Z==%zHxku_8yg`&!96 zqMHqOO4_W{ zUYqal8*%Dv9mnwWel82CYlx}dKac&^Da*l8)nd}6?a^uPN6h5helHIt;c*AQuS z9(*|x3NFB{61ltFZh`KY%3BlFVO5Df%l2$biv1LUBsI_GoORESU)K92>mz%|`LnLJ z_<<&RQaqNo`pVe*;&8+kE!^oGm`jOxG|RNwbdK3{jAR}zdam&<^te7<87>P&!{fcP zDRyj6AIx+%iO*Y<$nI*zk4k4EMkqZsimeObVPP3q3~1qZtd_aT%qcJ+#)C_CGH!n; zxlBfCxmQ`}dA}-{c z)1;aL5qF&dSrs$|546!-p;QE3^RX|tMFd%u5a9f?3U(DDZfCQ>?1s(T+>5Zl7P3ZA zv&u{Z$SOeA-z+1m=7Owp7253an|NIkK(pEYYB)r!QrcqkD3S$W^SOp~o52FAYA&#u z3ET1eobJ;@gNipDdi+R+RL&GV#8JD$78!^8u{TxqDEINo^LYn3O*0H%{bIu&cX#r; z;2{Jp2?ds{^~W~8u_Ar@g6`W4kde`RLoSXR&TaUHhG?I|hD0pf77;}vN3sR{Lomf0 z`>uXs@Bu%}lg#i=LC#+rOe%l_ki z=o{_)hHq#ri&pDHOTtP}S)KuR$-i(wtSwW5%le273i&S_ zkLDSBREd0p^;tnPW5VB_4*hRd$fw8k4hyF)R5V(#9(|%obVpyehWW#y z{3%In%CPYHm1{4w}aUY;bpa#Y$q6CRT_){jv5oqqj<5rq!G&w`>!0 zqKSI$hrL{C?VoP?j@b`CZK1v2m@OVcp8m4CNi1N0j6`f(9v?y3H&(^z_Rs1BIG8V_{_edEe!RdT7eKDv?uH>z#62-Z>tjm=A@?)|<^w2{Oc_3O^t~X!GI_#1@04`neRpn?)tkWU?6lVtg<8JU z3gTwbdg#(F+525Xv}C1J`hYd&wiG(h@<4Et(I}&vrE}wh*$I~+4&vrOT&_DZ@tKs=WmaArdBwd z54cjv{(J%PKrF^a7g{n7ELqEYXjigm@gTJ1Iy-7i{Tc*O>IS2fY+bkv18ZrjdCmZl z$C40(M9!xG5$OfCMFdfLcRe>m+=ht2H~&zxD6=Utk@-7rBfj#S#P~E?XMOtZW+Jur z9UJ<@;O6!f;=9&nBr7*K)om-kN4dnypHtC4 z!K9(om=l*ARevd_siD5x*6)(v`ka*lAFJG2Zhn!|zY#m`%M(aocI7N~KXC0aFS z4uOc&iA21!Eh36Ut`Q9pVO&VQddZ`%kbNuCPk5jF&h{Xdj|M+_u(P!E zMiUf*US`}f!S2G#Kc&p@)?exDA-!<{wI9Y$p(XN3#u~ zj&vCtP6v^@VqMn+4<(3p1BmDScdWC89%)H?AY#!*K|WHY`v(z71Mdtc}k4qDthN`#A&>)1ZwVksFBUHfHcb#Jt`uUi$*C^Pxn(a%0`b z3>;fxxOn4$;MU3I02Y z{C41px8Uz?5aw%gZV&t}nC=$7rG$a_^a8!vLwrHuj;RAXY%1OW$cfQ*~)gbWW zGL*m5`TYfm=Up|m}i2+q2 zM~=^v5OGqM0E0v>Wdad*K^bfF9AXs_MIzUd0V6)(4eq(}k%FIYB+0sPh>selt(KS= zbjM$b{I5j*S0aaxHi2>QuWu&vMUwIxhjabQ+!)Qusq_)frGU-dTt6U*lgEU_@(oc4YAFLk{N>ho({~`dfM_e zn;pQNzgW!nz@fjRm7DDNRb5p}*|1vTaG`x{#R7|?KAy6JW#rO+yw$lX&c>#*)~@w8 zvS>vqajuxU6g!0RQ-$u6=BANnwwo4z6dpEUe^=fd zqIR_4E|tPW-2BqRT@Jdwea^S#PI5`~GzRZ2eKb9haNl(NZBEA2tGfL*p7uBq&2Gk1 z=MKG3xjioXWrrnBFxJv%gX{eSIN%%SVw$A&6yDNTOqQiQ?U@*w#8_=2ZLiF~-Ftqq z4)h%Y0sE}tA^`@8T*?eGOtg8oIWTK*)H{$G1ov3j^k4?9Ltu;tEdQ0r|D!~HfWCGt zhHvET{+#?e?Vk^9smwcHsuXcWNg6f{OFmq>`ZVr?!lM~iriR`oRi8QJ^U`Wg zjLp!IO&OH!IUYLfK;WfDS$pdDxIuxQ(`S8Wz47`pVo5r;555!p%r~51O6j*dVTZ>& zLn`Mk-rs&q`jgTew82;GuV&2N@(9MO@Ix%oJG``?yGTHK!GTbIfSkFh9ADN%oZA>& zhCoY0`4;)a1U}x66Po)^Y7qW(3wmqvOw~yv-L~#k=@9p<(_W9;e&-nXzI~|g${|;q z?_wmQYC8P*bA&&|(#furVHS>i?gw2zM_%i_ziVpx<$j6$xO2hkWlu-WE59J*_s0uz zEG8Nby1x6ixKHKWx5lVR1}~L?c-ygVg&Vy5l#?wTy$1*6k&6Y#oJp&qO`o!Ht}exSdiDH$Iy4~#F4J@ z=67MT-U~Rd8C#H-I`gw^fv04 z>yiVqiY}^*tOcHuo4NvRo)aL%Ad$}?OL=teZ?Rby$pWyMNNdgJG%$0}QUx|Mt>6@B zzOB@bs=XYYXtJN;^u%*fNgC;B zg66~T2WOvN|3<=cpvJHA=I`{azuYVg|%=48?%5>Rj2UX|eGC9eG zpzr;|SHwNszekCBCadUosikVtzqJWYo-%Phb>U;(+4!bcGoN`K2$0l8_}a@O))ahx$U#fXro;yZN~nZff6bpY<|$ouG_kf&V7uCeITpm1jLs zikd?wJ|nJ*%viJ9Ke$1rrWxcpChP1*-q3FRSgxliNiFkb zoGywsPxoCsbVd#Pd}FDZ{gI=wewPaMb=Ap^EIZ}NN*rpKDid|33$F3e(e_L_{kkOZ zCnJ~6F$yA*MVWnX=;RL@bQ?)61u=|NPr;t71U=~uf(stooEns@2#bN4j{?|?7$$A ze~p8_o!*cckt5qbh#*S+!HUvqw#m?kh`=|0B~KigrsO;Fc{uy0sG9NKnse9A9w-fo zZVC9L?aO0)lVjq#pQrCwjr+0Rz2&#h?2wCDY|SubyjV<>G9epF-#_%olcM?bmHRa< z;TBPI4dQy4eaxc@UGpMx!32-5H>f2NTBJFQjr#1mlg7?LDa}1+&L{b<<;1PzQ}H+3 z6VBSDc5tL0PGEego_`;4WfWhvmq@=0dU}^}C#JQzv&deA4@%jzlIE%bdJ(8`n zRt|v-eNTWmPKjxwbt!8kqTRNLC=&Vc8Hfnuf{~~@k$ZZfW~2F4e?In8lr9S1|r&3Br0Wt zWGib6TVN&g@(`*-u2aS#aHkR4*zjNj5#7el9}v-b?-m<}fY%{VB9Ee2x3L+4&?!3) z5G9$hF-YW&lMwL(@j7BLf=a!^`y%K$q(uG(Xp`8ucn^SZjkkJL6oS&JRf!y;Utq!h z?N81!%-!2*y1<&4Ij|MFe?JKnB%*Js(9c> zCzQy=%htlM@Y)*rY=^NiEc%C1K*Y*JTYTt5vVyYFy6#;NBmfmI`YU}SLrndkWyn8R zDQ76ZOBclD-$nnwi~fHX{r|@<`or9k2{OT-H(GbLhnb-5*Pn9B&Ghx$5(jh3YOxFn z&bxQ_3Sv&hNiOYq+FTP2GQrS#XoCUSOC7-D$FM=CXV);iH);={5r9# zjkBeLg^;-5AOBd0PwEfI4i;jV&i(6U8UI2N#ouC?f4x^==FbP2zYU~jc%aQHYkj3) z=5LTk&HVl{$XO*Qmf;gd&HVpDKmV)6GSI^k;30;&KPB|=2^`xt&HekM)jRybCSaTQ zlR(aL;~-+*kqtyN&O`&-AYz^57S5XDs{5nCZSXAb019V!A!0E=GypvS4>UwIyxS1* z$gyn^!Scv_ASxmN*;XQlEhTAymi{P_hwgzbRl{d1Ze?Q#RU%(y1GG!IlM%L#=wVWB z=q~;JmA2Bn_llut%aWr^@fF{zO3Q4Cm-BzvDSc`>p+glAyd+`9Le0<_>t{+%n%BaJ z)gpV6lkr*)zHsrTzbeU+lc;QdjE@xm?+YqQ}4%3^H+>WGo}{{ z7);a#XpQ?;3F}4m$xS2NhtG#0m9Pk`roH{Sl&s{pVgPe&8-^Tu#^V@+655K0)wxEWq{B zGJ{D;;fsjGs4gNNEM>U|pC#uC=&hR>+U4HNSjr}JCnZy3A8qa{lzxJ(Qg=>g;x@4# z{`ZNLtCPo$WXQ_U{eGVzBtdi`aBk>)(Daj#zH?`~4fY;aFPOGh7mqU&{9H~;8da5d z_=+ouYQ;tII{!DMg%R8YY#z5_9#n^1&W+vmMu=BIZm=z+<4T;CO+4TJT1$f+hb5m( z-dF61ZI>~+NjF*Y$fDpO=sN@g_8F-IHU^12lnOFjxq0yptP>36sdog-pi1Pr1>lYt zu#6+UgBkEl4d6F+(njE5A;1*~u9=DDc(GR+HQEPVtVrwqQu=bJ<=yY@zvnI45@|Ah zp?5$;Tzn}9+Bq;Yve0+{b`lD+E0zo>OLl_Zxxw)ZZDoL zwcuRbaeJDYj?ro|DB6Dk_kL>yHt~w^T*63R-m$OUIWkAb1V^Il8JZgi!sYskT-dXs zjw^gmpX%I^n%*@1v$43#y|5(XLW{N$$;}R*#B%+Fci&(6%{gEB{KEYZn z?2PXP8s8p{&{(;veGZ^ZQKg~Fp{;h~a06uO6|JB(@0YV;!@&`dC4cigd9PZ%v)(Dy%7U|rL-pvL8n!McQWjNXt(PNS}#IdSA1#qL~&<(YlUB<3Xf$2 zyASJWXO7hOCg-L;Wq&|KJRjE>w48Htg;dqxME|KPdwIooCk_NV(S_{N;0ZUHl=*1# zQpV^~+OMJM6#?F}0qwfi7(ViydMNAR@L5#j@x9}R^^#IqzgN+{Dz96r**724J(VrZ zN7BagJ5p?Mk5r#cIYMEF(bH&8ZjpIC0h(k+09DSjZUg4W=HmZude-5_Fk$hL?etL_DV^$#M*uet@`C7R8<=rC<88%hmZ zcrp!I*fi!2{Z{V?#6y*lb<2U>SWkiJcA z)eS|gYG?`n-VNW-SQagwf|gu|+d8j`wa8`qKrlBR7KCyK`xR7{A)@R)91Ifq<7S8$ z0V4q&5yo05DkAVrknll6lJ`tcQ9#~H&&N|Z)*Ka9Z;hWxjJQ0^cyWJsWjkjyb+65r zUgwUY*vmi4C-Wb21mpW82^eVW&r}W4KcI|cBnX3+C30b8oes%*87k|;f*?kNQ6=&X z*7XA_gthm7O1=?5h3jI)DHZT>anJi4-P~Qq6k|^6;!?>+6ZyDypD!T~DUNF$c78)! zNwynW(hMwFizsx~O)o=BMuN6*6bx9mMzW5#&JmD=bju;41V0W2iTvt4h*&YOEh1q3 zWIrk*cxCFx7RYzxs(b4-YuUDQ1oznNma8+n*(h$&tEmU+-BG7mrqbcKq?L5HPa&YP zlSpBKKfiKxX&_nr$;yL_njL|SG+ke$nM#8_8Bf~qB4Q8iY_S-&NquwH=WgDSp1sa^ z-TO{yrF7qYTq9^gP<2a{NjX^hEsrUT|eRPG{%YC;Mwu5aVkH9|)RP4{>^M(4JW zoNBwuOw(!NdZ-|__fV^5<8z9x0*#s51(zBE*(4JQwMw+Co)oJECHK8!_86Nu8s-oUq78UzN3 zoDeCl$wX|62%_}9+#2G2Fr(0Y41DviPCQ?sdDM#ppGhSu#U@OW_fSUB;vv)In-ttr zk@e%M6arY0AG3Z)*Sw6m+_`hW%Z}$jexgg=!yEg{W1cj8tg}|VB0M&dpDHaJ_@S$) z>|)kH`pp)bY?TPs`IFy&IXICkvOBRPwNShq+VSPWCH|9? z(r~q3`AW2Q=g09A;&hQL(aM%XPZ#o5_j86~acoO3W~g@r0X1&3M1JBb zhrs<|AAmSWLx3qR_97ACqZBrcu*0i}C=$6oDMW;Ek^M;V+XK1V!vdP}th^mc#<%w6 zc9oh9Hq3Az^QF(Ec=&N;s!o{wNkTMF*crM!C!*OM;v>+K2|7$Ad>tmx64$$^y%+>k zx?!NwkuFoi*&uR$Qnm+y&?mhB5JMC2F~r4Nr2Kzw<5}d$QRp8;5Eq&`Ylsy<`qzgu zO@Aq6S5h7tE}C0G^j@Kk8HL(}*RRCsMmR4EG*@TXmf$&7i4*9*=+`AqJw$KOi*+x0 z#HK?k@R*O3`{`Zp&R`9nIw)mjvTR@0;&tir@a-U%XHVIeugWl0?tU`2FhJ+4)K&a~ z)i%oBl_uA-L@qF`(&kE^`lTP#zi;2a-hZ0_=W)t@U%K8pT)~rR8yg$01Om?*|Yg$}sIZ5z2^+i;^vI zv5H88WxMf=dV^CC5ynM6ql5gV56_B!DzGd+-&ZQudv!wnXO_h=%MNif-#JgW_C^c- zH~nr{M9&_F^wG{IToF5|4lOzV7}Ks3`&gkR+;AtMP5C02FRuE_ZWtH%g=@X|LIkW5 zow^7R7lQHD*+L&DofIHqSKYRVpmYKcxoQJv!gWv95M^RF5Vzr<3CY$sRJOkC2K@7b z(uqy{8&pA5Xru474McPs1tK9L?H0{Cm>+me21_S!AFX*^_Z-+**Y_H720FhPNPM8$g61 z2@f=GRjiQrEdznuB7)KhHTHExBZ!DzfdEP;U^D%j3`e6xv{V`z9{XksB}sr11=P|B zBppT&aUl~IL+M1R3=*+mTSS!72}7`{)@vhl!%<5oV2i3*n8>djfh~r!Y@td4kY5f< zCy2mJ-D*;PZ3(E#g@}ANaWM#{e8`FXp140DF3+GMt_r66)UVThypUCHs?Ryd;@S?T zoqq+>zZ>xX-GKj}Z%b}SqJITbOUJcxk~LPK*1IYYu4=m=!NelZ!Izfq4suS;+x^kj zGyi-g740w9c5X&HvDW_oFJx?(`K3VSZv&|r9%#dEElC|5OQbfQ+J>Bf^o%0M5+Io3 zfNu|M9!vhG38v6PIpE=8;2k`+8S!P2<1^fJZ|!CZPJ+srPxr!2zBWCX+7N8j_SzC6 z=7T3q&f_4E$5up~(b7W@F$zw8&=FB~7g$AHEi|+q%(Mv6og0(yf6}qYY3T}#{aa}G zx6tr!q2b!d@IP*M0hkH&!4qQFatm7a6wM}unIL-sb>7^2!Ju!_1>6SDVt1}*Pb)AJ z&x44>;7P9r;Nph|8lu{-c8GXvRhXh=z6>(0aePaZ z#2NHWg~BMoTL0GSYn!zw33v^jrVRQG9$TXXOTpp`MEtzv_Pci#5kyJ-#CnuCLPYTD zpAGo;E`I!~oooJTM-|s{1K|FG{hyWP?}`m#5#1<(N90 z=j{!r#u8J!D{T5ykN%C(o2KP6`(F(_tDZUeiYvD8ed}}m*B4H6{T{oxS4ZiF3FAcO z^}WqSRq7%6ar-m^==PmfQ)|{z>I^m+789 z7|&1F<`Mu=41Zvs^>pE4D4i&khYUxZN4+|xLYYs0%0?}nFa%#Fcnw(oTRQQdODD>0 z=ij{Rrd+Y98zDN~R_1m@^;TsSgYjGSPpTi zeYKPAjY%$JmQ?)Cdxcar_XFzV_KOSE8ftW@6Ie^Mh)>k>d$vBXnm9Sh%!vI&rpTax zGFj^qwQPEA;E+fG-hQ@t1}FS)pUrRa5Z;ep+AY-3I9c{VAp3W-e2-$~=uNrl!Z`=C z$8~H|BDWIL(!BWye%<%{H~9>tp#mAU7Poze-oyL7$3mQB>8 z&VlQ2Yw5%;7U%hLDVm$l>6>m0HCFbt5uf{Q@Q!9u=_eK!zElDWxxjOi+%}f-3n#hW zBwN1rt*%Rbq`^+{g3eg$Y{hg1?$swyBsE&R2?9=-<6B7ZRG;{5PgT?rf zrJ~%*tOIyhSHo_uFxZWg8IxMz2gr}yXBYZnIz^K`deTGkLZV``pRS7lV6)IbWnpHn#8}!X|fvh^T1lC0VxpM(? zZNs||F>e&pGwP3=got=Iw?zb5b!uuI(E}oGXEUGA#sc!zF&80PdKk74`wBIy%yfaQ z0v`s(u^|ZefVVCcZ5;^^_Aaj>;`^OjY<_@b0oYttv2JrRu(=f2%#^rz zIDm*Hm@VG@DBr=@re!Mc6_Hy>QZtWI>Ver_2VuK^!Im}xWiEVgUXtB+|OEVSWlJJ+iLHJOgg`fJ z0WGoh+wcvIWlRnpLBWA50zzzsDBX;L+L~YHbl&Ox-BB;H~R!s zMBtmC#m+N|T&GMJ3#6>IhQ{g#x@60AUQO>h6{*3md48!lNQ_H|Fo3d$IqmSpn^<{FBhK`f!Y_DxY8?Fh+_R|twf;Ce>J(@U zFDXl;J%*NWL}Fq+xeQuTxMkkdCkj|sfvhjUe2NqwU*7<+{RkpT0K`AR( zn1!5O|APovrv%}>84IMDZO{@$Tj)U+cp&-?%R0`hDh}xsScOCFnFB8NFLNZ8d?aNDt|=V->yx_%|6u zhRJqbHkf7oWGeqGirZws$&l7NuCe{}jvZ~^Nay3`-uz$feR(vNUHkSeWJrcY#xl>L z2o=c`A}JzMh{&ucGDgT$<|3IgW=iH+rjV&nB$A;L$&i`&_P%Af(f#|rwSH@T&mW$( z?&n?JXRTwO=dsW0y!N$^8P#CQkS{u++$$Lxm`Xxo zR$Cr+EvYX>Cdnu|%d3r_$V^sD*|*~E+_=E;UDSc?it5%7W9Y?YMh#E zkxJ2IVsqY`VJ%*oWLLZw_wY}_g@g#x)NEDk=~!bCI{L0lX|f5&G5I;p+Z?zcV7hO~ z&WeseE63cr@aZ7_YkEsd;&G`|!M>QYkMhV<4J%%&5!(oQ40oT8a?7sThZ`{-!T+0I zIF_eyL9bM$$oZAZLs={)sa^p%lQf}dtMm-AN_{s~sVx1K-c(Sf8xG({Rw<|t1l^^= zpV`k2avQfMPpHgcb%ozJ^DX&Y`(>sv3NAt20ldrKMZ>Wc+{lhI`FyxNpgI}b#B|pl9c}=EkMWt6g^?!BeJvZ)ndX$jFi;??9 zD)BF^pQh)yI-@mTkF`B>RBrWNV%C1AmGIl)J(gNA^#R`Z)=!7($1dLuOH0yt7(m_m$LZ4fnGt6lgy3V_-d8uP zf>rYN!Avi?uGl!n-8s_v44KS3lc|Q{_vmIC7OLghCh*wbR!*)j> z&r@>;{Ev~gbhc#IYoGmbALpxpkz1UIe>ejMeo}x7?bNyPxqkE6kFz(l{PuTYRP-HE z7k4~mKb7#R|tn?bYP7zs?X@mBbccl$P~?5LKZoT<(p;^?Ai8pp;{-j zV_A7RPk8`DdPQ`nk>s95B6@C%h+>`4?S+W2E&>u+m&q-LgS{7z-lNp#vEg}>7iPek z_A}^CWjfbgj6bCn^Rpa=ArH0B(bj)Tnw9*LAAJx;GJ65tX(am#VI=(PUz%U3i!M+X zY{P4T}S=<%>uPn$ln%R+#xxRI=;{%zHhIAu+2!-sE-VW!_erfBLy4mpeP ze1(l`lX3bh{nnr^T-Mjmdf>dN!4KX5Q7at_UB8e=B6@6#NP*$9zS_BF3K3ylynoG? zgqeMV>#Axw^)p%(dbS?lX!-0zwwb?fS#>R*`jJ_jH;`dub%F72t9WJq9i>2~mNpnk zXBN8WnHXfhNZiyf`mNQ!%&^0{r~!KnD{GT+Wd!1yDMVz+L5Fzt3e4?WDr#N)MFf_b z8nBVI8Iinr9dS!{<5|z9a>?fMXfSig(@12}H(P3^ zIpKeUmKumI4$z^U2L84%AdEmjbQDWXc2rBN6Br?8tEI*OSZby@p``{Q-*8?(X=m#* z#$gSJOr5bQ?ihgX3@tU0I;%{;cn#tqqJ#@B8cPjsC`3HHzK&R7Vg(UcYPz4GB5rl2 z080%VMg?~5|06Alx^yP+r`CC-47TvSWV3LOw}C>$4!r6%VS5|L{Rr zYv8Ds8aN`y)Aby-l5Z3NN9-}%M1C&FBMMq-BAM2xIts{7fQZhKxM(ajH%%ep+x0UD zR>)sNv;n2Ga`8 zqfG2dylY2g{9n%V|LPe8FvC=kA(}gW7xMnhz3KiOCD~l_3oOGoSZWM_<#qZfMD&ct zMPsSS>4u1Y@Oz}I3ro0$SV2Uw)T|(`SZZV!Y5L#MUkf=&Koi_~g60gEjvY(Qj-_VD zQnT6x|8tfa*a>uF)_cpA?#Ulq1Uo_Y`jNuOb#u+HsFrqB@EAN3e15Haf;USH5+ULZ zfCzTe{$Z&R8Hb2_c5Uj%D~MowM0d?BF^xn7K-*es;7IJrU?hxxS!!}V!;u2v+uR$v zSi7oZbM0=hDNQ^vvl2Uq8(0nDXgih~cpAz16!=ohx}^qLB`N5t?a{Jg0{POE2N%g{%?I3cvnOa32EfDT%cQ>c~fC+V~BSE{hiQ0S=MFFo;-HrIf zNvXI}BbUDWT%~>`KbX#3Y-sxU-sK^l_@{sw65^;&cYGXQ3pjAZL_Q{(JNfmdf4%)R z5$UhtYT9<=+}i9!oF!*0&#_5;yd&jf6+x<&JkooHD{s<@W`Cf8>V=5A%{ zDV`OE0lUfI>HsY7SZe-fOHE@p&)^^55#2|* zV{-}N4XT=ZRV5$OVYO*J%C)?Y0R|)kK57a# z2s)WxJT2mI`;{T1My%Hx{4|i-$x@BZ&(5J>;FPNN8x;qK=$gvOFGKN{_cOcbcpk`R zsZx9F#rk=M&4A0C)YY``jr9DUtNZ6(JtCUz>wWn(ib3xqow`z~`9+COfA9{3naIDX znN>ev&har-eC}bg50&E7ufnPGJzPP*bV`>!I^sPmluv|PeF9a2$bLY zX*C!K9J!bG9Qwo`5)Cc!+wc#3?(ge;%5%pgL)Ycy*khk_RNtod6Vg)!3{{C16O-C7 z;O3-;N?spLi4*RkzsHAlQ>{6r_@{;YwOZfATEE0cnfg~-^L{@n=MbFSOIrB*h;~S? zzG7{mM6d8jopHuFFM5fPSHFdiD3Dth;q^s5NXQ6vZ1uTGcD=b%V1d-<@V*1SFYu^D z?^9sE$K!oNBltU{zWScORlDGkUAM=7dvRZNlOP+J(y}b56_R-D#S8IUr^_C+CmLyG!U_ z<#VgFRcoa(J{}&cJp72|7PmetO~J*dM|IjHy?>d%yR31{@W>I42Rv<4MCve-_aG89 z&sn|5+}O9t?aDT}89+pq+v~Y)*}gW->4S)YW7{I4m^+Ycf&373RVAwZr9buaLRcT4 zDR_RqID+D;GJ>^xk8CWB-U#(?iXkly;$0GsM&-DaanWMkpHwc;1j9&7ZPs(!!ZLq@ z2aLpF{ag&>Is+eYb7veNR}buGg~|~mYU-l5RvHmrg>XI1oNiwZf)Lx zsDPX|UjCVev7cG{j0decDs()^*xO3Frl*f_$M!0G%q$}hYzR1ATYBcAe{9G(fthbY zdru(R{?G0JCi7jdvTPlf6Zj|BRZKl&$ zBf8>tI$@X@l&|Y=$?d`sJ~x~`r8=3GbzxRp-udRDqnyiE2~qJn?;HKKGROQyIuU%s zFI{u4m4r#w{kb-zb!Ya`>D|+G)^fp5Xtj4Ia#!6r$hh<!gHqy#M7#KK4GCK{cAC<`Tl_gzFM5u1WGz|Lv;>pCc>B%aT2mYu37{y zoibDsbu@>ZMwl=QD3;qeFa8dksKe~;dvYm}>}Qd;{!f*pqI~PcOElE8WDDH>=ZjYv!G5>mpW z_d!>s(#R(^jP(ykA$vppK~SZJuu6R@P;1H;$YI;ptK1yFU+Q|<>o=k))Y4Z^>~SNgBoJuB9vn!2hb8U8+_ z(O4}7X6n+relo+B4$q(S6=oX5ylEBX0ZoOxC1;R+mY&Xp!(A2tsN=LM0=lypUc`@%J5XKmO z0P)WhI+IT84TyLvY+FPik=r_~B4P)wB9>yVuc5Z#ANguV5aTAcz)og;9_j}>jNMsz zu>)a@9N6oKTeFTShA}28Y>F`tWDU;d0UsQlT#GRT#OUr15X%d((MaSs>>y(M`n@*? zL5_(%mI`KWMIz7JB$4yt_Q3xJC31+qs|fr5O(M@xmipZSMo8N#k(;Qq0(2;mLuAq7 zbz9I@Cg|;9+^qgtMD#7eMkA49YC%M)_4(h32qbbW zHdMr|N;8ni;V@6ZF#lf2g?hnZGF&zk1*D`EP*Q;^k+0AJ5d}N3(MaT>-bh59Z4pr< zauW?m$JW46C2}|-ZTET(Tgmr11V=0x-b8){$m2JZ$g48esQQjTm}o%6(*W_`@6m?( zK*ZFVO*#BVvV!u#4iim~13-lz?1)Hs&}lO>|P&;Os z9ka}iS!Ty9gW{?9zcf+ooImrwZkB&#acwIbGy6~_auY4E<_DwgNaXO;iBS7Jfb?~V95Q`&8eNqf z4S`IP-$tF&nSIJqvz4$)3KG_;SEr@u02^)<>uGs_;hq<;z1XU8iy@m)Z6((BX zuT_csO%J|V>zUT8`&*Cvig~$InWE_$+Du(DE-EO?pSBdb*ToN?lUFPri-}Ub?fYzZ z9M=5jXeIS;Z^}$M_T9LfTyZR|pe4q^nMQ$8&cgNyS!7b|Ek!ImLSCu!C%#=iviq}Y z@xvEi6L8h3Ri@&eI(`ej`|~YMe|kbw`|!14lHfOe+9i=cclV1s+|=FOLFZs2^IOU( zuKzuvFi5~&&{~ezQ;!*^~oyrIy$|MT^PM~hR1@&BU|`zoH1`hCh^k( z^CiVgjzVx}U}fusmUuTBi9GZnWH=2nylNl;`vkL`c*HfEt9^o_LC-Xu4c|(zEStKO+^coRObbG!vXY*55i))D=DP z(&9||ur#xt{)>LD--i$DKWI~4eBP?PSFCnXr~M7CAZ4=ng-9Jc%j`jyq|V202?Ii9 zzENdmwNLiS_|Ht)bhph2>-ZJBV=oRJyMD4ab?WwnScZGJzOQB5`|HE4UV0wB2d>>o zi4P@tX(-8W=s?P%d?8LwSxEED$At^mFOmh8n^#EGT$mL8MPB_ISA?WY3gNB)xLPRS zResoU1^XI4o|uDIzm|>H<>fse`=Kd$a*mjG-Y$p0`$1n?0q@&;y1PGuKjWh?U9Sr} zJPP$2K2pMliEnks@_4jnwfH+Luus25As-P#*tuDR96MKpEhu>S=)CVQ;^k69r3*9_ zJx_W*y_Hu~x@BVD)NUar5d7kY5k}i^^~)Hk1H_UU#s$XQc^3tlXUp<@6MYWG9VPS6 z93W#Rh|tXazPpO_v|f2g>vDo)IaZtY80|I90AjqGe;V1Cimx!3T`aW~yOvLaBO;w> z(KL0@tpi_=&GB<3A61j1Y;r^GM|?j)1D9j7^hfMfT?+T>D!uVJG;%1m)QVCuI9ZwF zro&qjdp?n6^E-ugbd*iwd#8>hC#Dx#4>o#fw~+4p(xr3ut)eKdr9uyT2W{aC{@K{p z5t;p%g9VkPQ^#-jXS@@{Dhk-eXk?vXEl3Pr=2-g&MQ(;Ya0XnVt2=pH)+_vs$Sr7Q zcrMJ!+eOF?!&wGpsYO!IRlnva0J>MUAi=h*i8e$GW#5fPB0u5|ulWO;`t)B!&{dPy zws&#oAtH!;OU%}l>oIS$0`Y?*WZ0v2l|@p}RgR*{$R;MBtIWfg398q>;k|_gQ)=X4 zy@%oM<3<*aB3S@23lyxffJX;nHUTly{kc%0d+Y#hx9YXC7ZJYM1*4REoGy)4ohC3o zAV&79w zZd(vdLj#bAV%s93NaT<$m>+_U2MfD*OvBZ)gYhRuf|9{lBLU~H57d~qs{`C<)NZ~r zsc=vZOdo$Se(Qsr-f?=CuN|@@E-;ciuh()EZbDFUmo=Bij*` zWr!$QyBm!}jwuBZrQlk0-Ys$8i5#ELH}9+XEf>sY?Jt!DBjN5w$NC*3$We35CXO-z>-Qk*Su<-KF@xGR zg@`@?@!t|TAtgjS4r_EH>nn(W^&{@6h~O`slI4!n!;9x`Omd|O%(uq;VW40MmmfC! z;+-nndRiw)+s~F7!E@|tfX^X)!QFdtNIp>Rx_HsuYn0-lvl+Dl22;99RQyY8s~h$z zaxcYV3qIZ%+#8k8LG_%OYUxXIJ6BHE>9eg*o^*v=7MEo>g!nPnrXBlyX+Viwxv^~YV2AA0-3w{oBT-uPug@{{uvLCZcgf(KKZa%jk=vB|VeK3d)- zQlOwV+;5ZA)4QM9IDrjMpQrZ~UNG}9%p8B_0F2!w&1w+~=AL5a7c-7OFMeRt;WFzN zE+P8-m($J8hh9EMxPp?R<}P`vevq{9I@*#V%hcJc%5B3?#Qb_s46ci9=DjPl5yCtL zoq;o9Un-J(g%w;*$Wt(pRb?d-h0B~$#+LhhN$8$D*7#?h+HW2E?#&{|$W`D>@_$BK zr9p5eGd6x=9IVe4?_pxkbD&D($SMW(fuMVG;*@zI?rG57b2!Wx?Hh zV?m0V(_CvmM`0vbG^jN-&jF$-f>oM% zX04`JV3h^}M26?+KG;Ft0uhgFs{6l)ph_+KRuPF*AtK1_uBwd51&X{M`sXXZG~TH0 z>3jD2z~TtcZHFsLF{GSvvgRDjwTIMAGi_~k=uTsMvtNAwrzv~D?>?U_{;^3+iiN^b zK`t6yo7eaGCO@QeFaA)7D;5;Jl_&l9v!aup(8H=4o$LxDwHqHCxk^TllgKsVR7YL! zF%H|;-RX39s>DR4?R|xw^bNVC!R&N}TW=YO$+B~WbYZ4EQs~|y4-H1nBD~{nSYEK zlnL{e&D$EO>+0RScw$ZaS;|wNgxt1>P`40&PA}MHayFXvH)%67jHH5hUH;#C&%hai zxrxzlstcgfEdrH}Xerufbr#7}5D4>@V1TGshpy7D$wI{b@@)};L>}p}ib#>RirDyW z9dS#q=MP2hHe^_DVhiYg^OdL)xrGudFGU)Rai(=0ackDmNHbZ|CP90?5@bCICGyB! zYcak+AS{$Z0OG~VyU6DW~GWJXPNACx=!4kGV8u_;dEV$6RX113PX>tp7RFS2AmZ@7e<3#8pdzjaV^V3iFCO|R z!QFmc%R8mVe?OSl9bs%o7~2uXc7!n${bWZNvoKrHkXF7yvHiy)z<>K+7slYdBolOg zD2l<~mfLPsb}Q`sL5ZlHKerWmF9E_>I^5SoZZuIN? z&+ywC~uLkAg&n7tnuD1 zeyy@)7c^s;`5qO}3#MboP_|`Dsr{FPo zCY^Gvds=~&_-=?u3lRS;k?$siy+!=%wuoSR#J&&}5p;rn#5S^OiNnv{pXBn9tozBXw6rH0J+=`$hs{$IPq1c|QFSUlGy6^+F?TZgbe zRDQAPP>5?zOM_`!bbd=!+l^g>3MUhs?K6LtL|uC^X|2+Ijjqw->!Wk0a;LQ-Z|3Rv zWQS6US$uImqezU~kz}WO;gVo+<_O)qhdt*32HikH{Jhz-wMie&Qe=5LxMzzyR!}HU z4|KCvcs`LJjKGMxSB+2-Pg5>bmsv;@*02=|Khd(^>2!J4Z=L6i5jWqx3{BHvc$;B4 zf7kh^&KtWv<#B?wIs2Zx3ynn1R}C2^nMS=jWU{}9<@=yYHsY7yhZ*$zeS$x zV86T2nh=|e=RneB+w*TboAc{K>jJYV?)5azMp9#57+?#{lp{(#cudase%~1TBQ-PK z@z?YCQf%kX_{M8!Cvd!d%lu?O{_^}OzUJdPxuZ@Q#agsTrzu|gtG~bC+sU^mP)xz2iC6q>XtSqE4udIV` zO_PLKa_*KB#eHH=9U^M!DW?FAW6perXlz@b+3TJ4au6{@MKp%=6N&mn;tq%q>fC z4u8P^{)M1{+~amIN#e3nf`UnLcSOFEj<~dF{!GXP#iz9Ia+r8czX#g+v`-<1@WT%0 zP`JKcu6Bt&K=)xflYy}}skT}3cqsmFnd>S0*-4_FyxLEtrH;EyA@NGmB+%e|n`=oG zmw9)EZ`M0Yi^Rf`If02B$F3%#OXYiSYaW_prn-i6v`0wu*YIdiTT17FZ_6KTp1QG} zwDjY(!eJM}7=5fJDaO9*q;8q~u()`j)b(?dHcLXn;rm&eocC?)&reD55$9r z9wnfwf}!AV%d?Oqff_^beR~Ykcwe@eiZ;9EI5xH&73=g7S5&e*Ng8XnK3n1p>!D}%mgP6g60YTUL zY*(2;%5yU8q2{w4;g5_?jOMlpJV|UHLIkvOzTHE6M~7h7X?p7J3{H0)1@hzi*L{DC zz(~A7B;o)7{$z=VnLix4Kbpq5iDmGVEH4b@j>KYAmLcLWK=cM7!QU1{hqy7ATWrg=h+y7= zJ5Uh;2yZQh<dBcJzO!&64&TbS~4^y^E8-XWKxD`S+7H~j=za@;qPGu)Tk2qI_vXnr_5Y_ zC`5QxtFp~1^{Av=@Er><7ousL2sx({bUvY6thC_q4Il5{NBIb}rEO!##VWI4B=$GZ zvCen`M#B6Km7@Y`z&bdF8L)nQjUyllS&~6SFM#-Oi9Fc|B1XWI4mMmZe-Q!ez2m5e z;4httS1j};iH(N`IfAVRHA4w09&=ndB&lFPf2BL4%Z0c5gE1t2s@pm-Jo-bV zUM{Ui{IDgezvf`x$7UrtB@U@F>|_4rttM}n!fg%}F$0LIezU!rT zmb%LPi~}zp|EUA!f^p^d2m9Hav(xzY4`}Y?$Fq#u#b2DxB2xE4m2&rR?bWNFxKxCA zKcD<`h<`EefN|Mv?HS7kHHFrw7l&S7$km%{2=F<2+Ni#cF5eEPL+tp}?RVdZEDovd z5#&FS63n<3W9OV_I%^{ePy9aBp1)7-;m3F>DsyqpC@xQ5 zt8q0^14n$P)Qg2IwBu#i=a#XPl?>V&v*J4{{iU_9PR(i;Rx`O-i;-aemJc^|7}hEk z64NDH7Um<2&rdwX)qkwWDu&HF2F_$Rm`OWO_VBk&Z+L^OQoK!7YW+Q|FbGv5w%!>I>DidMn=ee*3bhco`e_;DGC~qW6mwuWZ?^ zi2HS7s`kT3VsE0W((wuyiK+~0O%(=#Douq|8owr7QUg)YlKc^@Qt#bp-XdSngNWzg zxx^c)^e-Z)(!FcUEgGxb@{{+8ppdbb?-`DN2)ZS`Re@ z9`xd%a;*OzZDOZ<$4YzIx;=ZnWcoy*c^R?_otijoT=Z-#Ew0 zOQ#hE5a%(`)YFp?T7Tpwh_$m5yjB z;Oc6x;bcG{tY)47M0Z+r)`=xahNqCH#Fm8HFAU4eqQFwVT8ta5(JVdNlTSLr4kT;B^4uY9OS|=Wi zY_?8_xWfMitrHO40ieTahQBQgY-gRwQ+TQ01V;F=)jDAt#L6q;3at|mIT?Y@I-`eF z@4v#68&Zi|RwomfHK z8aS$T0*>fHyPm_=GCUm%bHH6cylI8}C6LD`v`z%btWo8)N`5dv{P*bsG*=)Z+tj8U zMv<(boGxG+0*VBn!qWwG8~)&vDs#WWkbV1k@_~v5sKFgEXh#g%5rh7-Vi4>tiJ%kw z+eG#3GwcM>>+Zl!y~R%uwYRL8sBli1X#!B7*IaOTeJK5fOlFYn^~2 z(X)b)fcy@Bo7upSr_q72bHc5i4NpQyHWW~;6Sj|5*8Drx31FRYk>^*sbL*Hl>w3NMY|QPDFVqHA;N3##N1MC=wML}Q(JJqHn8;B~s;TK$U% zszl(<8lpc$1b?ksCrYNm?D#GV%p3@hU1}k~iJFVWHEo>j4}GFAfI}OlK)jHA& zx0K(r-wsl_Gk@1Y=;b|i<={Huhciqw zdrN(Ih$gjd@MAAu%uB;64RNsoUYWzL2 z2F*$DoqHIJkIVJro$L$#DI&SQGx|@7gl5H{ML1q#($5s0S+ORW{3cflDpI9kySsHS zV%q6>GvaOcKlU7s^jH@7t$H>&rbw%otZV=BU7>SCCA-EaQeSi_QVS(C-lJz|#BV9! zQ0~vR=FM^%H+W@VZP*0nZe{C)>jaH1WSCtY_3AJxYZ%GCf@+oL|h8WFQciS8k_^jkv z?Lv4dEi1X}gL;mHp;EO#IQR22yGv}{>A&jV;^-iGb~e7RM4UMx&& zcqClb?$Dfo@4FL$@>@TB0t4~pS$eyTPb1@vtk;8o$gmcZ6c06zx}AxOD}FqPPhTg@ zq9(uF>&&m(QjIys8mvY=3Fk((gDFj=Z(j5elv_R#dW18u{D`ek`hj7s{bl2ZJ-7Eh zeebyVYqA zx|&cpMs&?T{f_^2MhAtFN(;u5uQi7(F>zX)M;d&~mrC>|WMW1!<+%s>@~n~>g>9 z4Qr!0D?Ijp6T#?;iQ&6%M?M^|?{Ry>Ri><=!YNsa_g2Df9#O6m8l*DswN!q0TK|w& zpE>Ck-TU(1#ezNA4a9zTl|Ih379y`l+gIa!bsn9!U_f0=~Gl;ZBfk zj${GEtk|^{GuS}2jRi5&$zKduAhQwuDjd~!?jDP%=eevOPC=jPd&^?qi7K|}xP)aL z^%OZk*c@1q=#9Vc)|7>2G9F~l8$_}?AKT=nhs-T$o7@t%$*lw;s{dZkZ406)jXo05 zVp~KM>jaW5kRO7MF7UkzUNcF+eE0o_cl@5;3<>1OZsz-}q2O6_QJVka=Se=nFAcsU zzuki3&4nTc7b6SPJzyk^lk2%{VVU2~5k}JVU=zz=ZEPlulsl+US%!!aQ-o-&6Wj+O zB31mhh+y7Itx*v{ZoE%%OO6|Q{|>IU(KM_W_;&CZ3zi*@kIpT<*K=o>BF_#yBY#DF zXIMN{yLi~nuDQ73)ra~&EfZ?_-LfCD^9@X&ro~Q7!^liA(H&t;a}CM5`6kw-L5==G zwN9+Fei&z@z{=u|`PX1shYMt99@Z!scrUWPPRpv3SG~t#(sko$lb{S&eBn>wq)u1W z`w}`sv|cch3)tw6uzscvBT2~E#L+Lnx-(?`E?n2Ftgg#pZ9~LDJR&sK3Bz89*zikfx2f+piHyQO{#~djKa?Ur-HEi#B`HZhVM4hx zfZCbOA+TQtE8B`Aqh~Vpy*Y;Cp~nx3DB|A^GCAlA6;W{+NWG@4daV82=mSCVX|8hR zyCV!5_U(A*+6|f$6cSPeYR=EKe(f2v{Y)nvWo_f#nyA)q^SY1SN_&9lS_oZ$^0RK< zq0YjW-|8q921QDuUyN!8#8oLv8ruzrJQNkpop4PMRI}mSIWH?p#^~oG zrY=3oW6aG>+IzgOWJWNTRF~Z$H4OG`#Mgu~$%c=%N)3=z3O_=;;pxT9xnU&N0M$BS z8wWZmm`w!T34RIw)`_eiKXnBAh@ZwQXvb6)UcTzt(q&K_av|Q}l$(JGyW0sDs2&xo!&uZO^GeSg=+g+E)5C;477YrQS;-R}8yi5z@&p$4y_i1{i6#7d$t-a}I zx%iu**JcF6S~$Z;H2w6nyx$*SSFXESb}E?6>aY`|hD;XA(?RWzM;`qA(;1QTbE#;l zzV^Fv4f|1sy>S;jxtP>94g#gGOf-Z78IjG6?At__SE6R?6vD#%U60+Q@W0Cik znI-7$pHPG|3gW*Bq5Tw6Yb!KHc=Z0a!+CZvlF{$z-n0LZ0VBBypCC5enR9_kX9iR{ zq9rqd)mfAiK_DD(o&m%;Ep%p#k2fHq#rgs4$mhtvh(IDY=3hlr5MD*R0c>(;?%7By z85cB*Ze$DSe!0u2rwcgLu<|Mh!x&>s))BY4Q`*27o7N2@D={vEtjC~4Ze+O@BY5g{ zsEGxL)WPV!QGbjMB9iv3@tBVwPpMWk2Q!D1$fu$=OXNymj1`F-qH6>6|0jt&e{Oc> zEEvIJt3>VuY*_Nt zQDqCrKL8P#^3i>D*9*CMSoC{S4kk!eP$Y6E3XlUpg%bHJ^%BPLrPpD<-o-~8#lPPT z>T*XS-;v07B=Y~PL=HOvdjT#Qi9Gr~>}Jp4w>ejC>?>_}t+yy-q4t&)iTrHs^P|fb z^2Y|7_yUuF$sBZo9f^ELBHxk7cO-HYC3Qz4|NkYC!_I#mbp965n&EHDsFAfWn%vW5;@G!9Ax;`rGs4iC!?;L7Z_8jRfU} z_6KFL-e*q@{I)s*}2`NfiBiF^xuB zen8CZyqrLWX4mk*!u`k)H>ZWyl270HGkHoBJAK-(T~;+xL?s*&7&_*6@>z2!BXudA z+_$;ibP;SNGIS}Y?0=ZDqQena924`6Qu%uYp8Jgmstvd~Hr0;G9ClwoY{4s2?webEg8|zSyuzQ&~X- zRT2c=V_MlfR&rUX5)6Xfbm0F(91(x(YGpNReU0PdfqSi~p8KUzk7+c$Igi~RdZKXL zsPIZz_%wKi{(#hGhIQ6zLW3i4;Z0Q`Y9!p#himLNbmiLnVJ{!HTmIAV3_YsWTte_F#1~E zV^X1(DxuH^%6E_7ZDD>}8B2;|7xR=eY?P^z=zv&0Gfz=_S#yN1bfuT>zCC4^%YkvC@;nP4~Fm>P`$guA(bl<4=x(XRCzKnWxES^lMRvkc< z$en1wl?_=7ww#>q zgKGX$%a-HDdlot;gl@(MMu!Hd|B1__+2g}3Yy131qR7O3Pw%}CWGD=$Fuo*GzV~() z%N{pM$>(ZT?31t9^U>s$uQLOuCP%VTlYy5%0T*_X#F_98OxcY5mn{j5TF;#&md+=+ zos?GB!u;tiD2wTpwy&tAU7IEPwAub!@$Mh=i887pgx${lxO!$h^Oo4zqjRjhK`PG{ zo?%O|H6JB|TGV zjCrT6ZJZ$lUt&U3>ufG1$Tl^Hh#gZ`=H9Yw^@kK z@-)ZyJI4=;)bA}AEVPiO;dQEDd_-v5OM6RK)P=Y3h^l$Bjgmt{TS%tcP~>M+ib6 zA6hJNRQ8^ce5;EWP2z{wAjqhtL;6uB1$jBH{0l{HhF56GD7vm{hJ5$<)4HIIyql{I z%*`(QfUf#A;rv<;bO$|<1|ljT@X$!)g-A*6;kuP+BO>Uk;WKN9!0_fo1H#@Cvrgdp z_l&n$FX+LpQkIC?RhE4~R{_V{k}Z%Qg6>CyxR+>Xp9p@)`Ih3RTE{7guaAhjn7qB5YcUiaolS3| zPv!CIcHFcn)&11N<(|>*0WXlNGTM;!+_tdH?~9aHi`U;uM^?sVur^)>Z##lFh(Z7V zd%s1p40FSMgzg*lBzSP%1Pf8;?JpvjH?d8KAUEEusmhbsy)L`v25SX+z4tz3EA4-K zaem-}bF+4bjQ?cZ{O$0Bi}vL&krkz-)z201sVL#Xqendl+*ZiLMgA4fKT5tX6Fkdbk zHQ8FfvG`!b88ocPsCC%YL$v}%k`aTBb)DOgqru=!99aX_7a;3#OKYrW!rF$2<4Neg zQU8($B0kdF77?({ora1C{?duZaA~aX`x2$epp8@bfp}3iU7q9*1L7G)`MAObA$lsl zxqRp34*J2WyST(cC#5MO?-^S0B_8uQ>-yv?!%X9e&+g7dGGztl;_F8Z_IC*7dl9Qr z+YjB%*H2bHPVfBVgZ`_2o=)Cf`IzcY2%qzF}Q!PERc<)+S^1erTt}%l9S+leGv#@Z@3L z`KgKh4{^WXGoR|0^t+hMag_1$$6~cd+>#l+HXeybB-)iH19EtFSL&(J8&a3ZrA@kB zp4PvD@v}ng$iC{68kvKicGG)U3VXvs zO10WgP^BUh2Ucbh)CC*pq@X?!bXuRjIQzL@!z1JE!(RTibmd~RT9qIEotu#}9&FetP};8_sRU;d)auB@0o$KZ11)GVu>zk?ieWReFSqUzqr zg6NzV?r|rI-rX!-{^~?;CU~YIE!FJfcLj0p&M1MIp0(SH?w)}Zw97V1wE2*?lxlUL z#%+|yopo7xFB>EP#P3|VXilB*GJ@Qd8KHEqRYVkt{O%G&gmod)Hp}2Fm(NZ@n|IXn z=(tCIcAwQF%thsWVmEke66%UGh2~lIm>UK-{gCRb_jt&~5j4XGBjMpew?1j+hmqX* zfI5rnZXiFP(h)5M>#x?ul_@ZRONjtcI~v`4>4r}sVlOl=ZFuVYiwGq00K-*8-O*J< ziR5*}Eq7RcFQj?946b-qC346=(EZfiQ6+MhQdVBwQ5a)(+B)LaJLSkj7^8;6rWoA; SswtGn{bSc+1j}KU(*FY@output && btest-diff output + +notice_ssh_guesser.bro + + +@load protocols/ssh/detect-bruteforcing + +redef SSH::password_guesses_limit=10; + +hook Notice::policy(n: Notice::Info) + { + if ( n$note == SSH::Password_Guessing && /192\.168\.56\.103/ in n$sub ) + add n$actions[Notice::ACTION_EMAIL]; + } diff --git a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest index af9ea0dc83..7905ffd953 100644 --- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest +++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest @@ -31,7 +31,7 @@ export { /^ftp[0-9]*\./ &redef; } -event SSH::heuristic_successful_login(c: connection) +event ssh_auth_successful(c: connection, auth_method_none: bool) { for ( host in set(c$id$orig_h, c$id$resp_h) ) { diff --git a/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest new file mode 100644 index 0000000000..50d6f17694 --- /dev/null +++ b/testing/btest/doc/sphinx/notice_ssh_guesser.bro.btest @@ -0,0 +1,2 @@ +@TEST-EXEC: btest-rst-cmd bro -C -r ${TRACES}/ssh/sshguess.pcap ${DOC_ROOT}/frameworks/notice_ssh_guesser.bro +@TEST-EXEC: btest-rst-cmd cat notice.log diff --git a/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro new file mode 100644 index 0000000000..e28ebf5b49 --- /dev/null +++ b/testing/btest/scripts/policy/protocols/ssh/detect-bruteforcing.bro @@ -0,0 +1,5 @@ +# @TEST-EXEC: bro -C -r $TRACES/ssh/sshguess.pcap %INPUT +# @TEST-EXEC: btest-diff notice.log + +@load protocols/ssh/detect-bruteforcing +redef SSH::password_guesses_limit=10; From d837d4a0be09d6ea11ff0c81ae45596e1d82275e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 12:02:07 -0500 Subject: [PATCH 113/121] Increase timeout duration in some broker tests. --- CHANGES | 4 ++++ VERSION | 2 +- testing/btest/broker/clone_store.bro | 4 ++-- testing/btest/broker/master_store.bro | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index c84410303b..b3571cf874 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.3-637 | 2015-03-30 12:02:07 -0500 + + * Increase timeout duration in some broker tests. (Jon Siwek) + 2.3-636 | 2015-03-30 11:26:32 -0500 * Updates related to SSH analysis. (Jon Siwek) diff --git a/VERSION b/VERSION index b7ffdd164c..490e7ba99b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-636 +2.3-637 diff --git a/testing/btest/broker/clone_store.bro b/testing/btest/broker/clone_store.bro index 769ab8df58..1973595bab 100644 --- a/testing/btest/broker/clone_store.bro +++ b/testing/btest/broker/clone_store.bro @@ -4,7 +4,7 @@ # @TEST-EXEC: btest-bg-run clone "bro -b -r $TRACES/wikipedia.trace ../clone.bro broker_port=$BROKER_PORT >clone.out" # @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace ../master.bro broker_port=$BROKER_PORT >master.out" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff clone/clone.out # @TEST-EXEC: btest-diff master/master.out @@ -17,7 +17,7 @@ global h: opaque of BrokerStore::Handle; global expected_key_count = 4; global key_count = 0; -global query_timeout = 15sec; +global query_timeout = 30sec; function do_lookup(key: string) { diff --git a/testing/btest/broker/master_store.bro b/testing/btest/broker/master_store.bro index 2672043f62..3863822988 100644 --- a/testing/btest/broker/master_store.bro +++ b/testing/btest/broker/master_store.bro @@ -1,7 +1,7 @@ # @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt # @TEST-EXEC: btest-bg-run master "bro -b -r $TRACES/wikipedia.trace %INPUT >out" -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff master/out redef exit_only_after_terminate = T; @@ -16,7 +16,7 @@ const pop_expect_count = 2; global test_size: event(where: string &default = ""); -global query_timeout = 5sec; +global query_timeout = 30sec; event test_clear() { From 55ce8310a07e24dc26e8293623fae4d3f030dcbe Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 30 Mar 2015 11:36:01 -0700 Subject: [PATCH 114/121] Limit maximum number of DTLS fragments to 30. Addresses BIT-1359 --- src/analyzer/protocol/ssl/dtls-analyzer.pac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac index f4c2df9e3f..a71658f2df 100644 --- a/src/analyzer/protocol/ssl/dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac @@ -122,9 +122,9 @@ refine connection SSL_Conn += { if ( i->message_last_sequence != 0 && i->first_sequence_seen ) { uint64 total_length = i->message_last_sequence - i->message_first_sequence; - if ( total_length > 32 ) + if ( total_length > 30 ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 32 pieces. Cannot reassemble.")); + bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 30 pieces. Cannot reassemble.")); return true; } From c26fa284b9e1b8ac1cca2cb308ea1e6c3e40707d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 30 Mar 2015 13:50:34 -0500 Subject: [PATCH 115/121] Updating submodule(s). [nomail] --- aux/broctl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aux/broctl b/aux/broctl index df2f22d433..ba32cb29e9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit df2f22d43389f5d8ab00a1ded3add3094a2c6ccd +Subproject commit ba32cb29e9d72a5612cf1d7c6aa63ed465bf6232 From 20a8ec53cacf9073c7385cdee0dc2300509c203e Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 2 Apr 2015 10:10:39 -0500 Subject: [PATCH 116/121] BIT-1366: improve checksum offloading warning. --- CHANGES | 5 +++++ VERSION | 2 +- scripts/base/misc/find-checksum-offloading.bro | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index d6bdad9954..b9f0ee4dc9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-676 | 2015-04-02 10:10:39 -0500 + + * BIT-1366: improve checksum offloading warning. + (Frank Meier, Jon Siwek) + 2.3-675 | 2015-03-30 17:05:05 -0500 * Add an RDP analyzer. (Josh Liburdi, Seth Hall, Johanna Amann) diff --git a/VERSION b/VERSION index 9c97b96772..4eff095b4e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-675 +2.3-676 diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.bro index d7e6577827..fae017fff1 100644 --- a/scripts/base/misc/find-checksum-offloading.bro +++ b/scripts/base/misc/find-checksum-offloading.bro @@ -50,7 +50,7 @@ event ChecksumOffloading::check() bad_checksum_msg += "UDP"; } - local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading.", packet_src, bad_checksum_msg); + local message = fmt("Your %s invalid %s checksums, most likely from NIC checksum offloading. By default, packets with invalid checksums are discarded by Bro unless using the -C command-line option or toggling the 'ignore_checksums' variable. Alternatively, disable checksum offloading by the network adapter to ensure Bro analyzes the actual checksums that are transmitted.", packet_src, bad_checksum_msg); Reporter::warning(message); done = T; } From b0ee924aa2f0db2334aefe32f8f2ee132cfed01e Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Fri, 3 Apr 2015 15:51:30 -0700 Subject: [PATCH 117/121] Updating submodule(s). [nomail] --- aux/broctl | 2 +- src/3rdparty | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aux/broctl b/aux/broctl index ba32cb29e9..e864a0949e 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit ba32cb29e9d72a5612cf1d7c6aa63ed465bf6232 +Subproject commit e864a0949e52a797f4000194b5c2980cf3618deb diff --git a/src/3rdparty b/src/3rdparty index d4c305df93..f2e34d731e 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit d4c305df93d555ab468dbad4a5b69412bf44a833 +Subproject commit f2e34d731ed29bb993fbb065846faa342a8c824f From ffbeafb549969cf75c7f463376ba767620166904 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 6 Apr 2015 10:12:08 -0500 Subject: [PATCH 118/121] Fix Coverity warning in RDP analyzer. --- src/analyzer/protocol/rdp/RDP.cc | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index 25d5429e8d..3d2da899cc 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -58,17 +58,19 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { pia = new pia::PIA_TCP(Conn()); - if ( AddChildAnalyzer(pia) ) + if ( ! AddChildAnalyzer(pia) ) { - pia->FirstPacket(true, 0); - pia->FirstPacket(false, 0); + reporter->AnalyzerError(this, + "failed to add TCP child analyzer " + "to RPD analyzer: already exists"); + return; } + + pia->FirstPacket(true, 0); + pia->FirstPacket(false, 0); } - if ( pia ) - { - ForwardStream(len, data, orig); - } + ForwardStream(len, data, orig); } } else // if not encrypted From 1a422963897f8d76fabf346cf01517619012838a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 6 Apr 2015 10:16:36 -0500 Subject: [PATCH 119/121] Increase some unit test timeouts. --- CHANGES | 6 ++++++ VERSION | 2 +- testing/btest/core/leaks/ayiya.test | 2 +- testing/btest/core/leaks/basic-cluster.bro | 2 +- testing/btest/core/leaks/bloomfilter.bro | 2 +- testing/btest/core/leaks/dns-txt.bro | 2 +- testing/btest/core/leaks/dns.bro | 2 +- testing/btest/core/leaks/dtls.bro | 2 +- testing/btest/core/leaks/exec.test | 2 +- testing/btest/core/leaks/file-analysis-http-get.bro | 2 +- testing/btest/core/leaks/gridftp.test | 2 +- testing/btest/core/leaks/gtp_opt_header.test | 2 +- testing/btest/core/leaks/hll_cluster.bro | 2 +- testing/btest/core/leaks/hook.bro | 2 +- testing/btest/core/leaks/http-connect.bro | 2 +- testing/btest/core/leaks/incr-vec-expr.test | 2 +- testing/btest/core/leaks/input-basic.bro | 2 +- testing/btest/core/leaks/input-missing-enum.bro | 2 +- testing/btest/core/leaks/input-optional-event.bro | 2 +- testing/btest/core/leaks/input-optional-table.bro | 2 +- testing/btest/core/leaks/input-raw.bro | 2 +- testing/btest/core/leaks/input-reread.bro | 2 +- testing/btest/core/leaks/input-sqlite.bro | 2 +- testing/btest/core/leaks/input-with-remove.bro | 2 +- testing/btest/core/leaks/ip-in-ip.test | 2 +- testing/btest/core/leaks/ipv6_ext_headers.test | 2 +- testing/btest/core/leaks/mysql.test | 2 +- testing/btest/core/leaks/radius.test | 2 +- testing/btest/core/leaks/remote.bro | 2 +- testing/btest/core/leaks/returnwhen.bro | 2 +- testing/btest/core/leaks/snmp.test | 2 +- testing/btest/core/leaks/ssh.test | 2 +- testing/btest/core/leaks/string-indexing.bro | 2 +- testing/btest/core/leaks/switch-statement.bro | 2 +- testing/btest/core/leaks/teredo.bro | 2 +- testing/btest/core/leaks/test-all.bro | 2 +- testing/btest/core/leaks/vector-val-bifs.test | 2 +- testing/btest/core/leaks/while.bro | 2 +- testing/btest/core/leaks/x509_ocsp_verify.bro | 2 +- testing/btest/core/leaks/x509_verify.bro | 2 +- 40 files changed, 45 insertions(+), 39 deletions(-) diff --git a/CHANGES b/CHANGES index b9f0ee4dc9..5b3a00d300 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ +2.3-679 | 2015-04-06 10:16:36 -0500 + + * Increase some unit test timeouts. (Jon Siwek) + + * Fix Coverity warning in RDP analyzer. (Jon Siwek) + 2.3-676 | 2015-04-02 10:10:39 -0500 * BIT-1366: improve checksum offloading warning. diff --git a/VERSION b/VERSION index 4eff095b4e..e635d96a94 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-676 +2.3-679 diff --git a/testing/btest/core/leaks/ayiya.test b/testing/btest/core/leaks/ayiya.test index bf9f867cdd..3572cf98ba 100644 --- a/testing/btest/core/leaks/ayiya.test +++ b/testing/btest/core/leaks/ayiya.test @@ -5,4 +5,4 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/ayiya3.trace -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/basic-cluster.bro b/testing/btest/core/leaks/basic-cluster.bro index 2d93469850..7c9df36b9a 100644 --- a/testing/btest/core/leaks/basic-cluster.bro +++ b/testing/btest/core/leaks/basic-cluster.bro @@ -9,7 +9,7 @@ # @TEST-EXEC: sleep 1 # @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro -m %INPUT # @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro -m %INPUT -# @TEST-EXEC: btest-bg-wait 25 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE cluster-layout.bro redef Cluster::nodes = { diff --git a/testing/btest/core/leaks/bloomfilter.bro b/testing/btest/core/leaks/bloomfilter.bro index e35294f98c..e93bfe23cc 100644 --- a/testing/btest/core/leaks/bloomfilter.bro +++ b/testing/btest/core/leaks/bloomfilter.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 function test_basic_bloom_filter() { diff --git a/testing/btest/core/leaks/dns-txt.bro b/testing/btest/core/leaks/dns-txt.bro index 44b7c04a0c..e47e19f9c9 100644 --- a/testing/btest/core/leaks/dns-txt.bro +++ b/testing/btest/core/leaks/dns-txt.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/communication # keep network time running redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dns.bro b/testing/btest/core/leaks/dns.bro index d02d7b6f3c..570c66cf56 100644 --- a/testing/btest/core/leaks/dns.bro +++ b/testing/btest/core/leaks/dns.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/communication # keep network time running redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/dtls.bro b/testing/btest/core/leaks/dtls.bro index 3f3aeb62d2..57b5479fac 100644 --- a/testing/btest/core/leaks/dtls.bro +++ b/testing/btest/core/leaks/dtls.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/dtls-openssl.pcap %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/exec.test b/testing/btest/core/leaks/exec.test index 38e3b30a69..8ae054cf63 100644 --- a/testing/btest/core/leaks/exec.test +++ b/testing/btest/core/leaks/exec.test @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b ../exectest.bro -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE exectest.bro diff --git a/testing/btest/core/leaks/file-analysis-http-get.bro b/testing/btest/core/leaks/file-analysis-http-get.bro index aa4708305e..29aa6535a3 100644 --- a/testing/btest/core/leaks/file-analysis-http-get.bro +++ b/testing/btest/core/leaks/file-analysis-http-get.bro @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT -# @TEST-EXEC: btest-bg-wait 25 +# @TEST-EXEC: btest-bg-wait 60 redef test_file_analysis_source = "HTTP"; diff --git a/testing/btest/core/leaks/gridftp.test b/testing/btest/core/leaks/gridftp.test index f0ba6cf8e6..4c7d31937d 100644 --- a/testing/btest/core/leaks/gridftp.test +++ b/testing/btest/core/leaks/gridftp.test @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/globus-url-copy.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ftp/gridftp diff --git a/testing/btest/core/leaks/gtp_opt_header.test b/testing/btest/core/leaks/gtp_opt_header.test index 4205766ee0..79cc50d752 100644 --- a/testing/btest/core/leaks/gtp_opt_header.test +++ b/testing/btest/core/leaks/gtp_opt_header.test @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/gtp/gtp6_gtp_0x32.pcap %INPUT >out -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 # Some GTPv1 headers have some optional fields totaling to a 4-byte extension # of the mandatory header. diff --git a/testing/btest/core/leaks/hll_cluster.bro b/testing/btest/core/leaks/hll_cluster.bro index a843452e00..3ba46005e1 100644 --- a/testing/btest/core/leaks/hll_cluster.bro +++ b/testing/btest/core/leaks/hll_cluster.bro @@ -10,7 +10,7 @@ # @TEST-EXEC: sleep 2 # @TEST-EXEC: btest-bg-run worker-1 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro runnumber=1 %INPUT # @TEST-EXEC: btest-bg-run worker-2 HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro runnumber=2 %INPUT -# @TEST-EXEC: btest-bg-wait 25 +# @TEST-EXEC: btest-bg-wait 60 # # @TEST-EXEC: btest-diff manager-1/.stdout # @TEST-EXEC: btest-diff worker-1/.stdout diff --git a/testing/btest/core/leaks/hook.bro b/testing/btest/core/leaks/hook.bro index 210b559ef1..0d991bc9a0 100644 --- a/testing/btest/core/leaks/hook.bro +++ b/testing/btest/core/leaks/hook.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 type rec: record { a: count; diff --git a/testing/btest/core/leaks/http-connect.bro b/testing/btest/core/leaks/http-connect.bro index fe42f3ec0a..8a7f1c8146 100644 --- a/testing/btest/core/leaks/http-connect.bro +++ b/testing/btest/core/leaks/http-connect.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/http/connect-with-smtp.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/conn @load base/protocols/http diff --git a/testing/btest/core/leaks/incr-vec-expr.test b/testing/btest/core/leaks/incr-vec-expr.test index fca0ab3264..42d9d9f820 100644 --- a/testing/btest/core/leaks/incr-vec-expr.test +++ b/testing/btest/core/leaks/incr-vec-expr.test @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 type rec: record { a: count; diff --git a/testing/btest/core/leaks/input-basic.bro b/testing/btest/core/leaks/input-basic.bro index 5a58e0465d..2f2ecf802d 100644 --- a/testing/btest/core/leaks/input-basic.bro +++ b/testing/btest/core/leaks/input-basic.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/input-missing-enum.bro b/testing/btest/core/leaks/input-missing-enum.bro index 66ecc7ae56..9037e15ed0 100644 --- a/testing/btest/core/leaks/input-missing-enum.bro +++ b/testing/btest/core/leaks/input-missing-enum.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log #fields e i diff --git a/testing/btest/core/leaks/input-optional-event.bro b/testing/btest/core/leaks/input-optional-event.bro index 72e62bb285..ca141e1c4e 100644 --- a/testing/btest/core/leaks/input-optional-event.bro +++ b/testing/btest/core/leaks/input-optional-event.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log #separator \x09 diff --git a/testing/btest/core/leaks/input-optional-table.bro b/testing/btest/core/leaks/input-optional-table.bro index c15589a948..95871b1516 100644 --- a/testing/btest/core/leaks/input-optional-table.bro +++ b/testing/btest/core/leaks/input-optional-table.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input.log #separator \x09 diff --git a/testing/btest/core/leaks/input-raw.bro b/testing/btest/core/leaks/input-raw.bro index 7329a7c70f..cec50682fb 100644 --- a/testing/btest/core/leaks/input-raw.bro +++ b/testing/btest/core/leaks/input-raw.bro @@ -10,7 +10,7 @@ # @TEST-EXEC: cat input2.log >> input.log # @TEST-EXEC: sleep 5 # @TEST-EXEC: cat input3.log >> input.log -# @TEST-EXEC: btest-bg-wait 10 +# @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/input-reread.bro b/testing/btest/core/leaks/input-reread.bro index e9aab062d0..f71873c776 100644 --- a/testing/btest/core/leaks/input-reread.bro +++ b/testing/btest/core/leaks/input-reread.bro @@ -14,7 +14,7 @@ # @TEST-EXEC: cp input4.log input.log # @TEST-EXEC: sleep 10 # @TEST-EXEC: cp input5.log input.log -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE input1.log #separator \x09 diff --git a/testing/btest/core/leaks/input-sqlite.bro b/testing/btest/core/leaks/input-sqlite.bro index 0683a074dc..ae1df163c8 100644 --- a/testing/btest/core/leaks/input-sqlite.bro +++ b/testing/btest/core/leaks/input-sqlite.bro @@ -7,7 +7,7 @@ # # @TEST-EXEC: cat conn.sql | sqlite3 conn.sqlite # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 20 +# @TEST-EXEC: btest-bg-wait 60 @TEST-START-FILE conn.sql PRAGMA foreign_keys=OFF; diff --git a/testing/btest/core/leaks/input-with-remove.bro b/testing/btest/core/leaks/input-with-remove.bro index 62fcfa0a4e..ba58d7b2f6 100644 --- a/testing/btest/core/leaks/input-with-remove.bro +++ b/testing/btest/core/leaks/input-with-remove.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 @load base/frameworks/input diff --git a/testing/btest/core/leaks/ip-in-ip.test b/testing/btest/core/leaks/ip-in-ip.test index d1654de8e6..3ceae55d49 100644 --- a/testing/btest/core/leaks/ip-in-ip.test +++ b/testing/btest/core/leaks/ip-in-ip.test @@ -7,7 +7,7 @@ # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro1 bro -m -b -r $TRACES/tunnels/6in6.pcap %INPUT # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro2 bro -m -b -r $TRACES/tunnels/6in6in6.pcap %INPUT # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro3 bro -m -b -r $TRACES/tunnels/6in6-tunnel-change.pcap %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) { diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test index 7cf2c7ea0e..3b6f8d467c 100644 --- a/testing/btest/core/leaks/ipv6_ext_headers.test +++ b/testing/btest/core/leaks/ipv6_ext_headers.test @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 # Just check that the event is raised correctly for a packet containing # extension headers. diff --git a/testing/btest/core/leaks/mysql.test b/testing/btest/core/leaks/mysql.test index 363e3069fd..2e9ec6990f 100644 --- a/testing/btest/core/leaks/mysql.test +++ b/testing/btest/core/leaks/mysql.test @@ -5,6 +5,6 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/mysql/mysql.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/mysql diff --git a/testing/btest/core/leaks/radius.test b/testing/btest/core/leaks/radius.test index 478912e8b2..228973c47e 100644 --- a/testing/btest/core/leaks/radius.test +++ b/testing/btest/core/leaks/radius.test @@ -5,6 +5,6 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/radius/radius.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/radius diff --git a/testing/btest/core/leaks/remote.bro b/testing/btest/core/leaks/remote.bro index 41bbaec076..f9d412b8e9 100644 --- a/testing/btest/core/leaks/remote.bro +++ b/testing/btest/core/leaks/remote.bro @@ -9,7 +9,7 @@ # @TEST-EXEC: sleep 1 # @TEST-EXEC: btest-bg-run receiver HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -b -m --pseudo-realtime %INPUT ../receiver.bro # @TEST-EXEC: sleep 1 -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 # @TEST-EXEC: btest-diff sender/test.log # @TEST-EXEC: btest-diff sender/test.failure.log # @TEST-EXEC: btest-diff sender/test.success.log diff --git a/testing/btest/core/leaks/returnwhen.bro b/testing/btest/core/leaks/returnwhen.bro index 9fd9a794cd..f5160ef250 100644 --- a/testing/btest/core/leaks/returnwhen.bro +++ b/testing/btest/core/leaks/returnwhen.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: btest-bg-run bro HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 redef exit_only_after_terminate = T; diff --git a/testing/btest/core/leaks/snmp.test b/testing/btest/core/leaks/snmp.test index c58c1f5b58..4f212d2699 100644 --- a/testing/btest/core/leaks/snmp.test +++ b/testing/btest/core/leaks/snmp.test @@ -5,6 +5,6 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/snmp/snmpv1_get.pcap -r $TRACES/snmp/snmpv1_get_short.pcap -r $TRACES/snmp/snmpv1_set.pcap -r $TRACES/snmp/snmpv1_trap.pcap -r $TRACES/snmp/snmpv2_get_bulk.pcap -r $TRACES/snmp/snmpv2_get_next.pcap -r $TRACES/snmp/snmpv2_get.pcap -r $TRACES/snmp/snmpv3_get_next.pcap $SCRIPTS/snmp-test.bro %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/snmp diff --git a/testing/btest/core/leaks/ssh.test b/testing/btest/core/leaks/ssh.test index cf6316a231..714d7bb3eb 100644 --- a/testing/btest/core/leaks/ssh.test +++ b/testing/btest/core/leaks/ssh.test @@ -5,6 +5,6 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/ssh/ssh.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssh diff --git a/testing/btest/core/leaks/string-indexing.bro b/testing/btest/core/leaks/string-indexing.bro index 13182e7d38..37f7868190 100644 --- a/testing/btest/core/leaks/string-indexing.bro +++ b/testing/btest/core/leaks/string-indexing.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 event new_connection(c: connection) diff --git a/testing/btest/core/leaks/switch-statement.bro b/testing/btest/core/leaks/switch-statement.bro index 67e3fc94ad..e5145f9227 100644 --- a/testing/btest/core/leaks/switch-statement.bro +++ b/testing/btest/core/leaks/switch-statement.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 type MyEnum: enum { RED, diff --git a/testing/btest/core/leaks/teredo.bro b/testing/btest/core/leaks/teredo.bro index a97172271e..c83a501705 100644 --- a/testing/btest/core/leaks/teredo.bro +++ b/testing/btest/core/leaks/teredo.bro @@ -5,7 +5,7 @@ # @TEST-GROUP: leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/tunnels/Teredo.pcap %INPUT >output -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 function print_teredo(name: string, outer: connection, inner: teredo_hdr) { diff --git a/testing/btest/core/leaks/test-all.bro b/testing/btest/core/leaks/test-all.bro index 7cdccb202a..d4f8a040ec 100644 --- a/testing/btest/core/leaks/test-all.bro +++ b/testing/btest/core/leaks/test-all.bro @@ -5,4 +5,4 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -r $TRACES/wikipedia.trace test-all-policy -# @TEST-EXEC: btest-bg-wait 25 +# @TEST-EXEC: btest-bg-wait 60 diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test index 0cc81a099c..9e9caece69 100644 --- a/testing/btest/core/leaks/vector-val-bifs.test +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -9,7 +9,7 @@ # leaked that memeory. # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT -# @TEST-EXEC: btest-bg-wait 15 +# @TEST-EXEC: btest-bg-wait 60 function myfunc(aa: interval, bb: interval): int { diff --git a/testing/btest/core/leaks/while.bro b/testing/btest/core/leaks/while.bro index eac6f2622e..44f17e9b69 100644 --- a/testing/btest/core/leaks/while.bro +++ b/testing/btest/core/leaks/while.bro @@ -2,7 +2,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -m -b -r $TRACES/http/get.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 function test_noop() { diff --git a/testing/btest/core/leaks/x509_ocsp_verify.bro b/testing/btest/core/leaks/x509_ocsp_verify.bro index 1b21e8609a..ab24f28ee8 100644 --- a/testing/btest/core/leaks/x509_ocsp_verify.bro +++ b/testing/btest/core/leaks/x509_ocsp_verify.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/ocsp-stapling.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl diff --git a/testing/btest/core/leaks/x509_verify.bro b/testing/btest/core/leaks/x509_verify.bro index f4a5ddc7d1..7db2581a8b 100644 --- a/testing/btest/core/leaks/x509_verify.bro +++ b/testing/btest/core/leaks/x509_verify.bro @@ -5,7 +5,7 @@ # @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks # # @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local btest-bg-run bro bro -b -m -r $TRACES/tls/tls-expired-cert.trace %INPUT -# @TEST-EXEC: btest-bg-wait 30 +# @TEST-EXEC: btest-bg-wait 60 @load base/protocols/ssl From 7fb4ff44ff9f410cd93dd61417e576c51c38190a Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 6 Apr 2015 16:02:43 -0500 Subject: [PATCH 120/121] BIT-1371: remove CMake version check from binary package scripts. --- CHANGES | 5 +++++ VERSION | 2 +- pkg/check-cmake | 14 -------------- pkg/make-deb-packages | 2 -- pkg/make-mac-packages | 8 -------- pkg/make-rpm-packages | 2 -- 6 files changed, 6 insertions(+), 27 deletions(-) delete mode 100755 pkg/check-cmake diff --git a/CHANGES b/CHANGES index 5b3a00d300..db09fdd340 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.3-680 | 2015-04-06 16:02:43 -0500 + + * BIT-1371: remove CMake version check from binary package scripts. + (Jon Siwek) + 2.3-679 | 2015-04-06 10:16:36 -0500 * Increase some unit test timeouts. (Jon Siwek) diff --git a/VERSION b/VERSION index e635d96a94..937b335f4d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-679 +2.3-680 diff --git a/pkg/check-cmake b/pkg/check-cmake deleted file mode 100755 index 17531af2f7..0000000000 --- a/pkg/check-cmake +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -# CMake/CPack versions before 2.8.3 have bugs that can create bad packages -# Since packages will be built on several different systems, a single -# version of CMake is required to obtain consistency, but can be increased -# as new versions of CMake come out that also produce working packages. - -CMAKE_PACK_REQ="cmake version 2.8.6" -CMAKE_VER=`cmake -version` - -if [ "${CMAKE_VER}" != "${CMAKE_PACK_REQ}" ]; then - echo "Package creation requires ${CMAKE_PACK_REQ}" >&2 - exit 1 -fi diff --git a/pkg/make-deb-packages b/pkg/make-deb-packages index 0a435a756f..36bd62c19c 100755 --- a/pkg/make-deb-packages +++ b/pkg/make-deb-packages @@ -3,8 +3,6 @@ # This script generates binary DEB packages. # They can be found in ../build/ after running. -./check-cmake || { exit 1; } - # The DEB CPack generator depends on `dpkg-shlibdeps` to automatically # determine what dependencies to set for the packages type dpkg-shlibdeps > /dev/null 2>&1 || { diff --git a/pkg/make-mac-packages b/pkg/make-mac-packages index 2930f8f393..b3d200842f 100755 --- a/pkg/make-mac-packages +++ b/pkg/make-mac-packages @@ -3,14 +3,6 @@ # This script creates binary packages for Mac OS X. # They can be found in ../build/ after running. -cmake -P /dev/stdin << "EOF" -if ( ${CMAKE_VERSION} VERSION_LESS 2.8.9 ) - message(FATAL_ERROR "CMake >= 2.8.9 required to build package") -endif () -EOF - -[ $? -ne 0 ] && exit 1; - type sw_vers > /dev/null 2>&1 || { echo "Unable to get Mac OS X version" >&2; exit 1; diff --git a/pkg/make-rpm-packages b/pkg/make-rpm-packages index 43b962f417..ee09511e44 100755 --- a/pkg/make-rpm-packages +++ b/pkg/make-rpm-packages @@ -3,8 +3,6 @@ # This script generates binary RPM packages. # They can be found in ../build/ after running. -./check-cmake || { exit 1; } - # The RPM CPack generator depends on `rpmbuild` to create packages type rpmbuild > /dev/null 2>&1 || { echo "\ From 3335da67e0b8fc3456d6158f4a81939ed47bc377 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 9 Apr 2015 11:08:13 -0400 Subject: [PATCH 121/121] Tiny spelling correction. --- src/analyzer/protocol/rdp/RDP.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index 3d2da899cc..f3ceaae699 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -62,7 +62,7 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { reporter->AnalyzerError(this, "failed to add TCP child analyzer " - "to RPD analyzer: already exists"); + "to RDP analyzer: already exists"); return; }

    • CpAIDnH4Bu{H~^GC`R zg8{4OEqKUhtXQh`)cDQsVxabdlx;umLQq{p@L2+hBJe%^Sp8T$vwXIP8>yoJBg*|d5 zWqN=YyZk%W*x%+_u|Fa?DDf$OAFzjGF@!ywtFNr|TMU?JL#YL|9A29BP`GGSNL8r) zotumpCov&baNd_MN_z#n9ZFUN<$2r;2HJpYdA_Fl^E$T_ zcAK(mM&7C&X&_ceLXU{N@eCti}nxcPvl= zx!?0xgq3^O5kvHA7vBnjk=B4d1(50e78Kw6rHJ29<(v7ig^UV<(?cQZF4TB8W6_j3 z55ZAeUm9b`wiKF6Z(#H>uouw4MGN@zsOc?G;a;tX(OR@3Hot%`p@Ryv7WTZu6Dd1H z87(eHBJ+l_aMk;w&NmV9L762{J{v5FL0IYQkN-S*=B{z)z;!^U$hgbrO0= z=4}MV+gQx~8oYeMBOs+q{cUqi zXDYMJm(>+M_x8KD_CwYt7$0fn@F;%XR78>}q1EApKG=gG;*%#YR}z{1Hw9`E>8Q&R zi6t4E&+K^9_WntrFVbX{2ByrQxJ;;6QE?S@-Ejb1>d3b{Hx#~ZCWs~J24)d8Is;2e zY`=~s8ad_T3kmw4lXmmAf%2Ti8evb2r?xDV9|ktSQT_9g*|F3dd4pwJ@b>F&tZaCc z0mBWZat2SS3`6{k8LSc7uug?HQ5bWa;tUOfGTn7__zKGn$UBUcn$M%s zph(qo#r{IR*#Ye#<;`UK?W&@}+6W%&0y;a(%8WRn5j|2B{;E8^J)r|}M?;%nH9Bfr z^i%mf)}Wy;60Lld-KE`+?CFS$5D6*{`|M^?L5p)-k@3Bn6MUQj&nXpKdyuy7nL$-NUVdX;Y z%Qs6F2;B^DdiW#VDR!HYqT(?%KAG*Vn*Hv6Dwtx1bvt!$F+GDgz}V>OXH$kIi0cUJ zW#~9dQ|l^yhPf-m`RiK%5@?#83dOQ^wn$_(3N_#(B#kqG-Gjep$(Bd`%c(lW#m&<0 z*ccgwPJU=b!lJncoED0-CMY%7l40ZXx$vRdnRm1T)GdCm6IwNm_AL~MU1$3~ni&1L z_k>SD{HVM6hA0NFxJ6#JPe$9o&DP9f+@xE)r_v@j2OcrnyTLPH-aCDER|B(AKIKiy z&&*z7hmqFE#&K1gbjEWR$apDH+4JnB*6f!yZB}}kBCVzX8(>Ee9d?NyK0GAWukIZ$ zI6C(=SWU=g-p=d>#v^^KvEgTvKx;O7EkO_$EI&yzeFzN7;YYd*?l z%RM=l=fS6eAhrV9EBaxI0{7AJ2#v`?F!W=U&E2EkL)za(g)Z6irLZI~!Ewamf2!fE zTDgTn7+jtlA*uy%g7giImOam7aTsFIYE8oVN_`U_oBmp5E`o8mkXPle0~DH?y^;1P zTmYvekBsk7pth$$2Id%{$NL@4Q|NFt!q!rsAr_LDt%1%B?Z3h6YQzGi|YoE zfqj`~cn}pb;Iv_C{RYyZQ-UX7MikP))mU|q#~VyDT?DH1P|Jz89hOslzSpL%)syW< zZXK(ulWQazs3r? zguu;OdYjCOGG^wNJIj}yNQusF-)BF;s1cAtrE=+0%+$D3oTkIvIO%#W+(0YYcT#I= ze+Dy_a}|KO&((cc6zTlGTUO<$b$KR0opzJ95D7CZiCPD!{HcT7S1PFJRoal;z;Qnl zI~SjKVa)ak8^;0NNxaI535CF5aulB(f%*&zQYxtsEBOL?G5-8;3N8bMZB;iflJPEl z!~Jm6-E>cQy&f(DGij*1I*wfRvNdSnbdOY;J@Xrq7W5rNX#&2u6R)ihRDTv&NL&?{OIrP+35*o}V6fd70W7nHU{Oq!)$q6OYBZBw z1+x&$Yw4HfCn&ysD$9|Ioge;f6gJ~_6^8`f8m*P4fijyL7^v`H=Gy#pON>kUt5O%-_~+lW=jeZ@J#O6pq&=z)|2yqbw*9YZPx!xSPv(DWemCy_c{xbn z{7=n~9kQwMZrhT}gyL$~b9dY<7y6dt7r?!+V>ZxKUITROyYT*39}^JBY*v@hT_X3# zba>a`JC^tFKu!Fvzlo2-3!u*JIZH`#vGdqdV~3(oeYfJiecpz3^}1oY4y)XmoQ9ka z;ox{%bEyEB3S$BP=%_~T1Fdwwpz_ViBKVwQvFZeth`Mh*d+N{*!YpiBt{cwsF0^zJ zK_J$}DKZQY-i68gWuaxER+nU0?wlmOD;}-)=Od=;NnFk-ro|#cD9~dMC5G@GOp_BU6(38&8af4}r8QT(Mz7q7C$;eXy zOtM`T9Qejh=a}jdep@tNn=16rk^XS6%ITPVz3Q{bI)hPDB^7{!_5AY*z4IX$mRp~Y znXeoKrp-XFd^iVwGpHfC`#E#PylZEgN>G;yad_G^(4m+qQM5p7Z?I>VR)~>mj;6qA zNI8f}iA@OmMNbrW79*}Xo*g}_x7L$&+Z1=%OZ$f@N|!oGe&q3BbJ!+!&20x@;Za9n zLhrNT*hln%+Ysymf>bN0+k6*i%1>Dpx`SBz&xc?+EvdXSrYQ$e4R$sq(Smu-+KS99 zafw6}Wjq4x+)@MWu&jQ5J}`R}#@}Xqcn0r3tm@!ozot`8H#Lik(@c8*gehxfK8pbO zWa+-0-RS(jC_eSlNCVS>T^DFJ_Y9LM>ey89sM$gnpap@bApX4mJfB|z#1q79zlAnf z$QmrAL1pmf&H|4`q7`1lp*J`HGql_r{-A6cL^=?yYN_L0xC6R|amM zL;G#B&kSY1ZSjThn4i+_U=bS-(Lkct+f&|A*KDD7bhO^Tcz}LPyiPJEsB+B}w|WxK z^5Sy6jYfXwb|m?J!~cfvK>jBbd{V@P-L7!lgz@E)p*T>J$>i7RrIWkYdEKU3V_Pd> ze06>c2lLZ#+YGn=B;_ei+dG~feST=26V4Kpo-A}GKf1)u1fjpyhlgh)a2r2K{8tf< z!E{j=Sr(=~HDS%0szKIjRSZs+bbXzKzD} zc(%E`sV(6rnOPI4(1$AQC!Tj9X-Nv!+jVF<<7{0Txy72VKYCFwyp2iG3u;cj=g953 zBZnjpDEqQwRtQ*kI_#}x<^>%N4;7Vg3)neGX$>#B=7pLusV#3&^TN5R=JK+4ZGks& z`w0L<#dsPSl~$=#2bnvyM#`HBAN5u%%U=?crs^lkWy<2P0l^)ln7m_!{XC zF^lN*xUUuN_hS+BhcVsnTbGa|kMB#qZ}b(3vw@37FOO-uJ_bcOAw7D|eYpOB9qu;k zxS{zJA}2y@8QW8vY=Itx!dgiINRE5-BqH*1}jNPx9EBT4+Z0*X?h^zW?;R%}=t zM4sK)FBrE2@7LDv!Ffba@esPKOnQ5f6(KzH?UnYPwgXmgNT;kK6-^r9PO+bGq4{T6+7t0_+H?P($nSmlKWR^$#Q#D5?SH0)?2UF?DD7gy_o7UN-p#bXPSv-qd@Wk3 zOvZ=DocXIB(8;)sqj8Vi3vYg>un;M~K)R)`q#g|)^`DW%O5Kv>tSb*`2O277#MhpB zsycNaxf)7O*hjz!y6IPc*bYp2P$&?EW7Sw8cytvZb*#OOQxEJxbhXRy1lh3&q)N}N z>B8cGd0hF=uswF@SeX;uik6+lpb}R^2YGTiHTH})Tu2CIRLLr!Q^lcg)RBYji&hX1 zN|-7(*TrSLQ`;F?b{7f4C36`ALcLkTfNH`y&X?*h)M^CJa#fp2+mMrQ->^Us0W~Yz z@u6?dGp;)SG<|f;3U?e5X)6REon^14-heHqJPtRm$(0mjn0 z{Lp~NEXUPoh&!Xvn!lpO6OoUno5LLmc%Z;NAFFdLC&Osez2iGWtwWhKLq}at5H% zgH=?UCeUsnZ^aw(bcxh*#{g*$^`AB|=QOG5z-i`~P8o9=t%w|owERiv90y*u?(fWK z=22TBqppn@tCKPu0zL9+l3M1348j)&%b(;4*6>?1P75|U`9wb@(sU8=eiIH29A-Bb ziaSec1MV1if!p7-l0OYX2yt4$;|4X;;ZwHG{#fW2SgMg&BVCx&vM zz+k7eBFH-Q{+bNIR%}pNX0N%Wp!agv6J%C~Y(x%Sews|f+T|B_?Fr)xdF5J<$c2`U zCqNo-_i*^hEbX$Cv~|$ySw`=A!=a>C=VmU9Hv|NXc)S~f zARHCD3iaVLDRCz8>1>Qm)*>`-Xf=jp!?W}Bed^(G%MV;>R;TXT!86q}yY513E-CCB z0RKs=*&e=}xg?g3XAhuD%x{@hK0jJECAz+j99f?_j`V) z4g2pWxAx`pULu8(w*txSW4L1XJX26K!ST|c0k(=v1dbb!h|t5Wg*1=xJ0>lROF^2k zDpI5t6-%5&&9{^EZ5W5_g$&q5+Xn+`rG^#(1&XKG(Mtg{rDdCdOSSq zZsJ9immgzV6a%+hsNmqwd`F`1iB=idO7Z6X0bni2Ygo`sO}5%(go=_ec=J)y>V3|g z9`==j8<a+Dc*0yR#@_0yh9x`bXpHU<_apha^nhqj_?2L>dvLT7NOh~)Q zlNQ3G*j=e^*H15Fq2fHwcCzcpK8YE7a_EKK|0Ko@iCFahw0XGy2AL9=eW^y5> zen6B^MTA!!dTEuzm7f4}-Z+4~Z@P>IG)-`7rT^wfSZq2wM#s)ubPAfRZU+-CLj*)s zZ!wjpEBi$^yQEy)tu&iHL;?;%Q_5UO--3=6+IyS3+^4PgTy1%#&|!sDyK|Ou>EttB ze6GdT?!rV4oPF<3WDnHc(%bX({AMpiQ$*Y^d0WQr7r(rrf=hS)S6Vw$%-fcMu8+cQ z;#>Gm8DBbZ#yUv979=!Y?Y*8-55GP?Q^N_}0)oFE9amZ)4y@9`jt|fn-{^z$ZOoGG zp#@s|>5u;QEPJ&25-#nr`K_Y22o)p&@H)byAdYQ6{>vv@Y&k^c&F;+i@VCBL;hoGf zos9ud8BXCUlfe0d%TKi@iZdg}t~Ta0!G0F@BtsJ{!zMEgH6mh+d)>NJ?T7A3lC?pW z%=J;6Cb7{NhSK0&$3T{~jY?9Kf>O1EDyD?m06FLeJOdDJwz95W&Cvj92?A5TNnVKO;=~nC znU^4P{l?J(v<1s6ibJU7UMx2shTTt#Z)mn75XFAMi+PJl@*1`ww>;_!j4N!pj6+{^-0;=A1b8PZ#?EQ1+LD;@GqHD!Hj9q?NxVfpX+> z&;}baSEx)|R&_0N2=P43p zk#QWB(v z5FK-aL;))z5U2k}3~>Z+zgd*j?B=BEMnMA>vN(Oi3tB(?iS_pF#2YX)14gp}Jc~-c zEZ5lk+)zjS&R>n#pZ$XZX*)B^k8DuW#z}>kroGdLWhSb~`|3hHhZc)nqCZ0Me4T^t zRo3DA!slNrkFhl-k+yL-lZF_9^=;esu1=giu1!!Z7IBA!U!Vp?%^DZiCd8{gm~Um=FC!hX_0_ccf#+38H66 zq{?<^0;MeableVYF4s1q9jnLaOnb2N&loC&;2Puei2=>XtJC8zS!^ws=PRn|MND?0 z0rNlg0)iY3eaKOGlr;>E6A)R+3U=Wt>jnbkq!-#NsF87WU)SIeedj`w$Pm8=&2VqR zAJONDi_e{R%gF_MeV9sZvg9w^6L9h}>FPI#3UhX|h{|^axjuIVy8XA5RAJIX-s{U_jxI`r0>}?Y}3hlUY+PJDdu3n{hjN8G%hgA0}v!Z&1ix@%|&{9MsK2v zhlh>1M_z2%J2#e?EtX5ambgg)!NN2iXeXZYITicIMQyWhw##A@46&FNm*H2lW2-Shjq?*&b0HrR@ZPmSX<4s@|^#KH97 zVots_qLKaC5WYceQ&8*vQRotX75e{o+CvBMZ`yPCztf&D=6}*2k&geJ_DDJXSIr;w zujaq~Pt703{6Cr>-u6E=KZ@eDZiQm7-!wlA9BGC4O27p=w`-5HT?^0CmE{_=qQc%S zC7Z`-I3;v8w5)v@FXl93B~+)*jOQ3LW#V&Tip>=}EENTZP3xqVDN!@1t%iKzsz6A1 zS>4)&5Ap1+ZLp|=6Dwx`2g+Ut;|Ex9yCS~1@ouVkC`Coih#goGb5quXr``@% zUgOileebK(1e0WOH>}`P#_ikPnI>m4P0gAJIr(O1FV4jIFNvbLu7$$0Spbg?r8!8r zV)%Y21nL=-tmb_}!T*$rR~DT>l#@r34gVNFff;1$x$Vk_SQ zm8LlY{kWk>=vH(Grr8K=5$hCKfef`)}ukdA%GpEdaT-$ zyc%Quw)XnObD*tKodkSJ+kxFFN{TW^+ZY1*^RD#x;%!pU^!HgvJ|x=MwtayfJXETJ zXf!#xI=ZSVRWrC0;b!JxR9IZD;lsJL;;S8ZG5(;ZGl;U(O-zpxmQP~SfAEN$B3KWP z+d+t^`Pc@-Y!w)6Hkt~{Klldgv>_l5YgJKGJiHjc9i?l*ytI6TPWBok8?Ufcj|zmg zbZ!68cA2Cj262WO<;Fi}$58C-(Yrt>)NLe*G*1LMFb1gI7**wHwwq5tVt6X{(UCL$ zow)#OBps(BhG9iU{ZnNPz#uvY$N~W@VV43>XFGn?tt}r-++N6{c+FYmFjq}%9*-k? zXi^Et<|vliGP%%~*M1*S%htX`JA6W>M{yg}(Z4cV_lcUi{stpZUz)(!{MN8>UQ9#n zC9ui^-W;lJMGpk>thuy*43Yx5*rQa-Z4E`vpO^JGs55KlvSDt8;rrLD)%EA-+nBH z#u(L{JPR#IoYp%u9xKLx)bq!WgQ@TOGF|%hgN(YE5|L@<>Iwq8yNHH>q;wf`BNysvr}!q~3m`FuU_cda*7{pXq52j0K(9S8cG&MbD2?b*cn5yHXbcmPxaO3u z92}&a`Q-w|OxOH%6s2F+&snd`xI!NN)i1U#cYFhy3@TLITVv_(bis|PQ)()6>M0wi z-O35?y)7InBFsRJ&ARu6b?B0NuM~(wg&8Z>QTW*_*^*mm#@sqh8SeXB^+e6`+N#gv z+ju=5_fptn0iFqmSa>X6c$<)2fGQ+NFBcHgNH*@xUkYXf~;}0$LGA@22=Yr zzaq0{wQt|j;$2kmo*Hi`6wTn^GQo}vrxxh+{fSh`{d5)5)SCR>xs5c5F^DdD#ufOD zjUl=MX?UK?L}3@^8cvfG;QVCf;{iwbAkWV$dBX>Rxo^xK5#yjWZn2sK$O1-P>0BxO zAKfK(TqvRC7DGo$L*h9VweF3fu>om%F1$?XvPBp2MNPsM4A^Ugeaqz@od)QI`%0TP z?1FOn_;E?-p$+vrS)Cf*wP2+vQaf*Ih*!*jKgjrQ-d%6a#W%Lw*gJX|Ty!pXzN|}` zeGT(paT1p5w?^z2klA!1a7Ls3$*Y%r1eZUfCDJ-&qu@QXfV z5M&5WOl4zY`K+tpDayAB>NQeNTWrT|3@8CnalihI2}7&dFHBafdq%X3Q6cg#7^0BA z!C<_5-6MA-%X6$RnHcrtL6D9D+K}V|gY+@vjQ-Fe(&PW?$i%#18O}#sF*g!UV#(LJSOQy%be6#?fS=enr0Uad(H_hF2-~d8+wEEUG8 zjH1#UFk+k#obz&Nv+Y5=;P2|Vl(j#yFC4Q}o7NYpE2XJLtfE;162s;>>hxUJ`6Os~ zLZMXj^fnMCp z#5V1Gi0K!tl)oV?R4rnf$Ov{(0bHB9CZ!U&j4$79q^*qVhLz0ES2CMMjiUi6gG8^2yU>D2-bVp-`nQz3Kg&o5BB!ZLzK3;zP zepDEpPOYU^K%h_noLEe4mN#*b#8XP~K!p7U1lgXOA7SyT0GPu%p}!cX;{gxEMg-`X zd6%t5Jbi?*Cy>!t7H|Sd)4AOysW_Q>D1LlDEcSFPy5I= zih>U9Kg_TFm(c$Q^8@~i`49h_`4fZwVScXvZ<_sINB*CF{+)j!Is(H2a3KQx>-qn8 zbt2Lv#Qekj5@P?!{E0#TW`0DMe=~m+@IO(JY|WNwlLUyz7~wD)0qn7&Y+s#mO))+# zenTS#B63G8sgok+e~n!f!-rvF?O{bRd3~mP=8h5}iB{kYWqqHDHB%NxXr^`wcO1qM zD32Y0hn(vIfE?fhTZatrJRwP;uM>ylh(#A_M`ManzE1?L}Vp>_Y z{CwU4pQBjfzO3;glEAIRgOD4hIi4Ib4;9WuU$);_z--UD(3kz5x3*px`EqMJ<#1wN zD749ma2G|1ewalEx;W9*HDHfL?x|N@5Aj*Eps;)Ik#Ra6g-`W3>`ajP!UMHAI|bf(<3WfK1S@m72IzDg?KTdIPu zWyP7TlI^wgY`Nkeh4W^&8WUF`4?Sr@g}(BjD*t!TWq~ImE@M&RH4vaTi_n*q%I2>AfP} z%HKaQVX&&5>vVMmA$1URLD8PA`KM`@7j(7+*;?D(IF|xO#yspDW7Uon1l$su1z~W! zeehDeH(#L|KOwyaD<3*6q|5IPShygFD`n4H$~FP_*&z2xs6HAi)!@Dy)9puKmS)6U zuls3mG2lfAO>kUGsK-n)v0A03?dQ_CXr?cgx@%1PF03){NZ&SziK}f#{o{5$39K*j zkKlSo9kqfnJkap%lEugtxRNKqu`JbFw6#VBT5rj%ll+PO6B3N*HN8wq0{;CfIR__e zV`4BVgmxlHkR6MOl_*NbyXnQvvTOo8NX|_IhZsb)>0t$n7;~JzVX()RGlB#B;yWR6 zlZKVAi`a2-Gb@jt=JH`R*9^;x;c!T+mG9;nd#%DLm!9B6kEs$eJC3k78 zlx3E0=?BN(xuY_~#&%3N_CRkT8Y5xA0^Qv!HD;))7*?;P=JKW66+8$yD#ZcLu4aZR z^l7J&<+2`MD(b1eh}NaEDK+SX#MhIvy@wO{YLX6hqY^sAs5nTW&|S9Ff?0s*)BtQ&;04gno}Q4`@W>Hcl(ljxq?F1027I(LJ0VJMCEjurOqBtFvPgi=g;~=| z`pnsDNgDJsqqYDLwL`yz()u!om{Z*BiRF$7BW#=BdT2RnInX+%#=!ht18fM0Ee|eS znq2`KTj+|?Nl@M)EQAn4b#%M#ENdo*fELS0-K4DS?rOfvEIUrS6LFEk4{Hu!jF&L) zZT@b6J_k_D?IGtKyWtV`ZWQ)d(8SBa)JFmZw}3@G)u{#Lg?_u91PCKqYITO;4dsr^ zgEC>^4j0*&h04Pc(m`CDx@mJcM*UHmyXH)FsTsld*hTn8(nbK@Pu|%X>WW`vuZ8pd z6tkG&;YGut5Pj6QQYy@#$$^d%(m#(_em?)B&N*J)<(qrQp2#yRj2?UYNozTBRIa!| zDB24Y@PQTgS!w@rfkZ2!(i2N?|o65+fIr_g#vYzt(h}U>~wt+Fcm0Rtwz5 zJ|#0Y)=19;<#`B0@KqTENZhQ-E1Dnp%*SgKP@bN>YQW9STkP~^;hF_H6&S3MT@etW zR{m;sfz|S*50H-i9}bZ9Uq&azAc-84i2w->Jgb3(DOUp`Q&sAMF_;+zQdZm+r?ynb zqylJ+U?z+voeH96j)&0ZuOuZeTIyIc(leya)y#$)C9v|MkyjZ*M^~DVp`(Z}zrD8f zQv3b!qOiN}BYrcT!OQKDd<+;DZz0jYwjjJD`pMeLUon_r1Bv8zkCr62KZ#I19l?%0 zj9Z-Zdj@j;pc~|H#u>&s6&`pLDiWSNun4+ zVJ7y&zzePNu#Xo*V0bcE=#l_?C~4rePhb_-;{MUmzudQOeQ1fEZH?vItL$x8)lQ?f z!ldrpLZ*wh(nggF1Yczea)xsxSQ!l&Ob1#;D91As!;7?NP&fz8Kta7kiaU%N6!1-| zY-pUf8?&fmZ<7k!J^lc=oPL=oPM#lYcd1xRC;R=v*6FPU2i3imXwt^yjm*;HtWLZS+nN3HmjS0pJNZE zCxvrMuJ(APAr-3Zvw7oTAPue+g~7}3^AJ8V9JA)qhv*3Ju4=%eQDgBZZH@e`S$0u? zrdE0z>hR0?-bFUb<+%$xq~h)p`7FEMInyjy+>xRN>y;Bjt@H7o1jlP>DymH<-7-@A z(+QvuX|*r+r-&UHq7~qhM65Udk(f-V3$3rLurO*tDE~V0CUvM1ft{?xB(W#Rc-L$y zp(7GUIsh(BOOz?X?DLKs$D!rV`LX*(>5NY@%g6kY=NwY4$vlzXst7`OU6a^jzE~?- zWk?4mIa5i9D`F}SM{-;W3rb85W&*3dpu>3l4^`P>a~Y|IXfnDP82RCNm!04Js@Gy) zV1Z*$ySZGlei_Kc7h%~;j|pP_c+6wabOO=b;UwrvgQ?q8?j1vwcO6-t_8X!!!&B+3 z90#+q?h2rs}aNt-7&@~cx&|3=khUtC}dMXRrjb#7#3)20&rz~=Kmu+daw2#<@ zXsQJ~Erss>MJL_my338rY~sHE+Cmor~ujUY5)|QHtt@yzCV+E@y!JMG;Mnr4 zTqVQX@x>1>6f_ASlLEurUBTNkh+((BP4N`*`(ivhT`2+I#_J;NslBA68kARHiVsKG zUXi00Ye+pR(zwImhsE#i)HHL_zVD7GaHGBShFKiQ)TwU2 zp;UkUlg{da1jEhIGdezH#BjxU_7@fr{Iyz!@@gvxZBnn#Q;NRk1L@F1#rh@!g$7CdOq7T`1y+hwCV-mkXX zGE_`&B%F{iY3=<`V`T6;xgKgd+0fX<50IFA6qlAyw3urrx~_rz(cUHOhqw6bW?v?d zyER1Yuv0ZX`1a__>qx~IoZ8Mggzu%BE|cWiaFnFI1@iOuZFQr5vAT5q3yz3V;y((^ z&jGfX6WV0cyzPnv5x=qukhUI%BG2VX7EobOEY4Mhy9Han=f}g5+$kL~@mgv8cKk;@ z%Vxuv$Y;8Rog;d_myN>~iPWc#ibAa>BUN9$<;<&^0ve>>&0P^;rH9GZn88GeLwG{e z3PxwRW+?~VEjVO_RQrC_@w^MawLOud&S~<;s zlH23%?c_vSC4IGUSxnRa1Iz$6F6#xx((EPiNJLIDulA7bgi{}L7sl-W@g~Q;t zHyg0$WgPu)Hd*-%BFUMLyY`%KGm7U<@@P?#Gs7nR{6;X-1FSX|A1ST#dk5L$KhDJE zripzk1nqjt2*NjsOLkLXYRPh?$nZJocypMVO{_f7g3OJ@MM!KUhlXcty5oeiPWq0g zFz*nGJvb@Ny`ON$VPG>oDxTjNMxPZQ8n0$@62EBU#;T7D?$@yEU-tc8zmByPd|YN7 zSh{ME*bwD+h*__%B?#SfiXPJE`clT$&#PeFlE`X)H{q@>?>rb8WraC7nDhf)8-sDD z_~hCfK<^ker5molq&uB8{*ENQ#27MQd}V8 z-KEzLazmHITHqfiCF!q|@;|&8pnrKY2mkHO6nXvQ%}|Q}-+AoCvU3#hKM~tOVE@;R z+xUN-$6o%YH&gWgZb1J#u`O-yKfM{@%S`N`Uu2iW<{-40g3*orji}fMolB}>k6=q{VG8|!Nd>7 zNNp-ca2>noye6U6X%T0Uy>cL4PTO_CNO1S)@b`VC?jQDL1k`xaDkvuPL${-KfYWZM z#M@;ljwuazpP+2xn;c&=MT~(fO7R)#g3ETQ&~&NhI8P3Ydz#eKBxhxt|B0HR0x{dx z3U0b>Q5i>9iS?8M&w58WYMXBoRszpO8>EfEq73FjDz6AV&MD2#CR3U{$Ov8u%w&)A z$SEhsB~HSo$(EWQYOeYml=p5{0h8SC2Hvq3*RjyIEelMK?Q+TpWfM6^d~IqS0VRDv z?SwX3;7VN-y^@{5Vhp~xtW^HoW#i7=_5+9mU1G&t?fi+iDQmC|!W74z<0!OX-lTbG z^Ir3D<%=u;W|V@2KXt3MHhkfKSK81fw7B|&6hflB{O}*$rxrcI1e|ZJyyip%qcBF} zD|;U-W}V$T)X6^HclMJUyjScds$K>ZG(qS$hLOQzw6a8Rl4~QSVU`1TLQ0>)fsr)4 zB^wA?O?K*WU)Zd#y>2c)CYp67kCDLNZ>NtV@f^~$CriFYsgA$V#f6(^;zqHI!A}Y# zwOkd`>rTEMPIiLcB&Eu?*@@^fBKP`T3otZCc2qV}S)BT+uk&>KG=LF&Wjq5d^x}*|NZ>si>Lh09biWPsh+#6mh(zuaIfMNrBWUZG#iloW$bjwEHX>V zhpx2DQq+wcujh1^d1ic%0n01)13Z3Uq5|Zk;LKYZ3C|?`s3q@WCRe-PwE??#a;G!1 z>0%?Q1(4>#T?uq7sF1e!jZZ>kvd+Zc{n&p-mAd)w+uQSiItTD`B`cCgG8jBqZO`~^ z;xS>aQ~SovZ6dv+T3^RT+e5L_dP4~F=*iSg2o33$BK2G;1S{as&}p$1Z~T_(TcwEXx7aBAafb0pgb_u0TTqHcr8r_ z{34Y%N*}UDb7$fYlG3q#XGB1E_tAxn_=3HeDx-o$Ejjxfy)3O|R4q=RKB;bf2z z6wdsYqM{Nux&!c-<0uw*ekPp6+^Q8KRU9H=!70LxFu59tdIqneX%WYg86)yXM7QJ( z&k*CqxNg6LZoFWxoRl4Wo8i!yo2X`eZhzSl<&foZlNZ0E2yl}^&GX9%)$fQI&aKL4 zpF47`5+`kYdoMO$zR;V`izYDk` zd*$4TJLv)3c1E`>3RuA6x}({uzh*HEC?5FbT(}+}+x*~L%vD_kqq-j!fkwLm*YI># z`u-?zU^OIygxIyv;Tjw+Jz0BPWK;1j4hG1>prFr1S-b;~lyrxGSFO!&=GH+237h28 z0=P98Afb_B%{9AA!nUpyo}U|-5#w{+#+F}MR_y+X3kAaJjYsI1b*Bfji?V(o_Nr^? ze?T0xOD(s4>E&d;8W&c?hrpjEGvb}v1IgfuJ~&!1-L0N4DxE7s zyww+}mJ-t5kZ1QePiJsP$ghSMN`<)Ntj0yrW0UX8V^y$iTudx-A>iF`)kNb_d zHS&r~-3iQn_$Jif^THQM^w>15y?0)%pY4WZ1qibHR}o7&Ae{y$;KAI0RJ7Cb*%Q=U z>sL%N&gBxe!PEJFi{(h-+zCXJttxg78hyr9k|0tI=I`*5VZT;uz>2_;^eWb#geY<|N9|0s=i@@SULj00UODU4GB?~y~(G^D4_ zxdhcL&I@>eA2diO06Xc~y3Uv=@+%1S5M&9ZrZI77d|$N|YCsL+`n;gf<8Z$xG*^F$sv*kt3%4vc^@Ek3uR+z`d#E+c12 zx^x1LC--L)f%tV^#-JJchT;YiHd6uhD!*I!P}z>VRjk$cq)uE+b;c_)@daeSTf zzyh|lb_EKW84r#wd{EttbeT4nv+GY@uTf8Rwbl>6r0AD=x&(W0p%65Ce9}OkhmA`u zE(>a9LYJo^fJ8qMTa)Z2ceM-;44khj)iJsl(sbY{7zKiGeD=e_s z@aj>dopB{l6CWW(MzDr%{8-<$lXOW^9*VaM_Xtz)*Xa#m_yI~bMTjGecE!Szbn zFU&-xF~Y?*$3T5M01E(jT-BZQgNz0{B$cg-Tkhp>z5^C|jbk4l@o=qYd{?vhz6XF? zmoaF-4{GJQnF!KJYLNK5c%8-E{o2h(!W4*wl7>@>?@uzqsmptF2*YiZsWekcqH)C!_Tk z21^B|_j(iZ3)t02K_WwvC>=f($C}725-pUCIoGl=70l|(&@6%~(J|0j#K*@Hbz_{E z{5hJ|e4~D^s}Vp}IUBIOaXyULx;CnSi7G9bpj=W@=;Nm^U=E=c@p5A@VT=xbdPZR- zGLXq=Q79I4K5+lq1Ucx}Ug^}upVK-2hDIR64-sN@4L6ZZ)jq{h3w2++RlcQtWKHmf zP|-@FPfmyP0GA_NKH|*VO*`-F`(v)x+4RbYf-RHcd|F2IdZ$y|Rn3RKZ^<)(FR?)p z>pS&zY?Tt#hvjKznK60KbgPw z|J_&qm-$nG|C9OQ;ojB0j)m-vrMSxKqcK{F?I1NX*aiBT8?y?m!Tp6nYW-WNZ5L;T zhbwwhF;&1u`Fg(R%zgq-ZtuCWI2V?F6`SeTpKkg7op-<_;iWdDNWuWetmn!w zSNr@rM^)3eR`%W1;8VRG`3BQQj23?6=oN1)PKfCt>D@BFXDvt))oC+dQ@CYeNl^(P>lgR}nZ-~1}GOQf?mMD5D4f|*(;w?+u zJ4kX=ebg?kG%k(n7KGTaWcP|Am$|y*w44LSQ%v6EwQy}%9fKQRztAAhocy;zPX=PM z^=a$jMiBYd6jFD{I$DsTR1&r8%0^KTYEcMMFOA1!TUFkJdh5Wt`aXa0qa#knkDMv+~BjS+g!k4;C7+4+mfY-Fb+a345JD90^CvZ zMgJ~^12>byH>s}i=oQt~1+(?ai>I9ctsLQz0*kB6aFeK9%D{hPdBZfY|JuLXX=>b~ zMYErk^T_-Y7m~qz;|!=eSC$^;nmSSCN$Jq7D%*q7?o-V^6rfbC@|pz_y0|19&;z|# z?o}KyNw?r>Vf-0HJva@0_4s+RMsaZ#&6jXqDJtxf>0vIyDj)t= z##*C`jdPcili2%H*{X`dDOZ_xKC()e|0kSw747y-V}qWl2>$Wv95-_>ywOMiTt@h8=;<6zTv%C-^a^o! z)H-e4`W+(y916ZA-a+!`!@c087kT_i)oTs~!#PeQOZMRqX+bs~2T(NI8vylHE2vfo z0S#>m;zK(4%TP1N*~I7yBt!C;ly~?E2b@RQ=26k4aIWnsMRSwcuK^n1mp+_ligtSf znUtIXnvf;6#>oJXa~4OM6s5q65A%UYX`pBfVuXNmY;x4ainyI&=@{P6SN1$1w?x4Q zAyidK6;w4-Y4y;OP)4zp+oeTToBFubA$(itUdzx~;+5~C*IMcB$ZxU>j3T#}qHVZh zs4)&D@3jP)>1v22R}Z1n38O)2tF+>s8d*b`*o=+%ga%8 zpoow~z`JR)HJ1v?8#d35FgJQXyG9btcb$|Zszss$p-K)l8>frW@~zX|G_xRJ#cvwa;F()NjS+QNUUE|-5f#bCG#fEnxuKqW`*$3=q3>u3 znq%{FdrT*w2poeH6o0g>Kt7$!3}(%SjHukkJbMV`rH)J%gdOG(v(KApKlJuirI0Y; zK6%smR>&CmlfGN z4IZyLTtkA?n?FEKLc|W+0?bUu8>+|uj@v;hGH1cb=)8uRM@Lo>4|+X=Ak^}o8qwQ7 z0eaux^O0@0e7xtN)SJQjotx_Ocaj+ShK`4>i>R(jsCL~46v{#BGu-mfXLd59l_Vdt zwCrr>L_`of@o2mnAm{2R4XhOAj$nVQ_#681swq*~g<~C#3fuFp@?|(3)4XtrXVcL1 zSVMiO^H#R%w@6?YQxp?tis*7rXRFMbn3r%AgtZJQ$l+7qPwjPTdrZ+#xk~HYtO4L) ze5R0_w+{$G>ia09m|zyBm8_SzFgkbU=Ssh0qbq4R6hE<2ZTJ_CAfGEFvF{!QUCp@IsBxskL&U zMeR|T>~ieb;4MnAT-O5_-@?pD_4&@Oshmt3%KWU{MulGjpld16{1tkEY%w8ZeV{Ve zc+gP#7#+$lDEFT|usfY32UHk!!af(sKD^MFKp{#W4^X(vRLTpBl7~*xJ&JuIxUL{dC+l#fg;o(s&9{CS?J0 zu}j@mn3HgbNQ!*ix%L4K#{exqwJe98*DvqCO8_p`4e3qc+a8196l*ncA*_&Q#!yAWyUqW9N=OY818Z-L!xHEeGfSoSf!t53RlsMCq~s}nF!qs(#$v-c;pmpmmdOkm!LxOknBEj52Em&KW;& zt~qRD0Bj^#3Zv^l-l(-Axmi8|@bg{wEPWWY9g#O3Xas@2JasSjPZd#47-0|5@|iCm|AUui?`SREa^{2`y+l-11wa_%u}k2H8GCo z-+f1Xnd6R1&G5I)!}AqT(yu&k4FL<*08aP|G)K$~ZemIdA~FIw+h?kC%V?T5&~9<~ z2T6sfsm6m7RL5EA`^k!-U7Ue6K}1%#bE73vqm8!GBd3T<(ERk1TWjDNT5aV;A!o5j z8O(H?<7_O+snkq!du_*-Wl6#mmB+EL+v20YbJ&PWcSN_*Vx>&a5>WRGWCO}>l;00J z!CZB%NQEvTqmjN%;GGC|XM4s;9{KoV3QU_-y?Q?bI2S|g2uJR7DK=QC(}2{FHKo0inTwZHQpr>{ z_H!bOPh`eD)Lyb{}~tW z{P&Vs$;vm)>$gRC)ZN$7{bo4}WvSC%Zc8}|KFftoFy<<89N1b9ZEJryy9YC{{Xd!i zrL%EZ?=`}M*!Alh(IVKS;{14O zNk-RoDm3EkjFMBgTjmyD;(GvOjef^X*RN$j7b%q`v78DA&$%se96{Id%JR1Ot>4uf zW1sY=>K<*!3!WsA8ItX(j}iV{WaiNG$q?4Oy=9URAj-1)fx_s{UFm|@+OR17owWdH z32(qKt%MEAI2Lpc;lfVx6VM~acb&fRFetC~tH2v{M3=RE8KVW&b$GFSp(P=d+Dli$ z&9UwIQ1mDPD0~Z#uq^MVCZ+?Q z`{Ro2;w!)2X;BC(i(wndvZ`7+f7D*rNLyL*u?Rf+>O~}Yu7$QPbTXDY;E0P`0N4h+ zMg#*ZFiz^fO`~7wkEx1?Az8n7ha`7OE6aX%OM6b^7=sA@NdD>g73270)=kQ9R*3-o z86BV#=}t8D*dSK#>&2uFLAThE*s*2e>LSsTXIe2+R#jWW0#C&Sk>_+O*o3m`J3$do z`*~d(Na;qc40Ve!wehXpd|QYZ?q%Z^wgMo*B}TEGcz68~IgT=~6X}10gSOT#-dqL3 zL8p4?S#JBbl%A$RO&nz8$*DO)1sfZ#D z6Di!Py6f6}pl*9)7NBi5l@7~p>kAzVX1vpXpGf!q?m2@Y*}N+z#G=8?syOeWX+w;U)yfzeyK{7dyWep=gS{<#?#w!gNtzplyZ7 zaSZ`5U2Q0k^Hjk*{5SlhoSf{1yv4(5B{6oNolbpaI`v$kSd*1>aO$;+1HVuUUfL`5 zRnm;2cv4Gi4B){Mm~&>UYcJoF207EO$Rh>JHjYn7y1zU^n5rdqkh&emp`*lMeVnMjD5CPDrQNHbpA2L1T@4$ zhME;68{L{!ZT9ba)Z)e*c)Pnv0$O++um+Q7ay|9I_^0lMe0*aGq_$^k zRsJc5pmqm-Uq;<(y4Qiye3vGCTaJt#(Ru?{SIY0)sTqPEFN*f$GG8KlUrt-wX@_uj z5bfwksYBJ1<$9toA7a3l`e{GXppyXjJ=o$|Qhq;XlNOzL#df0x88qxB{+MVXz(F`17Zcn>p zMayxLIy_ZaN#XCMDO7y+k0Uz{SCp!U$ZK}wZ?)JJH*h-Gt!7VZj6C=HinF&-Fu*F2 zZbts{;}>o212#qFIct+cyzVc3j72}#_@X7 z%g*@ud)!HbgndAd7&8C`z22dBdT#0<&7OTBHlSrIBmbqt7dsEiFrgDFBf0BUSdk9^&m94~*r0nq^A*6L-0;N-hD@n(%faq{%HgQI-9REDSu-j&b zW?$mheo{$Bx~mK;F*u8lO%?e!fjmsH zQLWFeXo`1;R}sB2uO-w-EmcTK)`wkj9HdcJ1`NvW9@Iv4O}#Nz>Jgyk3ZQiK!~@ZB z&M=mWJbx#`cd@2=zWOm9C%*p_ee5Y? z<}r|#g7h0E7_j#VG-)7|^IrFo$!Cj6t>arOSt1xHioM}Oa-;LHUMl3)gX{xmp65DS z3woie@n*oSuz7-whV6t3&)KkXsVzLQ9nvifk!61HU>L3+{Rn6dr_Zmtv5O2a=Frq$ z_xK_E6dBiia=3;=9-42oV0qK%&T2rk$m4+qS~*BFoR^J|-?y}@qT-IX8BnHqf8O>Z z-*I38*Ix)PD~-7SsGYh#(rC}|qz7|SOBm9)e|zjB5q%zuFl&s2LIqEczZs`L)Np4M zOu71Zwgq<q$4CI_Pj^QKNV(@*7n%->V_g!88W7ibJzcNzK;!Xh&@`jZ5w9 z_?AdQLEJum3@`;Bt}Q_Ed3p~A-;U$tFGAx!jEc+|T(swvQ`;0_B`kl-EKycEAg}3F zFE546Qq%8vCak}2oRTH>%kU^}gRswTFeoYJvB|TX^bV_E7%xZ1Ujiz zo!-OUA|PsQS6gaQ5uoH5AUy~tHAzZMgAxn2oaqmfi6AX;qT!iA&j-*-m_nZA zLT7N=cKWmEkTu9C+v?suI${KDz;?Hz5b;z-5()4;?$h%U~c9M;6S8M<9_&R0H1% z9ID7yW+);K;h565DZ0KO#GjS^^7$r$%%*wXCnE1KS`8pDj>`J=*kWQe*`=+n>r!r4 z>Ef9FIH+jvbJn*8@|lN;_@W{lFY8uZIKmj?cl`N}&WxR2El~1v^eBuQa%Xu}YApld z^gE9j9C4xA{M~r{=153f%%_W zlKL+#iT+P58L|4emPEJxrlm(8EW_=wZ+r>nmk5DG7+DaZOu_1zsSj zs$R964!=!;!O+Dp2(-XGBi5RA3wxtpA<|$Hq^6BsfKNWPH$2(w_;!N8H8=Q*Nq>p! zriM92lktUJeqx?#y?C8eY)Hoqm|-(irGsns^@QCH914=V>SX7+ZuPAd&$=`&h&~La zCMPULzZK($F5=eY>C9GfO5ggXe|#2=-O)nE(~GdXzq}^cAzz=y*`lOTpLg#C%2F>d zZW&1Nu*X!r2*p^yk1CN5Z>Fl&r0RWLuGjN6fftwXEycMKZvuP-S7Uja8oN z;Ug-@w`jckse2qRiDYIZWuU}B9kF`Qu#L8GwxGuEQPF4OYP3btaO*~B^xvnfO%~e4 zJk*8+G+b^B2pMluaH0oJ*Fsi$Mt=98-gLO8Pklak&UWj_I2GMwSyjE@D<#{ zv|8g|N{Tm)*=#}b(#gdISJ{~#NQqeP-}LNQQ9`ey4?qZbdA-i?P32giAK}RzGuKdn z;*QVRpN6(N2@o$We_LV#q<{$({zYA%9J1eT=>1MH_%{6$&8*F>4)twNJvY}_LedT!NzIac3vYp9Ru)_KNY)YKZs}PZFsXI zaz&%?-BK9+)_o_1{LSiN6<^}pjAXTHgHG{d%=636rGku258H^)#E-<5rs<-I1nWIN z1rgZm&c?J*)5U~Y)QPf2z-ur@z6X^b10Ynon(S=^lJ4{lr$)PvSCC2F+{@rMDMZi0 zb3+vEzdv`I+$u)&thP%@$|nsp9@v=*#xY%rs%k>qOqOcjH4%p%PE}N8Lm=+E&aH+5 z3EH?l);R|xz=uX_%o208m;r%OgNIfA2z`CZFyI9ulGEJmgcX?foA7Spcp{h*6#GD7 z1ToEJKeNt?feF?U;7o|H-f8GOb-e3v2E#!Q&^GI@+9H1;i&^T)2oo6vMv95+O_sK!{;_;Vnr8`$2$D>)gb|-+~@bv zXPQg(cS^l&a)fiLs0fKvbw()54dQHd^LLY;KpBk3XHHrfOxSZW`GJjdzg*7p!E*rF zeXHCDlZ~+0pS4<~U{T$!&Pjm6k#XlQb&fN!;701)DxDboN z<{(9qVPac7%WfH$zm{=SCBMmGe9uB0YeQr9I$78<+C?)NBsG=`g)h@InnMu`2bD({ zE<<%5H>Hr4qr_+4*7ZVyzorB!SGWD0ryg_2M9;t;l!fq)G&PzJ0 z6rjQo71^0Fj#$H9Kn(}PBOeF;7_;EKRHe<+YW@Aq*2*2u{Zq8RSF*8d1HMW%NY`W_ z@@|ROL;q|!p2H|KVW#qaa75G`kKs)I@Hg1dsAb0GjiF4K>*_-~?KwE_V#fl}oVu*? zQ*6okv+FmM8^@HAg5bc0qO)H^Vo#tYTR!YtfKQ)(aUv^3DKgx7?yk!3q2Z&k3L(x% zL`D`xNGPOYENa;2b0$p@Qh89~dsq)=y3$BAL^xk-Kg#1rdU9fiU?hm}uto~dt+bo+ zL}%$`Vhs&NBUbrPujHjR3K^4`-_+y{L>EN5z^HRffm=?U@!r>wuFDv- z>i)L12m6IM-@a@SXQ%V-=a~(G2Sm3hxX1XolzYXrZ%D-O)K3)y%u%=o(iw(#p*?R@ zpmsW72Hm;qUy0BGXsE_7<2`z|qf-F<>CZvhz{>z|AeKbMiLx+QTaYafCt|GwY)MJ6 z6O(CJdgqUdhaq$H=nA42=rLb8L*?JIja#x*{-92H5yxgk;)z(r3d+-vQiT7|GsitU z+^8&>FCd?c&yFyxE_zEY4an8KYm8e|YF z)1pBiX#hm}1euQHv7>LuQ>(^h8ID4$N+NV(p1KH{@I5ye#<$Bknb zroE`d4=1y0iBJYGw1+1svRXE8J8A$tUFJ!KS3x&>d34JQHu$W8u7-hKU?6`wT~`Vm zv}mTY{gfdrKa{z4QP>`;d9FQq6cR~J#TgT7e0}Z5nxp5o*v!Tz>A_pQ=~krG4<~w* z8YEKPhuagf#z(#>)g{`n?e_8Qh~n&b_$g>FvJ~h!KC@NckZtw@o8f;xsvQf5LxhxW zd*)#2F7!N$xouFhcmF4T(wjg`OH=&`6^PqSmta%>e!~>F&HKE6mXj?Yd%<4v*~e`- z5yvK@01h+T^{iSaLoC*FEbvbs5n8gy%oxsUVoP&QF__Tn2!z`;-36MSmZXdEQ>7J$ z;xf2j{c0X<#QMx_WhQfCbKnn;z`DbeD~mgZUSEjS>e!!XYbX-!h60(8l_TJ#_I!mJ zUKf1JgsWi{u3I6SW*V({Q+oz z-MhZ5E=-q~bv+Vfxh{Ut{uLqxc9)#9;4o) zIwi{XUjFySBbdBJy;Dzvr4Lg<7$&$|T`XQ8FRO<2?+k%mhDJ@$KcM#i4`1&TB#5@G z-Ii_Jwr$(CZQHhO+qUhhE*o9yvi$&WZ@s@*C$a0VYoL9~xPH7V_u9X2Q*63D`_ zUo;Zl>F2}aJ4}UA$v*391*26+wCt4PCjLyGsAHY5G1*J2iU!5BFYBwvwyvV97%WF7 zLi>qdsAY5bCK>baP-Ww0m+W3z{dmV2q1lQ{1o1F!2}61zNYZYOnPWl*Ij10Vvzx9^ z(iB_)6OR+Qxy`cv0(s#RU@5z_i%fK)#C$x&sDPdX|Hox+n%40nK9Sk@Q@#fh1@7+I z_Y5F&QRcU1k%O<$#1%R#0ranD&Ee3lmV_*R1WHX8^5^g1C^;jNbR*N_`JkSL_HMbDsL^O&#`>0{ z-Y0t<)NDltNgEvPDg1^wB&^E3vLrr{TFWV(5s^|Nmm0eYF1nZy@C;VZ@S^^7;$b)? z&}SysIhlB#ZbNwvQYw*@-oS3#I=>t~e-V!zf@S@$;U>|@*i1|PA*{g^JCj191c8nE>e@`2@xC7UlqVtsc;n@x};!O0FQqz;f z);73mzZUCJw&uJxkEm9`84yW}JHSd+YULxflhs^gJ>T{J$Vqadxdl*GV?2fmtD`Fj z%h=Y0OIMLj**FhA;bp%3!OThgQ)$PvnY|Bl4wyjHJRo$E%lYWY+CI~+yLElfbwvC{>J*a>KEzKB)A{yr1K3|v@TgQ}pc+dob- z%oX_8O)0#HVUU!=jDf!gW(C$8ql zfiGTd;p&;7+!r3=QzMW57Q$zha^p}xHTAZv0PqML6aylsCquz1myRk6zdcD)xvxUD zcgp&M$taS&kYGW&-1T9WJC%Y0LC`^9)055kH*QD|*x78EXfjL3Ek+%yuRNx^kiVxj z`?Zq-&Bs0y@jTsX`dEXerjzoZxf0Ik0xe$s^mZqiL-ko8fIb|pv9;>!sQJv!@!>$w zIAK#@$Kox3kp|I{;3!DQDZ8!NUi4xF+nq6)(AY^0MM$_ry9k0BtO<`8{_u7VqeG;; zMWc$HJ~pSxx)uilQ6w&ia7*P~Y1lnEElqy2LLvD-NZ?an{{kEmYnvk-2@%fTfd_IY8?0!)yZa1fsJjdJ>{gJMEm=e@ z`6GPbODsUHw`!nDfz>UoJ4}8r*W)R6L4JynX<9av5d9!wZcc@y|?Zvv0T-w#wZUv zN|;9|GgHxCGbIR&8@<9t%&rMZxEz(33RnfC?WznT&hkP{Y<;Qp`w5du@?F>cIc$Mwo?KK(YF<%WQia|AkxiBq6Du-sovcd z*FVg7+v2ros+V>_epHPDRMX9LTid68Hy=~hdzPwMp|m+ERC!~SQMuXlbQQH1qHLqnHp;pratdvyM#I;WQ_)PK^?i}+>dn1X6=z(fU}Gis_!nbE z>g|Uk&8IC5i*|_0k=b86Dl2%9H@O#01iaWZSZYJE+cpKOt0U2K$YZ3PNV z>;VtUvuvzLaDJ9E4e1giT*~BNZ(b@yMJi++LAv#W0aGO}3A)HM!6A98sWC0*0M_1W zR4OH`?`otJ1P4s<)13sH!%3fb_j&7TP(KapxCPjcXtj3iK^FP}>Tldikfd1fTCZ{9 zn{&r@vygH&VQ~1c=qEyn%+f%2E?b$w5gF%>*ZCok11CKWF+!;jy=ma%8)_K&Nz4tkd=o6Kh@HDaxg{w#T+Qv}MU?>|A$^n~QshK-!8{Jkt5NenBK!z^HA3>EeP z6qwx9BhPBP*FkLlE2ot2+yN$ospHpOuMwM8m9>F**L%DBo`+PRu5F5Gz%-zG$#BH0 zH&)+RVV_xNcJLTI?~|j|7I0lsC&X|u-+2&5cmK*vATC5UO%+?ka)d?roQ^ee{U}o6aBosI2fFRbx zOM@_+mB{}L$={Zec4S;7gci1UNHL1HtvrCd43eXek-SKBTehQ~1-H;bBZyyt8W`;_ zZ}o=?8&{4vZH4$6P>{m1W$gmQnc~*wm!Qmqv)aKS7y-~m)VNKXDJDcC z{bN!-|C*Hl;rYS;bu&Bv?Phjh{&6!m*Z<*W{=LlNko`Y51hW5eGk+&<%uy=-sS1F0 zf_5;w1M`1wrVr;o-OOlqBeDe(ZA@q@g&c$faqP&!Rm%L;!vxGYt-G9sqxkdL$B79s z!AOgvE~NUS&{G9&#I{UzzLaBZu)J^KTO#i%f#GFQ&Coz+xo8Z}r3SzLC0wRFE{Q** z|DlrE>twJOFrWZQn4#Eji_)BzswStL~HXTmPz5GeJK}8QMr_C9s z+?(i&s#G@>xWH`M@ifftD$={)qVmFM1;*MZXc9!AfGPbCW4a7pRr`_oEw8$p$ItKu zVo(S)!d~V&z=2y1n#VD;#jw1w=?iNEXDAp50J7-&p1a_QiU&EsfN7Xe@Z0pmkKmB6 zx+qKnl&#Sg+-O+N84!T^&0x|N&F5od1RC=`WbrE&>;B3L9FFZm75{+VK6PaYSOZm4 zuLqstt72K~ldo|$1q93djg}Xm>{`PfLT$OW2j9 zgvw#IDM5Rt`VFG&=`bUovqkeb7B4SKyfe;g1XMc@P>UV?U%U7&DaH*?qaM3cmIbKo zY+RaQq9NWH-1$zwt)X`B?Qp@f(8VlI%ZBI3PY2cfW0W)l%^qvSCRIu;tCM06_Hv3Paf`z%_zg_bh(2z zSwMAMo1@!+VOUtO9D*r#{uvO&8nf@_=IHVhqqmE3Dw81TK(Zb0$DCfB`EC?d7IK6V zjg#7rU7g9$ZGb<_d*QCSMVDxMu=c#z;#WeB%oif15D{;3o@d~M-pb7oP68m6JEJs` zTg6r1u_7TsLoM6%MkSx$Defm_N*(t5IpbZZjAvk{at}aF|F|*PSA|8-VtjjM6>pVl zi0~%|Lt|;{LVN3s&{*kn7seu5m+=!p&o6}xa@xAgwFo7yA3zX;Le9TngGaq`nykSq zGaU)hfC|Oxi1PmeX?IE|=}|ED7)x&kU;FHjPq@4b?>!>mSy~V&%VeD=sDC*&n2>1k z>HTUW`MltiLq^0K_+NY=s-#n;#aC~VTfU$%*`3$N|-TC`D-L-8NP}21#X+8U|*hVj-5vF1Y5TptZ)tZzVg~K*@hUA*kz#1SwVnB_KmP+kNXZ~p^^EqYrv82cpEm=Fs<8KIgP5eBD)ghxlQut{G$;2DCRv%HHg+|2MlB9M%va(9htR4zpqOXZSKZq&ZwMRIGg*Ing%+c$ht_J zg#qj(aeWHoV(})AprC7LO|9Q19ru7FpQ9~lNb+=!ew@LsMOm9?us&H zgcd*xSXZ9TVON!)Ei?Sls4l<}Qpq__LzPMmLglH7N9#%=05UdyxXnrHbb>hct~-yFDo zwZrzlwTSW@FN-#l5r!L+s=MNKbk#)Mj^xUAU31shUYrOQ$b#yD!VxY#V44-;`1(Rz zu`puXvSNKn3cx-2mq9uE@m3}JiH#S)Ie)|N?(t=3Wf|zSh392YHad!n@{*p__GQY0 zWR>&m(>J)BLZPuJqk*0|ig&gkqTV5*tJC~IB@05xi7LP}m>C%y4O=n{dwiN_qj;X-z)rW97L)?}{=-obfmXj(z|c25t}kAPk*-K7qupHtcYkD_Zcm zclJ&75`o;0-XWZ>>DvDCjP<~Ew@oyho%i}x5wk}OrUA)lL? zO5et10zTqlZzk-!@A^Oj1Rv7jXoZx8@8$)ylD))DX))*Nv=4rlH(x0B6yET3JE<)j5)8z91XL$fE|C=ib$CY3#xDD1k6 zbKpY8-e!QdH*Bauc}!EpwOtd>>{vMWtmAC1YhYr$G|DVzteWEU?$V@xh-OXv+3IVsQhv9B+RMru=&5)FETXj|g9Ldqs~=k7BIn2bZl3 ztKL_ZF)~w5H@i)7s3@_%^Q(|a=T8>sam2QIdbhEwe0PXRw~W0?i|<~tJ=R@jKeL9N zY^nG=E(v_tw(O47AdYIVEY8S`g&G?R9JG@-Eys{hIvo> zyi!(Pr4D{3DQ6nLj_(e-=da~YLc}xIZ%;&7CtD#L-tbm$KVQxjW4gq8qF>%_Zi&Wx zKCmwezWWTfbaDTqq8TfBMIHl zNyC3;rh~H&k&=>rhN35;3=jUCII`CQp9GC_boMHWi7`)_XVZ~dg=FpwgM)a2TL^<; z#KkBzYeVy-j!xQ?tZ~%PBffk`C5E7{k~voT9{J88Euwl?e~_rSZH_jHQv77ZO$?at z9R0)mp??Yee=tA9zs$e=-^_oe^AGbM=lwVHo8|n^er)c){aE(@Wd1Xqf0-WxfJiI# zKbb#ew-5Ik9kvaHnvF{gV!hsNF0Tq!o*DwW=SUVUb5y{1Pj5h$*|NvA?Z(>8==QCp zqJ$F>bDxfrk)E-qE=-VNtqXR%*gSs~%JSjB;#`j$m9o-iPGu4{g?O8%92;jJ7-gKC zk}&LPo$0MUH3;^cPXRsSX^D88nV=yty5x&&kx?zJbXZTu* zU6!Vq{O>*wsG|oY_g05}e~Wyo6>*adSicH)_;t|?cuVoJg649-T>%^pcqPQz0w(RnE~HS2u=<=@ z^fI>^)K-upepY*O#+V<=Do27Q-}l{UqcQ=CLUhAs#`MbB<4V@H}QxAUu~MrG6y@@Z;E z`s0k`QLdn7F#vVc{U6lWI{2(&O3&Eb-y!r^p8X71LyAyFy^8VCq0p@H5Rr=)n7wQE z9s>97arb8;ZxEncrZY$w0g!U!$pwhBAbQ?xE>?BN!{C_EyxGboZi2>onTnsnpA>s~ z(nx%^(dceRWDBXWK#sXz?X2($V|qi<95WE)_w_|Tbv8U6A$0Fn@xT0|!)Glcj!tu6 zlx}@A$?;s2Z)6r)$z@}g!9czf-hkx(EY!3TkseT>Vs1ao>Z-8N09Up!5HgY`?ieEX zGM(DDkoW|Rib7!xCS=S-PWo0LaIhW@Wq8u$ZApX-jp-}ZV!aEd$85s)iF~DKNjeS zJMk-cXa?=99r6{Hx{NZBB#&uvN!mJnJgQRlKS6>l)&AwjQ?<|mP+n;hH0r5~3I;)R zrUR2X3cg?+u{mtQ6fbb_G${S_tHHw;w(3)Fqf^r4J1kzH8{B<|!x0g~mWQ*)U_FN4 zL&15$h4P7q3-CqTsR$Ogs)GZ0TMA&!hR(OLP$NKW=MGanvijxd&NI^jMxx|b&(p%o z%apJU-W6F=~Pi0Zp+siY8CiW+t>!khYi1%WHwP5(7fEu#i3bD0J zh7sK*!i>SH7(1Soc4PXm3!qwSVFi5d;v;_e&`?0E3J+6&zFXDn$FJ!fFm|0>BgBHm zI{zqC1squALxC`i^Pj-s+SxBq)qOqfR9ykvoJbe&{e6}hkYT!;xFQoog#z4#t~uPA8#F92Jgpbn3FO&}sCS>+JVux(b@d(Ln((5I zh23V#DIq?jtye?;Da{t~q~_>tUDE59(T`B+FFtb593vtez-#x$0IHErIy-OV& zw+#0#VXhizD670#nP`yI+9jq|+rVYsXY{q&nOxy0Ezdb zf$C}AU;R18{hW6HhRQO{;ZT}(eASp8QIU3Lb2HCw*An!8D9|G5rz9L@8I4C|v*MYR z8xUO6Db%eW8}a(QH8I&hE8Z;61BpIuBaI&pc*5OWm^&Y3nEL9_yi2K`6Zu z>rMI2)5)eTf3YBFo-=7HZ8Kv z0b1TEUFu_&P;XmbfefyseW)aODq*IMx~!6}%7eNQJJ+9A)TG>v2BTjio;8$I8`#>1 z|9wRwye1UaXg%{sB4Vc|`W!&GlV&&N3H!457%IZx{-IvZc8;)oc(JL~^q#RX7-8wn z!uK_U`TcLI{qIB#YpO7UDUN}uWm7mEp$00dRYMlQfb?)*%Kb5Pzl`RsbVb`5}LF#}}-!4#!vw$}#Y)1dN+ zqZbc(d73aDc+0DV-(o`XNebjpFIRC+eZ6rP#8Y_4@*QAr0NL?Qs7}K@WAZ!>>l%b& z0FT;yuq@oWWlC2H?C?@ioiWXTusrq<@<^e}N zSQ&D*FtkfZWw9|^8&8pNA2cI}f5$|bL`f>t9-!g(ITHo9uPD8`!dJurAezqCC~#Olr%6D0+}n!5QQVJ zpk3>FEG(czp*7~<*XSle0bVIVCMga~@H!bJGFm@tjTD21OTK*FrVDL6CN`stEIN?s=I-`#{>`4p z1iU_9V(>qf=ws!hpcInEue7IVG|)uy9A$7C8b0?!fUjCP?krq!g^+!U+toR@VzSUQ zQa1h^I=cfp5E&4mwj&;DVTOZF;HZpfxDIFC9cu3FkrH%Fv`c>BlV2`6n~oWtBbJ7y z?*U?xZZ+R&<_}CVE&tlWFDyI-Z!Z)URSee5elI#y?9Vu4(8BzI;4WnH`}&=d#vR*~ z`F5%2X|UI4rg^oP=?e9>`@6342*$g8I~@$|@7F$S=-n z@>}R)I@1&_jCau!K)L!|iG61-hxZ`O@hR5&`DM1J?GoK%4mjobValJE6h}z&@Zf6N z7RERuQS--?6huIn?AOI6*NM7LqAXUZD+>yzrXZ`efJwL~*W}uUm7Q7Wq*sPEfOHNN z96@a27QIKlTUq`jSnyM9sG8yV+dv;yJ!O7l`J%Rw4gT)gA-T*4JPZngZ;ywgCjU4J z%)fa#M{+-_95VTZSFE=o`$7?}hi4qykFcfU+bv2Y$>cyjsy|}e(Dg3joYL>aKd2M2 zip$D`bs%frVGp{NxWO43LiCR_$Jmd)^^_n~?G!g9S$c*d>4UMuOfus;ftn7x!US3BCF8}#eD<50 zXh*ijbi>C!*ES3=t=8CF03~w?P+dv!82wJgudH%5hFs%TbTco6;G7jIv>VNmTY|IM zTB)N@G~Q}(nbu<*75SGlgk8Ue7=h26Lx`rH;cCB!WTG-4&-fg)6}$8Wolt8=DW))- zOQF9732&_WEWM`u^VG4j9n?6w5zuidiEjvjB$vm|{4vbh6Kd>Ptf|zC;uGCh7Ig{v z`=7O$od8O^zXNIk*NmByG{%~6{%VDLxUF$p{{pE4Uu}Qn!#ejy)Zu{WxVy6K+GcJY zQvA^alFJx|jA@~mrXS3*$WsctKjH<)1hkW3c}#9h#dR2Lr)X|a-f^M7$k{kFMJtQA zkd$fXlKiy?yvIzD#+_UBb@LJ5gv*5CRyE#wq%KMnmWO3=I4?*K%6EI>5*5cHZdaK# zf=*@5jbp+jZ3npZ2n_Ell3|Ewhn3M8HLng@@;^nT^l)0K+tN)*(T<*Ww~4tT(1nb- zN&RO<9&pRfZua2?c}p{D<*w>LtbmVC+`fF3Td*gVOHP|v`_`Zy;*wk&Y}Ot{2RCXS zh#{h&;x}3LfCh_B*Uh>~^j-#kXLN&YL%3m)quqDGm3)N{Ca)|$Vd^T7`yAp{Y(iVn>Uo4JjT6hS|KyJO|%gXFH4BcGZ6gf9AR=1!g=p%4y}wA2zz5 zgUa3}1ol_go_vbcz5M};oaT9}G&ruF*NpRY+SR1IM>$hQi>+N~V3+t@ll3F8@QeX$ z$;L)Cp46uRWn>xzgHs7tYahsxz`A0sBxJI&zeN&&FJGFb8*MX^O{qz%>Xsshv6F}_ z>{QvY3UoP*qCl*(uNdr%MJP$eNkt-d*Yq6YbN&^EZET56nAs8y-!&ff{4Mr5SI>7F0{D!GfZP-XDb20oC1&pjb&_;WkkTY< z<+?bibvBWFN|Q?>bvEgEUur6zRV5ETo&J?Q(-aZMc6HZh1Ce|{JXyG%e4k6x0#W3( zY|e6t&{@(N8xT~<_+fB%pHt#{yOm%bUe3#59qyg}p)_uuc_Oh^qOHCKElj3(R)U8y z%qd74k*7cp)o6f-`f6{2-2V$3aPzhaPQov7(bV^Y^2$*0t5~QVQBE(@&vJIj*{-dB z#5+4rw4^&M)@&|73mlOoOsfjg#M$x&4SaUO_W@{k6)2Nh2N*!k9InL@rk{t9`qUvr z`#?L;F-oIZ&R!12h8!2dj}FL%f^vsifu^N2!QD6X^Rt9sDKz6QoPRF+-bf#Rz(SUs zG8DZ+R$>BTMAmCuSt$NDXp&x%LwE2gmCjOs&Lc)mE#%%{mZr9F%CkU;4dIh-c+0{l z%y{%}KOoQ_zgeEo8g{7L)kc@?K0i|`3^e&k?Pnr7$(|yZxVT=1t}Q`mw2z|LJCudZIwEvn^(kQZ?ZmpOG;0 z1Ya7?R8^6gS8pA`V;eC)M*UnKlywTjsyv0vD(^eToP$g0oHG{$gxqRLY$Wvyt!oe3{lEs+eaCq zYLgmsOJzHi?ialsDwe$#E(G{t=}mcU9L%E|r69W{6|-twoh~+$N-gO6r$_f1OpB-s z{YbX7Xub{wQPXnc1$sO$k|?5}SadMq>)}H5K}AWX+`c5v&u!*Xktdj`p*Ph{-kCCY zJgChZh?gZ)l^7(gmbc$EJIS~D)S$#2GC92u@T?z+xjV6cAWNh`{l>)QuJFKTOtHO5 zZMR@oKElcE6~V7wzA;t(R&H3NO261_u~*rb#Mjo`Ad!QiGQu<)UhV|{8LMWp(!pAx zw*Lk&5ht-kzW{F{9e?@`7O--p{z|?X^=jFyt??kw##Ym%XBTjZ+6&aQJ_Ir(GW%v6 zv>YD03Qe`5qLy&LW={){nI!RVk~aFrG?TvSA%R|}bi8@&lgpjq2Isu0U!!?tV;S&5 zt|e0F&3OseLl`2OQ_G+8h09lQbY#AvqbFY)uSmSma6!va)v>8I z1fqX2YFQ|4;Bs)LOn+_z@?I7+1BL7hD8Jn8li<&Ysf<$0^&Z!?8d#dA{PIG6-IB)1 z3;cv$oMl=iFIlZXks>I7_l5pjqTbDfce5Kd3%63}5YHvc?=a%1Hp9HuI{ZY|Ml-yVpzcD$$5mL$uJR}pJAWXAMxvAAyERE+LH z1F-(Mc7e{YMLYxlp;6B)fn?u2Cn!miY|B{mjTU-G>5_1Vf*OY!V)2tXSdyU*v=-^7 zT0WUc8>)I^Li*0K+=bQ`>A8;^Skd&wxUsNXF0q^DC!$zx*U65_?tDq{v3L=IiV{6=Rb0QzD?^ATyGcI#^XhDkeOBM=fbeGcko z4rC^b%dIM>8tS>^z zYtA0$xzMs8TUDk-qk_h>ES{Eq7S>C3y6D4BJk#<1V>&YeZ}p=Z${r5=p>sIDYtE!y z21C-F|A=y6fSL}THxIm{*{UWve z?%p64yd?_@AZImCG|-dNXXXuymLHLd;Ch&57ah|AingLIrbDDjZ;kI6nj zOgT7{KRMtJw>k{;=D`@w2e|xc`$_^Jl%E1kG}t_QwoyOH+$zmiS>gp!Mb5K@YtUM& zhcM@&ZTSgUg~@+Ijn?Y}%KpmbzH(pJ#B)?&(Thz@9k!)DtuulGvbMKUZ~xi?$qk)G ztqQ-mQwu#^@uw;}QS%pKqXD4oFc%O6rtDjhO{K8`xSQA#ki7PrbE3|jooo;L$(^M; zGBO_Nv=o$fV1i_;l{MWm8>j0X;Ui|in4sJ-b2JY~?LrewV~co+>QSD#{!Tfnzf-{D zcw&{iG9s%PqF5fHAn_0;j(jJII@`(PBmms0;^fL(cw(Ivr7&ZbZPx~GcAdXeX%QA{ zsv@4Ec$-ccj6P_2K0xh?-##B#wRc;p%Jimkl0!X&t1D`2HG@ZwB?+(Hs(c+}6)PTm zeCv%0grXk<2p01%5EXTGZNr1b%am_=>R}U^MO5FEChhxp9rR^0dyP-H!f?LaQW^dF z@|C&R4HBu->S-+)m|_8q(d2P-Vup#S!rVjAM&dBE3WnDqpL!xrhf2dOvF3xC!WP4hV$s0 zDUMY&ok;t;jz0!TZiY+X8~da}h9ZY;BetlB$%SAhGX*{A(W%RkvMogd;@1b5iNTZL zEpd+8ZtE|k+TfpSXawxUqQ*U^mHlR@I0p^HG&3i8Fp-udAeF5&YX4CAjE6>`9gijJ z5TDSwz$NA|GuFQ2TOOfa3ibGNS+}@8XDY=(1(P~mLpocbR@G=A-k#+gI_Gi;Ng}Hv z%+T=Wz3MlU1ly_yJKjUrRSp=OxpP@L86838X2fZtznKKB6ib5Rp1pYh7QvSh%Zu(LEzQ_q`E^ zi$48Q&vh)tPmTHf&YgYx@;=y0YBE5#sZ`>Xy36Zd%nB2n%a<2-X!4e| zVKr&I*wX?P!WC>oD&6XnhOwl7>#a!_dg&HqG@HRywTBiFxLu&|Eo9_m3Hp`(G4ltLa z%9A0l?%gYS79wGF!nH1uh3wy=5aGz-pl{{|g#}{L1#+cCK72wFIa5CdjWj9$c^o04 zI~RE*FYeL0H!cbPUEJ3oatc=r7i_0V|G-sSf%=|iUhp@n`_-JQoYzCoNW^7>II@pA z1GGA|`YlzovJIBfZ!a?Nw|l)WD3s{XH9aLO;M0Y*Ozl9n+3|Fz4W0l<69ED)dzs-1 z6)gnt7j$DJ6Lrp^x8AoJ6WKH7jQYC~ZqBA}aXS+us0|FHY43A(T{r)Lc>iN9p4Et| z8YFOsiDclR8fQ}9+k;gf$qqdOJ6_&D%zyWn(EkVXL;cJAoBzf9b08)EF#m+we>49# zA>9AE%u@6(^KbqK^Z%{(f6Py@^Zzry%-{Xk>y7z!ncOM~!IRNfD*76OBxh^gxF(6| zvv(Pffj1x3C3L534Iy}mIxqcju9@=#4JgBmK1rv}7ZCOP%Ciz_JvR8V`SE2f1|84M zaWE8g+omJ^Mzx|U5em(Z2ZygP5OUI1!cZ?bE?iWd0o(u-3EgElSMy&Vc`7cB6$TF& zin>8=eXI{B8Zu56zJc5TYNzy52{f0XFNm@A5znHN=Bb-#``(a%!ZIWLQDH5@zy}1J zy2!)H@_O-uY{%)vsEecfekcu_Al8y%RhX|T`!ZM1jAO?WE0{`xFxE~tV8|h~+!SCU zvKjG}&1t~Au7IvRsDkRgxCDcb3fiW}Tm$-;l(^1>+rLZw!$ZOAqBOR-GAp9Qrc5?a zu?cm~qH5Y^Y72M4wyE&{fQB*_h|zGy z1(Qf_sF#_^%OP}bM7?Je!Q+EFaJ6TzLX|u^+h)5Bxp0IHynUQ|&2U<^*d5_n0!-^QeXmjT{kgp5T ziG!|~2cIKzLvjT9b~YRnyadE5lsx-%H34T~%NGpHhgVEu1 z5P!c?rKe56Z8jt@Z}S{g6>IBhm#b~DbwvAYy9?X$W577)6c>NggbHK%2HY)E)F9NA zjJWMQvC;CVWO)<99-tY(%IAe1k@aU1F+e&GMawtJc@D?}&dXIu>eZH*Rz$n3XPC|M zdVd{`?XbOqJAA5E=jC9}LD*u{rG>5(>y7Wu3yhFLJzc(lX71&2jjoi=h;UeH+xN#H zPR2qKzcB_dXLMa-y>W+pdrr$Ty79z`5UOC5Mv0fGRz}_iU&0{*+;BJZn0fhZd-g+& zuo3!0qA6&GmcOPwqi5_pgg~AE=v)=bAcpx57g}MXbx9X$qRi4w%LF%O^H6vh+cUBE z?#NzLw)cEJCpsjgtn+A!uCkCqxO+M6%SPwA%lQMXvQ*}>cvebV%I#LfYwYWLgiZe` z9yZG{(!lh@iIFg~T8@9lJ0IxI3lR;z=Uz&t87D;hMEhcp!jN?Vy_1!WWWz% zPxlHAUj)d!A{al$Ik;_m&#}r7a8YISCMs~TNCk(2snTy&T zyCmLEE3_UbzY&(69Fd48Ug=0CLAX>|f1YSq9t!tEEbOe4b(y!Gb8V3^@{XL_;E>|Z zz#GcG1}WpOfzFll7Na+33WPTix?1cp$7PTs5#)!5D!+LL!SUs z>~{KC(Kvo)Xuts}F`u{~KDBTg9aa3Kn|JO1JPJDL_ljH|Sfwu3vmCHa=ESvpnx83I zN;j`-B*k|W^=y)GSwQr+5F+E6`E&wOb%~b?Rn|s~EU)4v8Q+72;g$$|IKUcBkA1w| zs1O(=kVw8#j{y_ySg zfC0qR>L^4BjPzW059r3R&DqkIM-mn6%2yjb{j_K$!cmK84^xId=KQUnshPP58Ys-* zfS~0;M3x}{Nb*5OCtkqWBK&*YC@^}!h^*VDQJ#<%^UA)e;5r=MdM8icHb#KB)U9j$ z*NjMS*l_{Bud*uea=7^XB>oJ-qGH5_LeDON83pAWY)|^OOrDNFqHonF$nxx=cr)abMmP>HuvD@v z>XXEG=?xuF)cT6xvLX(yl##jlrH&u29G;X*KLg%`~MWUjkMgRj08m+EsIS9IZ` zo^8dv(st9MOxYc7Acpt*fZaGS84xl!{g}`0NU@mEi1*Sn^-Uiv=f9s z6=4Frkr9yBqh*xoGp6UTy^_drDi)1sN^bEC-M_!4td>mSpw_`XZ7nJ2TE9w^SC$IZ zMrNv%vzMnH8umM_d;7udDih9}bNecsi(lj&gg1Def3b~b5x#zVgc!&nF*7De3YU7+ z*z?pf(Z!0My1V8U^F)-38}9&m@*%ut3N#(!AjWsMy$nwIfAiX>kCKFh7?yj{0Q$zf zh=e2cUPi9ZYx$pz0*A)Hb=W0Yqk6D3eee_e{KeSjKLLMuBW!e+UO)4s%C*|&>mU|- z0!edaCCnR5T4~qONCj3!O{4J{)NXminx{sPi1j%!G4JjaD8HWO)Yo8<3zuaQW>M5m z-3mpfb(<9UVM0B8&3GD|oeLT(7`a@GVM!QWWiEf4Q0ZHMuhJp#o=J>q>Sw2?P%B50TO>)mHL@AR;32%lOb& zYCP4QK&o>-dP*{pk`71s)#le;NH>Ywop1ST)fK$-b++Z`WDx-WuAXGYFxeoIzJI`?sdoN90 zewF8!iR7DSE+=)aRXh?zgjwlJXF1!B#TXdtxgwv#v%xMsng$xx8tK=sr7+-+(fKf1 zM~1(I3NP$svh<^1&ik8&jF@shK{=Ans#tzT;gIR+H!#1F+;?Sft2U71BT!@UOl3KS7UKD_rSo{H6OQ|1aumX)(38qGcr&RiN52WOsoMnJM91a{4is^vMzR#?9{BNYjae2}P|gD{lhs80Yc# z{(_DgPwu)604H*(&@)=R-czMw6ZpVAaqJA0m-7IKy@(0_Y%?fxNTO4ePlxF(su1TX zinCt-8#+6sL2XqjGleLRklV}nl?hB@E50hMsQW#-nf5m3{9$t&XZCp6)JjFOx7h(q zxwM@XC`n_b`_em4(Fzt@pZvv&B3Pe=kU^ZErX&s>ELY-Chv94Z8h@lm;Zit}%+x(x ze^j*X*U>9-yWSp`cvE%$5A&lC!Tm4hhyIuOH~yRX;UE8D{+|EucH&<;zx$hsBlAy1 zabh?CE<}KT9{>q%h@U4(2~V@w|KsZ%n*{5!Zkv_1Ds9`gZQH1{ZQHhO+qP}ncIK_8 zBl^A3(GmRz&ZiS&?m5m`Yrld62;(78#TWkTA56OcJoCdn{`<_&bo8HRelvo|Qm+Ld zUJ`1AYO+A8S`kHg)9o%aBiv>oTq=v zUH22(o9hw@Af&!sdipYzvi8UGm($_N*lVk{g2@}xcYU2i`=yq%fag5LpEX^fm<9@_ zub8}QGTQXMQ4*%C^cAH524?R4V(wY~s!pl9sVn7|2Qdb^k?r}@1d;sGO6xd|M;1Xg zayW%305T5O@W;U-&57XZvY<9K*S_$e@ZdPZn9)ASJ{^Ht%FvpJ$HqZ>#C)mG4LU+w zV7cp;iIBb-ci*mr7N^NECr)(LGC-Kts75%Qc-0_7I0%c^6VC5=at6fV5Ml#nSREry zZzmnF?1f$9JnoaDU`cX*@sLQ%>lsUc{3sbk$!jqOR;^gSS))fp&rXrV?zvYD{ENVLKe4 z_Jjg+I74I|0`sda2IlsU4yZy(^J2)vj(}g>a(W<{Z1jUR4LldBwCf!504Y#FB4*cR9r1GgLN9NGtughtrAvhrP!+yRY#XFxrYca-$ z>U=Vjo2=~bK1~z*LIs4N`2kwr-kdpRH<8tQ)N&-IfGxdwOZ`gh5Sqcco_u&QyT4Q1 z=yAa5ZtvUk;R(BGNCs|^+wPs`$sXRjXXbv7woKh+uSq3Y3&vs?YBpp64!W_0|G{+6 ztoFICP#w^& z}JlPEjKWMQzTw3M6K-p ztAnQV=BTsyN!FM)9fBSvioN;{HdW974Kz^kQm->Nb?>kszhoCzx1Y&4G({p;^meP4 zIPvF|k{lU$l8;doonOW#DaB$xT1*{nxTHYA=#m~$o)A%MT)>@R74DK0yr(Ka8 z=8Q#wU{de8%-ObduLUCrUAr2ZhGSy2=Q0>6eIk5OzcrQ}JU_SLu3UakeJkd&$U?Ij zp(Jg^;_8rIH93-E&x-C|G&~B4NW8M48WcHe&^UEX0$QTH;A-kEAhP#sY1I@23$1|v z(LYeJ1%y{~F#v{d#q~eR;5P!^PZV}KgU^N6;BiM6WvV`-YMpY(XZ6sSP!^-N@l_t+ z5ohA9Cm7mTbq%J0F`jzUZa-O}vE^J_fNvK=Wm$i&pr=ebPP%P>c_oz896wPtMkI|w zPvh8J-8Zw`YvdGQ1JNA`&4jd`XLi{WH>{c)^|8selI5N{3}d>_p{fIK4ie}NVm}Vs zj=t5Z1+1ClW{YraH=Dn-HtDA<$cdxfh@9M*ZdjC6+pZW%CGuL=pu1+01WmG@zF#zX z;7j#gbBfOn{q%e1WP^(|X85v7@_R5VV_fEu)W#Kf)tZzcpPv$V$44!LTdr}eFT)Gm zw;Rrtf=BxD&hPCC5o?3V)!RZSX>#!FOF)4(HUry&$3$NNVEsS{5NA>(56MmIW4cwv ziGSH5NPxjCaPe7|5fRtX5Rujy5QbUY(XypmLGAloR#c9@Bb7M6b?Hu4dzb^)4k8<3@(Ujb`pHCCuv6th;%-&i9aaw91A&(SJZQ@f_gf% zp{c3z3>(EHFi8@N!#OVm5A`xsQi(7pwjTE~dH+Z*Au(7_7D(g#y9cj>H~m}{4md_@ z;G;Yri)u~+ZGkywu1d>fwNU~p z!AE@TdT$e%J+xo(S|(w603sh@DkO@V*gH7p@ekXI=`W7;HhzQenM-7fF{s_#yt=n~ zZ29E%+bZVF0}2(_SEYT$kTz`4I~_NI;q{sIzJ|8>rBp^ zuB5}UrZ{Y-7Xc-x{JWNHB{0sB;*`nK6=Y5Ol#+*2E}ewS?mk-wDngo+T!d;TgA&(3 zg8fj~=D|;218<<&ZGCi$(87P}Oz=i@Ez|cq_8n(%0^;PCNRLL<0 zN;E|StREx-bZARjTA$}bI?sKX#QsEl`P;J+F@B2H8qF&94hZO72ooUpCOi(sL@4P( zXCjldft&F#?AjrX_TkYe9nXc6k zzXmi2hOBG@VN{%DaDZc`?9>|nyb!kST|K4bHB4xwRl+#VO30L|B3WI{Q6GNq*JQxQ zZk^8GmBCofKAf3u#~pulyA$)na+E_LkStZ8o6t0iiFYnhT#5sjRL}%Xc-xP({0U6n zFd4%cYD$RrPhp;;<)FKji)>P~%)=$DO5+eo-my2=NI)*NAsKQ-n+hrw43+Gp}`JY z4$ET)5&*V^q6*T=$>j(f%mbmHKc)91Vry?}d&|YqOE|sy7`{lg@wd7;N`C;!&jC^G zPxxweV6H}D+D*&=KSQ|@kT$}Q>>15#`z0S!b*}%^iwGOYHa3%cL!0{2U3jS+C;CYJ z<=Sb~-d@pZAEOY|HKX@$ICs@#{vQwagVVOtkP3 z^1AB3XTvRGR#Z#icf;;Q_d#rfM6wF2N>m`8dVt}Yj|`#2fW?kax3}Ok%eMz#bEbVQ zu8>wWBguO=;G%?dmx_Kj#niXOa0_ZcIjrS=GAu&Pl8^pzdxP>hwv%g3^5)?=x4gpc zm97L-P*~63XJEMI6FFh3TYPs{FlTih8u4^Rf{KoBT!_#GIrl0DGU6Vok%ODUfZpsCCMflH;OWZ-%J}l~OeFj8Od4<| zHpO{3lE3qDL%V97F>OLD(L|ypz6RC^>O;DNwY8i)E>JLn+L#O^1vZ|n!9FS5 zPkH;T^VSv?_A>-QeJ4)4ZxXpM4N09=PvT2mk?XTnj?_pM$;AY~J}mbn ziFG{hC7dE%0>8mT(FlvS3M@zBY-b&s@>r>69``%TWVn6S+#=77i+IVXkU__`muHI_ zh*q#Q-~RkVH>Et9E`s&(3&wv28361`9#tO7c0qxZig4nS{@`8q1etxrrhPbLOgldZ z0D`sC7f!@$f7+Qo4iYT-voApOXZPdpB;>JXds%hQLUtl3_8E1~jKhrd=53|j?q1WV zfpqt-Zb_o->3Ryrr{?HgS|US@P&!5i4;URKgXFAf(A91-459K`#UD!{FrJ3P(q;=5S-b0?+2{&1CeuRB&!p0h%t=rwM>*15cp-(2mt2` zGo$O9p9|u>{?24EX7qqasy&}rNF(DT%3ZwV3fyR^_AjIS@`$z^S+{5mSJN`)06Qjg36J1?6`dfBF@!s+m2<7c9Q^jK4%La%F7iwcSwp;_{~(G0F*soc1%M3VNz zky|f2B5d+#bML7g8VAjrbC2_-$Aj+u3mp1b?YEw(De>$+eMBEddyl)=rykimCirGL zlL@I2SB$0;jn)XXYpj&rtjp_0;Zf(ek;cJSOF5be4(PZ=~0om6GEY*#1_4tbTyaa%HrX@euvw~2ega2 zNS4MVvXIFIFQ!R5tJPmLPn%x6e4q_1-t_d3xhrg+%jLH%p-)P|buiu*WIGrP2`8u5 z7X`Rb@h8f~G#K(~^+)xL70sVT)`ERpfPxh}L1)4u9TeSfN5dX8mkLgglJdeCKYFW* z^cK=oCFopsA2*Nz>qVX&SHyZvbXrt-L}V0_`?1l)+K0jRDS2{UM#Si_fc1*HZGx(g_`ll6|cYNrDr_*zZd zt;Q4CsBxK`;|31g$%i949V1 z9>0X4KAso7G=yhTR=WAq$cdli84&4MP~}zk&b;P2)KJa&h)bKowF{w~{danId1hD> z8WM&jug(-v+KHb#64rfSv;i3U{``d?uflIv!$lOynt-|&bi$~ws`$@pFB1joh`kBERSzY$0?V< z@Sath&h%SPH-M3-)T)Y+dJPWN^-I{N_wgT-qVd zS55Ju(-lQPhE2D%hy?12S}2K{MSZn1wPKo@1y%aQcSv7)4JaU`GsK#w+n<8hjvXGK z87$u)UP0Otu^)M7k@8uNQ-@=70o5LM0>4f;T7sr=5%5bIj6^)ro%~NMP?luvCG85` zi-yPAJ#}K=%#laus=;6^ETx#}Ej@zCUfR*s^0hYNb?V8x*%^p3^{SVV3*u(J{FpS; z(bTR90uB^R|sA60(9tQ<#Q*+CM@1Q zW7~za#FFv$O4*r`C$A%*daYG=0_90G@{iF=gWd1iwx&NQ*pp|S`8~?=Y|ZVnLT%)g zF?FG41`Pa$F*(yY7e5+yF^i|z+OplRmrib3OCE;!^bF{sy1GA4F-s-u$Nx4K~b^ zQTbZ~R*Zhc!VO9iwNC3?Kt^))uGC^^7qT$*!tD}hJod=AiO!@v&iI`m1lYrh-ZX-f zP28PI@2_2en5|17j#Ms=rReh~vY%(~H{e%9EkXOcA6jzUPG>7v1l6NVcb@QWQ{b!J zC*B8o2FMK`mquD;)krRXJltkdLWSgpdWE(&H3FU$GoYa*xv{Yw)n z*CTvA@1XdonYW0dE%GMO#^Wj19+pDQVu`oxpQfj*!aFRPBA0Eo+TvQT&~q8?+h=Ot zT0v}a_6B&mUfV_NK871j1YOYL5imlaDsCh=Xiz;DG7rk)Dz`h?WHOLX3QIg@#(Z>z z9iTBe!|N|$l>0P!n~2X+att1eZ(&Od$jj;myaUdq2rCoJP}%BF+Ds;`X@Lv^W(9x|U?cPcpOVt5V^LOd{<9VEl2)$rcL z3hfLKp9xA_8l5^wkHD>M^|Oz4B!e{@Tef!GPeys$T1Ks4bNzESARSUMT5CriiaoLS z+jsDeQ6d3iw-^KF{Mz@(HL@sFFm4at>(9M2JqAd-@dG$TWivZNA1;tkc+VhD1lVU3 zN8hD0XRl~OE){w^yms&4*?-$=KzP1s_Ofy|e_4Tw4=<2whh|5)4?gdD%(=p#Y_6Hr z6{*CW*lLT>T3jA6{8I4YPUjeyOopaHDHhzGj#wDS-0H!%vr-BtS?S4@SjzYvK4fR0 z73AL;YQ~Vdp?HFNkeH2*WQ-6O1#bhvFb8`rNcnk31Sil#(?JCG#1c8G4`VZNKGJ!3 zOXh|HaCmRmbr>weiUWES^39?RqXZJzPnHvZVi(X)4XJ1D4S`#AbD@|#9nT$|Y`n_d z%l>3v(Zk(Cjb#d_!BS2jghbU982~Zkm_2L~nKx`QrbB~W z5~+u>1L<9<8SG69X~;<8{3&}iMJ<`5aX_x1lcu3k&4{)72e!P=(?HC^cZ7qp&Vc=i ztr0^xu)@gbovv49KmEk|7eK@tW&A;Re1$JV*^xG9N$;kfVcgc}U6b%8rs2 z3PU=v9oBLsU?D1FT!8h%xC6_5b8a!bt~hf^IJiVEQ(mpOL^dIMYzuuLzbz1p3I;Tg z^Ce*9D?TPlZ$?Y(GyH=8gp8ysUK$Two5@~|ok&}BbJ>WDo)Wq4fVzdVKuAZum}RW1 z)Gltm_&>H?Ht};F_EUcgAIX57xmBL){qadWVp(f#(-M03_M8FhtHt{mmk*C%eOV<2 z5p$k}hsro5BidPypZ+lC0sO?)>;ue1G#Tgt*7#(8)BnVMLN8I_1E^87fK=xCbMyq6 z$4@&b|FgcUW!KtO=e5TA6ri|k3muU<3(>8=mZnV)5Mq)9Nt$}hmP&eljz ztQnVbPCcvm!@-P*AujB!NY<}0VkWB@XW$8!Zg~4Evy*`HF}QE%TiwVIh_>4alMWT^ z@QVqqQaHj^((TdjK%1b>@SPUYCxXb-Zw^LvH=i*ybfXc(i@MkTksyf{n;<%mIr@a; z)aXm4YVD&KDf#88!sPeG>zW*$&N4a(ft;N2(uQt7LQyBqky=4q_B(Vb*x@vbt2&>U zrDnd@s#7x0$h~4!Z{7An?=>fhC#gKE_s&2;KTz|Znyd8O(>yuJBzx+XG-UYm#4?sO zD4Q_t5CCp`k-b?u33YlxLsZJN@Fn|L7h^(h+9a{HQWZ`wWvc9csT86jd85hj`u3|c zDzEvggo;%1M6(H5D@dDpUT!OM=r;0nU@BS}Lrw}aY*E~4Q}i1bvsmx}&o(ZkFvtsd zr?`aF1?JCdsPZ7;CuwiH*C%A1hU#-pSbE%7p>hL2TpMW?I$$o;b>@u&c?ntUxi{D~ z2vy0aRRYZjkAS!Vx{dA{!|Fv8niGe?cz=e1#FfD&mj*_8b%=hmc6S9Q6%y>iV1O%7 z6`!=fpJz-L=r@k@-^VO$C{yDKqHtrz25$I7mr;p>+yV?1GvD2Fi91trbR7}nitFTo zAD>I9-2w*Eex36Rrya+tsMU3%4MkP42-89a{}4_ucOc?_t;1a6`}^2I3r7SBe<5b! zHr2gRJB06`142TajY*1Og)GG^Af%U*gqG&AucP?VyiETpd47a)b?VEIlsZE@F=iQg zgJaVoKm>C)f+PwXwVsCFG~$Z2hN&odBz-U2eTv+Wc;^q}tsd#a>}oX&@i_aP3rqfE zNf(oaNOL2m%RXYBQP{DOOWQR;k;nE4t>-X5c8dUSx0lc+4}$=Cl@ouE0w52f%zu!@ z8u1O$C;dKo>Dul(c^P>Kwn65bi$xFp>{_RK2+cfc5<$R8se;oe$CJ6VkUkqXdpdeMJO z4^^GEp7uKHI8R8Q=USnqgjk%U;0b5aBHav}jB&8EeFi?;cL|+fpsC|_WpgyN4f#)m zu{k5nCE(0ebmSK-%26{;=RuEkzS6huDx)pZkgQf>h*{8ac1)Q^Sy$~qT)tee`+in_<3t58I{=lRMf=^Ry*OwwVzCA@d8+%Icq~x!gh|o%{<}~2r3K+c_ zFqNY9DOl~*$C4ICa+SeR>UC&ypD)!Zz2I+}T7TMA`4rjj`#yfTVz23Q27F=GV+fhS3$A=cetgt=eO2ftR)C2;3QU zIZhzmB!w${S+K|{4)96>fmPe2G*-{rNVgA6KjB~btjeu@#w7R7(yP8Y24Q&$5^{l1 z_Q2d6@+70Uh|9_}m~wW4JHMBxBD2l#LjfRV0rCmuKn-hcsRJ5yTMY41R1og3(mjv<{sMy6di-F$~BNhq!RPY=d#hJyS(b9otgyv9dlsvUGl2LvQa=5bb7j^tXStNdARYR$0q#@0um%`{pnAo5VqzRT8F2;ncnRsQ}>Brh!_Hf1_$n zZYth;7VeO~C4To#9_CA}oFy~Ph9nw61&pd~@!SVA923X59UY%FyL;PdVp@Wh?#u=+ zV67;ttYoY|D-#a=p~Y^dDZ*c2KX^d2-tpq`+CRBb5f_d`3BDhDiq@YY?lXkf@_~J@ z$rG(XW$HP+PH#>0bxV}U=eYWqHCuh2&x+mOR5NkjgvlmPQzFk( z?EUa@W$5}yk=h?=&N$93sdCZ_y2S`1(|qcKeVQDrki!m-1pLzKKRPL^VPf$yiSDG! z-i3!jk6}*eu(T@ z-IVN9UTKFDQ+kT#OER#iR)RQxqkG?|O7lb#*W8goaGsAIY`s_pU@%pER$ISZzp%bF znU_J$el$CZa_lsUSa1EFzD;asG%R2}^1|15vT|7S3!E~28FMM?U==L|n`s@y%V*tR ztLL64*Eeo3MY5n9caJqKEp<7E-ucJZpe$XE=xc)EYwOwM1E@;}@R%)i{s%742V`on+RO#1DAyP0)j*#C9AdHFwXM$!F0 z-3OMyO{rl(&d7j2~Y-tT6UN*N4Hnd6C;TDFpbMA8xaZ+`%aVp^%gLpk4 z!<@Yo&z*Y$1O*A|9ys_;j=725p5I6;dwo1Z9XWOCBUwQUgQyfI^cJGNrsE>}%et$c zTI^IGYTscefp#UYU(L6jRsDPMxWuovaNyL&&Mb$s6%?Se%=_C%(lu}4zx38$&|KqNzuq_ ze+bOVE(u4Vyx)`vxkpfMvAs&W;KE8GkZmzDYAPiM{*a{~ey9*y=p^kjgSzU?-#fND z?e2eDbmJ6MUk*gY{~Z?jyPrTn94nH-quQOm1U#XN(%^+8{c%)lyX+trtrn@at6FJV zWO9@64&OAZjkkZWmnC+4xh%j3;Apx=7UrOjBHGc@_SzZgSV>6QwQCb=HL{YJ6p6zb zENIAOA<3$6kGB4eKv}7dwiP(3V;F~C9L?h~@jTH_3CJ@n3}Ig^Oyo!jdReTWDnjFS ziZUjr4jit^sG4-VmIwy1e<1?er>hR~O_U(*?iH(qzSE2s)c&cn--X`37p!uGSnXy* zl-g|TNbR;Q#;f>k9gD_okx++CS>sEqrN8jz7G@6jIe7v&YDLi^OS(WVvAi}i_CqTl zX}rH{W=C`Ld0#LAK@%+A2+$0rhSiv>{Hfoo;~4TN!Jb z;fl_6TA;aVC^Qc(z;M9ack@)8F=Ztn$>n-WEf9V+_3H2PIg>xEc}o;$!0=s%yP_i$ z$ws6{WtFXlYwtsWIzhhdB8;aw`#uvMeo455&ujX~rKLu3c;4E|e@H3Y;IA{?`5~;T zD8^@s&wP0XtnP2r+!WYohVtezgjDetK-tR~-vuGSkB^~S91xfdQh$^w6i&8{pEc!9 z>4Jxg>yKT4?h$5sXkXleQWM{thJ;N8n=ZntpCYS6dpY|&eUb0%@dQkC`dVrgrz8|_ z_i3O9rJSj;x&f`ki%6tyaSx$^IK^xrCNL`VX}rHt{Do9kviiSV?j+4MU*t(X`Y6UH z%o~cN_6i8*!uE@27N1md!O2KPc8n>OsA6%e7B&TTdxC9uDsU?Bj@-B*B zmA|)8hhZ!yaaPXI#14iQJlLz%xB`NB8yTeX+N?`8|ix+F`mcCa`oQ zOrB=%_1%h{IeQ7P^&V`1?`XuJD-ZwdHS@kQ4SY$5ve7Z*+X`T6NXHE94>j_&g#Hu4{Hj%jsL572AO0O#OGGMAfV^2A7qs_9CpPoP4*Y& zCo7ME@>6}ar*zyXtHxBq+FG`l)RQp=Wss+^-`LE844o^u{#u#0Z{w5`u z_QCk1gj+GvV)@>l$e{BHkAe%8o;lb__{Kgqx0mlWNQzwq43)cMMhfSqiilF`9p zZK%f)CP^7G?VK;qlu11304b+bfd6^!wMh zoJZ`p2N&UI09WZ8OHK1|S|a*5k9+Iw>`Q_eriHP3K#&-CH$iF=pdt zY_?duB}vH?_H|A3bIUGA&dQ;cR>PQ>OvrTnEbMxpE*jZg$3?Rr?HaE%n(K=W*SHcC zKBAV}#QbFRl%}HIWcsk<+ZOH$bQIAiSEVm^DAKRT?P{aUxo`w$f-d7dU3(38e^`XzO zlod5vH+|G30gSgQ7xOL53xrb7OoYwn;0q}XM9GqsQu4pbmYiAr!CPN$rd7VmD}3T` zV2t$j>5X0PmYA*kPr2U%ar3sW9g>Q<;tfg6#2a(U$f)zH|1qsoUyW2#)+o(mU?Tc} zVVLo5qIX=A8<}77$<(4VLhigrQ-^tD3hCbsja7&9XH_X}un&+T*!z04S{mqIEqPm3 z7=#Ld*yh@dBNTY7NBUWcgKUlYGPVkj;>iARN_TedQ{k-%hoVhXT;iG8`<8$>(@@Ju zC>LZW8no<~e@+;_OF^$l#SY+w&z!>ho(fPEXmO2ssoHqN&m6aIL6-W8*b!%9kv5aE zl|Wjtv;1L1sO8GoPa~1Zi5h5Bgu5XT<@;&vc=Ji?)fik2;AgiP1*8N#-h_D(z<-VZ zd0U5>kU9t}r@1oAb(w&}!uUOm(|YsODAG7Qa!Lqe1uu%%F z3oo+o{jv&lN>PP7HC)j=d}bt(i%kMfwHz?n*y2gz-)p#=uy4lw$B`uPq|A*hpIZb| zMHa}Wd~q#lXxZA*cAA?8@2b=4%(uc-$%5PY^+NX^Zdp@RHQ*0uh&B{J?~R%tq(rld z)y(O|`#{mglJ6MSJ~No+`gcRmck9`K|0c2m-XS;`M%(_?+NlP8Msf3L*K%@R4Y`$C z_%b+#m6fmzd9}M1DTX>7_Yv}N()JK5IvD+iV}?jm4=I#VUoR503fO_PDULF=K55lw zwX_z%vr=bRH32TslUpWxS0VXN>u7hQa9<`nX&BB#NN`wGG7%H}W0Q1*4(N8%`}bzO zuxEc4cM`a7ubQ>2AE-ySyCb0lVd%a5unmgez7SZizRKRDq|eo}7;%BJScTWIYuR`= zppe^`B#aX4O+Tv= z0K|7^njl4g8b4GS=(#z*G}qGX;GKC4T&*Ptj_I{PfRS^f*+{D>Z8@#_;Gg#a-ka1& z<}{n|0fgaQeHxu}@U^)_4e^hh>BX(K1KD zS5j81T~r_|f|}T}z&)hzG-MwGQfMOS{zHD=zvTZPEdusmEn@kNXxwXT7^ZKkl$dki#g!3_c?> zjPX_h_?dcE2@?GI4e%hk(59DbJzLxIn-DmInHSh-+L#dXYhyQyJGsvOA^9n$YdfS< zK?Goqx59}|S+g7vv&lL56!U)aYaDQxBYr*R(|bE1`$g!-y5In8Y8)-Oc6u*2n(&*L zc(5wC*Jx&GX{OZ`;1t39Pu#-Bvn7zSLkjUNJj++SCJSWpI)A=XBc418%QasmvO3P! zo^=Klu)Y})reMH*CE+Q9gy&e*RG5?bc4FHa-{> zm5MxBV2?Pq=d27knh5h)^>Q7u6F#C}OeEz9fSi$j-l54*VC*>EyWCdUkLC-ixoFp5 zjCcVA+L8qUq{km}y?H1j;#eOz!j%r?hG0)8u`ox}bFDdOx}inNdQW0`j9<%gf0p2Y z*>x>M*0$B;PV=U~LDC|9E1<$LX`8*I@Vo)dV#}0IR#9A{4k_?!FJo)h9e8OD^Kf|d zbys+9H@>=QSZ2qU;nL{h34yF(X1@`hiN*DcO`$RE_B~XQMON6L;M2uuBav`j`__&P z#+6iqiy?$HO8MW8)C#jL6(;-Gd=!X)V5*_SSNOX2 zb{5L2W+&|&hkizELh6@G-GtU0`?m?PisyQ2{hoeZXo3Y`ukI@N)vA1@mglIr9TFcD~&B5$7s_zfTD-RhXq(tWQjR@ z@R7#7#nM?uFOWL<^R`53D_a=8uUcB~pVTOj-Qk))dpqycPBseqh{#xm6&yDOmqlOO z&PVCDZEO-$^C?x>DttAN1`TDP!_3+YzHAJh@i}t3$J+khNKl}a6h#OFxHsJ_QGWMH z7oG?!2g_OWI~5kk8n(=^lpXU}<5q#A1YxrOr_~>Bq+HqVh$gZ6=b(9SH7QZM5_)Ug zOY{o7wNvX}oG#D*B?Ci~I__yZKXV)b5;*~Qpp5rvWmURs0^(dS5sUJ7E9nFN##P35 z8I&WbejAzMZXSp}@d^3O7H+`T0FBCh1lq&OwFDzfnPa(OS4~R<$w{(7)CML%KM4yf z%EVEssL`pa59I1St+D4ec!JDIz;A-QpCni1@C2}?)xt-&lm{E9=Ua%?{`t?)4~NJ4 zC>mWFY8LcjE7wHW6m zOuTF9_&}0;JDrgYse!!;4iT=njB%A|Nx4&hl#N5yxC_BZ`0E7=x%1l`eon^X{z5~0 zfg7yu#(Ytz5>n0Jh{>eYPLUrOP$mC39Fz$l28(9*{rXo*plVR^+Uq8;vx}n8^92xHtM`)d<+jTpC!y^B(Ftes7uJ4~2;&2tW2^9{s`og|`6qBdR5=9rV zPc`kQfZ^@J-I!ux+TZsb0^aX7kDjKB_nB=rid)MpHqjuAcSsQS&VpWDxuKwO=!8sp>~K z5-d;)eb~>kfpwhosrjcY>n!2?9Cw#yd{nkutiRihYnQ{p4@JLQ#(o1s%8+#wN35$- z7ntvB^li@@KolLIuRq2!;=ltxY^u*LYn#6G20DZ#j=7TarAS3X8GZC>XX%GxPIeE^ zLeh@B{~&lSW(-iD7LL5IjN30|+m}fPI_w$nG&C(y&sufZ3ARf{4HCMrx>HRqmb|zu?Y(hV6LGsE zDW=jm$75SSKqR3(N6kMFBA~P|r;#rz8{Wqt-!Jwk`idKdg*nS+0Us#EWxUrcfB5Du z96wA}L;wXabWf%^d?G0)cZW4VPl9#XWuv8v{(b`cVL=O#)6OGXMz>cj*uI=cj>pn_ z_!QxPg1tGpu;5YHzUOrrU8pG4)W^65h3`)<{|RV+JtBh*eW}<5+odc3jsr-fV|ZJ% z4a9b0)V(c3`vPM=In(5yeHOMff}Ffcf;`p)h=1L#x>jU!)|jF*9j@y69bmpEW|^l; znpToQ+ZTQ0R(9+;tK%ULOh_x&*g+??KIa&vIrO56Vck83WFyAeiqZI!s4*sz*b{;< zS#_QI)-szB`i@+r(bMmK0!JbbA$IwIAB>fY!UTSRb7u4XWb~p$=v|vy4!cyi7K)EH z{1i^-*bO*}$ZdB`>VH-(9ss^GE_opuXjq}g?`z>pZ05zBZF{Rc_W_Q1O9boGM~}}- zQcc#-{}^N_kNaHPnspP|^iT}hYT4#VgBZE%@R-Zbqj^Moef(h&<}gfleu3>ZUh^{Xb9@`zlJ zU3O?#03$)rqjgVYQ&rDyP4DyM?ll1RZXk>u0FIdSIZsha^ri!&AR~_myduJUn`~~0 zA?FluRk~CZF7E40io4GFAmFxo7t<2Pz;G`5!T+-jZ_2jTbAlIplPyNMCWZ+{!*dmkoU*q zOrOMt{b!Y92k7dMI6Cf1Vj>g(s&(l{hzn+*Lm-ib)|{7scXYS$`ycYh{3ZYYXc2J# zY7tBS-6F&S|7j6{693mC?*Gp4%K!63j@JK~CDs4R66gQS60yL4X9 zacD$PEaPOXut*a5M~%=ZA+u-3<4y%K2AxV79n5zRORe;3T0UkQ>&&Vv-*2A%q{`^@d+ zp;^2mnO1+-Is+%Ic^5y@eBg&7a69Y@{rMG#3bC={a-UzYcE^ffmjMci_u3Qwg+Pq|R(tmInWxEf@h||LKS96Qi#Z za{zG>T24S)7in#MnNwEu+7c=)%?$;PDj&BX-Cn_1s#r|=UPTLFpWNbNLzoWNh!R&T zwnC8lmc)Wk9Qch@u;k_M3Y!kUVeqj@)kU8sQp}jg*cI)zuA;s~n_#nqBtEE1tXZ$@ zo64qM#>a+aWnrjZ1edM-lK6);#>g0PLmf{<-Q(VLD*kZ@{etKUwijJDFaPyDc0G1o zj1p=t2au<%e1Uz!OE7+wfDwY{En^Eb&FE^fva)(aMBa^fgQ9BYbzJEsW)q&NXDc)W zY$+(H1*1dWs|Hv^_mUr0%WQ?Z8P{Ly9q4YZ=^VZ6gFUn<`x@QLytAm2Pgzc=`Wq!z znfNvcgC={Az<4( zq1w3dAf=n4oz>P65;WQz@axh3V>70XFVOfk#$>KJK{Hn6SWOReae5f^C78wne8e`W zj}Pc1+GL=kt7ZS3DTO&&U#-5*yR+c(+UBWE0^ouT$;uNgH5?Lhjj!GV%-=f}f=4dJ z5$ZrOClBa)-y7s{O*3=Y&-;-I2`=q49bfB2e9)b#PSG=g)KbCPaO>ts$fB zWwoPEizEqE(yVxLFl^J6HIGku<8$C0@4w4&#(<#z&f%w<@V7=c56B2|^F2Cd>Ko=Q zVje*atN#F9kpE!q&o_2zwKrIOCY5IIuDnGFa@rRJsb4ulFV;Ex zp!kWwDfmUg2b4UW6sF{^UrW#9^Kg(o$B0GV&uETDV^COnCw0Pkk)JdtL-P;$)!P0i z`D^|~ey9H=zYNvC$!}r&pX5i#Gk>23?ij>q9P>7u=5Se7R&|pkcdu$TW&%rM_?8e% zb>$QZujT0(;M8GpG^=a(@O_0aktz3uMTW&0HZyk0OszDy0wQ~zuR53RvYm_=$s?vR zUyW4*1!_7B>)_Q`7Ka7XwkWy&o6 zMHKHnb|<#Tpa_G_MGrdv=lov04p)V1iePv-XNhOy-EiS45Cr zuT^#gt9iXI?W=vkiyEuFol&G_iIMX`E;(nWL9|K9GQA6@i=Kp&y((2%U_v~BgBj1_ zLdUg7YnT-T39z|PPV}+v9X#0CQ|pAMxaLx0M1PP)0?`?>!YnHuMS?$@O53d_G7L)@ z8iFGNpQfUfbuq#}`I_KO_8!h628n9aw|NM%wmT&iuBV?6mro4YH#eX=s_={{jERRtp@b~8at`wU#NbfiqE}9(KNGMI5U((+#5Vzv+z0p^yO}UR=2NhHr{1cZVFx^-TWSG^+kngoO#u z9hvPI3ApqAdC>*;Ru3|xCCFA*sz+oT?6>E+cVNGfch!qch*ckNFBAV=5j8tL5XVD- zdLF9f)^Fd8lM9N8aVDiqbZj4p2SC6&wGim(UT9v!-SGmdAPkjCwTaN-eW+$`0XrGek6qy-dI5Lj8c_vGm z{2v2+`)~HiN{>4&G!-O!Tjr-DtF#Xah3%>A5fIAeE8ONRxYr=>GoXex29rA20z-q( z4B7*9?>8Q(VXN*aQo7N1JG+j<`k_fzKBxG<0xl zl?c3h_KXfCyXXVC%0kNn^W^~aG$=E3?r%GNN!kowZJKfHID%Nb)35Zd?!()yIek=7 zdv`GTX^XQ;rY!5;pnIxXIel$!^Ni#&6Zy-kl?K=l^mJr+V{Rt3NMooLpLdMupKu+? z@}(68sftFE+|5T9`<5#z-zhgzU}pH6+?EvqMC?b6<%j2!4vwV<+T>D!efkQB{C3<+#yQP<4`aaN!J1jjL}@xw*9~+uG-qPVq9&d znz8X)HB5+>%fp8Hdev9Si@^(oPnj|eq(P^6L&&Bg1oLVJ;Z*{^4r$~^7Wo%P@3Dpu zrWXrOxFI(52RBk@5AiHV?`~ks?ZqKI?vW@6Uz#j3r6&Ao3{)di`dP%jjEEi{ z_-j-&SF2KIg(SudmRok!O%$`0a;D!p8eD{un?lmp2B7HWK+!h z*OflBqPE;t9BJ~p*<;BY*od);XLqPQof^K9ArNn8XPi2H* z2XjZla9Me!rw6c<`%nxJFAtRwcWM#U0fB!M&X`&uMNLb}DOh(BTu#cGB|S=aiJrA= zqKcCAjdAzcq($YUI!hPlcTEz3;7UB5M8|6Fy=eAk> zKUpG9@}F6vwDj*RvGn=REHM%y69(-G&_8HQI>`hVkhN}Y0?xbSOQwki602uW%XTFW zjHAMQZc3&Wws%d+T_vbuDCEH=V#xdi-S(sD2IZ4HMkuXxzI>7n#iJxk-eh0NRSoNc~RLr>wDx^*O*|SaWU5UBHF9<=OLEk$CcCmG13< zP$|?;vl2m{Vlx+jRw6a|)KO{rpqTUPoS&2-boTA2`M}(NywYj)*L((0B>9fm@46Ls zIiYL2Q-Tr1tBvZcPj}``W_VyUQcPM|r}}0^16d(^cAr*c9MMXGgWRMQbRa*Q-a(R) z?2O}Ye!kHaD(*i2iuW9KwS~EhZ40H2W^gWKg@oA@TJaB|{(Jy4b6mjV?03U{A$2CU zb4st0Ybk@jVOrnOx@9Wa+-Ia4B(x!EC{>-C$|y|Iwe*S&+m7lE##NLoq;;E%sLz9Q zesx_18nY!nef~B$OE@ymb-3#3ve&GJNi0(`+yRfitg1LYHE#E}sT{`3#*V#u94UqT-KIC~Jh>7zvYj=cSwE~~b3VfC zcg28ZXEMIr+JJ$o`C*-iZfuaS+39-|QzZfOU6nza=;i+o$XnLzf=?IbTtA_Nsj|Z1 zX)B^QVneu-1&hUy@N+|W3~7xO>9ku!UtGC#?q*76eCJl{Jd+*^%+Eq2WeD=Lz0QY0 zvpqnh?~ACr-0aQ1`DqhP(DhE^_2oo64AX>}LAF*DqrDN&!!L~kC`}M-j|R*S>#B4$ zoX&UzrteuuG;{hY_UUz=&$r`nXB?*}*tge=JRp(owCOW(SjBiEU9d>~7`qw*MqAF2aspR?gi9V?IkCp+#fxJSF-rQn! z$B_acD<;fxk?fgP6t({#ouC9Ex<-aKgw#Xw9n5I<{l1w0^p0UQ4BZEa%fM(@5@y@z zSc{OeeAbj`ZC*Q~x{Pr>NI22hrx#D$m*O7i@q-n4O#3E^#QHbkjt+mkKURsNJf(Wb zC{OQX=`e@klQ#u>3M8P>fn{1Gi8O5?0HBGKB-G!%-qhdrk7v<^z^Q_1fW@iomxpe| z-+wkqcHeMfKM3Ym-)FF)gV2YZ{Am7wgUU<;+2;C0Vo?=6p$c)Tj9tnC>&1E>EC4qLf_-x_g*0|c}Ogdvcw z1WmB5E87dQLyOb`*=f2DK~#@@gWv?O=28!iT9!_)4o#uxY=39}>X*q7`;>D3jA0gp zrTry7I+Lp@;(wUTW>UplIX7*}>40otDAL9H!z^a&{oFE+W!x|(efB$}4;YS13FwC6 z<%rMiCTB^FHOBGFNc5@2g40ALFjGh4ydykObrG)b%{e?itO+LBquF4fA*F)Q@Sx*Z zqV=1do7d|}Lxqv)mO?ERnuc%xDs4*?wqVY6>O4pIhazWIyXYz5i1KOkcZpY41@gJc z(HEv=8d^*tB+3}DE@0dQJv^5(IHAg_531yB2lye&6N9#)o%RV3%i)ZLH(z~HxWmB6 z2lYXV>Pqz$C>k9W7+d8>akbLZ1~6~t%J=jhD(r4{0=nT8@*fEo>QrCV%X{+czajYop%?>6}LN$A;LIfjvnfWMG#p){Dt!I zqf9{>5!Y?Eu;J6}TH z6d04qR0b@_;^jV~tklyA5ThBtn#dbIorkHB_0OpfL(owUC27$#y`Lj*^l9ejV!QcO zUpOK0lam1tkyPEqm-<2guOPl3bBPrv(}})rf$!mFFl0gYY`9DubJ=voaqeaiqh6C# zi1TH)MEhWHEe4X0{GjFC0@z?S(Co7UbIL-pZ3#V*&1Tb@5MMd=J1i~6`@N+QP7|}0 zRsrLs-@<^ShYz>}4TcNAdR3DjRmYRPQciw92wR7t;gUy`Q=>Dc7$pRw$q0C#7Q2=B6$8|YAq7MA=3SOpk^hypes{gSzjIRdoMnJX^^y>;ifW{`8qi{BJ^PaDXem>L z?b@(aB-^{14%zCq^myg)$Q1i!!D&ttjb8Ptg(ZgmY!eAOUaSJaQ)3QiFo1(wu-HXdf3&hj-!@AVtmuMeL1chVER@6I0T^8FCqj=EYC@UJQwPyjxE(*4 z9n^0I0?0qdk5Tgrd3X_Vr^(H>Mem{qE2d{9n=xHckc!`n1mlld(b>oF>&er&63Mu$ zDsJZLO!NNfsl_wWwYXAj6O=*Ts(FP|qKk6JV-(sBOtpfW3D-=r#E`I-AF~D9ne%Y= zQm^k8g;{T8If?wlFr13V94}-r?ItmdL{n=kt|%w)ARWe8L{)oLa7CKEsTpvh$*8?7 z1&ujOY+Y*d?V<~pIFfonpIhw5h`+i#(17eVY(pQcEP3(Z6!lwi^jL1Nxf4#VkzK_1n~3 zw5!*E1V;-4X1`841^YGCmM0V3*E3-LcV@2iFW1zPKsSM~HX&2AP+6I}ke@s9-gr*^ zFf9xkUed-$UjHh0s2c6+Jp0w#P`JxV`hmzBj+z!kkO0qfp(aVZ${~T1*-rmeP#`nh z6=|ifg-H$N6n=RKmM7b3HH(CvPFo!`0Tm1S-JrSt!)xskRv4%jKx_@Mo1mYakvj|G zTfO3WzY90PFqfQ%-xLxDhkc5z8Ii)FC+jzf zK{LY9!b?<$$=UtE>!AtM=ng%b9#=YGu5(t^$7Vx!rFf3X-v!S=op_HzU*`n(B0&`3 zvCt=O(NWKY^5hBmHk}8POMK2ALI(n7pFwCl(!3X$X(=Rq_ zw!NbDMc{pTSIMmEq%|+yH|y6xDOmNT2pskSJ-jmBR+c9hkrO)%G2vwsE1nAs+BJyD z-|zLg49slTuSGk|moZTwpiG;L+Y*t%rNq2-#3%>{Mtt=)29vzM>jCqVi z(-M*b#r&EV0?4{azCcLLhbFmS{s4*4) zA@edrhLHU}8XxoQK7(4ZEI8cqLuA%;0MCQnoZ_K~j+tc&TEYJ==C4KuZbT)ec)^DY z*ieO{0KhjVWbpUWra(T_6FW4icv-)mJ4)~Uw*7V+xF68~x`>|dvf zrv>z_kJTl_V*H?fdU4M&)2mQXX#_Eijxg3i;tf|yNS#ZCV%aKUzN!4&tycMc(nFwt zs*8Tm(Ax)+6%JX-NR`lZ(Qii6t71HpvWYL>>wTfjLuskIB(0Z7%1UsB%Mu_FsMeA9 zB?!bgsu4>dUU-v1y%O%f9yp!-9Aub=I&K-%xcK}4oQk@TShzsHMnEb-_Z6UL@m)E4 zJ9vGHg?NeP%hHA02JgA#WLB?jb@zUyPzqJVV|Vx|3xs6h*N%fig_R#2 zN0tUW>)oXKD>o2!mU{)ZUytGoQ~N8nZHBM;vDNpYcS#M}MvoL0eUIn039aPW*=})x zz2=AFmFG|BD~eIs0&8VBU7{^SCgSJ}t2lx?U1|cU6(QGZXW=p4M>h4rc&7@c_C6mb zXSqF}p=a&bumX9Ncxr&4ly6II(E#<5J}f6K1?F8{V4!7XrtYzeCx#zUar+M?YB)D;w7m4YF>oCFn!4mCgQHP=&F_a) z$*=cVNKxX02L6jXa}!TqE?>#Z*XHqGPF&T3o+88Iwzfoehr(nSbPdPf?kTG0p_uP7 z@!79T1V;{*a@ij%Cu3g5`b9-m>*paNmTQpP7;~Z?o*r;rCKzPMRz;p(%Bt&g&BS27 z7m8`um|~zJIu*NYbEy=g4eV6Ai|x7G<0-(+=|^kT@h+ry=Q8YY5bYcM3{`?=>_+NB z_;@y57jmx*VbM9_Iw+DAU=>&cA`y?e&u|wJyCmE=#l<-drwX*%el`P1d*i`T8}Z^_ zNG@^d{Dw(K;nKNBB{=Q;Hysv0VS0GmzU;cgVpQ(_rY}pWxA`}WAMM0oA~N2=lC3BN z6{9WZwwFJ=-yn9j*w;a!K$3jzZU)36FzD} z4e1LJ1HsoA48Ljd1;G+vSQUSNUta^m0?8Am_W^Wa)ynQcFd6ppKx&!MMA8OZ>soqa zabz!V!(YMzmtmSSR6_!%-GC`;aR591Gln=v35@nkPCI|RKRoTVC+*H%qOpNK-WImY z^jG9!GiqYou-o=XF+WBjyAI%M9f&UPd?mXw0AlU-HUtn@2fNbK9mTrGqWw1hZLi?l z)_n3aNIbssRg1p#gqgh)7%~%1B%LJj2-{6`QZZDwV7}{)d}E{Fj?q{BJj7JoS&8G28iXHTkC6_I{YnnhvF(ok}V;Ae~eb)QGUHd zQ*e|S$o&Yb8~BGI&sadwSB;m?Px$D2-=8DkT!MN&X@eFso zMd+DP3<+?OPxp=>aW3IWhl^kn?V+M`(7QmR6CdGAM1j$3WJEbukRYdM$+oNOmONw} z32(bbHoELm`i5sWhD+T+CH8_VNlN6O0H%i+fOpHB<; zS>f-#^V9nI9KstT|Fd!0lK9i!+*_o)Zel>HiG$rw%hxFJYcyjNZ%h> zSG)^$Ha1RF^mD85ksjP$OYstMsYBTfAayTWr0KA2@0wFziZYEepzeQTit;Zc6G zLK5*g9^1HNoD+;hKL7sp!9`)c3J8@J4TZOuT;92^%8T25RfoeLq{i?9{Oh^Hv@i~U zN)^%L-bLx)E%FIY+qiYqY^! zr7kLDI&FeEu2xI(S?}ORK@oE69cF(ynSqL$DYPb4CDk)a*`;-*JMU9~3lj zf-gb7yQ?a?xnv+HurA@V@`qrJ0ra+186 zy8`HX<#x)GBmn=CwX!C>3eH_QL)sakY*tZYaFvlEKnI^VLtfTsY{2j9s7RJbH=7zV z4vURoM%kT@$7(Jt&P&qUuRdgueiPFX8cE4Vf;nU#D5$j7xnK#*{VRQDezqdKp7QCpFx&yv6!mj+Ig_DJ(te|R5_JSlWOXU+b z;CFXJpw$-y5ERJgtp@1>>^`d*ek=8k74xn@T^!4;)0{3@4jn%u)`=hsvSbz|9n6eF z*=``e;qdD}CI);GiKOv}6!2IEw^d!H6^n1-epQ9Fr z8H=i)A;^AX-O*uP_C_y%!Y!IZ-gVJQj)CD2+Z0=aD$sL1k%gIw5S_Gi^z*` zMmLrT$wB=MzKg8vW_FLO(EmHIq0x#Lj!ti28_Q(-a0Wxh}j z<8+l*(tMLC5Sxp@4&S|}j$f_nQy^-5jd(B_*-@{6HLcdx)D6aF)$#`C-4473Yeued zLRpdWn=q<86WP$KC26&!;>-Ben#^+x#KPiC!dlve!BdBQx8*~3`{TWY4KN1l-~`uC z7WMDy9CibbGtu=n{2$svwR8bj1H{f>@wsrik0Eq}--1;?bw)Hn;?d{VKx0~)X|&s~ zC~-R>kTc!bWPz2-U6)~QFC%MaQ%0*h0pA3Q`<;k{M~uKht5q95vlLBNqh=XVfA%Lq zxUUf=i)sn_{eXcohBB9mT9OJlOscEs#7Rd01PPUS@+yEOIQWE*exGM=q1{!l@Zf&w zEW31e6*)|@qQ;`wM##;2zw@iNjhUQ8gf+JiH>5eKp4!=G$9a7cV(^f1W;uwE{ zm9XEnJoO{;BV8>3X!(HUV@{|+kgQy|p6<0B{5Y44V#_?+C5t4qybvud_;2zsCptCc zn1URcO3{+>&^RrWHz(7g_h4+K+P~iA>$E_!A_k&w%Nh^`mfWep&2@>(!SJA;$&y72 z!E8LM#B6Yq+k1d+OcVfhIB*2`9=@s&RCo<{)TG5u9gJvTQ3%rNWyq$7M$P9_$v%D?`5_0)VLX`(^p(rV|q z<$cDgHkp|<=LNct0fhb$^w^c0>IGw8oO9dO_K(C$$u_JJ7wNV+h?VVLS=dq$pt zCa;!UAg6Z0GB}vwvn}JU3%5xVaF4x+jqu9>Pk_(w&Qzt<&};;`$|G?eMbNoVgu14@ z`uQ_Wo(?~_sO289#{U8GGqxU0#gaG_xwSA!oXbFbsnZ-&MUWFw}(qjQfP*DWC< zput{AV@zxy@E<4=8(CrC0bnwg@ebek+K33A1RP*@0wh5~sw+C>jAiqGrmVXJm1QL7Y$+>(qvCC{sZESkP2-aq zD5>XCsS-ZIex_{JH}rmjULSZuOWv(_xk1dNSrx8Vg7_a5DP6UEQukEAU>`$%*)YFkLkbE|qMQNKuoA##?zPGS(*PjD zpagu(-Y8^2{!-J^p6J%Y*5*>Ks^Y&#TtgDc(7+KKU6*=dvqtJ<=J+d->uJ;6C=ShsB(AU@K zPQ=KzDCzN8h+nwzdp1T9DN#r91s5pXWpcir3JT`7GFcZ%Vu<(})-pdO#x!AM#HeIK~tc;zTJuc6s^A!G6!KU;PV0_s#68-X5;5VnXMHLx!5@(_^^KPYT7NhD#>{ohOd5t8{px$XOIbrNx$J?k? zG&s{G`+8s!sgW*iVpXZ+!WO83T`{4kL0kBDJU+p=#V0q{NasKZO1IGh^}hOo5#vkj zI(RZnj!U~OUj-;AHNWvn0-moR5Y9uccP29<*j)EDO|GyGD4#wAUoDhyH7(2%e2K4i zu>KiL&z?m-CCxpoF+v6!kggDl3ySb2TQ3a?x$P7K0(LKF3a1!sn+G3<9{}eO8o{cZ z0bnBiIc-*i%qyykq+BbH*aVY%)a4t82(I{xNsQ&NU1G)! zqlK>zQ}xCc<_Sd_RmZjcjOj~ZUOT~+CWUk*3+8rC$Gve2sLoi;oOBU;jqsIdlANV4 ztetjXSezHbO)Q0Zj-L@x9E|4TT4tHfbq-JcfnnwFZx1+-f?L$uJRKu;G~5OlF{n3i zR7&g8c4h7I=fq^;*yUIvR>O^hDz{Wj$7aW>7=R0Qr$GEDQbCgPZWuDBd7(+#fT^k~ zs^S99UQ(Z8PC1>TJahs7?7j4Zce<%0B9`QweRt;hO|j~BSjy+3uMhG*IP=;sKROSq z&DIUxC-akfR@S9ZVF)>T5|IRBXYnr!S410w0D!GDS+0p$P&A95pE5%m`E+w5?s-pg z{zT@3a~u_rw`UOH-PSY^?J#<9i%2%VFoIu$ozG<2MG?--#*O*i^NZrksr&$4jWehV z2-8DMq};gfFk?`}ZTP<|MKZ}0>&3!10dn79t0_+sSy`f|D7&vvR1koy(TRrdBQ)Iw zX0SD^)u+4`heInr(Bf5`Y9Fe;G!LuBrohZ4s7I`{gA3}Nz@JN;fCULAq1Z%~i6F|n zB%T{`c%emRl7KHuoofQsLB(%8mG%!ZxzhT?rXf-6Q+XK)BaP@f2rY`43|(3?z5zgU zGIawcrP`C*{%(6XY)J8TRvW|A?#Fcs$y|}Vf1c0&)&>3nQ3(}^^)LW)bnDKbvnXJ- ze~9-UaJZf`UUH3yi5G1**fH46NB(|VP^Qkp^92j#mx8^{yWCW_E|r@i@Jm|bUmf9* zPCR(Nv}^uMfp_TA>miB65HyAWk?LFE-}`|{&W-D1TmjPgNfc1)hq}^vL-FSd!&TpwVu|o94ZU zsWB(#OWN9{8;11|9wbtvSgSTv*sy9z9V{BaUqtTZdnVDgb9_b$;UwaCX`@Pqm9O*A zvD3zFbRtf(l)q+?c9+_e1U@gd)KkGK1j}9iq(bR5KcT zE}71vcqmF}lq6NsFi5Ni5%|x9-tc!q{~xvo>0h>I;lFK<%kV$8NA={tZO>Ns|Fk`= z|FS){|2gx!4F7xPr>pwUnV)=Isz-8BC{HAzbie6A;?0xxRXC^(2m4|rY)IE%8fDht zxlqus&_`EV%DwrRgen09wiFsc$m`DcQ3zh4Cgv2=WxXO7JPe5_Of{K152re@K>k60uobBDVJcEm9O_FdPP5p*E535OZF!O@8W4)8P&o`E3cC*+%0K%e&RdI2Zu`5i+(QuNx-~Kd+`sUs|)#SGhImp=} z$CJ0I*g>inqK8G3k1-+Ur9lKe{#r^UrX&b@hMp$7Xkyv;jn68GCga!U4R#X44Y-TJih~9_I3y0?;?IbsVg%F+hqMPSpK<_G(^1920=h>E26O6qSdHo4?lTbAGgr?0lAW!|!0@D7q_A-_f2-jzW!Uq> z2f2fmZU;+JeiE=$ph4=OneDHnY$q$I6#)xNwr-wh3oI!EM5pp#aT`CG^es&TRm)h> zi}y3}$wbRwMfrvEXGX4KVmWu_L}2=&0}CuG(dyJep?z4u5PxuSNulSYcRHn=M|D8Y3!YGBd~I1 zIby6a``k9oz%aUV)U#)KV@)lWI+z=_$qW4Jl)#8cjB?v(XEIM6eZOV!b#=46ul<%k zV5fylR6Bdwgft?f8qXi`#D3|`<~c%oFW|S1`u{}56w7j?nciuECua|sqPG=5zw1)P zSj>>FU^~Zv<@RnrgYGa0wThPx zGOSM33iJK6i%a2ttJh(RgWU)rFpHE>%M>`9I!=Hk`fVL=uYt!7PRH(tWdxgw@vPQU zrpg^&QP5W4A#;K#>u3g{tT-*Rt00nB^EV2vbkj*@Yd?B&TBYJ7oB+wCXReK5uar6B zR4cX>j`0z3(iWRVVUQNIQ0ftUotTD)&R1D3(e+AwH#Npa-Gb%>q8%{pT{a41`E^fy zfZDJW3XhJ|e>KpP+VyGnJ7XUR!3%~bwx#kXm;H&9mzPI!$UN*a#?Uv@v%$!5A6m9&EUS;>Y@&LPilewuSB8+$#ksDN zwXQJMp$EhWvr9bPBW}g56iJUaz`+HNWP{}JXT0)B*N1aWc*qQ z=p#z^c(y}GEaRXp>S|XDZM@|k0eMf=L$s$i8|tw92*z@**r}}#uj2WPXZ1dz;!Wtx zKbEJA8R%M*stR5vb67ZfUPBnzUPmg zLF`JuHH>Opnk7m|M664X_G+JjT%bf_LH~f$62ib0o%Kko{?b$h_HJNyFQXH>N1!Ol%H%CliH;I0a#5| zk#OWeO`3%)Q{E@KVAq6LCTxThBN31p-~2TT-HQsWqOg&%IqAs9-m1?O!hZMeY4g%C zS9(}@!6##_GlWp#W!IcgZ;C6s?a7MqR4@+`WxlY}6k2|p6V#HM`)yAVR{E$o{4scY za@J<<)2@lEPe(MyC+Bc3T~`BCF3QW(Gm2RvQVnpJ#`-FlD_Ke~Usd%E3pNT~|7>P; z?pWCJ1g3cD07;jCZ}f~n-AO5p&anU5HE=Ft#t#uKSst$z>!(W8od+=b93*jy-{)& zE{O|-eYb1 zHs|*k)AJ95Liwv1&86_yAMR5iH2|7P?nKh0Vma^I45Ha3cdAbLiK<3NbRgUZuOOK^ zimnmDaFhfo;lQxeDa4Z+Ffqtv+=Yfh_ku?h;-D&sv3=sF_;UdNake?K<)_zPP?)2n zF`DrSAfE2Xfqextu^UAls#MB~?4CF$t z@c{JqnA~7nzkjyvy{*Wh1wUyyt>ZDJ_BkOnl3XTcH&Ge#AfLDs%+RX9D?kzG57BBV zuY0l=UoB1wrUta;@#H6t9nBd=+-f!STjjmJt1Uk};mvV*c}UgFzlu{F%JGgnj>p0s z{VgSR-3+X2w#t)+^`*e)Y=3B3UOB>opC-b6pK{X5%RuW;WRRg7U-nb~P_h!djWmxcI(!qsuu-icfs;ZTN+46QfMdDq8m z$C$2iyVqeP#C0<2j2OXRH#?QPB%hrHR<{gB@_X<1acaSBkHZB3bU5^cQ@FRnupQ>zy0-DHR2Si_?qJauJR;LDVh)-$>?FAaRVHA7 zz^Gz5zY29U0~b^DLVSky(B@XZWA%O(JgzmuEHOUL$;FywLf5EwY=vLy^7>9eZH0$f zxIUsAGFdNfkLq^VaorE0cO9ns?e!Ykz+p7Mfb|dg`Tmmsf3yhXf3=AD|85ZhDF3tw zsnq{&5v~*eGfUe4l_l2ynI!=z|IQK*_5aHfx4&D#59>$Uxw#*@A0Y-Q)d~VI&`rD_ z-4u9=l|_Jg(QP!C`v@?gO8uy~(Srjh03y|d`G#;AbvD8MF2UI-o6!U_rV9_Kw_0rH zW-)a?d~s?AMWQ6z9XdCrbNW}LW4oK$zgq-OZO6g`y%FjXqqFvGS>}M%)tRxlw;?j7 z!~rgW#Kb^*V=7R&3c^e#=fLa7jD^O5L}Ez`KGSKv{vmku?1^-PAb(<2_8&>w zBQzxdN6G9Ydesonp4BU8mUsLW!%mDT+uO#T9pYm;q5ywux%N#4MRd*X)2a|<4J`r& zPXWOL!Q~$&4oj-6M=(=;stKiUCHf@zqsgV!OkCFrB~2~vjII7V_7LLq4~bf;r&g3S zJZ#3d2p$Ka=&-Y{8GCYJe{h_OqmXJU%&thkq4uDTT>_%F7*%<=DT6D#CZ*p!jzh4l zsP$1FrttkGe7g!jn2g1yh<-8rO5yM=0$}`nBS;t|%yc4vIvk_0{?2ps^xJ4}dRX^{ zIP?{aFQJXIUAiy)*E_*^jIl0z{A#DoqOy^OB??X>EB zWn^@(KWXx(uSu|7AQB)sV+vl5_P(Dho~vtoO&zR*5`xcR%*rdLlxG=-1v!V40+f`f zX^xy!VCNYNrm2n?lX8P>sBcD*g4@!fmxtd5-4IHnyn4-bH7!xCbb7HR_tTjEUA{}wT+g74#` zE9%}YrcYM76_gqt4ql5($anS+Q|n|$&%7`)Vo;{4TdtMD)rN%oSm=WlEErHKeDW%0 zeKaKu!L;N_UFNAFo^6X9F0j}Jmf`#R6Jf^NlK`bZ^!eM(T-7nV15Dac0x`BTSv(e2 zt4oC2%57OUqz+CcF3gb3KOxx&Am_ZiYjG7=eUQ2H81cGFd@Ln&K!qlRj0 z!m-!1@SrbvO8nN44f<2cRi%k3M_rS>7hew zGH&SG+m*(|7|G&sNCE*RCP>V% zITouXQsjo^Ni`AFUk}rVo_{Ov+yCL5NcvOqp}>x5_dObzj$fj3F8wiz6MqWQ*^A=b zp<2)~(x?McGyEoVTAPubj!1d?iHV<}7WfyTHM5r1%p)cX*KD|1AxNpj8B5@#Fl^qa zeBVzg79zP7Cbcgec5ZU_M5S~4u5l=IZxGC6ykO-%x{qcI4dafGK2Nm|iSB5#=-rNgjI$RzQk>==L}L@+DzLL8yJ6w^nHu;8`_)dMpY}4^ERC zNQ=G6DAjc7&^w4u2(O@aw7>3}Rocv&Rb)kBkcG4q(zx$UBf3D+n5b{kJs`ahDYFc{ zhf_H$S2o^U0HZQMr)C()x&Hot59JFF1nsAho!QNa+-*q*2muntmC`YZrGLG|_cLs# z*5fpzPFSd7`^llyXi3Q~uhkb{`iW>eonVcBEVS6mfKP5<5YaFplOZ_H>bF)RUTm1& ziHcTQqfp-3AmDc})Q(|LUh)kx+3n3(B>l3FGV%u^F?~L(+c;>T#$v*z0C)Mp7^@rI zAw8L}=eN~%AKbDMrF)hQgF!)JQ0SxCH)&{fhr-Yxvl5{jl}N7v>kb->{k@mg(k-L> z3KxoVQ;NEwaLg{QNK?28dDv0sMF|S08Of-|+6`XprhXL%TQFz4NzkaMOY;QtDN$br z!g=_nGo;zUvz6lNAFVlrCrw6<&oqE`zBo>;ZFPghF1FFVu+jwP7Q5;7sMQ#EP2M&| z&=NXv?wc{ZQ>r`cLwQcK@6FDNX-L ze)84XN1Q)C0$Mut2EPauwaYg$zN`VMG4%o-oi5w-8plC{?A)s}ORtj@H=LpEW%Y6; zbti84DtN?*@c!$g=reqbOOu-yo5CK0FKY$3&8U?k=C(rOsR-S`Fw6FMt% ziLgQrhXS|h9TIet8S)`zJIWoP567WrY`It2MqT2BPD`;6OTy=ikV9fmQD#dV`nHS& zj-dPT_^5iNt<)>`m}j8WG;SqC%8|W)UQ2h&taPeZ-6c0{`9P) zm312E#A#HVn+}2Ai;>3I{76%C{5B4JK8}|d6e(9JK{>)C`>~l;_EE#uE={9 zYjl|uhx?4@Yp20?BZMD!c!d4>V|AidCxX;8c39s)S_&?+5;AKCUG5X_95v`$V?t)9 z&#NUSuFqZ@J0@>PgoG)lw&v#ftzdl?F;%d_y>UZUkk?8+H^Iie{rf%9#=h=Oh-^v_ zWf+ks94_!hQ%w;Cc+g)TPJ*WIU~A&f3CHveWIyw%C5>> zuEDMfZL4}4P3O>{JHIJQNfqD@WD@0uy7PIzQ45E=C~41^t6(cq^j&DKb^4Z=>&cH8 ztQkxq6RDR?9x#=F59`w@;7+lVC4rN}la3Cw7YyRc2z%TMub=NFkd+L+kBVZz)N;xeFOV-is877L$~xFYr%>9b31kiny`Kqy#fXIC^u z-TIz%9FjqQL6p@Pfzk!;sM&9qd(n~HkHny6T2d}OcwPJ}>07sCx49gBvy-chZ!H)W z`qcGXLuiSibnQs)nm!XP=dAlI|G9qCr2%L`6HqV$FWp_dPJex4-0@s}mgWk#>AIPRQT4$RTwz(Ll|$ZgyDd;^-yp54#Iw#Duf>|A-_HZsiNJva6CE< zG&-Ws<|nC$1&ROcpH8~#wJ3ns`WAjl9YN6BgX&Y_o@&R;k?S!TVpYS`GRBRk@o?mr@L|Bn_tDih#BJg;|wVTn|rcUP`3ahu4jwvf} zpYX%x&q39HE|7pq3p`v`yY_-#ld5?5gr|1-Ch|dPsJh?aDH8#bmC^t}i)v2F<8dWw znnds4O)tHDlzHqOC-N5js#cCf=`U@vHULi<;F%W z@&3)JO88ZDa++SvK1(zzM*0JHSx70c={NG@ST*BVhz{y?M0|B!sL>)yJPaJ_5PJ6l zl{p17PpiaBsHh{hJZ-woV4od(x7SE|NrcYo$;iX;P92!M#fY`h0#EvA$-v*U;wI(w zzvTZPEdu3VEn@D!TST<+KP`fv|NmOVpTAqdZYh7?$N&ofz=`<(KmYIdM~Kvko&RKs zIM#n=Nwo35vm~|d|FR_GZ;N<-HTnGr4uM_N8=HZCNS}w3^*ZY{-Sc5p*Ao9_DP$xEW%u*wkRI-_@Pd#7fo49`E}AS?yQ-FZ z=k3~~Ai`p2wtW>77#>qXcnnu`;P9zm#Nfa_r;I=#~qciW2Y^VcQpX3WrSWXkFCwyPjeZEbmd;W3c z8j?CyFnn%2w->MmqOQ`Sr^mjoJrEd<0;uTPQy?C() zc45u;?<3XYYf9tH+hf$N|0{Z)@9pPmu=g&ZQHiHY}>YN+w8J!-~RU*=Z>-OzGFYE*Oi$s5ns%V z84);GyysiQzafJ@e+ORzd{Vkg`}WR4Rv;3ziCMB1tm&dIVb?m*Fr(+>J;2iH~+22E=_V9$^h-)1oU^kJPs6kIfF)ZgS#cL|*+>b1c$MD@K( zB#UJ2R!rDAsE(CcjK7G5;*h=TNUTHW z);u)4bTLRK?8~BOl8NWOS1&$h`nWiQqYC^Rib13T6U-d`LE@zw{QTWOr~H`-z4{$R zJ+FN76+@2#;M0(2*e(vl6-Pu#h5XfG<~ePfZT9o=$`;D81Li@~{#-;MU|@R=K}6u%!3j+mQ`IpVpTAf8pGLcGF?=EBJC zV#i3;sA~)-II9N|#(rJQn#F!G(u)OYuh<2_!cF`9)Gok9Wx;}&oOR%36zUUe@}#R zdaPkf!hBl=u@r*g!?DFAMr%Idgelpr0_{;-b*Gu8dJ?kk)*rcSe0lr72@*~W7|9Zj zW;n9yc2GUvY|Swnf54&U)6{C<&e|2?2U=(gRkD<=NC$S*lhh}tt`UHWOSu>)cq%ZX zDl3>3NA7AmUGjz==sXr97kiQ(HXIgE?DV+a`mskYITgGnzF^A^lQzV-ICa3rX|8Xq zZ`_7zoHQ8{Qi&CZV;BF5y@%>PI`dJFAKGRU-hU0v59e`p4ciKSC>$`yrNk;eAIy4y z-MxKoU6`p2OmGHN?V_nqpD^=8yYgAwBIoeMz^HSuF3_YX*JC78h4jNo2}Kiw{sTqg zVU%zx%!XfpBGj|it^+W8WDshsj)-q{H&3OK{=lvB2)J0V z?iFDZ3CZ@n^b2HnPtin>zJz(A&+v=7$UMN+fHKlP7brtlRh_u2OqO@nJF+pwIzo1* zAKMdmyAARi6T4BA0i~^7g#e4o--h2pQK;~E`NiLc1Eo4FPomNYVbiY`@|W1!w*(;JBdX)Y~Robm1pq1NG$s5j;UF|mh|7lRMD?c&5*E$OA_R-jY846ajS1Dxfee7-wieG7U)@E zMt^KaVw7!bXHqW5`@9t!GR3xmM(JL$_NjOufPkDS*{S*7+^$;g8J z5Siwf*Bsg|Of?5@{mi|*!ls8zoOB5W^Ws}7UYa?xW!-UF3O`p&`|0h^LuBJ#|{;re<4j3r$bP%J_KqbHVkb-e18Y`+>YI1TKL z@TS5k3H;M*A`T0?qYw6HnK2pwS84Z!lA~!_T3-pWCG^?7pvxerQzVm$r#2fS-brPLYGc%ACLl5v3MmDN{1W(v|KTr)@OeG``fc9zxT(;0cA8{@uq3l z--U+6(F+fK6cPKoj^2RD6Uf^Mp%{SAjV>LI!%fxY6z1=WYIyDF)rKg=0~ysqm=t9) zo_c)`TdAV9&7*cnP9yNW!=$$oiAl13Mv!F-aPsc^HoS?zgPnlRnyT|cJYF=0K#r`e zTp&X&?Y)8~XLz8P);}`5qenk31)K>N48CFrv-he2cGd_hIpe~Q4rWU) zMX@(0E1Nwstg1JiumO;}WR3Bcv=n=RL|5IkCA`*`d_VS*)7VZEtXSEJkW#N=Bwoa4 z5m{|)^Xr&(QTqo#?ue?ymeWcF+wiTxTdk$1EX$2r|s8hICMY>H|ymNFXeLe zNq^J$T=Qd7)d!q!Uj^I)B+l6Lhls^?0&v*~ov2aq3L7G(NZXoBq#S8M5G*R|Mi25J zd28DdL!{Vu88X=p!!6HR4s+epz?s@1er(*k>97p5=MutTsN4k--$mZ315(Um(~11r z=?0q3g#lZ3#aG2OyU|6>x6UR-{tdXcrIv-A1Ds?k20Wq7bR=Ux{2@P( z097rwbuJ8+E(jNEi=wNn;`G|~ccgdAI1vE9;#_rvdIsnj|IgV7mSJb5bU zPJsQe#q}IX8zjOLp&vU@2R{VDHy=cjU<^UTRN8xlW9Zl%g{LlowgtUBelV$~o`*rR zyRjL<>Fr$SrjjW;ESQDriehIV4NLCm>qOZPk?Tu3jB`S)IB@@Il-dw$YBz%|gcizLLC=|EVgxBx?ax_L95FQGiR1E}G=DO_aSw|5sqvg4Cx_Mn4YJ_8XhE@m zdIp@srjwkLL8rc=8p_g}F(WkG$TZD7-ipH`r!b~7Tz1AvOY7hqjL=^_^Q1QqSJ zr9>y(9XwprO}xLA(uyxc}nv#rM_c~Wqo7S@#EER0~ITEk+g!AVR#){o@X zr9Rf8j<<}tqg7#|(QtZ!+Dbx7I8CZmo8d;jdTyMUzuPb5<#24iXL_Vay>=pbDh@rw z+HY`!G}5XeJXcrZH=nW)rOM~7ie?u0+*2upq3pRpi%W!r1{e55WyEX}?>~KZ6{)wf z1RCk&3UM>o1@c0d&wBNOOHM-z&&Z$MZBRkAcljD}NoQQRnJsSG)lVVR-H(W+W?GN$mPE1SEL8!rFt=+Q8Pbw!;m zJ!ZzY>lx}_y1^j?y0ND_IFaSN8KXz;a$J9>z6lBw@$~UHVvXZd0K!=2CO-DeWU5GS zE0d_KNLIjkl&Gb_Zx&urqQP*kNNgiCC{(&ES|CER{4I+bHHCJK=Sye6oYqb}Qsdr# zx)=@q)2!3Uc&m3n{dRTwKDdB_U)vI4%*5&2M-E-d|K%DzKaeplb&f8Wy3dXVMUJ>6a=;s|uL=|vQ)Lr`a zyZYqtY>a^O%jZ_tSfWvV`+(-rh<4#QYBb~(f6IFLx$u;HtG#`_%}iyGciDWYX*09`sm)|-|D(;&{rbP!%-dgWCjFlqUEu!57xs@o?Elqf{(8f@ z|Iub-djDOU$=3c~ZN{hO-?f>3u^7Ic;JxdT4RJa2%SOp6C-9&8Rp-DgRgE`M>w7n} zA=#`I02a&T$Pc`mxo_K(Q4T;Oh#Uz5ArGiHJ607Tth!R2*RpbpAq$%&#Jlw9I9QlK z>5|0;fZzPEcPA%d27WHUNro;FsIE+nRk>2kjLWIN+l;GZw>JM+$4KP1@{xlRPR=}l z^&M{g9i{Gpc_sGoBcH`N>};$WFW>WEwXMSiaksx0-L~J%=FkRcq;_CpP%V=KvR& zI;AekX7Ez;8z)5G2Ae&CzTwT-7;p`4GRTWJeracqkhVds#2+bjNG;<$@f?II@KARY zSTtNdih5rfhxDzkc%qE%@p5@OtvU!(dg;srgaQ>a+K-tYR?3bC!H66vy^_1&P)EcS&6yK zkh`vJ^Ug8e8s6S{gpO0IXI2m#KSS~sqYvK+a59Y=l8ZwJXp8zhBLR6a#l0v(xjxWO zE85pG$NIuP;=vBW?oo$auZjkvOh3_ro>H(|>kNsg`6;vU$+I9+JIXJ3pbm?aIM{w( zX~}ZlKWY)POr8S}wV#*ATJw`om6_PhV8kEs3{rY1n^{PH`OVm+f9~(U{Vn9t&jq~Q zy=(sOK;=t#PwQ59#hT|LQUb;fz`#6dojdku$}FcK#m0GEFwjziPoWRj5K&N@psY?# z6o4i>B2q|5{hbnbfH~Bs<~z-deI-AYb8CK!xS<_PRy$%o?bScgPoG|ODZej09qK$6`(}DMo9&+2~0@Yv8QA#J)U4&&4!Q^t1uJ7<0)y~_?VmRSS z%(2zs$q6O!M|#X5jfMbS&3z`inmX0^@P8mDTd`MZp{@*PzNqJ5LnzI!E0+=~ogH{! z`e-%P*DFIfY>y0!eMrp6xaJ?w6RAAN1-TXDt~>jzkk^A<#RhN^4x>>%KnHC>FL(8J24m5Su3}_y9$%4 zTR0j5mev#jjOu(#b|Q>l^G_`d<5VNjjEZWG5_h$gC4~c|xjCbvlU@qDcU}L^nqz${ z?C=iD%&?hwO}A~Y#p9#sv%H5eF87G143xbFt)p1`%$eqe=zn+T0N|VASd_@$IbH!s zYB@O!=rS~2IhT-ix2{x>f+Ih?w7+s9eaZEcMl4PV`^EYv_whCn6E3*(R6)*PVy{h`QH2mdQ{ zFyDG9H8uhGoMe6`DvdtG9=hD}`jQ*H(tI6&)aCAlca zxS{Fu@=FG>krwTR@c8X~)P0Qe?iEQ^;4+G~2>bg|^U)S>jsCSEJ3p!bcl;6#$7xYq z)1ENpyRg%%k`=udpi{%a_fe{0hVSYm&=j)``%vtzM&=iw#Fp;(GEm~^KyqPWl|t?J z%Tb=@REnGJNPws#H27k%8Uj2;y&YS>RJJ3V?lVfmNNBH^G!F%>U0|%X2`oP*??i{h zD~!_*`(1P$5%G%$>@cbAT8|Cl^E55TY6-5sbn}F7N}0^d+%XoYCzi#>@Y8c)EJ!CZ z%zQHCSA?AQZry=&l^pU#m|RhZvZ)xy6Cf?GI8h00}-eC%22!yV40AU|;t zpCiCD0zoWrt>^lKQ#6?DhO+H&*y%~zf9dd(2?@)^pp0-KVtOlBZjCSf*&n=I*aoET*8$5e?wk5P6gh zJza(y<&zbOplX1}l(tRdFm~5u#S@Vw-Vd+Zaw|pM8?0@Z@bTVqxq}6ThtXjcLPu@G zL^;}`aV7~3shSZdZUX{kJWp}_ND#yV3GV1{9XztBi~)DHE zmqZ0NY?>;FrH&5HA-)ZcQAyYEkd{!|Vyj&r!$U|$c{U*HO4rqUO#3|$tVfVi%J1e! z42k7k=e*CSZ863};6ed>1;(AaN4#phi`?lUdovNL%!W|ypz>i%u470R$lP-;uR5FyZaE^DavT}ZOHIx zUu$Q(4OvBsP>E?@Uy|0{sRvIvyg*=Cw`-Kwc=?GJ>>O5;u^X`zO?tzrZ%SGxv+}8o z{xE>DPw}Mg(Ann^AY$xsxPJ&l0N9^U@P!LKu>99pn`Nu;6ilhWsu8|ATlHbDpQ@KF zgesy=Hmnbv39xW}2S|*p)8S|p54rOIb2EU>^XOeZ+=EF3k5U?gXTFe|qj)lnKVa%=wE%?6M=hy$JJg9Z zh;y1gJOD&nZk~Z_kC@;J*tY+UNY{68V^}lhS3lwZJNK18T>o7P095_d<2+@{+5N z)wXA&1C=$btPZpF-=t>+qY5pUj zF5N3im-*gJZ>m~~fNR2Us>j{EaA4dw!l^`|c6tU0++c|R ztlHNe>5oLeVc72rigCFNOF&w(iRa_!_9tJPD)zR{SNTLiV1nE8_3Ze?ZW@q2E`bj0 zF4uLxnR4F2D*kO(OObjalA$L)(yA|30%E4{Zer<+(r6SUs z#}QKmBWL)B&?Em6`hQ`5w0|-G%zrX}S=B$x|7-C-nV%p2zcPRCznK5;j1H8te{Kap zJ3`x=`Rju4z*_f503gzN_;=>7*Kr(L5ez0L-~!brt&T?TTwPLgan(;&r&;b`C?7#` zKvtoQL0%_@S~-9*>fiuOJlp79*o$USQt`K>hEHQp9p?HwdZti~V}Hx!(tl zskAS-4h;+_kSCxg2l^OTBCUeXw|rzpQirP@)8BR?fb>tL7LZ|!*yz|oprV(M+sSdA zVQpnWv^^@;Wum8?2HuV>h9J7WNP{)^=V}$x8)>jl*2wKIP6p-{ld@D%lk*X~?MPc| zTGtoUx`#b^)^n;>!{#(8W(Uge(l4}V@Ee_#m<7MQkm`5#;jvOJ0ij9CIapfzaF2)d z!)+)I)O9$;DLJha>9eFPpcajVr?_C=fOu{i?%(<{o2!MA6>YN>81P~B^!$$=jTB#09&5Sh5dQ zX)OI*r2vwWCRqfHlVnj_D{pm0(yKh=mk6nW)oJL>8O8hK+sSvWJ@5no-7)bn#EVU? zvW)_>ge+wyVE6`#%JFv5n9cQ+fvHenD!9?rHagE$b+tX7reY#izc%g|Khh%&gAh{f ztB(+slgX^Jyt3MUv1AD=m8%Y$^H@5#M;admr%DVIssQjjUws=qO_M*kvztDmSBfQ+ zf$L{3WCLl_io7N9R+u4!_!bvO-4}UR<@0FJrG*p1q+Aqy`xx~pqY_)zp#Yi~OrvZm z5Z^ij&RvH`sY_QSR}_2B$E4>Q=hKivWAGABv&zBp;E7h9(QMl;FO#cdGdVRNHJ{}Z!p2|B9RG4h8^LM7;nHS_$EF00zzAU9T)itFDvD832E-v%J*S&Jh0R$F z>xdvhZOWn5hm(E{LoXKEI-F;Fwx7n}ldbS4l1d zi9%{w^~ttH8^|epOA)XH9_@Rt5dw4bH37SChuT3=?JHbPb|b~yvoB{-;7KW9WQ<&@YSz9z;ymE>I4E3dMG!= zji9%lDG+pWSTA7mZo}~q&s$S zm~(;iQbK%3@y1sdtY~fwW9aQa4W08dmZA+nb~iRm9Rf1PoK!)|THyG!JOu|e8?#=B zo{cKnE#ne@0YIj93XX}5?fBHi$(S-DW=*KI%o?SJIp+`r>Qf>npC~s7NGUjX?ls3) z8F$W;Byx!%v&!#J!h5MoV#JH{=$_>SFV_uFf(xC_ANNAzhK>vxA%OvlMP#lbN!k?v z>FUrn@0+0y7&gg4CEpUi!s(}=6iktccUjR|@;4u%*t2$>NBpl7KOSyY`NEV5v9_98 z2n1e`1IQoM6DLHZF~J??Ib5m;yj~4W$D|x6#SuY^i?czipgj#))(73S0K(fcux{-v z;=;pFlu*LE0$mE5yh_Ye0nVkb?Tz)Lz_seopkacorls#hx!YxV#?a8SrTbm7rCBMT zm>ufmC_8Ef>&P_R^gEqXq-{7OhQ}`5r;EKkOd5_Gtv57X4kq6G`b0P_HM*FO5XB&u zcJ_-!CgnM~jNf}c?~qK9hwOFa`fOW-VkgV0PMO-UtSYU%RH6J(RHzfvKji|_3t&A) ztmf<^Nps(qPeh`>qu8+(&1wQ4m1AreCby=Or;rv`(gB2pFiH;>yX{|fv9SK!Y^*4z z)d-M;QcATv26|k*C$#-t+_n3zwF*GfuDeWEdCnh&Ycps|ShXz%Fzj@qu%+&z;J|m? z=h5hBfuH00k~3y8o|EYInmHC6q-RG>=m(2H9&8eloI#T06%5K6JmNb(%LusDu)8Us z$|rSP-usAxI*zZb*cKfk!N)K?l8a;*p4JMPaTc$wc<|$()i62gF&5{=g3S-g$QD9_ z@6y>=j;f4V$o=Eu@R5bv@|XxG%Escb0=s&PnSy+#wO1LpIjM-21>&5-pn@+gQC55b zN`xU0d`UpSH>j2wvXZp{m%1I{^tMUTkV~0BVg0K=&sb-f6PR>(0;Y}bF#pdY-j^$# z-Iu7*Jtt8Hc(Ze{x$-Sv;+s7H8{TtDNFB$L0X1YYvRABfj7(h->jI2iIO{zsvGT?k z7$W!XMVO5KR~cG5wdWHR)cT(c1%^}ore4^2z`!{)Q+!9YIg{e6XNVt`>PLcOOJo}^ z+9zt5`Di9)_|AQR)#d4_UxL>cW$)`KyPd09kiQ%NM+D}DYq5BT_(v5>Q1a$W>rw^= zWMIw>$31OU^7i82O^1m>c*o)U#qK0m9?iE68lae%ROc*Swb$>I8#V?|^1meD@265Wtk%0m$ z?s_+3m`bU7=ucgA=Qg41)6ne>I`ZT%&X`;q+QLzLg=N*TFO!&tbYuB%U|IpuUT(%_ z$39(1e^zqKo8$@=Lrj~K9}=LASPbnjgn)=jei5+CD=^7E;LBT*6dHlWj^>d$)iKU! zg5I+2eP+C$l?+tTEkhz6jZ}`}`ZEtgl)xZQ_9frm#n6cDyUhd|TJV&wxBaDIXL~8k zx!SkZQiDhcnuIGBh(ae?NN57F(i>YN#kvt(dfv!Jy3H&1@A2vt89E4h-EI=idRFfu zSs;o4OX|)psRo@m*l+-iOQuv}WVzt-Mdna@q8*8+G2{L(1f|;m5LN!L9X8iK?LyJ|-+djmgxlr+&F z8wNlT&}1?W%!P~R_49@`Z(c5jZHyF-az27zWTRVS#)nP_CSgt>jJ5WfZRDMrlS=q8 z?3^Na)|>tDutR9(Tv;V+8#t^TQ$hSLW~k7xQ=iJM%Yw{x9=` zNc}tWZ)g@NvmMb;-i#QC<1$yHbBnF{PH$A@IK09`0Zml?n*Q$B5spdmqD9bJqK01ZjcqW>OG2&zp@Hw zrXhD7Pvc|=8`&{hvUzEbV4?m@U2f+j0NQg;uPyD2E8P!w`^)6F-w(lK!&Lj)LQ>ED zPrQX5u^0^oK`CbA+i|pCZol5?Xm)#KPInekjq!91PM3;EG;DinS54$fs4Mv^s%*|G zcxAewH|PxN@X(9ZMh%55-;3Oe@MuQ)96)r(G(aC})llq>*qm4WscvKXeF;p*tcnX% z$Mg53I2+1{ztxjKhhIk^j!+?>1Ko~~j4X(ol2=gXnTKrR^GV>Ba4rMIB zzIY%l&%Yy#1wPXKob!?%=^#NyT7`z&<+R7jw#>iK603=W+81mqsM$7ES026 zTAQ{pj0y={HZ$9`{1yau1)k$mtJXZlD9Y3aayZz9Ote$;Y*`}CItOWi3#&vHm4r#P zKoe4KX`&InR7@oTL#bP{MVfrxt2BhrO25t^HXgLYzDPKiB5<5c=unp1@9lP)mP24s zKH^K=`P@0y1rT4UyOfM$o}UaJPPbMszzhyUaOu|1_j*6`lsU7095MFN8#(~+(HEuB z^754NAmzu)aT)Gfkf$p=&cf^TkZev!Qsj#%r3a9)r4tWqD5}A%@JgFD4&?y#a4V3M zV5=h0I$c2;fZdraYrtDL72c(zb)01gsa~@^yD>*5vgYp zZ$`j7M1^gt_etEFy&qov#XngMiBg3nQy~mOq^*nY%9hY#ZJWRlE4Bh zL;|wTiep`p=fl?{K!3=x^C*6z5kikkB2Q~_(Ts&Eu)Z%jaIybvE+ulyP(~Ei$uGa; zJRG@Y-}`VfIkn5cPy2T+-gMY;rulgE_DgE&I3rf@{lX*%po&vH?56YqtmE`)+;8B- z62EE|?b6sB;^Y|0NIt!5LIX;nHJQ-RT*#0$oX7|u(HRx+=ct~K7bRl``#M|E!h>ow zNMT?+!CjU*b=fv@i;tHEBY*1=-fEqD#1*uHV)&h~c8e-+F-Rbx0J4($uXe;6Txw@s zo})P5T7INYu5ktgH%KPt%V8Kb?vVu{u|zpzh0TRY_DaMIOpO$PBDn;UvE2N1(==R{ zn3o)sqQ$=7RY@?v=1YBX3g7*+L(UF-%OK$#XoLfgYJ6FuuTAuG2s7k5};W%SDbfzpm@VdgE$4XN7B{zW~U{u+-0D4Aj%}WeA z=NSl+wl)d*TBTa2MQC*Y$bSRR@0ikhnSTXwd^cF+w7+cal|tEQ{|O<`gKZ4Y2^pBY ztQq$qalMo>BRC^IyMm#SM|4)ZddmN^z>8^R@KBgF8+9760hSoy4=rUlmNIdRhxoicrA=QO zVI8c|6W+Bb!r0G@MoN;QnqaRxCH?C)#ArsYO|xS=kjb#Htj@y8T*I6R!bEXqthem6 zSPA_DUftpzLhy3rA+!Su*m+`y`fnSi{K_LSOW4;vMbR2j4I!lP0$oV~z3$NvB9xX) z&#~-Hs!;Z#7QPmy4Dwt&;3Zy*Q{Z*YktGu+hN>B41ehj#lUlk^11db}Wqpy}1Vuze zgE3RGwVo%eUj*vIPF!GjjwoIY-To-XK!f8f2H;m~M^s?`pmSisY?C%Iw?0==+)QK`kh z>x@nwF>>lEa$E+>XElAA7Q%*Q0(Uo*4f`hK2*p6U5J$5Ds~$=Q(OA)@PPduq|1<)- z4u~&YhvxFFpMJXax(iP}K**dir0TLIlzcvRcXO{}GK>}y8Ns7jy*X%aHTsG%_xWms zvial8y=F&RtBR#$M~>T&($#hKOBhD<4MByY)S50gfb3ieT>%*9mBDD0d5ty_|<&|n=MM}XwCMJOk}!di`}|A;&B8$@j78&}aqPr`0;k;h$C>5p{Z%4kFt zw5n|YLlwIh?6JHOQG_Ge&|M7^3i1qB{Sv@V=f(Ca0h|PdA2&kDbFVD$vzAKQI$w9z zD&~L(JGm1SN2H#fW_m}$w2ZiESj^%Y)$r`-pWTpyheS8i!uY7d3Zi4UdrL6c1m^;( zFaxg?p>twpMo>$rc^huvBxX5AO#^XLji-5Ft5~}mm`(T~!4VVWHc1+cDE7OdfR|xF zGg4n!eUPC!GoFmPMPH%?CqyMbHFx{_$^0{aJy++T|8xG|-X74cgu#E9U&-L#nZH;1f0>`m;oq76 z_NT2CZVR3kTW;`~Jpwvfw1a}jR}lboTE2~EFtyZ{Q>xh+M#qKV_>^|_O#*WY3(b=i zB0GbkTV3BGE#zFEPh1{KL(gj98?KoGV-Q{rY-UIQ0^V{L0nq|qsarFz+?~`p&I)do zeoK2d3yJdFjzk}E*((^3wTj#xYzmQa3^_9Dm>0o|%8?A7YnUSg&5;Eus@jIqdD?X2 zTJ<@z`M#zNL0)J!(taEl+I$YU?=BD@0sr`RyVj)AvaX$OhNMYq7!rHs7M$1;9- z=Zn=Yj$z6Z#JL3aQgelw+~-%~!0)nLl=k$(-^gO$te(lJ{$f_XgdO<8dFhophWKj{ z2b*Pq%05nb=^7=dCMMPuvb7IFZc-Ad{WgBXXyG=NDm)n^q5d0%EXFv!Zwp6ilnrYF ze!1X7&)9WdV?R~UH{TNu0{oBbYH;YN37am>ByU#k`#5C^uFbC;#dCeflM~QunV4Fs zD@!^<7f;d^`T#*i_d~^5(Yl>c0KLCF4Vj)N(SjvGb*-6G_ai{<|?06|0HnbdZ(u)1<+_l6czPT z^K(BFSZutyyiFdMaKe^NtMUY(?c0;J#z7otQ<3C?B&#+6FNbh$WvXj>AKG9!Od|6cG<<85$e8VNWdIhs;4a7tGQ1}m3QgVA( z>7lS6PXKh_=<9$-Is=c{_70JpL%Vl(&6zKiY)Zl%hL3c(z;n1Xf;1Z`fR`u=gpXcU#uP9hDH4ufwmno!v>Zv&d9zdch8H zF|v*)lFGIQnu}8*Zs7*(a3z!CJ~yr{ygyBrUm0NrS>`@(rd!ZjXg0O~doO(*O>xTo zS{q%`Vot>1r3eA%c|26RNql|7PJkC|9yf=k${Pl(`>Jh%gYla(9rtdD46~6|@z<#C zU@!)FOf%a2#)xs*@8ez#Ai(d-W;(vK`cJ4xDMz@8kWSs-n&bo&@T|>_mQRIMEjE{$ zy^mkN8@Vd=K{pOW1!7U5%Pxvk{cz##Sqd;`2DSW}2`NY&R@svvxV`_^x3V}+3)Vv2*#e~E?g3V=)R?Ql_vws zw1**RG$-n$k5C&K^n)Hpx>K0Q3#ah(v=WgxSwEM zc|#DIsDB*}2gN~pJr;n`_z2LkqPv&=Nm2*vruFrMT6O}~B93R$Tc0PnI)vdDyTqhM zVJWEqvW!n<96qc$6*I`t-Gc@txVuyBP)mRPjylm;V9Sh#S8!9Q4hkQVH@}Dd$0BU% ze`1`mQDYE{<$B!ob6-!5*?;*hP`Bbc$=u?pv1<6lN!msMAJgkEV^Htrx=tzyF zw{aBG=6akOgCQtY50-3;L!cvi5l#TK(bw+IGm8Rvfjyc&U`l0wvcXy>JV-Yg@KSCx zWRFr#QaXz`yjvD2Lf@6)Odm2r&(IPc^xp=w0<>pXaP{B68upPE9)~Qrnu3Z{I!@j| zi=wNY^;-Ufrdb9W;~pE!8!>;#GBY_{v(G7Z5EBIY3|K;-kiz`}V@_KYIF^$MypM7f zvo`DDr)rol5bX544KTAZPWsL1js&}gI&gwC`@#)1 zG?bdqS?KYh(xf`@wMi(5l{5OoRw1x?dbsiWydZT57Z~1E;Ph1nSy^Kw$M)0FI%9A4 zqasPWMsJ2}!V@UMfOt&<>a|MYKjjh^dcbyvPXnU?2LMsa!i&Ix5EFv^86eIy+bHmr+x*v_I)ajtOLz_-ngP@I>NP)+GUt}p2H$qMEeID;< zep$hgRP>iARr3cE z4JCy!i2hnQ=#v4u0tA;zU+7L0#dsHD*lb7q;?NBn`WTd2Lm_OQ6?(Fm}cpK z8>x6{3rBZIVT)4w>$vf>I8))<+TT^|bSES-m#E96U0x1Yq;szlV;EExc|z5`4;u_p zhrBS=+dkHe*41i8DvWCOX{up)(;Z+s54h{T6YS@vY2A8688c6p*_iq+3C~DGegbE= zIPiarUN|ElDHfj{?(a|PyRe(e53D5}c?5x5#j|~sAK^}dD@fYG9LQSL+7{`gO>-PE zYb7qzxP1VK^l&1#Q+rxRD+@a)S4V~Y2oMbNcd25rt2t5K%~0!(J*-hUX3ZZpbw7VI z4{ynJQ=~tMBOMOW;Gi3ex8-uRbRh-b(&2hxSzMIrHyg_x>||o{kas!cvJK@CRwze@*yZH7?16A6H-Y5r%g54 zp73wDr}-XYuWVMTN~b*$R7lA`6D;DW)~^VO7nuB~RfScDLRG{MA+b2uO76vDyoNEi zjTVQMFJa5r?JN!-cBC07-U{G27ox~9=ORv0yacY1K;!gkJ@a0OaIO*kTpQADBe#F< zi3ax=v^#jX&a6W$5d|uL-R!F^{uB9){zm@)Qbl0?tBRQX&njXf>z^tD@ZdkI2mpKl z0L#DTfPW5g5qG2L>;Kde5C9?&0NQj||GKf@|9c|_;2HYgmjMKXfcl$9{^dE~_|!%d z!b1IsBm1&T=rIDWED)Uxxpc#q|C? zi%n$xZx&lX`}ZuSW`d@c#;XStM0^~|X}?i+=QN#oia-^&9yEPNx6^2Xe0jz5*oRW_Q@hkAp5#l`MXID0sxdu+(;;%Kzlj@+0r#*(ecL3Fz zCpbywc3BT#b#mMO6tc9sN8xVhaydm|Bqa4D%mRhT@)4B$B4L86<17j~4KSP*Wm;^I z2pyWua@y6t8I9NLw&H0pGv0F1+RzkcC*sj9JUu54H50ej>k6gDPo{M$&6a-K__ewQ zj!jtCxN4N3;DBev#5#jI^TFLW?dJmUT$k{REXh)j&UHV9x1GV^KcvKSmhAqI121T% zIzEbH+Jwp_r*&gaIbfkaA5CI0Zupk*cNe*h3XCVn2B82Ua<14#FvYU@$uvK0bE;l5 z)lkN-_7c{hgAC>}vUr^#%FeWupbos9Pan7C|Y2f;hO#V8$(M<#V>=nE~p4 zO%|JVRnU+}08xTtheroiFe1Sm00<2(0QX zt7N4}fp60X!W~ocV)#4@KE;KV8Kj{E8=AYlq{!2D9~)PU^2L6#qm>vo3p}pN1=v4c z>unQ1vH&2MrgdL&K%xl!2iFJO8Eq1;?qCyLmpH-=lKB#;L5e|N+E6eXLj6nO&E&Fi z%&bBnHj{2QERhvN~K7HZLMR)6Bt);dMivdp1T!FE|L~zZ9UUmqnByu-Q_{z*7&yZ&6~xed}^h;c=ONvSNHhdiWgu)+zv3fX;R-7mslH3KeG6L$o-a#@iMT+M+-DlE7PA8y*T{C{~x<+!xJ+CV|-n(jVNY;L%=MW9SCW^affSl1! zI(Bm71$!Gz7vtB?Q|_xO(4YklL>MKNkLe4I5l*=o(rvw{?-?Y5{~x~2DM+v`3)W@Z zwr$(CZQHhO+eVjd+qP|XRrT$E?wuPkF%k1{Uf0Ws*tz4&Tst@Pi{bN^iAd-E@UF61 zby=7@_&^U+mm5kki@d&1_#^SHY0b+zE0d%23MJ+!#_dxv4_%C?=-W$7`t1{C?kWgs zQ<}b>VFMN06!gdjvSr|UF;yi@E{o!os-p21O0U?h%9V;nE8+Tb>j0nrlG!N~LEq){BPK4MMm-gusg#xyUI$#1tpd z0L}E7j*OTh-HomzQg;&5kzFl#WhA0++0}5I1vyr>`G2-2lZs3llMcQD1b}| z3D=~a9@vt0+Fu66eEa?*mD;XtkLn$L4(`ME#G;v(wxom=OzawXQxh^b@EWSfxf<-4 zk}$zDjVXCIqOT%H-+kj>$_Ok^8{7jI+ha9&>tUZm`(gn1a=HP1i zcAC~EX^@ktU9twV5nk5&_!PPO<`U6D-#6lozB>&z-9sIClhg$Xfq2Qifj)xg?Fi6a zT%F>dlixe_f2tVvzcgp!KQ#v%@L+acYJ3v&g&1m9i4NFS?j8~kbFzM#-yISdlA%%$@J1L znM(dkN0PW9F>5qiTSll#>}e4TrH0}1wuwFOOzH|IUz`D`7@PIwd=PS zFbHbI0xpk|?Eo1-QY-tyNlF`|oTHL){;uLqJ0R!tbVcp6GG8ea-Ug5d4 z9X7(!%!6MdySE5Z9s#%qofAaVIjT81u1R!jH+7Ni3Y!(T(W?Yx~%c@vyM!WCW=fH3C3W6vk&sUBM?On`nniD&G`$j3^ zaMbjH$?C^}kE_k-)|i?xnw^?Xai{rtJ3wp{m+nh$uTf0alVL{YM@F*FaiRtfPd)0~ zt_u4WQW8|VgCzJ?w)wpZGjNJJk zEFdk-vWVp1I9YLq36O&+n&L@?Eoi%0c%*=QpnXI%58bvX|BZvNfhZdwDxD+893oL= z9z%~LYY@vc`JnvS67O$;)D%TCr+!9FZe&ih5*HnEc~cc>ztF5ky^{L#*kGLL05Nm& zF&BhA>E+Vjw?rx?aph*lH{Mh?1b#QgXvAi}vA2fT9(Iz*Z8E%6 z(}tmKpQBr?(s(NJiFX!$f@$VtAEwKtP-U#2DMdALy`d@rPpYngR?U*ra~-@9&_az> z7C+@Bgtw|NyT`MV?a1!sV#IItQ$EnpCZFA{r%x@=a|>dcioWrHw>Ck5f0+?rG#{Ap zGFea@0aN5J5-K1sovP+hx=ncsU+*Sc4`ATpCT`8n0&=oLCT}fuS~Wr1+>_nzXBJ#; z1(XvKT&B2e|Aq{HKZ-KziSfbvW-X&^X6V0x!ADaKC4|(8~Gh%wG1IYxU6~L=vw5Eu=;uB^J3kA!OY0zWa7y z)<-t22|zr3?`RFOUc)Cml(9aLwd@qDGA3%RbNBeM$B@3FZP8GGHTHG`Fy7D8)QK6q z)Fi$uoa}mMg=7?+XwEWT=T}g=!GVA6Y{`YB(IiV>mnc z{51czf8d-1JYwBYRPHL*^w@3N)ENGbB#%BVb`%W7=Nsg9kHya(Zet7K%IeY6RVms! z4Hc+CrNNYu646y?5Z>9LK8!pESm+xbbuiSCV=f?U!GzTF4{z)wFX?zHfGv&Mxa7x^ zY(|{;3fKzA;u{ckIdKi6HCk1i8P9CcTE8>(OpRzHTc6P^@9b4*o9cuSW4C6}vx0-d zSOtPb*QTL3juctc5q9mfxGGV4=ImK0?n_SSmoiR9#NQOBi!2Wt!`s~zlv*M_QSBU} zP}9Z{Ihr-5o7S!sq&ijN+z2m3glNg8P!w%~q1)J{!3Ue4=34svz$2QZ_Cb_%GAG$3 zGj&unqRzvU+0&5cn@+m7;-E$4(_vNScRXXm+1~{rnKu+*T_)8?i2ecmwY`VQtf+K< z%T$Z4tU+6bz?xpD*Q}5Ls3@P$Y(abFvZM^t<}_@ch`Pm_yfelrqV-esZHjr>ZaoS< zq(s1@Omy5SfS4g(`bQ`p3o*xSjkVAWY_zY4cSh^gR)RdT=h7wfi80~7`nW50 zHHx-tGc0gZ)|L#mgnMlf2mS(Z(5mXX63zEaMdhjy5gvCJ^vt_F%V76C0|Drl11&cb z+<;(13H>(E`*Zba%0^=o=)^L+cA^6+t15{R1Le~lArYed0EbC%pLoLP15bJSJl zp+Ulf2JZs6vqSOW0gf?RMwXw=X!h;AWh{>ZCXfMmbRn0hN`;M~Lr_~pg#3WkGw0*PXxmLEm88Wp%v)z28~@0V>^&aL#n6Pw)nzxg`0oGkZx zo=#B@HrWAITKjbC{%y7p<{fT*Val3!CpWSWv>u_;a|ynAJHA(1y9pQN5tfe3viNS@9WajM7xf|35rWe=8dihn`XlfW`E_V3qMA)4Oon~&OoaH?Ix zp6C%RJemR~0x^sVm&6ZcYvvMRa8!89l)R33np!jTWs9){ySe8H)DW$4W5`F`qxo3y zZwE!(hNI%4*15X3&!onWK55ZT%b43a%n?%0(mcaEyDA^L71ei!zs!dXXO4K z5uT}3Y%VCTM3&N}w$qSvtU(_4?j&~U9nN^su(rF`ikyEYpjnPD6X??-?Yqd(a-}?g*-)UW&Ygoc)sqe;320Rbl^Q?sct9n1+ zcWsOOZL+BQG|WQ4aug*aU1pkdz32e>g*@`^v%Uu9_v>2rY;z@qvG~soRqyI3q#YG$ z1zkWCU)GOq={KuRD?3yGPKH9GRK{HRgt;FD>7BVzpv4B&EX>%ABp>g163Gp#+^hbX z)7>L@TxK&O_1)iUGxMZtD?hPVf&_9jPbf>v112kat|^tj3l^jZ>yn%?D{ihN`yDEbqHm-<`vOk5IwbYm7(esXA!TcGs@!kv-4kaw4Y z!7l5Sm^hcsx((ec#NlAoye{_zzAhvGIQ#)S6VRCk1Eg^mLNL~`n|$_UmvNl}j)EzX zI;6j$b#vn?_(jbC#b$o&=0B**en$(Yeg!et!ESJ>LDYSjjOe#=jqRadeA_uhA^YWV zM=u~q{5vA&pBp+v(f_19ASd@q{QZzSrUpD;J zzPSj=Bz>3W6^Hew2inWNzqxwMpP-^Ry=aGZ9W7Cpsb#MVnFUk)9iUAJSI@n;qRLS($PGww82cX>Er)nBGP2{vpUW;wfW1tD*OA}{+xp@ zDtc~))}Jy^Dz%fcBx(&gno>PlOzQ*Q->%ZDnbG7nY2;Ci%3&85pQ2@70>8K1gcba; zAIzYxFpY*|4g6QiI)2c=sXlneeMmU(M?Z~IqG}7r_)@>+$(w0CW#;GWN!}>&^|A-| z)|`${YU}NbzqvvET!Ofc_6Vk>bc6t%2Md}6CvO*@3dvL=rlP->J|O0G`E5rEeBCFL zc-mHzm{X~8z}b-&YTu6>X`NtV^onKN)2-v&n|VVLV_0G=^x$MA-GP^p2Gz{l$669; z(>daD1JBp>nP7A1_ldwf;9kMkG{SRE6J(n>oB7n7fpkr?v)`dm_BpAN(?5wYUO7pCtv zli3H;?^cQ$sqwH~SvHOo`%ayk=2?~Z^J><7tqK}0Y&2}t4gMP5WJ&j))Jy`a%nEtV zV@aZRVo;h@KaDNYEpIn?${-eoo4jZnmw?3F&U68p6bH+#5_qA{1&+Ct^iFSbTHH=V zp7wx*S^XHCMqI(jAX++R!rbs-3i~nk1XrwpKUdTW5x8;J3W>a4+0ULEvJ+RXXcrc5 zn1xwZG<2v;m&2HuhV>W>s25RIbS19n4|7z_sMUuhE(PT?bosLw11dgHFs;`;YsLyX zJ@oT-#I497J7l9d3vazMk{ofXg8Ou0NXMb!%7RSvB6wC2W5QO!2#(bzLrx4TX&RO_)#BOy`>frPzjVEn|_}tGQFKn4a zirJ+h{B~wKBJyf?(cJDwCrfxON-R(s^v}cE+LZ*B{X88^xkBgYoej)n_VzoGN{?N` zF3en5J;#fVZ-yVN#QdJzljz1NY8^15+MWV8{Y_FIji;vie_)NzwP+2)-lcMz@YT>} z3I$mz%b8}Jq!}gF(3uHs=p%AuE?$5|4Sjsx*F!6Mv)dUAQfn~S?Ju}04S)TOd^PeR3r-cFN5H(_lFIG9KGQXiOQ}S9-uG5b-IFe__T0O z9*BD%?sAMEl3Tj7Xxi?4mNa5hCafo-rfw9mRlGS4OwyP0w7VjXL+MmT+X93-&avR( zzSrGLD>U^NmPdU-SsaL)Js_En`qYGLknc?JQa&ZOq{cppXS+Sc4OXi&2m&+d(ui9m zR>M2)D014jr5kcTCx26X7y;qlk^`Q9 zYl)`je`?7#>5*#!R3Cxismr$_ajyFi-pMxJq<%8tWtA$C1;i&RJEFTz&Z7Ex3Evam~wCn5c)?it#TB_~<7tFx_y@71-bR*xfWj*P^TJ7*uSXZX?AJRWrl{ zir!ZWc7~YL=BL(b z>Dqn>-j;CE@^vq!>;dW404V%V{gN9Q;Ap>g4#suu12+2X5W()Ex>a%_$;*I8| zy?wD?9JoHk0R_ND_AilC^UHy`Peub3Jh}j`f;H|TcVSRZ+;8g zcHM>vK{6r6_xWqtaaKHfPdOkrxe1R7knA+-+eF;hsVX=>m_y%E_^k0x#zeMw$Xb=P zTq5b`J;S%GFNamu{6TIBXIa}mV|{g~o-+EU$q*M;NNRblf)}pl%`zn2dDa6sl#yD_ukQF*j>5DB z7<8()Nk}^if;b}Fx^HnxgI+5*m;_9dj0nUWMgc9^C;o^JHy{>N0_)cr&hbsbatY-+ z{Ts;nv?|l3x$i5P1-;K|G^rBGBz@lGy{Wo1yA%=MA$EC3oQJilp>SMYJzpZh{aZ-_ z=g)fvp@mjE8RWk3iomu)gw1k4vCCzQ_c&a#A4ZW-W7MQyLzP*+EKN`xHfrTI#)iUo z7pbLZc?S(`_nc38o=HyobOBNXh@>9=FMWEyXkZUSVS?EfLyJP=K4nygX5ti_MR_cP zQ{kC!8FC-pE$Fnc{1YKHoIS!DNmi9Ph52|BA(Jmk{H|SdLKtjk?(Gv7#)>9#wlFni zw_SAv-^OsvtNg7uk$js|>gF1MC@t6sx{@&r0JLx?)NqrS7A8G8=7r!a(y&^gVgzu= z>4rXgu({1$3$7SB?G_pIavhAx+J)=mWB3eBP-=1`y!5f0K$lG0qeDWaxQF$Kjr1Y` zOp?VtgVagam^gR(ehWhrXAh5v??E|sVxxAFW|eqkbn{;toznAAOs-4YGA;a>?z)@6 z*=q@ZfCVMRb@yy(wtg2~dR;gMt_HeI`-8tB zjSnuWO#rRKyHQhBXK6!m`;ZZh5&i?!`3#fXszk!2yin2VCCb9}zNdI@b*yj=BZH9! zl(nMxFp~)uUCd6^?XdU_6gxU!f&KV&UYj&ZJG;rNBIElGh6>kAZf3~ez5*tvtaD9c zT3CD>K3?JklmV2k7eEw&sqNG*&_e@of$BIQL^gwfALCCsII!!?^Yeao{;U^8%sFT) zawaj(A=pgJP*Me$(40RdM#DQ3D+dL;oz7M4QRbiGLUn>qhal4P!G~KOU@p10_`4SV zXBG*c1?B;j6^&wGvky_%Gp2ZRg%BH-^Lf?s3MFHSo*}x*@{Z8R1{m-ndqu$b6|FQL zqzZwT=a>?DgOp-)(f$c1H}v`>T^ZFXD=B?AV*RUyj6som67{{y@&2<3cSB}=VXTg` z8b`^3yGOZZcdx(9P7*RT92ag}=SG43Yj0G$_1YGUx)+73-Ml1oh@hI-rb*qeZz=v^ z{K4;(3wz0@;3T}aE;jfX$7JGpc|)ig~mEijL;)zrpAVfviV&2qNP zk1+fZg)u!qu@HLRi4S1kFcav5Bcg_&h*zPt@8RUu^5B}=9;dl8|3etyZoeFb1}1%+ z-|UHz8KOSFxtERj;M4IQQ9+-vGpr5PeKnD3H=>_mFf&{M8*$hVS6O&*-Fis|TrG`P zeDe}G_(lIM)VeEhd^l`%RGFo(3qkcy*AL|59nDG%O1ksid9gWK@NV?#Y_f#5EF0=7 zx3B}0WJ+6fcJ#)j<;M7NL7WM6X zH#vu<1!|8!0w6VZ`S~i1t3b21!M${op!NPlk5tZ@UBjrZv-BdNC5$HsodRy3(IbkL zdtKxKLSIPEOqDV9y@oNm5Pjp2$oE3rNV4ldoTJe!{!UNeskG)e1rbvw5T(&_ex+~# zlGf9KJZ_r-QE^l;802R=E6`T3x{#D8e(-tbbc7_tSqw9w;{L0oO1<^3rMYz$P_T^P z7gj8-QQfPV0!5`mu0S;l;8BM?MnF8z9(IY|FWOTyGR79hY4igq*ChQRI2Uc}XIA$6 zQMp*GklJ19Vx3D`tkt~%7QmN)GmMk-+wh7boBl9hsbil7r#}X^@JW%jFyr@$i4DrZ zZvaPfe07(W83~Zla_!yWJ!;&+zkE7#z9xfJo8`KVWj%XQegBZgO|(}stS%p88a$*& zh>@jQe(sRzLlIMB#1?Sdivw%E4MJrda;<6`Ffg7fEv+amwX=j`iiPay9D2kM5mFac zG7Q1zin*=c;7-g=rwV+7Tfz_0TUuAt8?% znMt10F!j-6qbQDmlQ{vdYgeSWv_?zP?~p!zXP%;ZwCvSJM0(v<8<&!w&d4&Fxi}8K zhiGhns#A832DkmWUB3sQZ`RSuykIJV+8x+ps;Yk%XysP(tQPRHUTTRH^)U) z5&e?BdK9QC7n3eJY*Ml{|M!AD=w-0PXPa#kEWD(?ih>SG8y=2!tc4waRGB0Sscp=q zU&Vf^+@*BoEgaQKz7o&DZ_%MpwMn1GeWEKYpW}&h8NRcV3MRm$sH2PXs5R1ZZi^Qc zgv26_%ad1CXJa2AN$htld8$KIpm)}1HPGp@yk52`I;xV7URRn@7?Zy-j(;7vK4R~l zsxQIxMA3NO5kS5D$tDFGb?gY+E17&$QiVo}~`(h#!{dUuK_HtL^%4-q<><`B^Cl=e+ zEg{TizqB+gx?1rUF~M%2rsl_j7BEiy!|(6_@4F#&6xo;Vcz859G^fgg%>wqCP@c5` z0d{Gb>Q9K-nRo}KsWGteO$vYV#;!VHx&I{lw|%_`XMlM%=*T1mK&SS&|#s zi55OH#mx{(7gHixZbO5q7K|R8WV?Kt@`YjNIW~+99y`Mineu4KMGliXNu0OP85P8r zOu#J|hA_S*cUdb*l@9sEq`9N;ur?2qk-3|Lg&rQOyZyTe;H^ZNO`ss4_2OiU=NGgu@2R zsv=dBuxWWZA{$Y7oz<0)SUP@}li3LEzD}Y6wkJE9qxJ_KBB~2PLA6B~nK{>gW(%UE zgZb$?LZ87}&Gsi%Tc<}M0W0Ep^i-_5U|gbJp?q6UTU4G6b+7XaYj81n4>7PZW>Io`_hCaJS0vu|l0XUKCvbfFM`A z_r#U955WWDRu*)jO~jp^+Q8$)Y~U2rpKN@^$g2j^KW~2^gsC|`Pcuz2RdG5HN`s3V zTv3-+=?6>CXMxwDvw$O<0CpF-cXPqM97^9qaYjr717R*<+a_LSCvWA$a2QObeblQF zeqZGN!g7J{SDQ?4^A`k|d>x%Muk&NH8Nd=iA2o2Y4f#eCf|}wO_0VreZQM&KZbl5o zg|^nRds1!{Shqb_QaSg^+MCTZ8e;`9IMA1jM$+oAi-n*bCy=QFVcGTw6%eBm&|kO) z{X?l5{LpC?rn${Es!W&7@O6GqkrnC1S-sSwg$ukqR9w(cCdZ6CwL&%chXYmm<#1h)jiQ;b#9!fXjdW&0T!k{ZW2juuErBK&f7d-<4zhTqX_{V z6}^&@U|01F%gqsxADTG)-NHCeK|m2sIPi$MflkwCyT{CssBfIp0J}1~RnhZDy#J2( z_bwVS{CuO{dJMKIj2%trd>*-w>%H6=5VPGBQVlGzQHi#V?{D%uoKX2iY4+N?mt|jv_i1Tb2Gx;oHri} z`KrlTT2z@?VTKmzzY#C7mDL&<)w7dwdJ3lX7d0pxh%64g@5=AXVZi0j?|jAILM-cF z>yxkbDs+Gc>s)fraL>906AX_+@6aQZ5O+@;OLUuhMe_TcSEmQKSQC0ODXem2qb?zc zW)!b~`3YGdR30n>&>dg<_jk&HhVy%rh@-^Z1cQ)PvAn zka1swHMs1~^RuVd9cggY)>!1`ktvU@Ye9yW5^G2#sIi-*wyv8=Liv&V6;xooE2eKn zqH}#zUX)VejHumxScE3tM84iu@)X~$7;svWtn%IFB%m?@XCs!mn0Tw`%_ZJizKX-4 zJLf3#DTiH^5f=~HAXMXwP*5s9ACFRImh>2~UUfbjabPnjZsX0}hO>h(Q|uVwU4k-13O(8#*!< z&%;eBeC7o~TRyi{n{Hl_3syYky*_!?mHxs0)hx{DlTf?IFX|*ITKPUmF~&1Q%OO^< zZaLH)47G<@Is%L>GA1Tkp4-S@h6HP+AkSE}GuujbX`=;4vp3gG6-{ZB6HbrR{Wly6 zbC<&jCq0s{a!ADMqPhI8m9usdz_yl7gC#C*y{hfDId^uT&wvKeWTIFi9 zhZcF0Y@sjq`(WmrYCi=KJ06kDh6yw00tqhh#MJ_1`cI2SH148Cq1xzzK_C|U0QZhD z6dd$zF!muBG9JXh(t+`#>ZLi>nkeT0j*-Z@<>CY+F_?(^Wnk)+deK+{vRFo?9j@#h)NvMpytqLG#DD4JM7 z`ad3=NG-Z~0OquoB&LP^&?<{KG~cL^F<;;PE(+H*AaE@lfsI^)s}gqhxB0!D0Smta zL1s1GNmAVYFoD>kJbrDO4YRBjS6Lgbk_UsTzd{dc!4No>EgV6k*Q01VQ4MYXfR$G& zsqjEr3bDwD(4Pj>puTefo+$3jUV`Aq9Q=JxDITFa7f_ktw_KU9Etvn!N*7$7)I{a; zYrkeOIbiu$Dd0My{bB_=xx!qsI}FV#ARNkkCoO7kaTdcZM5gs;gI_%Fi1T;ma<1;EYzP?1$^^nbZ)i;NXYu)B$z3%AM3F*m9AAn2 zo2$o#qSokv;a0OqAxE-_B`m4ckmiA3`VO#*&yQ7~z6_$$;ZPo4y&I<33dGk`wR(~v zENFd?tI{G*mV$_BbTDpAlcdzO8pc~N>q}+_*-K&`hJAI0agj^KV6TD#P6YKoPz5$Tw5o3eBYO)e<}oo} zIn`Z4mk*Ha#fcywSZ0GAG_xhdg})u0(-M(s|Gu43arFHU@rEt_p9~%MUkrWhzZv@5 z_CE}LS>eAKI$O#AY;BzRhoMV=|0hF#+x|C0=NkD>h90;i%?HkcI=|acZuJS{H?vU2 z3P&Hs`>P#6?(@&Y6yXy}K{gJRr2xp?SMoItmWLKp#xYzTFUKv6054umI+GT0+R<%p zG2QiOJq{>HeOk{wcSGd)p2DHV*r0P-P$K5f)G-_}20e~rZ@?Qpa%a#}d{d55wm_?b zDSjRS83-v0=hL!}#eI41@}+)yaJ#XD81Y@g@uWV_?}9eQ*9bMtPk`=Y%sQYZjcLFs z#k9$O&4C;?;G2fY;){FSDn1?5yr0bVP#EEuW-V7elPU5k-i5i63D5De=vy)_>m3#C z3ttv4WfDq)WajIII!N&~m^*Z_8)kHlF~^x++{C<%BC&VVN(UWmK16_m%y-Dy&4FqO zUcNx7-s#?gGX1hF2?>x*+x+;|L@eK5%rP`Zl;q1j19R5o&oir3*}?AJ*(o6LHO{|> z%veFG6D%AcMPbg3Tk)4b(y;Z285ew#7%gfA9y7mgqA-~2ds!2`ps5a3;=rdw`~4$( z<;ta_C$v~AJI+>Djvy@FkO=z};1dx7IIx|$yhY$ z3x|lNP#a?(`|}`(Q3!JN+PKK&UKrGWGAJPy@aEfz+`=3op$b)SOIlnJ6!UAJe zmK=A)ajS0y|F^%O+2Hj|MwDm({U9N4{8y5(R+hoDsW+Ejqv~U}No2fwj0u+lf~CJ) z^dmy6sxT-_Ku^!zE4JIENn=EqpSBwlANW_=kJ*OxH@)(cTXyJPVi!HO?a&bmOWF72*Moz)8J z($SI{x!m{hss^O;8DujgQ@yE*gT%_TTbUvv8p59?%}8S}?OHW5Ec0l+wReWk%iJ`$ zu{z~6o3sWYlWC$Itk!LYQaMB&dpwfOHB5x`e(NrR&u8NrVc!V)^F=SHYYT+#F9(*=g8xxPzA>(^~eK>Jf zb7p4{^PHb{;SZ}+eXr)fbkTYNd5ufz6y5}0&luL|AdPPK{PA)b5@RbwrDiv|Ww3)7 zOP3F<>Mr9Vjy``%~+i#XeWSRT? zxNT3J%WidjM|)9gelAEh`{H*>1%sNS&>ww2Y;LcN{GL8D5U?Cp34cX-Vj?AFXD(yL zL$}_*Y=u#{Fv+@q^r#k%I^2Rz6KIG{zZ||&JxBl(sfiP za^ykISFg+X?~-KNaT45+AyR~iyRMEvSQ@+~-6PC)DmN>LJR)!*$m@imr~`#nH7Ru@ zO)pR_t44M00CLd$ZWou0TOg{fxQ%+f7jZiXt*GiWYQ*&Mi$eDp{NbLH`jHChb_a&tQhgy~R+DP2bQ%lzwV|6n{u+}U zX!F;VA64y){$&&T3_#d!STml9TH3Cch)oDVK(Ieq zU&g}Q9MA_$jNnOgN}~M+s1{HMpf(41$s8KF_o8HIV9`4Vq`Kd1)doUB<-O?RWu945 z06O(=FRx#e2cVjMX#>v+mbz0r^ z4+7O?SMJ^mrFGH3NRvk#NvB#{uNm6}%j1=k_YqUDMOW6tr{Pw4V3W$Eh5e7%KRSbW zvajbfaE?V7V#}R5Yq1k|;qeXO`}9yQ7BXK@7|M&KB6R}+=0$RQ*%*hT z*0g7sJ>!jx2TVBh<(Gf#vI0&+0N19Fao$5;%a4)_i%Zt3+}q^9RsbHe+(LyQ(b@rQ zlj+bxdbp!=Ld6&N@6LioGy?-umsVfta>8cFbMrn3h$dz8TIqIbu#IW9n|+Wt?{#ln zmwQLt45bH^-wHS&Wmw(fB@)AQe%F|+=33O8Z-*d7?pEC=i=B(sY>}l15ZSy_jNg@X z?cq1w7J-U4P?52B=Em8^JedG4akJJUH6LW)?AH#HTId|UcHh%g5gjz%?eW~pH#yy+ zF#1@yRv6lR>jr`SP;ko}^)HtfsJEHD zP1j(g7QQC*COcodS#`U_>cS9Le$j3|E1M z)Cc;PsYTR76_Pq`zmqE?}V!Bdb4tRsioreIgf|%TA zsv0%htqjO(K>5__rSqzt#phuj3K#1x_#XS{7x&e5@8|1%N{ z1dii)#Z<|rN{?n%RlVSxdlZw8aqs+cgUTGl%^%todGwB4TXcaaDizDO3r^4v&U&Hq z!b)QX?=W7=Wt3&%jVu`WjAyB&JDy)2pSHC1F9Jjt{)5p3~9P$+~}A|HZE zK4^_dFCrI@hk-b9B+Gn8Np~kL16VWDtvFtdx8(Gv%^wCuHa*(Wa#lnI60`odu~Z&| z8j|<@sJHN8eqX~R#OR&Af9UH<4}XSdh~6!@fzt+$P6jTIfeJZ7d%8C*(jDPG2S!^= z>|?dgShX`ZSa}Y?b+n!x@fLP4u;W5S={kluNsQO-Rx?lM&nUqvliTRVQaV4l{&FuF z%aCMWu~%8M(>6&RNkfM?!W`#f?!XN-XptK)$=)fu_V@(k7xsFAiN3Xe7qS6IJjuk@ zJBE>NxFq73Xop($mLnjtRgKghgopkcEgZmhOS*e-S1S@^9;nzKW(pU11m|%`@n?w5 z1n2puO!{6wQL0e&6K8B+^xM&#pJgQP!h}rU^YFkR7QMBs9u~qDv|SN(hqLa5bxSLb&Tc?k|dQ zg~34ph?tcmzQsv$o5K$`VbVz4(o{z7qXbxuPvAQxPhl)Z={N{+XB|1WDKIt6YiRcbO||p-y8wqxI1$68QU4}|!u=Cg`^+$c#_|`Z|gd8xvzw^3iuFMeWSmQ#L-wN43v=w~=wWc!hwREb!tE96 z?A#}nkc?^9iq0KSRV%caEVB|H09~gsd`Y#R>Or68UbX1ZhpGY7@>uXHNH(jv2qsrE zlOg;{jlA=c)PRP$6cB=@$CuX>UC2S}{(kzCgD6zuik4AMk=M$dYgqLeDnV0yU&Lps z`FWQQIZ8th69x0D{a1}0Nd-Z>CI{KTfMm&+H}pTS|s)IvRr;d*E8-%P5urN zo@m)Pn;*m-e;CPg(=+Zqur9536HfCw@Ky9dtxXMRthtfX5GCt9#PTBPlq^udQi@GM~wu}H)f=> zIm_{HEn2&3a_A3m%YDC(J)PR^(O?~Yb?mrdkF}LwtilQ{qM%HgO>%OLcqAP9++O7F6 zvq3=;3q$M5MtDjis9NrHW7iio0Ur9I@^-;k9}twM8+&~=4!V#cJ@gZM#I@yW^&zTk zCn|`Dh$RNN*se_ZY*fWj%h;DiqT(vG^cbEqNQY>X)BxZE2au-Ss``;!D->x~jhSMh z&RZa_Yc_pF=SYHp=!Jvzzu&u&3Oc(L&D5W{vtJi2R$Gdx@acI`Y2uw*Tq4*eTCHwE z7NBA02tU>U9iR@I_3nhtJ#J7aDcaj0t}1!a&QdvNH293_h6s@HFaXekCZ4^(^0~V~ z{oPXar4-A{T-YN|TB{m!R>m7&67liuR|C{6VrX9(kR|q{eAAZdNiSV-$ZB)y1PG3W zMr6wk?fK14nSAl|@hiJ=hh0fkU)&}o()4CQVY8Sahe*;l~LB-Frpv`Yh2+Y9#mP~zT-8|J#_w(4Ge&dG43?GTAA#&44TiGDgPtii1#lxGx}d_W)5QcA2u_j@!xF5xAcEz<>&vE zl~?%>HuHDdzu64k-*n_ZZ!-LQn>E8@ypiOlr@xO;Jg15xdVGyvuSi3>1bdLWN+Bs^ zpSkWq1=wiDX#GlJ!{!pP@H0+biC+H$GyUT&^Y9M-k|?g9e<*^z?-2)sbYyjXA9owu z7xNgD{qA9Q?Q;B&mz8a4ZVa}BKg62INRxJJ1YB^rmCGBoPE-V z-Hc|epGchsESv3fo!Al+u@PJ_yK`PJMwK~0oiLWqR(m2+B`WlKj#`s)TrKL5*03e# zKJ-alu~Xa*&Q)F`OjG%OKy#pl3_X~42vi;j+JqPsXgkv@)FMEp3SD+s0wiq^Lz%X@b3S7W?07yQXf>&txTASN%-h!7P9d(?NC0EPG2%*T932Ju?*EZ1DYce(=WRY>ep!*=v-EJ5tTHGf;(j#GpHaGFBdp@#NKX(R}0s@G|!>=~BChM$g zD?_L?L;^1Bwad&|RhJZeMNK6u|8$@8HI91u1ZdLw#jL(YHg-ZcJlITG9aw2s`0Osr z8)vTCx3n6^oO?DPXnmxqk3GuEgN`-2p`7?WfD1Rwa13(sAV?*a#2?^sIEb?ZVN3%Q z)qynUhBgg)Z~D}?wiz*5qB!NEonSbCMvoj9qCx@!u7|_7jfA;usf6Pmvs&)|?qfig*dW7ExZTdhF&0@~ zoy50K<4crd^SAD;FCrW}00HczlY8MmyK@Opo#hquSErY|DcI%NYZ2@pg!)kxhKPUm zoA90>u|7l1u{FOmR`1}wU{wvAo2@>l9$w*mERY%q5|{7eEkx!@jCR-uM3(M#e7^M7 zrpRDvnkb7sXLfrry#c@QUcOxE&E}1n2vM!JfxkQ>Y&`5~h|7Na&`@Nb`!p#}#CFdo z!-ep=nx5$-!^t6#CeY!qKyyvoUxzvB-?ewuB3d*ugU0oVQfIL^9)~R-vdZ{Dmf2WWE??TqN6$W9Y!KvFps}>-8l!2v>!S&gN zsisEQ(1;6kPE)jO-so;Trk=~@-HDsZrLb7u696#Y0BS=CqJd_slfq5NSTZq6=mygM zKYV>-lW5(VWZAZD+x98jwoci$ZQHhO+qQMet~u}R=$W|PG4}`T75h^@nYq@JDfU_N zem#Wi+8*41x`UcPY}&JGOS>b+;4QxE6ZxTy!HEPJ-E8+A<1X+wrNn{oP#dTg0mB7H z^?7^BBf%^He^+f-b_C-_3UgbN3R*mscS+_k9_Q&I=iyjg2P>o5B7eh&UtqSpaJ;iMP3PK-iZp&1_UwZQjWMcg-NV5yH zo8;?zHiv=fhp-I#&n%fJ`H#py|1acM`gi1q^ZIY(Uj_Vk z6}@eiX=-dFqmT})Y1lUIIOx)XG8LGiu95yD%7vxXJS@KKpsCr1gSwMWzt1BB1^x`SvZAIfp0u8I#rLLRdtDVd6y{1vVu zoW-w{^vjY2Gn8#4?Kah~TlX$@7w^2@f7d}8>iCy`U^)(UeQaR?F%LbLKmZ+Ckh%rH zgi(<93-F4=&J3RSfmv<0N(7e?(oP=#S?a`4zg>x*<9oBms8uc%XyvI zYz(jvk6`RY;_PVMn8XS_0ESX;IUKxu`>=bVAgC{aRyA<~ z|0d3Qm2ha08Lu$~fTG+P{SH4U#G9zO1WYW4<214k+A(I6GqHuibs_6pybZpRqHOS4 zzTSxX0eI9#bX;|~SK@fK!n0PDKtr`+zSN>__NdQHT*O^)Qt98v54I$eSN^)aDu<6Q zM3r4g4MjnIW=>}ojde@{|EA+iH_469f;iBzSx%4dpZ)4)$Y~SA~6K(LI|D|wL zi>gQ~XacEO6z9>*zBw8&zLrkfkzsvfKyt*+TDdg38UcyKZT~t-Shm{daIIm3nV+}5M9L9>%o(?Cy z-tvxzq`B$E^I0+8rVP!pw=+rhI5IV41Q5RtgH{qx5P1wRXrK5BUjk(Yf3c(Nh^AaO zpb^7_c23$}m|bS`G_CTY%Bw6yo=38q?F*C|G@iGP?qJWOT8)fCw}3+=&t~~gc#^?C z!e6TR@pXcBIO}4i8?@FDMgBSwTX*_aazLkU1CZzQPmLHW2D%8J*KiK}c<&ds5)^Ow zr*QG8+Vxq&`r&a1R6;cQE)Pbgb^^v}q4?gJDurHFbb#2u^A)$-U>_J^FO`BsVps1G z+(EGA{h`cZ11s0vwP__lYXzo$1l(#?lQJp{y!aYM-Gsr6`C$}vc4xe{2mBTEx5VUQ z;d+i*w~Y!|zB!@jdUDdLZ-OBj;)b8ES+;I@w{q|hsZ2W0mNpHMu?20@bojr{#*GBq zl(QsfES5ti3rofmNdP622JrRzQoWY?H~!oKrT1#;74Y<`BzSg5ZhH7acx!<+7ft9v zR)#*XKmD+B-K1u(63vRBR7K-_F=--CFr|ErNxUSLt(|S&^w|Q`R|?d59Lm6IQ*!6R z;kE6xh7C8_t0sh7K~{Swx1#Ivrar!a&a`_w*g9$fvNW$ddb{9;Fn0EmX?+wrtKf~aPMY)TH;iB0%v=LD{jr^ z0;{x@?q?53=^1534#G;tfoi!NX#e?Infl#tNkVe_5Aq-WMgISwBJlsEB8LCBia;Ux zM@6(j{BITUR{#G_{GVG=04xa$|I8Bg_kW)yC?vV=*nt1^K(^2P-&r#BPbSVk|5!u` z_@5Hn7XLM!6#joF?o<8W6A%8L_ysJ%H$=R%sB$uoxHKWxJ_;8kq6ML&^PG~Cca-CC z%7Ku;z7VEXQ@J;v0aL<`yaqPQ;I`quas(q{(AL;KZ=Jt@bx=m65KEn) zujkF?qQtGZ=}P@*^r#?B&xUw)8@bvN`n*ZSAgHeUoDw?C#7*;79y-wC^0$YXPW^9oEmCN>T&!KGUE~An{+~}t} z%Yv0v-vk{11_+!X=``A_Rglt9E~#*|I?FdswL5rh(Dt$HTWXPKguD}atWPLh2YQn4 zp(3tzky2Vl}S>H3YYfLMKx@`4XjaaFSd{R?*-zx~2rtcFV zuQtJ+Kvwfm5Z`1e?xnHTE;OQalDPsxW_^7|HNwY)#VH`J*W0W4X6bBjE+C#rxtKt_ zOgKA&CtC&~tLJj$qR!6#LiA@nY`T>%n@^lk&RPZH5Z0b*-A!}c z2EB*L@Yi_(3WQg>1OWNf<;AS%FC-l8i8iiOuXi?PF>-jYO@wu&Wx{00UxsVQmJQ^L zez1%~1+4cEqi(i6u!5|RHf}?|`ehiz?!pbqH)7Pc*n9haJ-M!{W6Vs08;oo$tZ*5n zUZtBKR?kfXcour@#iHymB@QCEmd)$ zFu9aHb-yD^-)50a<%NAL@y0qke3=y{;$M{TvU4Zwqv^E+T9;ad6{&2~< zz2W(K^)O&oO0s}D^XBV__mLb~2lvF2IB~lO&mq*64=YEVkT)sB&;dAa9!hXbXcNxq zwY>llQpJ-K?{=H^PlyxB=6Ew%f{ljFE0cmNkneK_6_`CdGbQV|!Q`RAB=t0?fXI2e zgfh6MG~tMEv02YlQH0ih%|L@3;IrZPOWI_7hk-w)yl!T=Kv}FG* zeZzxTUn*nYRfJ5nG&*7xp^Mz8(=1useps%CY-4pO40Rk(vVBRa7zmmetpHZeP+W ztb*eIox?&T)z^l#`6!6{^n%y^5~wBNIOoE-27;+2M7cUk^v7V~EXUhP`PU%2ggplC zuHGZR=Y{cNavKzMOy71$UMzn~^T{P!4^jgyG%`T??a++$#pxIo$-PY~U_=1YOKr&E z+YnaUU8mvY;mzP06u;r5De%r*p^)18yz|6sYAZ{a@G?2YQD2&le&ds)|NF>8qjXC~|$1Z%~qt8MDs16fdQjs)}( zJ>TznYytj7EkSVI2o1sZTxRD#D%FBqLTDkkN>Me7C~DHgq-yarad^s2nN@2pM@Hb} zM;PXeM09Z~((+IulRZRKrK44SA535l?Sfx1q0aYSe4Uf|*_vdPz`gum-F3(XO3y`u z2t_}2u~oJ3HE^Q@AW0P~dHtjVFNPlJuCqO=99+9c;8(3-p({q+(%_@lcxAI@T~}iY z;#SuvR~wHS#A^5$&Z42>&F7W#FYoqsY$+fx2p#HwAmRCES>D^4j?)svW2!!;blVgO zquLNx=kQc%M2N`ErgZQ-2ob-{#R<4%brVGJQAEDfw(eOS>{2k z*DmcMRoHAQBIlj?tnoEFlc5;b+gDGs)Et8jdRiPu*3v@URn^$vTW&ei=7|~_@``#)fi<8JlmG) zDlgm{bZ&w4VL7_;rp&S=YWfC9E5FR={&sc_Eyp|gX9@i{d0ZugOVx3?C`BcRTptWG zaNb$!6FuF&DaJV0l2|8wnp`ur=EcTY;x6C4lr2DW-9x~3jD?FzgSS-A!!L<^5$YU_g2PB%_fAO&iF0bQKQX2cN2jleHG(v`7@th;pY}k`v zc3##&cfvJqH^Nn^o5b*pQ1JeJHwgz5;ULc$#&yb_h|jQ{I0pQgD~RubSp;K&zjZ1| zz&`s@KxwKRX)@y$ajTV}6w#L3*4kKkCIm-VGX|j^Qd|-1hEJCI8}=@n#p~_|c7Qq- zp6(%UBk7IJ#{OJ1h1iLXI1v2=6d~tce8PSYB?y}anNTsKuk*LqsV7pc)i#8W&Cx{6 z0x1y~toU&YKxQfyz=a$Ce)ddFzGD>aFze4RqGkIzb`cPCm|F(NwL5o*)SLCfG98wm zl|R!~o?4=;Do#n;!7PN}$GW|>Hy)uL$QN>os0YM_a4brr&lQGa2&tpvh5{!k(7l7w zdqoyEJhO(hss@1aI@l8<1ZNGn&r@H|a#8 zTG(l{oOtwt-i&~%a#3NvZZk%YeYrvENh8Nm>a>C_igbeiAb;&&}<9-0rZ||u0~onT&OrH$>!+SK3&J@8ie^NcQg{Z~Px}-2b%(yK$cjOM--$1tE+-7Lq zA1mqlxOI6yIutuKRvF~XEeYm3Bc31b0XYu2GQ5>LhHkn2YJRnZ3@*LJ2n~HU$*)B&=kHt#FBT!CR33@!Lacjw7-SGu&)x zfX}}A8+_Oh6_OunAQTcJSI%E9dkX@?S&$TK`er}MQFsfaGj)FmhP{!O`eCvosNdj6 z)V>y0&ho~(T}lGPJ`my+V6z1{HkbbkgqC81m0UMl(UBEOcCzLaz#Pj5xU!5r6d+#oxoQfU9sUw*p(r&cxKqRt0-lso6?x%94 z%{ptX>KvW{rTL^UR2eU#y*{TNoB4I9eA9P|i+|9pwz*`7;KuG6sLne~&ZeQAHZhQP zrlFg$z)~d zS&DH2o(?;D2VHXXCGXAdX#1qlnm_CvXXZsvqzQ;($G8-)lW;keKQ-bc~eBWJ%OhT&ssne<5?p~7FVu@p+MLvn0GF?yGiXZ5=xl28&dDak7sVwOI zffQXiV!gA$re^1n&&@Vz5VbSGQo1RXKkH8&0ovKS@BL4NrTArcZ>L1e6j}Z?@<@^f zq`f$}3gD%CLx3+?uj^s)B4?84;kp7=qZWp=$TkA!uA*${g94i*h1%gDwePB3j2FnS zIWT{hNqKTrjiKcUH{MkZ{O&ad(nbt&D4sUQh`y(-;){Tb_|pe}Z^~)Hb}rfXj-bC~ zP*tOlY@&RTiMOj8PsUkkEM+%Cb+WG7dQ!2reTZwqmo(#@`S$d3y>^P z2FPoLb5Zy;{Mraewow6?&o-sqXm)W{ihy{GSr%McR{F3q#NJiq-pF}~)ro@Ku0HR= zs*j@FCQckJ!l++z341H*2;=QK)g;|2G8bh1M0#C;$+GM)KGn{G*5vyg*!6*iId4Fb zRLY?-Q#v}^MDBkerIs58rQTzV+QmADp8|SNyMTyz*vEr&Gs}h>T=;<;HTd(~g0owv z-?Kw%GW)?_JdddY|}wvZi;FAEeO{zDLr>fNPZomTlY(}(uR?3D!XE3X}C;< z_`F8XLh|R?yE`m6*Cn_cipIy z6ddY>&E`L2k+wLzy&?joP2l5s^N~|<>(?&V^(ir z5<Shj3{5X6Z)P0uIrvJ?Y@f z#^c$z@CytqeHEtd5*Ob>dyy7#<|hsg(Rgezn&G_d;o?iIQj{`G3&^jCD36!tw@}kK zZ2b;_gU2;JvGa(3V@|?V49`H_75{qRrrp5aB}K;opy!x0!bGsdphcMFj$g|f*y6aIkD z?CPXfJO0vHn28nCNaWBPt?F3K;w6Bd(X4;Nj`x;^|Aih}zFV*S9G^c{Q&cV1+1*dm zcBU0+I0I<CifT4{fb)8&c2>czHrQyn|vBz|EsoPygBIXwT_QcrK>i*$s8# zT2JF`^aLeJo-@0bgQ9XGgQe@j}QR)p$VC^_o>9JCJPvVmW|$FoM-b%grst z>3gRkoaMt2;4C6V!+jPEIXJ+wB6;V6wogDi@|^DCEcaRnZJvR`A$|-LbidR+jO>Ri zWqRANwc@=_>UxzRjmOSCk&mjeCJV3_36_oV$2X@ajge;Q)aR+dA&GbK7pD^P875QL z-J=|8fb2=()*+}!y^L-1vx9B#bB#Sch#iNMg=_%~(KE2!FdNb6Dgwnjjs%JJq7#N> zGu<)@hL;>lx$)Q29xhEJPsXa%kIe29E5!k;>ZzVwv2a*@vOsJuBWW~g6G_L5!$TZQStckWnVE{Q(R z(QX;;1l^@_q2?u%5K&=+OJgBvFze^jqgWd#6i>b`v}AbHdMo{%SEZeCErjs#x^9{t zE4ECz^mcoAvsH#E6JE#1@@MEx^}tf2zbXdenHCt(0ZLVVmw4oEX-G9F`ho5^>lVuo zZK-dI(8c!4R*CH&lC0a>v}Bmu>X$6=bFg0LvInVLEANAGk>WIo<}?wU$O<-L{Gn|& z{d)y#vEK_tU2nHJa8hqSz}dn;Ij30>pp{2bV$_U01?-a7r+G)q12fMS3`xF_Vs)Ts zzH?y9b9i0^G&WF*1;T4uY`|-lC1Pq-!L$LqsDS3xp&+#7O5(@{x@p&E;3iQ5dQ!s< zwV-FKaKbd!W3r1mSYRFSdmXvo^;l4`$L->5$yIb?pdIv~@N)mz70E<^ zj2&T_))CQ4&>Ng4=vQ+Jc$`JXQw+CY0u<|`7!t1+Eh6o(A!EN+<*DweL!56ZN(9FJy}^mJ9f_${63b$PBNNTQGX<3>zb#H}06t2p zC@>_o1Aust^{06PbuEXf$#t*ig^zPgGh3t|h~vO zl)IutEU$Txq}{?66G!kY6d`fVDJ-mv%gRJ%j+GA|&i@>9YS}Ry$%NeyyqP7LKC@a- z=OMbsk0Z7^kwIDM-Tj@~?FMnzVgmH%^SLiAJ);-#p)43prXVQ-o|2{{uS4F`u7Vys zpm;P5-KX5ovm%t6p!e3`Pq$45vo=~%A$^7n-rY7*?;nC{qK!-0(FzgL(L1e|oHch> z)VaM!lLZW3zPQlz!?v2>HtC+xN9I}cQIWs9R)K+R7|-a{l=gR~0RYBcT0Hudb#vUC zWrPA0Q;b)u2uqMt($1^XK++&2TmXWKUagD^1(|ZO_R;2&v92@t5Hnx$xdntvCbPZ` zBo|NdKSMHBTWHqutMdFp3A(`g%#6r(GI5074mov>i~1C}Vk%}2%+xgE?3(Zn1XHTH zQ(P`iWxqcL6d|7r5%}wgdk+ddv@g?&%jzv~8*9(!qm28;e_1WWc61&q12Ci&>l2u* z=Yx05NQxP(K?V>TC--O=lr&*!24OUQ3!H%v#0wi}8)gv>#LT|mM41~t#rzO?K`cmiws2#i)LVmlV`ii*brey#6;n*zxZ7+)E=z7qGpu;l@ z7Yl}SyM9A3rVNV5zFZP>Ska1o4}wteH)z4ZSC-LE`mErNp%7Z(fX_%_G`w;+FG%$p zOkLXxAiF#0c8;;!CZ5k*DM@RTXo$r;9xZDX9GK|a^{r3xNb+~3W9w@gTYW$Dt?qEP z(hJVtq|w1GbHEleMgCgtoUGX+R<*cp0)w5qJjDRh!?De<$$ebBp6> zstN+u0)cw3eRU8y>k9Nf z#V}ev6l#Oz)8i$T27Rf;ncP36c&2UL_NJZG^1HukPa{*_A;Nns+aw7pqaL}0vx4JF#PzPSwNoNU{K}m9&0)+nz1Rw~W z5X;qPJqaj|i$&^iK4&*z!VKD&Y`c4);(zOrrl&8EzU81lWeo!2KsLTKB}2OiAcSOR zuQxUTAvq$&Rmd2i3#Zwjjk*8QU>$g1Sb!pfgSQ<7)OB-b~pO~$`XQJB@}Ac4OH}@>#zuiaWkF@C)1D2+nI58?8!G|&gL0co*TP`hI|DLbqK$H zZ=Cc&T>G@+cpS2egl^kAd2wJa9AM^PHb0P?wdIu)8X-Aamx=W`@m}xBr{x#}*}6f? zGMOPyCEHkDh6;2FNUELi&yJCYn;8KTfItcwQ%agNHMTa&>zgB@@q|6ni~Efx5&u4X zGv!!YIAz#Ikv57WyD)_uokgZxT-1BF3(3Y^p{@)KL$?WmS_qYu>f?W`Cz2epXGxmhEm$qafKic=a#&b-IMhPm&S4&x} zZOsf_NbI{K9Uu8!x6ZD}zhI6JSe^Tw0A%Keh+d)XNmof=#Y(lTzyw;M= zZ`(%(mYBS4A%0UT!Big(6AZI7u9O2R3LT@B6^ZORue-jA17|(?=x7{>{LSdw+F~?!j-=M z6mk%k3O(p}zap$&YXSOlOLV^?eb@Q4zXg)pEV$undQK7LE3|O$%;oK+;Lco6Kqr9X zd(l<+0pU>*obLv7?oyU4V4e>%Bh(-=5=wxpqGRgm^Y{@#mV?QX@y`i$$uAXl^ z{Y`I!oHpwXH4zEDq9HX4+e&IN4SJ7h;6+q&vPrE3nGhCQ^;E=ZFUmo}d~%ODTXWfL z3p8^Q(QAMe!ExSRj0jZH{$f!zEOT%zhVA}^%N#FRr6b?VDy~qA%e?qV4iQ!|N29d} zdRV4mgTpI6r5*oj4(JgGj-9sv#G!-634u9<-E&^+5=@>g5KQCp0dwsaS-8IFWo!3! zC!_;1>K1sz9g!5l{NM6jWx7K4Uk#pmD;6sx0~o~u9*d-lgxP5z>SLf^9KFRE)F;1r zG}tYH^7l8xbope~m;{)H?udeCoR9B>j~`t@SfNXT``9+27&h*;gbq(QQbB;JO)W!< z`@Uh5u7stiXA!Cpgb`tmB_bVLJrmKk`7TrTv`xUZ`e_ zVLf@RDcP=WNalFtO9LzfgH)Za%Dk zC3)uQRT9Ue48gvs+Mp?z&saJuEcNh{JknmgiMD9txr=}A*>ZjYtqH~q=gn0q&EQF6+OSh`_M}Xrck-)&tDG) z2r(k6K>6$p=l&WpZ1b4tWN7?~IF>PkdQPgMG*7kN4TjQ~c}f%3XR4VRFh|SHqY$AZ zb_XPF7)VVyaQrjegN#05Fyc`)63fmdF7fB{$Ieg!eKD zmLTK}xnj#g`aB=#htvENGV>|5J8EzQ+4a^3g^E#*f-6or%hP@;nSOKZw{9AF@*|X~ zBELLeO9Vg|cRO_yG8!UUD~*zNsasfNYeerrgB0NI!2_{3WoET4%;f!jc1?AR1?QQd zJ5s%xL+E8Pka8`ofb~j|_TVN!8K+l4JaLdnix>xM)$X4VQ}>_H^U^%(_Z6UohVM08 zvMufiCkLgJl|~yqgJ?CDf;NP46{)E|lK8~*mY|&%fb;9(0=6TF{ni>}rMeaJQNiV={oYs!QO8K34m9= zQgcXFJP)qrfQ3hctQ`{0td{uxNsS~gPjr@MZ@0AYz5J@0mky5o^nE`GLPe$o^VdO{ zY1R74@9uZkB(uW;^j#nVYn^UOgC5eO`~8W8IBy)e>RmQ&whFDhKEbi5OhI@G_Gf-e zjn}$vvjV6)Y1sSO{z&A!2>^nZhG}giR#jk0CK6GY4WKrxDAOT3ek5kMJfJQ%Z-OvS zskjlqdd=tQG{+C@eN~N&?y#?+D^z%Qh=_^FXnp_BBHkZ6*g6pVR43dl+4^~D z$pDO`*)b6f?XtmNrSe#i^61;7 zpdp{P%AVtqI!&Pyu^4GjR@NC}ks|ouZV$iSP(oPLaQIUj>mwf5#%@@}vdG5hTaT9= z5A#Ztuf0$I*2N&gh6KPi?Um^7IA&bdl`xiO*moqH1Flb0qbhSkR!D(}b4<&)EZHj| z8qpFtNH@peqwmE~(!exY82)`uP3iBo{iio@h)HU*w$f*L$?ntvHPO$*=?30RMU1L{ ziOj0*b@2O;C&CztN|b~3F`X3#)_ai&JYdzMIiZcar0Ry62qlPQf;YneTTSP^jvt8YWfZ^(%cjH*qvFVgw^f_`?cDkp(iU4m3B60kY;xxft&8 zF6Z|uDNip^<*n7m4{q$`(cvAZDcBM9)C`X52F2ls*O_7X_MO@{zK;r-2-=U2@9dOl zy~wh_me2c|Wl-PhcHH=M1KkmV=2w0@_cge|?rZNH-ZU+*o*Wt`hh=JoQrV~iNq#D- zB=Re*@qp!_Yy2hmNQ(+d3&YX4x^V~^obfS;pi{x+kc-}yNrt#CvJ?+L!KNjontoKi#6dW_W zfQjR`t!i;DhGvs?`!>e*XqQ4QN?gJfSK1PL4#k`uOENT=nDE+vyqV*_PRf7qW{Cdf z%?$i+Z|3is&R=gPPV#?yGuw24|4P#T|D@?}{Nv3CDgL`R!`=1Y-i#pkzk4$>DE;;n z^SoU6iIb{^QVvaPs@`)4V^I;CzBCBQt=&}Lu6goxwxx5HHx}=CJR1_m+8z~@hTVqG zuW(&%a)$5;Oky#giJ~?6BbTJN(O=e;0LhB=+BGh(Vx{|G#SZV!J2G7TvOXQMmhk~n zafq*&y>QUK*^t*L*X#AuI0^eCN^sJ{VnLxKS#j!;{m`OgL}ygegB{8*24MeiuR}Hv z(Vn4=D~PXOjed3z8wi`7lCK7UFjpBkjd8TvvS>KVAcMbEvB_Etg9Rk4ji5LLQSW+U zn31u=`ZaPG3UR|6plV{^Z;|`Wgk+XQ#QC5q4lENu58mb;?(4QGm2{>scWLigL53Ca6wj5tnEO|C1mH6+$Ob2UP)& zVXcq#FIyDz*z^#RuAc!6^=S0xSnU*h<;TMGOqMXFZH5|;WRoEP3Cl9>imxEtk;hmA( zN3o|ha1%gw6WU-II^Ze&d?1kb$5;1YWo}kQug0{OV1*!PIvjmv&2*16$_UPPN zc83p*)s+L(AemPkW;&K80E!q4sdp!JezKqSazLoK%cjshg+YGng>j2P z8;3nT-n(HFEYx|P4z$fR5O z70mPMBwu1Fy*6RpD6YsFC_2u-KRDS2zGHlyDaF|$kn>&b4v$SmiI$e(uCqs+f!dwn z8Pz5;*|?TKQw5%uRRh%pGsl=a^{UL(LnGHt z&FcK1=WlFwAqf2=x(!9u_2cwiHL8c#A%$qhWT1h7R&6-DXY0;zr=~t$rw^30iURFT z#Mxep+dn1Me7}t`@CYl1x1p~B2kGnb&|MBppFE7zbC%*u4shH4{c=#Fsnyy_qb^Z1 zH^lxl99KU5B|Roh8mShR#h-p@wT`yM0p=%m7EDQiGkuJNm!+^CKOOJBl7edv{Wt^T z10-;t^Dw|XEsE~bF}tGiXUJHLkyJ9=%$(Bsw1qKn@H+Ts*HMS}vwKp*z3hVlQ%U(1 zoQ(DBR&L~7xR5sDhxgA;VmvsdMvu+$A=LDN7gi}G@RzKUwA4|6Yv-IZ33oEuCqhM? zx{?hF6B!kw>88}CSNo3x9SDEjy%`sZ-?>5$i2@VVMFEv}*wI zN3jRFh$}<8K{;-6H!Ul;4n+@VszJCm&um5T8nVvGgSvH^l$Tv=Z*a00lTj**V=B{` z_v95>m)KT8U%e9+3PRe)*dv$N8mKA!<5p9uJeh>0ovx6jnQe#qtSw%e0FUF=0zdX? zz7BPp!)cgz=jZ*4L{ov0IklDbfFvXee&lk_(zQ0cbwlB$qcqCm(>ws~jz~@+|A~>O zl^pa3l*f@;e^O}M{ZC$^lH7-sYyF>al?_vZ8$q%5%rjbQTASbu%qmne5&t2a-+j(v zgVDD6TFX5MU8O&NV!#8cJ4TeSlR+pDIS%Vy!{sR@%uG>_!?1V}Hk*v(b*JO{KTcqA zNkII1&l|$>G$eO+>a-X&;Hk$y8;Rj;<$|}kKGTTIJ1GcF76rldP~(Ir z4Og5k12P4Q^KwO z_>^l-DZkurHWhYm4(-8QWJjuPRUxW$c4m#WOGE0TR+Dz4$(QZ*D=JXa&n z&~mfK|Cso@`Scbkjy>d6-Nb7lGMotvDN8Z}s|-iVyTX_OSWws{Z2BDM0;5+OXv$hG z!E%)H2q%W;u>T`3m`}WZdu}_;$(G)b*D-4{ z?m`1b*5c!@M}%9V=ecflSqLZn)Msv|c|jd@ngH(ZoP6ux{T5Vch^^jMg72RI-$(kl z8Jo=BUK;qsOmFl#6j&4<>H(eZg4zi@x?QH#s-M^;ua@Y}xIU&L#_1b~5@i7wIcNh2 zygugb@Y2O!k^LwJ#-nJY8_$kbVQJ`WJxYif-9gq$gA}Hv@tGjkC5*g(cdszk&{df~ z_9tvBz&v5`#%|v;Q%yzviuwbDZeuNtt$}0}g=q@yq7Uo^&0SUKr065-j2b{x^^c+s zDD7fNo5)yMuQug0@Q(cZ@+}MC>OxuIW(O^7%1v9Efqz)xy$NDe?58YiGvS^gUfiwj ztl6HGUF-oTuDFQ%hL&6c@_j6@^nMpIr^k`T#}svPj^CVa*X*O~c^~r>p#S;%zCo~K zROV4$zEL1p4BsE~(8mx;SLZ%Cb(vA)Ma7Y3+L8lN{3AnD>XxT>T}iCRjQ#;NO(7SK zCSdt8gF1j)=B}4Zz+8cXoxINj>~foHIRK??k&2oE&Pq4#qeJb0^OL-iHXHP50!qNY zQO*5@y9DC>9ML3Bh+V=bvnf7IKxTWg1qPx!`+dLAbYb-yFfKy}uPXq=*Vl6crTOwu z|E_lO8GeT+y{*H_&|ldDrVn^KVx4O35#wS!rChwA+-k#r=+Z);EvXN-?_F*qf6d>@ z0@Qn@PTf#XLiYja16%h(nzR}rIs~e<9rxH%z>*u_3OZZN-iLi|@!PLc79bn^_%)mDY5b#gY|gk-YV&S4C*^YA=W*!pi!*@~5;W_heGV;Bz<_Z(R%M(hNn;1Hi-+sjx7!l5f&F|Cxo7`hcd|j>= zpSfXat{P8pW!*(xFWS)+WI_HJn%;AM;Fpg!P3XzF&)8aTMX3GOz`qu#-~Mh|-U@5_ z2h(tFFj3;fiKit?>46jDDQV2S0?ZsG%kBugT#tx+LKyVY)x8_2Zfp(cuaAB9 z2MltHZ%G6=4;(OIS7E(&1S`%#9sCSVtk#}h9xry=&){SfYxy{XsAz5yKu|{M@*cYv z9?%YRK0JL{uewBFENxrvGr*NS?-wgIc?c&bmAZ}g%}Nk@`0LkvANK%K3N;Xm5f>OQ zV%!W*eO>=j`eT_eW`rgY06QeU?-F*@0Cso?SxB@U{?9}wYKZwjA0fHk z!Dcq$JSqheS+PL?Na*e^g{b?DipOB;iI5}535DUaZH@DIuz*R33}8I>NunVh61uft zJAQ*ic;0e&=T1Z+V4EywoP=RRw|a(W31QSW(N9}XB2%sjhd8tMcfyTxGY~a1dJ_;( z3MEU~yXfQH_X$Nr@HI_+hK;FO6s(yi7 zx~h`Q7=1ny#qjFGU%&XHT4dFclIgZp?*sXL=x_AAGmP4Ip!nC6jK?eFF{60JaJ-;y zu+8{g&qljDa(7UaqNImz?yEyZSmL8+y!g?Eaqq`}g-vTM#zn6a>)t7OZqcq_-9!FYu8D7nhfveSmT5yxZTuh^`gAu1gb` z+tdo_)$zjct7W6+YCfUM26L=LvL75JJplSX@pQu+1e0t61-yhHv}y1qbT7kJoshL( zXjb#N4c^@REtt9=@*4c+elVg->!ofKN=n~YuDoOj%A^L`W4r*m3__aFnfm-OnxpRT za$$B3D}w>LqxK#| zmw54|S8I3Dxx(uNI77q32T&iO*(`X`D3#l7`r^5T$d$B0OOpNRQ!L|bWM?`}^a>w5 z=M_RvXJSkaK`6Br0DR@({)rgi=v}5V$yj8U{R}Y08pw}Rv=ynHjHrNcPUMu9`}O|5R??8Q zYIN;ESt}nl1AJJ!4^7)=0{ImQr)>?#%-sIA4tET!P!GqZB{RvfJb5c;<|A=EhEd-f zv_s}60dX{4JY-=IPz_jHzu*uZrqG;IOYn^HL8*Kk8%f-|t;8qX@ro-|+*o@5r_-jw z1?>h{J6}1IQ=p!k(#Y_sbt=Ek`J8_Qw(J&=7a>Zw7~<)9#Od!N)0VR30m0?WBet^= z;($-Rf~5TQUg{-`WhFl`t(cvYMkme8w}i%xhXC~mZGFGwLwd?G3T+2uj8)=XS;P}YnEqvbj_@x=BeH^W^45a zspE7fD1(?<0Q4s*Ecy!w2_$Ca^=p zeZY6Nzx%A6!0e>Z)r4-W3*+b6-ZL1?J-FEL#(aA>cTQ?-EC==H>=G=%zqy0Ko|8)ouB#>gC;1NO&b4-U=OqIoj`Qo-S7NS+YJobIRta9e$ ztDTfi!Qv*EC!;!kyZyi!+n75K%6(e<+dc7!G%#3h>i_GHgMF(zEP3|+nm_}waC?c{ zV(+}bAGAAI&`P|nn6mGaebUmTOn6xT^127?zOCq|DlD#fFC+tK&|@Gel4FG2GjuM& z(#CVuLpb{a6L)%R#AwgI7X{petl=2l(0_%`^WPL_ty)|>$-9$S5h$mr5!OpJW#fEL zaT?1B$Eh9DDjq_o)1LA}y`=A!Bn!fVP6F7iLi; zy0??kJS|Bu5)Rf4rWl1h9|W+#=Nyh%%H?1@SESw))9FD|`(!{mclt_3I|&cYLIVwM ztEG0{UsK)DevLf3QuMd}P41?$4IcDS=@PK@ZM#>tJ;(0nOlAmL-s;U7(!VhH#jaDe zN2nXBD$=;yYh_yFX&GkjFoNE}7tcQS9$reyH2}-QD}*$zCis};hzw7o{E!x#T^4wq zXeurYQ=?>`@xE|JkAhY(t*w>XDb~oaf@sXmSI~!L`xAp^Pz8)!1%oBGUzflK3b4;n zLCmV~7$O5!@wXtE&>{@=SW5d;?oCEUZ2bjk7p%2b(|`&dOCu_^Hoj$sGmcNRnKot= z*Db-42h|^DWWSDy1igydx8HDt<<#baG?tGmUT;~ahM*_O6_)=qR0PJ0l)|-l12DCu zh1J|GNy!c*k+u^^o7O}TUCF%Ba^c(6A?tK%CZ6mYu1wYn1?7B9=~0p9hBKzf*oFGC zgYS78)+Kh*g+ER`6z4S!{rvO>UF)3G_DqA^{^53jDBBc$ChvTS34 zKfiW;PL53ABP5d~x}bawNKx?qA47lnE8hRZ(24$K=zaff=n7i@7`l7;|HsgO|Id8v z_P_G6BL8XV3R?d*^nw4|&;L(C>YrwWmd_@(>Dgv{ne?D1koytKVr0}my*cOGWBvJ= z9G#1vSoxV`N@b@aT$qbPz`UiLK{EPrIjED`zljIa%~K!^Fh|W)<&3X?NzTm!4Af3z zMHfyGD_#lpG@4dwqr@530n;^6&^p&MbDoEJ7V`hf8`s0gLVm|%RniF8n*-{+kOH$% z`o!gVt+jr}5{CVfE8}v)2S^iF_xpWEMj#?k;cQLYhh~{r6>H*K} zHRftjy-0u{0JQkr1-;Y&HEnYmJFK5)Dk}rN&dlmiW^lZytTurXaZ7co+ zp2Xz7c}{F`9`)ql2|x9I@QB=)q!C!pHnw)7P41Ci+-6R=^^lSRwg?2FQe*e6mFoFV z^3&I0x-FDFKi}c%w$O_aBcZc2oH{tEi+1RcfDz*ruChB#v1ekWRJ#|4-@D!(cb*x` zlk6wV`gt^mW@Gx|mqOUhv9lwKl|X9TW&pF=k6O%Gjpy^@87!c3%k1|m;+;pcwoI8Q z%Tc7N?HP-)9wX!+sPOaze=15&Qyf4&wm(QaftqM2pZ^L<|HP*_$fz9qw^qZ!dmyo{ zM6jEAu9~Pg7BE!(dA^!jS3oyJ+9o}cE?;sHsR7tO}AL}vHpTrzIEU4lhJK(nhr;;CmAA5PF7;mvB}OIp&R*m;kikkPE>_N$ zKz)0jw&L&u5zb5HCr*O)?2=KGYk($a8~M?__kZ7+ouxZS!JX3FhMW?!m2WLpB-#6C zvnsD9fhXRSIx-1%QmUKfLr#Y-NNCEGLFvC`@j*d6adKT< z)DGYJUgJfuo1B zPPFCrZNK)zDMI*E9czG}lWdb4su8LOG3T(}n&*hcN$-Rn?$fv_wE=I*j4A+ZdV~>W zy8Xx5GloLmvdrqzAvw7H5{$XN`CbvirIfP>j4)5l4E^bf`bQT{t-^2|!V{sqta(`uzHA?)8eMZcUd|@wU?7gnEmJsEcz68igN+hvJB)@lh;p zg_n+fX*2OvB-scsRnU~;Z~y08Ld@_#)2x5H?Ea=%v;XtWuLkn3H$OT6;i|`f{(DNH zar_*-&$0TRM%56=c&RtCxAuDm?6(0==eo(fj5d#;@r%slcf(U13&y6AU$`70128e$ zW-p_5V=iHx{A40)qv?oZ+>t1NjNwadU#w2Aa;Q9ALDo8%btG&gsHBr{EbT@*mLIvR zItB@L3yC5hO&d8zJysAE6!|YG{QI@;6G)@l#DbYq%G!4HG{gd0j}7`sw?u(gH&zcb zh+*Cj_EauTkWU|}HvxJ1`M%Z&Oy%I!+5&TJ9J?^KPg!x|*TllGCfm1pA&6snxlCK` zf;1z!draqSY9`jMSZ$H>^T_!j89PLVr^>$tVjxcmb(JuO^}|I=OBK;%)=*3YO(!m@1qQ$>+w$X|KAV*I7cg%`)v^zsFOITjFVBhEL>Ke+< z!T0+#>}LuS7r_)|@e#Ex12oJ07~Oej3U z#;z`LiG%%aByiW}>Y%jshuzuPGw=$1XM^9SwIzU(YIC4>(Hsn8P;x7_)Y~gB_2;5G z!G{S;tF`QrG_sHDn+5>evB^72>t0Rii_ri%oB(rP>59MNYAP1!wgKP}fI{XYHfa*) zLcv5G0rns{y}i7H7}Y%F&u4d)_6nRc>Y*+=C=@Fek561|r-kz;} zjI5eJH-h#uI#HfFsLHkS8?$$ZfMU<<( z7<=yIg!2|3swRzdz<8imUktY@y7fq&RIz>l)g+<&ECe;MRIcaVayu-E zOcy1rX*xVfJ9%;p&`?XIQ6jD|e#03%HzeQO4m)pIy(BjQ0$;zuk2SAdG@tF}!gX(wT>@^6~WgcWYS3xJjtM~Gwkr`F*(Xr*J$s80ArUXo1!07vYfPT)h)id29x3U*&{Jq1Uf$D>hd1;kW z?cI1gx_SI_6&0Yt3Agh=ttsd%SxtS)89@7k24uc38iMkN$yh?-ciV&cvF~7WBEX1T zp^-V^WuG>n%26t9Sx=zx#;4>Q4*~MpHMR`_Qg`v0*h|?A8<9`aNW3wAEZG2Gk~9VJ z8b_NO!YGcL6UZKNNX=)k8pD9`I4+qWv@v$DzEY&Wss!xUm$dJqr{yJbxd8{Dgz{MA zNJ7NFpns`x4b=EJnIF~i7)$P8UZbb?{jSPkIk-yBkCsj^qSSsWDPBy*O{9x-ZwUNK zG%8kZ43N65jUSH8RXO4M35e4j9^3T-`&hKoGL={v^>=C{{IcWEC3tV~0nWp3KCLqm zW@uRD*gWcdKDE!v11)PkKnz@qBUH1+-2}(T(cgK1mzUDrk1V2TGikM?)6|+sxcauS ztfK620iF(QAK!w$vf(jZF22!~J&)7oaUn%L8pfO1y$^iOlkmp%BFU%Kh=MUWc%FOE znqR&+OD$t^%n{jgk%eXmSIMAobk~q6m`XmhHE|gG8k;_-#TI~42lm&vaJ-u?;2u@o55#i9B23DLC9pzzAYK&$&F)|Ubj!E$N7Rdn+RWS;iFd*2 z>HCB5#bP8!oAG`m*SmRlUSSAG-%WODHt9V8aXV!4N7D|P-r}^g{FC9!cm%rUM1`#O zR`YN~kJez*`m03+1MwGB5sEo|y$f^t%+hPiDTHy;AkPb5 zH13Ypcw<+!G0UQpW~FFiFB6xRg&E|wK9M9biLZ~qzaFtnU;y;FlKQ+pT7aVGslRZ2&m$SC9SR#T0bo;K7^wV# zd_#X7+Gvx?F3{B%M>L&%)d)EEYQ>)(~S*BGfJu|;-}`o5;9C=fqjQRke}$FzCK5qR+nQqtoq%$WC(&24RNS@ z9i)BdrXb9gK5N*((EQb*qJJo5b(<7@!{&BT=jLMwb2g@#9BX?@7KjqA4?EIJySP$} zHysG~FVP3y)4~@Hz!aNynsj!=LhUFPa<5~`YBWMMgIPQ~*rz5h$NE0@M~lPP3=_f& z;<+dO5D%1OcFoMFxnScK*+IwTF;0&vd7uEHyoQvkSrDD$4vdM5p<`M!k>T z%?D%!P;zacUCgqgs-*`Sa@8JuM-wB5`MA`6%zB-brkA0@EsAyqbnF{3bTn5Uh$i1Q zz^eEx1xHt6vO=Te!y|jQQFEINTBKR@FV_t@ zxdmquY76PnH5zk@KX_a)!z}8;BPt_~GglF-@Znsk_3hRtD-;X`Ue)9-nw1#q&1Opy5*EmH)mhk8i0kY}$Jrg6iv$0h(7FGf(Eo?_5dTYi zdjDH{43+-T9<#qKn*TS=3i$5^o2>5tnP%PlSDN+VKhOMzO8?d#koJF{`J=%_NJ#*v zTCMAr8K)TEIMgb(ssy8kF8P;2w{2F0)7Pc7XV9Gt`Y`TNS3dI;S@=Ogt?KSX9Ao)t z>>QZ!LG4XS6y9Ch4cZWPW#rx%DqVyKK$Gn8!^eg+2I z^lo@6)vJq+J9+^1sx6x&Z6m1xN<>x?Q%Odw{%#??aa$wuB_NoMs&8ld7gR2G5ezZZQf>W|(;~=iPFPIQHAJ<*C#+Ms`F9+X1_Z zG88kXBdiDJM8f-=pN+;FEVSMt8s$wsULs9emb?LIeD!+Khr)~w{HU)LVBfw>Rfw z6-2+_%hN<8(!z0qnWdW1u6z%=6ziE%aBwNupgBH8SzJNwf<7{@n#J4zB85)skNWsi zooP4dtcQof`{Q+z=@Lf-5G_?NS!B>l)Xg;l7Z_xkauwz0LU?t->vnb}3<6A`9CT)v z-OvxKY;y7(K}A4cTLMzOA*U}8U+MPIvgz?sD~|F_g#oSys%}*EN9-c~EZ$0-m_9o! zHhXq8ILR#}=gk41N&g!D^!Jr?+&rPWx2@%PNblRMzICjp-&&_#-n>q$P-W3tvRWxe zTX$v9KCBY$Yfo60;Zr^{=Vn-(*ikVV?AW$Zg25}yhgs2#na&J$#$1h1XN@VehB*mg>_Q@SA@7~G;R2zX|472TcWmwy-{M76L zbWr&;sr7O!Ax^iq9NrP=IRW9MAJ}}9R3H9D8?iA1nCdzwNr)eAEzG{mqNI#s}sGS+t87r zAvNo4te;cuw#(}$6$q#H-B7*BUv6TJvW|yGCB0yc!4|F z!un{;_nfVI67j8OR?tn{8|#|w!5ZJ6iAWw)F1w!iK4Y>P<72#&s@BZ!or*K=_JsFVBVmX-bPtCQT!Du}0c|o2Z|}1x0*btRICQ%UEkfJ2$1MbH!LLP=)p1o=k-~?C z!1BRj_v89{^`g%TdbhhTuSjBIA`_P zVy(rekIy@+<{0FjMU4YChvedIFnE`GkeLpI#UCiHenYr^QVq{jg9K@fJN&VaEGE7< zSp95eXll$u*(d`-LR>e<*H;0r{bsXXk?iLy65+?#AeO{R(^^mZI! ze-LMYs9H1FEng=)BE+)WKS-s;4|2Y%J9@4%N(5&y{tV_wKc!@d^yn}|e$I-gumjI9 zmSZmaWzqlPm`t2(R7{&X1o-#Uj)g|qZ(Q{)IE^8lUpx5K0c*FD!n#!_e(ZPj2Aja{ z?{=H%$!5vuksbvuz9Hg}bMqyl{6fTc!YG+c*2t^bkk_&$lQ_kS1xiTDOwA{8agw@{ zw17j2H~3rpV?Y{H%N<3*vl&l~Q%o-rInY>{V8u~;n6z1K?2}J_JvDV_<9|%oYT8sGzH)fHzs#jfj<_qcl{v+m>RR>3|bIi71HOK?eSpp1=auGUKM=J|m-f0-j1G9_)YBjj&Q}wr< zdWQB(NR%!mZ1+Xjq99#Csu-YbJUMJ|XG#9{($93+W<<+gZqwn|MNGBQIga=$4}KKd zhF5DX)mz2iEjESDjntaQeR%Zb%x+RXqwJw^-&}Yg3&1S^c&pz)}AIjbLN`5 zSdoiSKW!oY?MC@GgbvkFxT|SRAj7Vw#;@5krCBg7kv^#E>6l*}#o^^pJwh+Pww{`J za$@v_0r5N@9*vk9&(cumy|P@8nh+HE_QbJ2M0FNe!5+2KLKbNg5~7A0hxgXf=pso! zWfEwM>IzKwt1PE{*}L88qTVVdkcYRZNCx7iOUzYz5{&GRlW#l-wSuL8%QO%Z1Hz#f zu%j9FyDx`ZZnpyGf_WAMa0lHzCVf&TNxf27Zw0srf$AkEjCZ=SHF>k7ah?7$d*R0X zWt=NbwDPMc!ape#g?~D1=r#k0=a^Bhlb+?k90r>w!Da|YRWH^E%a6(2phGMB?POlc zp{6;~J322-m2edf0YvodO*N7KVs>8!Zl2tv3vitm&Tg}jqAX~(oho;j?$M$e>ds!3 zN+4byVfBK2rs38JtdkbjiB)GIHi3)^3U}PCJjB;7Rq7TR_vcr4F663f~zY*ZT(S_~d*Rn5UIAZ$z-b9cj-V>|1&px#dsC$A=CnO!v=S1aht6zTys(vRqK zPc7Qo{z$&+){g@GC}@z7Y94_rn5vELiIK{vW0?@dN9HgvG0jJ}9H>-GgR3?n+sCzG zJ|eG`>7Sv~2bQ}&$c^zo|H*%^nw~L0VGI;jV0s?oO<& zg(?J@j;n`w5f0<6hU-HL=HUwQ4Y$nL`Ao#&N#~SF2XLRs7odwkUFW$dl?exX>cOsf zl(dwCU>ISqjqy3`^I!qy@Dv2C=Do$9AW~>TmzDL$FiO-L90@Ve5K|;o#N!I(O))CV z4Qj2y_gsX1PhLiua7T)yO|{tNkGTueAC9&_B}Vp$s>sXScr z{0jzylJ)PO_OSDIeJGudqVw;ISTk2_;oLf4(}@imsqxj%w5meVbgBSB%dr+d-|NzUHkw`8mmH zF`<6TZz;!S!;f*W6Wv~Srb{^8&2T-4RucazSp_CEmr84)5@+N-WMie~J!%nKN%y)* zSKtQtqvT$k1c$+bzi=*5l^+@wcR?jT1;AM+0mmq_$s{kUV}f>9W6A{I-?-stuT@XH zlifan3CNw&nv0@=Ms%qzG5}uG6Nh1W)?nHn>nEb5mih7>&0`o?;#zz*q}49JlAO9~ zFSp#xifv_r#+?MW(>D8XF{Mp+;6MI&?KwF6W4fTjRnZ^Sevtx+bO*l3;AP|Y^f9A5 zRct{YCkc^R%shU8fuJI{yxSFk4`yN$f;)Ni(P*5%qfD}}i<$q5Rap450s$OYfYvb2%Kr$-u5x@-(QWUD^#1pMV-%g&Dz0( zZ>Qo+bub*ooLk)gN65e1bLttZIe{^w$!7KLkkrWp4lQT^FcVI2jdo8E7+>Y9IkG_A zVm6~i4T_A-e+xWUeZ!d0b7B2fEI zE-^MJ32BNJbgK@ju%G0vFn5*eEQuy!E^hdGC$FeJBP<}y?`pyQ@x8RZG0O7N&3 zAZtdWFZO35x91GzX??xQ-gV?NsHF}7Z!%TqGQ8TLae}|2a9Q$=e+}~NV5Bwex9^QQ zg(5I1=aq;ZY@7c&Q}-j!N8*{DqI?f0TXF(dQvUzq4xCt(Qb zT~~ui*)(fJ8=ktf(83m-I>lAs84)@V-}r~|iaK%k>!9jVjY{ znA?{CB9{)K1NG`Y{K&cb$0zRf3T}oeevpW`uLWQFgpX3mdtg**XOwTJ+_yE^{OiQV zqx;%%w6D7hTu3J@{?lu`UfiMDTGgG-uQ@kus++h8F4y~e>|=M%$)R>hbLVjOPni9u z#P5-pbs^$G@9@c5B7>G?%8w&Kwz}0L3N*~)AJ_xkk~MH3C;1BH{nM@;I{{yEP#nOT znj+u^Bp;pbD@tH6uV1tv(-d&`xAtfk=E15x<+@Z~?Onr3o>{W$mW1CnB~K9kN|rqP!FSN$+r^g?S3_7%o`|NJ6b!U7%|bDF63E$CFpK~2JSjQHV*?o z?QooG0T0Nk73g1-SEiIEhhDrj1o(2F6H+`baU%e2Z2??A0Q=P_F;sVFJ12u0R{SUz zRV_Ck3s8%4EhKE6G$m}yX)BN-WIb!d?Sg#R}mrwSRY^Y8lK0N!|R|IF` zX7C8|IcPXmYk!(|M|tpp8uIv9c znh*IB;xP04c1z>wqmwD!c=bSaI9HGoja_8zFW1tq1x5_C_f}eU36>XryA4PSq2t}~ zpdbP`rBU>y;0}rX>$i=b(y7WGPR2_Nc&7ai99%LLndF7cbxZ}C@d3k4PlJ##(a3aW ziZl@6ObnpGsvqjpvQ0$>C2lBkmfW{x3Rxx__!krx;)t78^)*qjxagik)CmgT)a82+ zFtzPzbu=IP0fO@BS>Pn;+y-RAZ0MWpR?hn1noBn7dJ^PJm9d%Cdt@>$h0Tmqd@l4F zF>h9msy!IFrys=2OlQYzx=t?_u-ibR_w%y6ccSm`f%ast30g$EY1UWpz>)lnd=(y< zi!Rq3xKi0n#F56@q@j$;*1gHOZ-F@=9^K{7pMe`s2`#X;u?MZBu(!^&42a^yDae(^ ztf(vG4n-HykD51jaJhWIRC-^9MyWbV+M;D<@#AF9G)jw>r_I{+7~}Fyh8uSW4y)QE z`riX0rdrRBAS8pCA+p^ZW8r<4CP=UY(W|Fn7TOEG9xlVcw(CYnHdEumExi^?3)CNy z(=$HAIMdD18t}~MqP+-YnK++6IacA5k4?#pffR7_@)nh$H!Rz#Ae{M-thn3>AUN0Wp_ZPXuN`HmU;<{D zC7EQk>?g-V1ZP-6M>mr1L3;m@b-|K-t17g`e;0LV{5-x{kTP-*y%mm+i+m}AEf5&7 zZt}vzy3alK4Kd~EdWL&@0mQU9!>k>$E&Y-2C9W*Ti@Ht!T!`k!(cGl805JdEcsxO5 zh8CTsf)remjHi^8A1wh7Zsb5A02R!9z-n@X#2eAJxu*=gs2g=8d!>Iwyes4h4Hn_v zUO84$jvgIti_{RSY)X-n2p0;^5(reeqZ3zu`$NRTa-iK;cG-$l=-r4f;0}RPC}w%< z1o5~bW1u}mM|N^jvMU^9kl0W8wz_XZ5J>f;D}qdSeGX22#X)Bqh>&Utsx74sJy(Is z1MUd1v+I7uPhsrdZmHn-%+x*(UbbA~_5hgFI!P?ZE(N4%m?|qoH!=Em7wNKl9U&oN z0k@Ynvs~z=zNa%j(-}j9IC9?`c51JBwL2?2S-lTLw1mi{#qqGgC6^IT*1k3aHQ#qB z=tYR8w#(G==Ras*v&#<2}6gH@nsoR*e&$JtA)O5Vdc$?{y z7gsL4lx@yQ2&5^I&0p_#SyUH4(;bG!gd(@80#Bs3J+h)|<8azMZXX?%kNxsx45Bpz zZ;ruxSWzSM2F7y_!B2_HM?b?pDLG)itE3hW88CZK-H8JHf!%j7ga#-=T@!&f^MsV* zQd`r&@7TEH9+(U;QAA&%FlMxtzssh7*k(>x3k~@jcJxz|OglAH(-y~>3;=6y+X!(G z;ghqf??jgEUt{`pN;zK(W3Ie%Dkv&4S;u5uVkJm?q>>vc+PEz zd7^zqXeB~eJPj4%Mnw};;7Wz<}q12--Wyzld>SX`0my4f;o?sv{6#^BZg;5O{hJ4j#X^g$~*t_^T-)qYK~ zK@>_Nn_(zC@GF!z35H-TTBotpJU!^R&KLM^4(B0!Tv*Zzi`*}q0?x}edJygdnB4Sz z_0KuJoGO7QagsS6wL=Cv6$!$Xe3$LUop9`My|%*nv~@F zAb-E{tf}H56uNk3-b^sI?vt|Ji|`-OZ(}iuRE!WCe(Z&7EJ1ZT>7mLJ!7bMF;Lo2e z$_&;|t3Q5i2n^Z)cjC(#kOa`9q`~hzX-(agfP7nm2HO}ebaxGu41onC| z@U3x7y5W9MSd)L<+Bt%|AS31G9poJWGN#z)dfCRcPr42LN;rgluCZj9q2m=A>Mq)J zKB<_CH~s_DsGfs8outu-QdkMfFa;R7dmDDPBC#qaq36=^Arw9#hc`lkLu@E22Q?n> z-QyWEk7^7E$a(M(=<9{7LDVv$pC;r;hG7E`J;%gms4S5^3)1ub$>P5d@{4y3LA0L3 zFzHU3OmSvBkJOP&RjD=z;A*B*Zu&j|@H@ysV`^nU2DOieJ;dUKjQ52iOmBNO5v(kT z2Bk+|D*CW|Gv-{Av2;El={qhPIMD&gvF-3=?i<@;zx*3 zF&G9t(s(;mP|nm>hedXqG3QD^5W=q^N>iwR9)7R75M@e3LRjIXbmfVF3*>5Yj{_`< zOeJ-|^kDP1r;{sO*kp!VMoP)?LQUsb82oNgU4sSIcfD*i^Jaa|(V1YB7vgD#QVvOs zqH2x1i4o!xFPV3|qB1PU-{cnyiVsyMzgHiMPx7g6t&alOy$Nqv(6p({F^{wEX?M9I zHK$hLbQC{Q2U4tdMD@WO+#u4p+-D)=BQfP+}C-GZp#VV ztp*M|1o`;0HC^yNzyfUa^bxK;Gg#A@>g;mUPB*&)bV~*>6;v*68iI{40r2UoYO+U7 zFq%$|SB`-CKMvn=qEgsm#!q!U(YAd-~QnskQ9kZnsa(%BIbYOpq3S~DRRHt zSWYEv`NosuWe$fmcWrysUn^nte`honkXH}VBkTw8#>Bq1e0del$p$|e%P>5isC$@3 zV)onz(1lTnkzYTNt)vjtCG?73Al!5}@i z1khkcmCfUr&}e%)+q7koAax4Y8nVS$1>kNqU3dEK%|PKu=7yOt#*kZLTA1d2xUmk# zfht%?)o*>``vz;DOFj`hVBe{^@W8nFJP73!>wgK=ur_J7+eHz7{HS9tAs<0(A;5 zsg@{AF2!3Cj`rIB8BuuyiH;Pl~%FmLck1pQD10jVU? zQo$16H{eUMJV~`K7BH%VM{!Tp%O9%=<2fArl`K%Rl|>cKq+mj&f65C0Ly$hPf!Ai8 zV>98uavx#^&TWfwtqZSMjJKSH18Ub{!dkdrbc5TAQB3YC60Myj~}at-I8#=+kprf zElNZjqixMcq^p{obs5-TTQEX ztkXvHf%!|RvzWLY@I}YNX~UAW@rPI9O%|WS^D;5ZfquZ`lbMV7(m3-)swiFgJ{S;p zT!Hdo(+AIKkh0Sh6YI33XX#fjYik~BPZN^z?hPwRKc5~1b#gJ?shVo^*Uzsh5#zsC3CuYxEMDL8Nu{Ty(Sr0Q>_@zeoZiu4%1Bln z43}@MZ!4OIi{5nACe|uAfro@Q&1Cg>i%nGK-ITd3=(up<#iNr?z*R0h=x0l9<(T$sEy0XUos(FGC(k$KWHyd-J`L#UEBXG2Zt4--xNwnm8>ICYK zu({a04==gIba%S=t058B3{De${2l)Wp6j+fkH+Sw1yO>(w-&^W-4U}LX9DziDE89t zJ)Ch-$yJ&zK~w4?sg#9lOim-F4^9w7Flfq#dK%XS#5^7~cNu??27^n}_Gwu=d z__Wnb12%b6v@EZUfHKX9LytbQngbxj{aU+C1?ug-0#1J1^=kTMZla$8&m%NP0Nq_k zplxIMxg6ouG9bNC@wP5Gvq%JOB^~pK2iESuA4qFoqtjbE&1+>JrLQ`%#9G2(oWJ1? z*$iX&r^wN@&e71euRnm$7|PMndx^iTRtnK<^M{K%Av1P_cB9K1f8&O8KIX*;Et(`k zB>8+XpX>vZN-E(}^S!)=Q_Z$Hi-?|UiyglLwpy(?o;y=o`@FQAG1*(jlg}v8Y1L9< z(gpFcJ@v^g`8oPL$ojYb2%yLCirB^jhdi!>*)h}=R-GuhK*EQjn8!FDTeZpNg?_CoQvjZgCa_J@AzO~Ts%q_YhJhN3?pibAF5eA$v-p?o~8 z>sjrN*Rk+5s$xB4t&4Bh2E>62Q)Yzp(F2nt@69o-K6mP2wGl#*DS9OY>?Wm92x|>i zn0xl$+Eu%WnvK(y$VJk??7}+(!>*XoroKPvhn)jO&4cQqmZ+k3CJ%1h0VQ*a1NU<6 z#V!;_o@0>XC3MSEBhh3Bkew zj~EtS8}qlj6v&o{mz`25XO zWXI=mbeJT-yy1@#zCrA*!d7s1E^_aIAz=6(a)}Dht4&Vtnpmphz!sW}!a>cV>g4*Y z1?4ft_ZX5Y-p5#}laZxOJ(6!8>P2n~ToE-4CmnF6X;vFMp}1ZcTK~Nv6As_Hw(fe% zdt=7|iIs?nfIn)vo1_O|H{v@7eHYn^}St13+JvhITj)-}bx(H_3)>Nb1mU&$80e=~sd)1w{ zdb4)QRT(r8PyF)d*}yK@cWB>{valf*eVru+XA}d|=gSwC#pqdG$Dj_*O!t#~bBBT1sg?@^SvccC{X#^v19-ZpwWE13xoq4-1x_wSJ)@ zRswF-^`y_^(3?gpFBfq=7u%BHwOd>v1;~T+9qX_I?g0eBW?!;oh`q;$3E2ajqzsPo z3of1RFN553q@ok}Hc1MTV=L`w)lAjusg6B88{XV-(#b`t1Gsrfbdk_E+ab)N_swQW z#A4G!Y5!#iXQs(#z358iAD9Ies?Ml|5X$+0fz@%<)haMv@~GI5EuM?8BDPiDAuvMd z2kl)*VGTB`QMM$;t|$Mhbh$8_!91UeX1~CFb_(c+)tmmHT+-8pxLTE zOy|st<`mtx8RIWQUNgjChNM%)C!G7i3ETIr;czyaNi3;IT<%nS^IKIrsFU~lG`%WX z$pe)N`V;y)AXEv@lZM08H%eq#O|tU%*xV+p&pMG~))`@0l2MiZ$mt6Qi!aM>!GBWYrmb18I9bK>MI$=$Ww3t<4(%d@B(-lGuv|x(b zL!}e+Z!xdPS?sXMHuaWKMfhQg7*Pc5mO#c|y7Oo0gZ%dr)jKxXs4b4~g{$TY^% z07AQM#VscRyclNxC$;3dOXNfdtAQuJgmeFP^?hAF?TZI!a26iwb;*y_j78(QchMPkUKVAx{Y)vBFsI=?jR84*=(r4Bx>@F#>^9$Au4*czE1lk)3p z`WaABdGubk!sQ%Egz?%ct4mvVYY9q{7{Y6+qM{sF6fuGRwxnt+0Q4OArwL9>L`iwO zlFG`21-MW6PSgb1K$p>f7C@zFR!4_z^#6(D#^L#>RDQ#G&z!_1uMO@T+wnqdmWsa3 z68oJ2donIK)}>1sXMfy|`Rmn)>deip56ML0GRR$bJF>3d(NsPo<>vxAjMF6O#ZtbF z=blDtE+JSvyE2GNZZ|{inLuMU1h2B+87#NoK@bP?=fqv8R_%_|e);4l!`hN){(!mG zn_qOz95RUn`WdNt=Q+46O^M$*3*hD50J2xdCAGFLi^Ge!gw%nuRqHo$F7|3ScHh*i zq~=xPUB2PLC>xD#=B?Tn9uR@@f@?&*X?a+G%R1@s^Lgn;5raCQ0U2l&%9SpTy;a3? zXt_u<2U41eA{}md`aj}b|5v>KhoO`H%h0?3+t4E}|1osF+y6H7jo$xh=%@cObfNz= z^oYxU8~Uc;e;PXQR|?_teFSH9ZV{AoO~RL|+~}t8T8977140EHdC86g-4klDJCy@E z@u~ZYuW-~IrK2wX08jPgLK{BDErnD;XA{2W`U-%Nc*Z#sjH_;LKw4kJ@kg4N7!rW6k&qZ@3GbqRP3mutTEDer79!3*)MCHV zFEFqYH@IF6lyt~~Fao2-NI?*+IxkwnV+bwZwU7K;$dTN@)@?zT%3ywkzZ0tCbh6S`rES}`ZQHhu zO53(=+qP}nnEE@WPejj|=!^IEyZR#5vsdiBRSp9har>8VLQe?2UIU{ z>;=bkG+Za`TDX(JAqvx?@vq~R^tc3-K97_B1-{Uv@SuQgaKXSAtwvO|Jn!V*ZVY^1 z#(STMfOE8aqUspN$T zS#W$njTlNEaK%X0ySUSAs;&yPxBC2nZ&WzYlQ&+n>QImULZQmh4mbIQ8ieM)F__li z;e;y8M)|~F=6lgKUvB%&c1{Vax>nzWib%kWfnbahs5PD)%yEX#2A?>loAbgwq9rGbthD5s3fB@D&^zEPh?1DJ1c6RvAtpT7tQ znffZ-DL&NJ zjB~&7_3gl4*AaX31?Ue6{_2jE&_%nbi0qGEA zn3x!LKsnzEVYx+J(2_%Rcyy*g{_^lQZPFF7*(KgQp~!F`Zs!G+h=laEApCt@#q~Cr6mykY zq&eC}TajtAlRXPTTC33sz9cVNi=!amO1!t{{at-xq|Y|RrotC>L!$#11=$iOf6yoM z6VA_eIFX>Ew%6!0`lS-P{rgn+3MPCly(}7DiQ9nPZp4_5#BaNi^(C1qQ&<-+rt}jH z;q}kZOXk4vvz{=7)XqF0uxzDx^9cksQl-=U0b5df()Mt4S}U0-Y{S7}2nEkhmG8m; zga^Kk$0(H+rTCT#3KS``h5)|O2aouUU;-i98Rrsbmq0dp&)@=~A4~M61SHZv+6yxiLk-#SKiyl_Tns8H} zKiEG95*t1RL}GD@pABOk6U;8+i&(Z80Fh-?c)xEx3yEsQ4d2sW_AA~)2&c<}wy|zM zs!9ZaYlTX4O#zK{FCb_uE7J>`DE=Jq(>SGh)K-i+zDKG{8jIA2S3zqzuiJJ4snnAz zC?Fw143QUZ5DiPMJyfv5hpyK=FInaXHw&YAMZ@oLgH-{=mtSx=L@hvnG|2y4mq#sG z%$%kj0jiYlO->X=S`4SBR*|_usdGmIJNvy0^&0gQqQy?Dr6WI4JbsRlNc7&-APFFW z2=$=V=6rM)TF8Y?Sssm-`rqt85|3-^_Jup=2QPdmEF^}p`3$;d-G|*z`_2CfhrVh8 zde#+iFDS;p_pTu(lfEt=au}#*FD1#<==_Ag!e^`jX`QU(p>Eup!!@I$#)N%!LruFj z241@dzmaJ;&-vB;TG?o{fz%aTuR(GCw zCVQmmmQ*t%<%f2|%kYBlh|L*Ur;@+mrry_PRP#g?Rz#$L>Xj5c<7%L|^q89z;iF;7 z<+VdCeY?#$V(KCVmzI|}ZEUKKwrr|jo1vBR>^zA@BG}9+%`Dk0`_08^VrnrudwZpw zfzieIslmh$YZr|C!t2t?s8xG3-1OV|jj)^onUyqm4*;SYz$JhBb#rcar+r^&I-S=^ z;<*i~O{Q>%aI^Wj5GyYyQ|YN^p}Q-^ko-l!2ZK7+Urk??#pn`M47a_@o8gl_b1Y|o zRdb(3JqW;{;=%|e5$fDZJO2;xO+*<=LW5e^J;m@()BM4a2J}218Lbobk?cE=F%{n#_-W7z+ftXsh%n|UKQBID2esc zXd|X66AVcTt2gz$ndB)1Y}%Q>K8eF4(%2@x4xv71O0rNW__vOjfRAQb1<%MW!@evE ze(o3>-XW^QN%EX^*X{)Y0tl&Akp|OzW(ovZ7p1>1&g*z(8@Zpb`;&E5LCpS1=&j2WYyy_#Fg6oyCK{m#nxl?!-Qn_&o26!!1oI=qSaw?Ej<$>gSr| zxv=6h%DM9xxZs$gj)KrP03?FU^m>4%pphm5}##Gn&iM#LeAv{dUDpNRgYv zmqb2*;QdHbtrMXxB4~K1<@GdE8z$_Z6h$dwN<^}f5^Ua2Rbi`YC4u7`q$ZY4353T^ z>`aNP?*=*3{fowT$!r*mKx)tv?YQr*Y;VN~lrvh3?82Tr4=`sM24YCMJBlP93GGz@ zz9Ue9!Z7*z`4oquE*BKtg=RtB@ve!?oy0h9i&i`eO*D9(?3E^#_gwM$&vhN9yqqEY zv2$8hH;jSim>K*v(_u=i@DK(I46JEXV)o?nVaz)@qWBuSW54!NDQTdIv*ptUaB z?L0-9l%e>uES%joBJ(PS5)v;YdiKY*+G*pR3xxJ+HiH17Lk7w{QxfR{;Zl$3ry&?( zjzEA&p}~;|s$VyqhwFg7O9c{Q2qKy!wqf&c>4e##hS&J`BdPsW;VZzJ1Hu| zU6{D#qA@tE{I(J8WIVrLMk2XN{i1D!1p<{{m`56RcCE|E+E} z3{gn>AZq5Dc!|5;iX=(`6YRSKqOKx!>mg;~;xu=0JF{<=(Icl6GLqMOKXz=6pf=62uxNRrvqfXr0kLgvI-CZ$5Gk^m8P zeXBF2h842DOK)SMUBi~uLK>>rG)noF;e(yeoij0OM)*oO=lyoRy-D-vnVFb++&0+nqk zbx?SrkXj&1T;N#IfB_@*0jD>0pxoXgi^ zD2Ij?bW344VOXp^QzL^PJO2TSBFL7_S)OM#)qjpdkAbZ>$(VL~iA_-QhqK(qozw)Yq`g>P%PmBh0 zNAEpGQ4#$nZzP1#g7Metooz5*@Yx?_*pkBwlkud8%xMfKlm5$xyqk$XBWdI>D7K}$;fvdRcffVSEDZsGYoQ4=_}Mb3t;%G zz^sPkQbM~P5X6*qgeek6HqYs$Woj%_7R6QH(!0p%JB}Ilvgz_|E@ouU9eoKOOc)&e z!zcM|O%oR^=pA%}$>=(zuLOUu57orTjBE$}F|LOpJS&)f#C zEf|H;dZm;`43i7!$$Dr*|)=Dkq6Jkmq3O?hRSVx?4vJ!rF)! ztHwz1R9=(n9;9U7T%nfymHqG*8)djgr|aFRk_4>Aj$d%d=4-nF#^H`d!0QBmce0skAU{xY_6VhaUh7R zw;?`Cuh2~C9P%%?X5TMSdak#I`VerUJW z+1GN;KAC;|)=Ak02$7)jClp)~k7?8~X((t`>@Zpd5DYkz_(e$J?MbchqGYSm5vz+C zt|tYn9gW!?%MqOz;#phuLRzcMmL}=}HCw0oRhN9282IQ#VE4@i8IOCOq}Psi*`^$y zEo+!U>&|g1K~s8z#^+$+a>OS{H(OsRt%Cj16w+zJGylRLyWeX!8hljq305(y1H-m| zFVw)T*6m)|BtmQ+!_vg4HN96+>cW8OY1#E@N@AS8WE>N5CB=dsX}Ga4`{` zUwCKDu$qRQ)$?*tKFS}aASrHu&x)!H$z1%jWK`nH1 z4SN;1RVv$N{nq5M0>P=QRrX^j_WsY&ib8kSPEYRvd z;^(|ly4RD_w`Grtg&K1EZ%5aZxyMJYHG4>l@fS zW52m2l<_45W-cqYd|D`SA|uRJ`vj5zZmBA~xzcT)dyYq&Mc6NBOFzgrPLsCh*3tt*y!DYiTL({ph3ns% z-cMy(*~#`kxdP+O?`k-|R%05jw2h+7!5ZrYd5vzhg9OTjCE_GnuFGDWO>5!T=UQz$ zMJK;xvoM|dInPa6W&S|c%Rsk=r!xn)#55B2I>fq|5$vBR=ruQ?dESP3OlxIQpCi?K zBb&sX8cs18!%=KFk$&w;C{Y>XvqLoN8bn=+R?J)NRQg5}XvRgMV^9~=tZ8UN1*2WH z$4+#f+0jtTF-%-a%?Yt?#h~gX1Z`?dMBdAMWn1W4qKmr%d%iZRoyrf(X2G`(4E#mu zg<)e$f%7N4PN^+dQs+4qQ8dems}>5Lnw~{d?rb|d0rrk45PhdOlv(C8Dd3%_EC+c| z16i@!7strzA@IwE4F_o;7$MoZkcVLjUV)kYeJlEo;uQX^29QhOUQZ(-TE1h5Uu905 zY9SbU$znN7r+C`V``I z*5X@*!l(A`VAbM0^&KM5IEW*N*v5^Bw@DbAt-s{1`AFb(rCu%&&_)Q^%l(Zn?p71I zAd}ao71!HEwfsCas;tWjG~VGQa#{}Fi|+DDe7&A%Hun#jqtbw=Z(AAx^pY|rR(W$2 z&mo7Td5;LRrCzNzi2A$QQn*9(ZNLiL8*sE^f{JgjKE0nk<&c~e6%{MvH4Ah1mv-*niI1nv{iwaMy>SU@82L}Gm#J@}~c<;j% ze&}djW)QAtb%<}y``2;g;GshJE4D0n&D8{vzRMhG#c`%1sx0bU2)jpzK*{7i@xZqa zz>^B9@Mpe$Ia#wF=efnrIJB$e_E}p)Gi-7kfd$)p68+<$fBbd4|BHuC`Y#W?>wkOb zd6EBk=oJ4qzwz%i|Nrcv6ZZetT(HZ3<$}fjr-z;w`EL(>viCndbSxjOn|&9@z32>g z?6$ry@!#^?Upy*38}l=$b6{FykB{o=XUkO6u(%a>_evQ>BdT0a*ZchxgC~T!9+R=W?u7Rtzq{?J`)qAa%I=nXGpL9kOTPu>2mYQ`4_FCj z8uEC%gSnhAc|Oq!$ykToSM9=N*P~m7V`IzjEoOvRs}<7uE#8wBNKq!v0~3c*u9Br| zEm^APZZfG&e30a_4~7E)DX(ONsTz0cJHd!`>&Ynnw+jM2o8jI;&%?r9g)2mIYvvjQ_>$s^u z6`9>$?NJn;i7XJ@NFx%)bu*em%C7YnP1R*WZklSeeLo;m#^dA;?UoPD|-*E?>0~jne8M z5%x);aBcMJC_|3qaA;!|yyYRg!Z+0})YZln&LdV}c!S)^^8r+3TlStfV`i)god1Fy zXu~nJ25v77t!e{41}9<-!T$yl?;9i}LnZS1L);EzMACieD^oD@@7eRkdtJ9(0n`A8fz(j70}^uoMT<6QT5 zc2wuMhS3isb7L^3CEuXG$weNTHlbEa>ZCDwA-Gx-unkrfAP{EJ2MU{UVODN0^U2w;J9&f!XRY}@I(SAhq7d>gvp)c`u=2X z&RoOt{M+SOAn&~oi?0-hMp@~^WuTL2wW_o|f=rzEWj()A@F)pk0gp(YrJ7RDr6x=b z4JyvyE|kc7BRzA#gg(w!!O&jx@Qax$?-Euh#I`zMz;oD$ko;gh&np3)PX*XAkYaJYIWqU549j2r~HfND`8T!xHtmiLx+z5|( zW}_wiuPp2Wvo4Y=g~i$jZnSRsS}W_0YYU0VCa)e^*U2Uzf7pyS(DA)f(ig)rP9s2I z?rn51d-C|TGlSB2(cU-Z-oFb#(co2(buMSHVF@(G)-KM(UC+2J=T6dkQB>(`uHjn) z=E@`I3>RiMAif(U_dnkFqZ$n}di)Jlqh4UTN&iOoBO~z=~wes7Qvj zw^11n-uB^PJjfj=6L$s`$wkhU!Q=k`HmI>P0?A~L+ z>h>5*Yef;pHAvv1F5pfYv&Cprr@L{*iVWVA7}@{Vsy>&~Dr zOOAKIn^F(N=v6PS#b@CWP)1^t=pW`xse%?de~CpQ=7tZ9W|$IYZT1X1>=zYNIh{B@zK6*0Q42QeXGaJgry6u^ zV&d8W`pSwjgxIua%&uZM_ekt&uAxoky15(2mLa5qhfrb^6rs^B*Q>?iCXS8GH}ZxT z9cF@6wp3qqyo)`ieAyM&Wo_S(QsMmMr@k^L*&|GuVNHk`9<<{h{%LlPi1w;?YL!yx zXG)rnHE|xcQNW=QCuOoUQ!DgV=IO-7G(h(lT9*D!g8lJGd;-4Dxp6vB*X>s=bN6I> zWbkLdzylv$IqCMg`5B+ZY4}Jgd_skS$An$O&EXhVE4=MAo5kwxG@Gbq9x6w!gTuy= zACy^2m|D>y(7c|$rKy@-{X_RKwTwtwlJ*SJkz+kF7)k`o`DyGPW1{`Ib7^=UB1Lsb z8OH$j<2M2%%U}EP=G7$)_&BM~WqWt$`m3o=yK!Y{qYW~>FBJI_bMv%`zt(_@fY}=@ zLP3)!HY<~oq$bxcI5o2V#4i*YUo58un1b(?rtf396L5D-6bJkb=H)RpSCaQu>1#Bc z4q|0>-x7}F0R!?p%!M(hRMFk8gpUH43qG)FDnVW0qJ?+j(sN{)`NVds3{ z^q_-k#$?5)cBF#UC9KurY&--Sf4^pED7jv9;B&4fiK04|3W&2YqgX+*6oks_K=P!U zK9onUSRbrjIsm8_ArBB}u>>UUmVl;L7Y(mBQ~)?ONJEKMr(k91vl(Vb8(enORJ&?- z2mm#w^!m%YoE&C(@67HGtta2a4qa|%LaQ=S%xP2zcP?pG(cj>wPe~IMUKI_Y##pVL zIH$Tej}wEc&;4|mN>XX4g&#g{L$FKFn@n7<4CKBUKl;frq)!viW`nnn-&1F=2?NJnBNByb+HT++ChJ+ z-PU}Z`o zNmN2YcYUxPB$^SQDKTcaRLD+B4^nvgOe`o?JGAv`e(-2ke&G#iTM~v;qj928gAU zKX^F=hG}jfY@m&TH7~83Nex;fyykM^*AQTVS~h{uE^FTL!a>Sahex-o6r{z-j?N$n zE$>5F>>3Y7`d#A)b9nIyAcCFB7&F(?K zc+tk5*kJCD%()_10NDU$Z54;=eo=AxoKS{RAscn8jpwH}2kI*Mu6&zUc6pu2+YtM-{ng4^AGbg{3Z1N!u(|aV*bwm&HR;{|1du; z!2f4&X7InJz+eBv{E969$^4a@|7QM~qyJ?7>25xr%Xy63p0Vu&raCcjf1(l~9Ph_A zbmMwZ0zRP>ylb{H)Y!_apnHB1HPivc&7s@<3sG8@TDUVwW;jB#=F<}|ua*^8AFbK& zqHt_vC?7G@_wD46L*=mPzmtFDK-5(k8%08n;bez<_2~+h(bq3uVcQ#3p4o7$(Ujs8 z5xV%4&EeS5DU4?_E^`%CdxQ3;6uMcEIaF&=b%$(muK_(KUbkIbB_v+-kylf2;9$WU z-mYF0Fs;^*gh&7KS*iZ~tz{?HtFa59x~n@hXW`jt`A99AJ&*tVhV|v*Ym^vm-Ae~r z1l7!{5m0_<^y@iW*Q}eq5femmCEfc=Kn$#t4_`|d!)!6Wks3c$Ot1-RYb6`aXEytq z*--|XqZo%nnj0WA65;@Fdf>wK%^d3YjG$^zE*@Wa6-mTJdr~}I7m@e2Qj;a33@^u; z;#E1hLKALlWg>!Ol$^&)DC1W`vFn+-@CrBdu<`cA0G4gEeS8rljBXbu+vUhjQUkn01E`=99Wl zm~0vIcrx-*U_2qXqUO&Ok_++xfdmz&Z7?!>Q1w(73ea@!#?*f2YX%5b;6078SR+yg z>V?`1?`ar+3JTn#j;8VofYB^G`YYQpN%MQ?GaM?}zmup7A==fb6Aw_%9QJs2L)EuQ z+KfJzVX3v|dEc|;6Y;8NwYxDwx)KwJ$1q_iES-+=<=w;;xAdfgILE!w!G64ZFg%pg z8`&QVHYQpMUP~A@rUrq#fA_2J=hR_UB(+2LQK7}d9IP?I6Sn?@pIVUKkdVeXPTH)NK(J)M zl267e5Ar6k{i0AiQg zLa9xKbH%0GA0H<*J!Rj)3bI`wffGhMBQJ_d70*Bd3Kqa8$h0KDdY9>GMP-=h~wbuO*GBR3^hNZ7-be$GNRl&MG& zG@xL!ZAE6AE54xuO1~1ly@&_i60#?34qk2j+lon7+IE?fFaX@~_56y=xchxmz%gq0 z)gy`g|FkbJnm{PToF$XfQ9OVy*WWvq``3wr)lh{d)T%8i8L~Kf&-&8r6fJx~IWb9* zp+aIy23#LS-`=guhvxt>pGWYrq8$FCB{YIS|4mEC|D`1z|65DygZ|MHbfy2%67YZL z7z8N+0mMTA{ObV_VF&rR6BTkbh`fRW2;)Ho#ozqPKZ^QKEvXOsx0aj^{g0N={^Lq% zOeKlwM#lCITknaPxi)W6D&6M~8^B~%iUeUAtEM z+dI2%#|9|rwJ;mlnQbm4t(c`Nyv>8+PZ_kZlvR{CoE4K_u*1xy{X?+Z&V^7Fu8ZoF zYCL15BP@+!hxcgs=S*0*T{8m`>B&^;tS`xt}43*QIW(gSr5UdarBykyd*hycq%SCKfyWfNoJy-`*I zns#XtMhoE*vkO!q7K2EIL!YCW(_i0}--b{b4vB_Hujq1EQni28BfS@Wx3t*U4q~yB zehG-}oYmdq0Tdb$hXRr)q&7wZeIYGU-=06z=!|SAkl=L6TU+3&6w{I(NmLh*3GvC_ z-k2kMjbtAZ!o)O!OZdCzHyx1^$P=oaQtLo|`A1TbKCo($&+@stnGbc*v(AR9N+xLS zp&zk`>V#RxnNLE@%Wuk(HuUVb2Oozw3ma^tQ*;;|4PHmsLjo6ydKrd8%c11B1A^f# z1O)F~vPFl(N4&hSp5K{A9j~(=%N>YeSarZ8d4U`s=qmJRQe$wJiZn$IVs9(0TUN<- z%Dy8YL+9A3c5P#~`X9X+YUP)>p;WG84HUs2cH*nJM2M1kfz9&ase_4JMlGmcv<|@% zwkqrB@3$EiE@@CuRKe>={)C@yvqxhfH>_+|@;n3Iqd>ByBNu}Bt4(iyV3n{4wMs6=v~fHPLWUeB13u48q9Xk~Il(sBbSq^_q?ncYL!*Tik59Dd)IG zl9*+qIs!WFT>wtyIcKB~)PoA!XknBr7vFid0^U-9h5Vw?JeYS5HXnx>56md)TXt~D zZRRL+$U&V1l?%xiTku(73jJUK| z`cPPx*44rsxCQ-u2tl6?pM!g``2{DXnEs;sHk>j16gvM0xJkI{t7~c8H|*`LMN|G7L?!K-8aQdMR3L2`t#KNHh(4 z2MRNxsaBm&b`nl7>8Q1Lw~fuHusvCY4&)@KV*#!{?s=dR;;85)i8`?rB-q~*bP}$b zLqymiu1Xv2+WR0JOS}bm0a-=s17Yq-dSl1_$#(L_uHPTsO=n2P$ez!v-{`}QWVx%- z1B(0^(Ve%hJmrDvmMp8W_Z%j6hXTqT8SAx5Y^%ap^Z`5@{u`aL7Bk?Xl!V#0_$z3g}oJRpu4 zhTd*RV7y^rus~oFa`mgxfw)sEbL4En9eG$5p(o;q7p?qGr{dsn=Lci zuJGKVy2eW``N>pc82QB5$0+Q}h^U6Z1B~yG`P&#Z__Ymy{3X$)pb6cc5S^Fr&EKAD!Nx;QxUh-*h-|0g^f$0ujELmMADT@^yOErNzb%vC1z&lvjjXEW#PqBm zcVbP8nD~X#!9PrXjmn9kf;i#C29mqlJirCSZ0ZsX+&WYHv8BH_x7~l0o$KU2=bu*Z z@UZD&Molb=xUKnfVhkiqhOsc2=M4ZOFkyT#MJk-y@GrrU zL%Mwmp%*eWBdC&}h z9Jg>Zm9^@#ZG8MVvu@fTv;)O1sW~dfJRr;D$R3PEBakq0{`$g(ScI)} zRMH-$vxdBb^|XRcFK$s&yWT#jsO;yGZ1d=QBIN!D-AKjSc3LP?X(FPiSoZfPnKLN> z5iPOXqKCep+N2a_Fa-N4V`?S%xg`Su#$_iwn+27yQ7^~1{J$w{V2CcQT`T3T6+eF?)zY@-%ZE~ULEj5c*j2Y8{(==cfz)^R*l9-bu}@1 zs;X|Lm*Z~v^V9MBUywGBh);dU0nCe`_v0Tq)i7T})Bdnd*E7Vt?4=Frdv2Qr6L8D< z#8SIDdQ&n;@7T{ic3k2}wYUoa--+RTu1#Dl0d|l{snjE4Lb$rmkqejpkaeCl5DPgj z=sKrr1TUim&KA&AQe)PwOZS!zpL8JRpMfl2B?u^9x2}dw6G8O213SZb)pyx#6JZcn zsatMb2Y2yswISz0-th+d-y_ojYXG1p@L>;bH1!l6K4w*@Lkf%KE4E4HZs~Ur3M_$rCwRJcWrfukssuR2S5DLoK8TE17L}G|0T-O}vZLS=am(VB zi3B@@jY&p_t)h`xr4#f zrxXq{a2vkQsAzEmiPFG_c|OMKg3)Z>@hZAzzDt;`Wbe)PH0mGb&-zQ~|HVI|_!slH z|8M5+TKtFkVYdE*`Dy?8;-oSV00#oVzuy1L{0LO>cmFWI=)r$7f7jx_ncvmnKbgNt zL4gO`x0zGZj-g%$o2+6Vy8=!dfBMRrH;5ng3H%bx!A~_sC@V*K9#>4LaHoNDEzZM~ zu!=&q$=K_FJb3rk2m3c@k~YmPj2%l-=a4C~Zamg5?>n-3H|o(6b(siHhoZ6^6Ucx}NAgNiMT$#+<3Bvl-d*Oy>i z(H>!A`S1s%hb>Aq05SVGu}7YlUkq^|9-V#(>)o6O_l$w_6H3li{Z;wME-UYw2_9n& z_Z{~?)LsEBeZx4QZ43Yy1TaIezA<-pUaQY5H*=JKx@D|mxD!iKmXf^zFl{nCiYCk0 zIbk1(2nUncF%pFdv*GkTk(#N?>&o-qCCtb6=RRrxX-Ir%4{&hk0|SUyZ5AV0><3^G z+t`pfY^IY81~QgqQ`z?^5PviC+mj-^SI+P}DQB3cbbP#?g8Ibd1#dJt-TD_N<37bK zIqA4?8RAd9o37TJ&*lkaiw_D|Ae@4+)deJw6Ux9xDNEQM{4pcf=5-fXECE}lBK$PK zjQp@Z!WD{-0_i2J2iNe55c15mHY%8P4UUT4_YX0%hWsFIxUGMVX2uQc5KaUGO-%tc zSk0xp*xLC3fzIh}VE36Z#jl5hs|uBC(Pz)4q>R-&)W8pwI6DEV~l<2AO!TYCF$Kll9zpgoFH#pATu1uZ*UqV06{RSEV8XQ$U#-K1bK#uU^EJK z31QefQzHa9vFRBp@iQTKTDSuMG!W&mEgy<2 z&EG{tUj3Cmx<&u0M%j@zHm}zsu}>n)Cw? zT?J<3#AnN!D80@U*lm7nW>An_;x6ApHp4@0;ZQN9KJQ^FkmVl7V|pI+1Fk;j0-1RJ{af@Zw}i)|1KW~}ynnju%uPu!)0 z8!XjXm?q!gxARYC8dJb<4i1g7c543VFqXXa5plt^>6N-pf61gg#HxsL%`=W}T-Kbl zXYXv@t1yCVX8(9uMT!{f_i&0Mz-$Bk?tqp9xnhgJ@)k^LXN3yCQJt8?FmzHm`Xn98 zq&@Twn_1b~bl(E0q7B@Xb2$((mw5M^2e^UO%yEZgjQ?nw)!ANmdxEh&$Pe<(x8cL8 zKyyK=@NxMJf1MjZfiSuhUWFLsH&c(3XVUdR;NnvE2Vf_%mUv7o|7GdCV{fMruZy z`SEUR28~c;>HF7?N(WH8Gika};EonCgKCF{gY>?~3&-~H{s=#~RY{2SvAs2xLFVsC z?SMG0WWXv`Cns6%eiD|`?n7sBDix!S;!8Kk?)CzFdQ1!CDUB2?Ev7^bwQ)g8+8M4V z_kbfr$|e>S1p76$MNd9W5egXe>i%dTvKuOrt4^>52-R%cY8J$!u2l%7WEm*mqEwme zdLbAjDc&shtd5tSS!y+NL#l@czx+tN$5!!snM38%Vxrj`PRruk!TKWOclFi1Ykw!zWia?Z zLcane@vq$TAY2z%+0Jyk?i_?ocn`GAhI8IB4d3>BF0fyzJA}KZl0|R_l5+{5*LBVI z%OEH3OoQlPq}2dWsKD5ETfT}nGrTkjqLPL0ghzvDqJgh}#Z=9o1?6&jgUJd8`JIQA zxfCM{4boGL2-BC;lG*GU3oj1Hsk2oxjH#og`qNPrIsD%4Gxzn2g9kmX4DB0I^gq!- z;gijlsOKUrycXcOD7OEIdOiORjJfT|$L1K_X;BlD4E&sd-9ggPC_zJtw>)-K?`BK4 zyWXg5r_Vkf3BjvDp*(T{0aPD|mj^GKJ)VJvar%AY_lC3)$&_&)$t2|jR>B3k(VQs& zc1h!WqjGF@mFNbAYT54h38&hJ;2Hf%k1E=ZQ#?E;m?~~SN?o8uQ>1i^JfFENA5Q~{ z0jChPuh%D?>G;V}>%P+nd5ZJ0SF@$iOyd04k8b_dwNr{sY=uI-P`97f&je8|t z-+zq?cPz1D$Q*l4n~~Xn2#8pcM>qoE*bgWJIt7ok5TtY-Q4C~&0gro<7O2{q*1S>8 z_nJ-QbsJ@ld9Cc&_9=+95HsNMh2)M$YUU|(eUXq8VC9C!$W5vI<^3*KOgs0{s4Euj z)6%9rP5s4XbyE^v6syFcRPjtTIs7{#<0HX)mi{f?aN(jiZ**c~e*N`&s9=|0k&17- z`LT~)=)Q~L+yQ~kd6tGVogL)URh{5*60D6Dx6S;6IZ5bH>Cg|6tT`sp{v<9&(39B2 zN>H%D(flE}5pL1pMiXFOqN+&tw$trPaF$es(6>FzD3-pYD?C7*91ifC)XQ z!6^%wGQob$<;!L*<w8njNa&AAzCfHhqNYve+8tWZtJ&M))G}gqwxU`0|>7 zEMTLMmC-S7!UKNt=rR;@!GI-umDHIgGN6!D>J@{TB#ve`XATY2t8-q@pv}=)$8nC0 zzOqZ?LF@2(dEpv{!aOUqqdgu2E~6txuX@O!C{1n^E-fw=IBHvLEPYO$CpF|6Vhgxr z?f6FscUR=%VYIv0sMk_gR9p)<@0DG-a7glHiV~@~(#$tJkEmNII-kNRv2V7LzKMfx zzb8wfQy6#%xvS>>te7>B0L|rIz`w{u;yg;ZW!?ga>4{Q<#^PTMTbAJ5c8*Ovk-m3Y zX57{lURW9Fm{(kJhQ`7UFUPY|L=Mu56(Z#56DN69OiO zZ{yECz0A@}rwP}H5<%cycv2!Uq=#P1Lozm+^!xB#d(~Mj`nyjL5Xn^to37YB%00jj z9M-%{=FY3zz zHqU2VG`G2#wRhTahs*?>rehQmuH#iam+(hXO3I|9`pBY~S)WEHOfcL4-CQ#vV>ddn z&j3y2Lrt)z0wJPdOjTpka7B+oNVCmfqMv4aS;NG9ue6-MRusk)7(NMiC)-1Qw5*$- zB!xRw)yh1`{VMjHO56jD|1sK*@ywtsg_^`+cC`}lIWR4UpGOpt)SU*Sl+az5W`ew|)&|LZ4f0J~mcF)N5bE(WeN8uPgwfVq)3!GDFGPRpW=0f3)HXBzX@IgJ_pwNQ{v)V44G*RHpo&f_2+KCN8sxF7OnVf{ zfz$0QhRFZWGEa4e_tQF%Q8o?R87nk`6}rG1>PbiOGmQQ1*Ai56s9!`L={Fg#=KP{< zG!bLGLV0QM6EtV_=BVW9V++I{w>oo_!3#@36lu3g{#JgUP`0K%AP7Y`DDVjHr~iQY z*kzi-d$!qG%f$iI5Tg4@j{(2M961ZDUH_s};cbYg5~KZHe;o%EMOa>;6(|9Nh44xg z8Bd++lIKWg=@tfI^rDMq)-8vbT&h*Idgx}qtQ{#hSXHk}Tn>7it5pe>UL7v>uwz4@ zd&sM6B^*{GJ7cl700YqSt~{N*Q6z%d)t2_Q=1#s!&YN+qP|Y*|zcaJ`wjDv7ZxhKFmL` zBG$+`ugo!0lRK2Ep31<^tXPYgU*z4gBDIz=-#;N^jRx-oR5xu#BhwY!QqfI1iQ{Lv zuaqH$?QSu)>B_JTFtc!OSfY7{?wjQ7om!hd78Y0>G2Ywu;%knWhb~iI1@CEIIW~!G z9SHZY0|zi#zFq{OMMpcDGlaiQWx3uCb%5x&vp_+k`q;ii8JtVAi<9BeXa(4+8tnUvSXkuamG=EXEpo=~w6iQcIJ!{4cQ#go-h!|BHPY*`-^;cvueAiETdEp+2&3#0ZC+Kj_KVHvmV*SBZrZG& zYswuC45538BU^y_KU&)wF{()Lnie`c>nAc#AcHmDl5Xg--@-iL!y@3f+4UB=W^u94 z^mjGGOE_5F z{|*E8h)H&W5y|Tw71}?I?{JF2Ry4VTxH*86{e&)hM$P=e7Cb|t7Eyr~+V7F#@_{21 zI211QMYPm{a{y=`Loa6elGQAST@mu~!L)$98D&}=3TjK)i(jYm9@IEq9EekgQ*<$l ztnlUYtj4sFCVg4_ZD)AOTgl~S1iROjApVB4x+ZY_4@ueoOH%#^o1y*>n`!@VHZwEz z51aWs{BJfht_B2f4hry}^Z&9L(5-~W|IGF<{F}|pO#L65DGK>Fn-ObAq?$9o5-W60 zk>7|wsWtyG^Mtny|A4cOKBNbWtS4RgIr`nJ+18h#%yK0&XAki?*a-M7kZ3m-WoNCa z9q0by;CS)zLTCDx;x~4Siie9PJCEZi3nBu}3uEm>X)x=mzNnKT&1$!WYyKkapeRpQ5D|a}5rXKXYNU*Ph06#zQ%4H=bKB9sw28MbJQU}c@3)SJiaxa%TR}t&;TQhJ$EZ&eC6;;Uy zr}3(D*1LRy)MvP+`YiWe*;3h$K-g zK{i-@mT`{FrA)uQ{>VKBd}X4Avu)$Jht&svUjSIVb=D*a$={#Dq_sgc7;IH}#qThl zJe(eVCJF&F9kK$$#A7?c+Hnp4RoXYF4j#O9Dv09{TvFLnTEh-8IHw6MBfH-?;|J;G z!tY0D-!{`PVeXKw%}&{VO^p2*x?!9Rn~7SMy^BXd<3@=F>Xdw(LT$9X6s#_>nNqY$ z_;ZwNe8b@#ePC~ZK;}}JRZ6cKLk*$M5=?ohh%e}KU;=PAIP^v{@8#6wt7IxKaelDi zx+>08HYzG=CvDn3z^1SpKfv1PQh}$qM!*-%82TmTn;_a>Kz-_(H%T@~t2$Pde#iB4ShT z+_49$1-GXoz<*fF-iNo}XW1P_YGk|DC`v6pn_~;S$XWu3oTacLTaiI1NPQV+O5({d z8@h$_B->|vhtN*x^c#o&aMG+qZ|gb8QtIJW?=9BbRx9yB(5cvoA4qC2LTGBniajZI_U?;PEbG)D!)Ohy5Jh{l=R&)D zH|@2iTIY&M-F!XkbYgW=%Js4SL){C|^ zh}}Qq!&>xteE}jSiGket{V8xgdaxS%4TDj(my2}M-kpd-I~p?peoagNDA}<|{kY+% zs62**0lBtIRhTs)kyHb(C%VJ_0;NhJA8BWif1muytH(J-cwj|2w0vwqOQ7AUwE|K! zB@=mmJ;>l=u3a!OFAYbo$$+PmqZWSMlxhPVhNpn^p+t*g!cO-n3LB1cm%b9Cb)M(* zWsU;$gyp{B4~-M2Fo%!NQ9s`!Nf$D$qI(Wx*Jb=OE7r_bqH0x{(A`{JG?=PKcmOx` zCF}3R3~h}07v413nf38dO+ns+l{AP%_iia^dN60xm}0I*#`-X<&l>6;!4N#3AWdx& z+*#yG(3rw!VRGY;m@!taIL-d%Kl006nGB|)N^@8o#MzF~!SiuvHClhOp&8LjZB^6F zorL>>f8guty`$}<-c+pc?pCH(I=Oxg2+Spyk>SLIa>YL-F7@As@0TPx?>wR80nU`6 z&*_B-1Bf?vcDQ8<-#HriEdQXHQuILoFmEOfi{G7|BNv3?de#v>bM8xS^yB?1rC=M@5RU#+Ar9?3& zig~8FP(_E-hAhf~;dKu^ZV9dM=U79tVey>)5UtvAL_uF^6N&`(iPEN+GbP%B)P5i4e4`J3&}_3{BcU_H zvlY+9ZmX_s`Dm5fGvALCZ;)fu#uPO38ld?AeSo`{0KyA{keHSr1JxvWak-yLH12c^7bPuy3uc)Vx(lgY8j7l|Egc6ieYp#BOoY9kMbIy#Uc})8EglGH@{Gm z&A#UE3Of?_!l*#H(wOs+TQQbVn6pA0p=GduLc4JO3th@Hbf%WH@4tWN?@M}hf$5_!wqt1@n`B34YZOSYrMsf z`aYyFYsq2ZTWQNS7L(@BM5Cn#P%|(gvRQ$V%wJ5&((S_ z@;M}}gb)iJE^>^HafM@W^Wgc>tWEaXZraJ(5#tT!W$hA>fENJY@pN* zD@~bBk|tGvI1XtXb3Z5;qX;(4)_cY==@YVIMfW?)ysi~ND!LGjRM=|J$y@;ECV?Nv zXaTCf%LTTy9f2Z4W1$aZSUTU+uozV?W<`A*bnXFtkX9mfmDYF0tb^@}N5kLzeHJ)J z1HTz6W#`Ai)yeJEfS|Cq%xBx>?>M5w`&RBywm8}ntR&?S$VS?K?;@CJt#8kH-Z#<{ zdg>}eq|5q^Le10)ZSXjRx&RTNoTcZ3{~qQ{%c%(65l3ZSmu5>9HNOe7qv~xQ!~#-1B+%sx21?1!U;L4Dqmy@FUu~kaV?>0)~7H-i*1rI`p95~qPtwg1yZjg zRE^gYb?0=q+{u1&q07%nZ8bRyF0&|k5Wq(IeifV^WRGr3D7#uVj$dTdSfnv+CvhI) z-6-5$q@8gBudR&D=_)JxBzxx7P<1d+&Hdp=QjuVTPcttkbC|E_d;As*(NO-uEPGD* zMw`JHkcpw3_ZT*C9}&Nwn&45Jwn&{UZhT1#3JqP-uDLu_YE7P{LTlK>S%gt9B^ zM~X0YbZYvsJX{-eedZ@zM8%#hcC+d;GY;h#QkZ>Npb|ORn5 zdNxpqWAE3KUe+t16i?l!pO<6sD>X`bA=lp=?$v<_MNH(q&ZRX#RIjQGWJgKQXXs#U&`#EKY!HyZcdNbj*og z*IuGop1Kaw(mz$9QJjLmvx}usulhC4)VBMfIf|KKlmmA)VN|v@Y$)WPVkj_V!}-0B z+I#8ub)3Rm*`C+b6S$u?5wL%c*DknPLjc`ybzc9Sn(R8`t5VJmyGX;MQ5pmcGdW)x z0Y+S`!IK!k3sX@A?*!uCd>)xs)G<~`x}GLyU^@W=M=gX|xaoo4gSx84D>#hjOde~e z>CfsPxo^ilO~?Onh=4~8?pYFdU~M%F>70gZ=83k*?2v|1q9%~YvDCK9D7*9d=3m#m z$hx~dyjyA@8&x!^=Z-@W)bg~H-S8aBT#ZSp)H3{gEsC6iw2l_^!91}o%eeh$P|)Y; z!Ma-1ui)|kk&^PLef=@ghTnZoV6E4BBHs*MFK=0xf@&E&B!l1RNW$A6kis`^{?ZHI z)TKiXWi38;nXc)$cg$i^AVB0P(!3vdn(I@;wq6uAeX&8$8<|fBUc6m|a>CGt!J%qj zBw_>aV}B`9VYp~+7!u(`Pb-OP%+OzwOX%QZ3QE6xNOn57rNvSEUNLq*-d&bN!nMI2 zhz2?y*s3@#eTxUdH9I0%2g2#UU`G~#uy=)Q)@DJ5w&<%Qe;}K{ z%}A~to=0vo-1X0nWheBAT$2LHl+8n3NcZpc2ULE39~H?q6=jK!Al-Z7Mg20(-6A2H z8Y;R}YFdfZuU#^hO}WOQ??|HgsV8@4<0JL>V24%?NQ1cvCXSp9p46R9PKLK`%Fe*S zdvNNW6}JpqKg?!R@fM1^Qo@^I8tT(ZrzUSl0dq8E+XYxcKJ#70jUaW7G+3>hhu=!Q zoxO0p#XatnQdzG6X?+djcrxSy`%3*9+s2msU(`eR)Nqh`TB0KYvE6niIZ!<@xb{Q| zI&?!+^j#I)5YR`RD&#kmn_*k_JU)K(d^Qi_05*YcF!Gp?1uZEX>N$Gol zi&ohr-DT4~n+nfP*xnTwms+o{bX?haTNKV{T@-4^t>=U#wybOIjLAR379p+k7&Ez= z>|c+jk5dzs{%`4Q2*%Ewy|t7e%Nx~qxGp(U9ITQT&c&O(>JtfLkA}97?VwQ768xQ6mbBJqX=10AZ(xd~26` zuK)EXF6XqkzOlciIPOua?h%9CV#5mZ0X?EPm$pQaJ_IowDpO<@2tAa@q7~ddI9P3G zPFth)fg;`|eKZ7Wm>GDoI_VPsYOS`f+9t+70RU6w4v5M|S-AB0Kwv>KIUTM@yR%5r z^tsKt|LtAkD`w}TnHhRNY(;!h&x?;A_T?n2u?C!>6;?8-m8)geTL3!yA zK-2mfE#+%4lI!P796vI%UWC2WJj~>dWkh9`#by4wVXY8Y@=aQ*<*zPFOC8jsD8v8L;k7`M;4}^NfACZBd zI%Gq>fH}I^q#z*;H4CW1y%edvw!J#;KnS|mU4hsHh_PqFho}(2S*ywl*WT{9OeK+1{ zT&@09(@E_~bJ)Jj+1V_?QqP36c4h1lkSEFfb=-BsF5N>;*#=V+OvDJb`Db2pBXA7^ z2>E(JY;G?cwFVG;_5+w=Nj}ANHJ$z%e3lwen7gpOG=$RSw-lLJiq2@U-G^0mvZaF) z4Cl=K`e`)xRAWTM&Y)6ZwQ`FwCn}$EBEj#zLyWbBXycYrMbI!RDk{M}!K4aE! zP?hT&6Yhq5;)eg2k*gxSq#IhXq*~>LDTpdQ+Nr&5YD@nez0g8R*T9{PF< z%;eZrcv^jCZCZHttVFo%Ohcn^w$L42riTfxiwbpEeoh3n%H=FgC;O6dQYgBMWk4tThtO_8T`X3tQu+H~ zgwt}9city;!r%hBj(Njp8}LSWW&YyHE%&w4ss(V;(m(}sB8~I+cIOl{@m|XH2B=*A zf%+c97u*Z?K@-D+nq;}C;5;O-y9$FVeQ^a};u~{=5RaB$%0lRFf+0V@t8ZcYY2|?a zfGLXCsNZQJD1flInzc6Q5k*k_GAY{VwHR}L1GPbD2zKLgxuZ?2KA7UfGU@KQvY*A! zyrdoBr@z(Lu#F?t6y&k8DcE3UZ}ttwsX!F-0)!P+%qeudkR})n1|!`Z_q)-547Y@z#s48Bn98C>n0lwsTA+e?;n5r+(!TNnOps`E78;8Q3xynf05Rte ziDx>{64qv3HwAJYFRd*`9aT>QMB{;LU@5M;A@x8wKv7o!1=|g;bQK?Ey9#a;P>Qm(91(vQ zU#V{J zOR&rsoisM+LJHFovSePWegDuSf{(4c|$6*80kFY=Z(o(=|BwCYc8zd)MN z40!iXxf|t{nv}nG(g(=MU(Moj7zA#-}Z#3!Z!*lw|wwA;)6f#tx~b z$te&4aM6h2a3w(QOr;akhUk6qDvTX=Pa#}Ykr+lZ+*#-qpg$;Y9Mm#HR}4dzvz!A+ zIWjdpLwKX{_M~M6cd(~U&UyUegNij(xF@?`BgB$b zDr0mOUvsV5ETlq4tj@WmZ?D#>*t(l~9#-dp>)cHckDMz3)^(~0QNH|~1G zzi3WLq1+_x6JwcF?7XV(Q&K&!F#*)Q%N<{P`mc-fKh75%?*_JZ-B?aqo<#8mIUns= zN4EEtu>P#Uxu3urR^^?NM?m2=xTPr@>rPHuf7z~^Craq9_Fr}HIw7%8mn8xM9}J2l z^bd4BF6|r4dFmYGy%`%XWbQ@DEJv+_V0}cS3F=ejrKWkq=~+CBa%1Fjt-C=xtsw$W zHYeDqcA}DfEvUov6{=LQfOF^B1f6<9!sutrC1pD7I=NTfT- za3KoqoUM7U?n_%u6ir&tD6%W@1+G# z^cScFPRYUaVc_RDM;xW*d=IZPW_-YxMPn4%r$ZiiY z!#jhFBE*Y+vx|aliTpzWe%7G`J4_`$CU7$5XdqM7`WANR?&)gEY_;{ zLGE|S-(9(6GSE-vcfaHRgb(eF0rNFWK1Yp?NG4k|@{pesxGc|3;bPcTkF;v|#03O^ zH9j%Z#22Iu2Do^#A;VJBsY*XIY$pG%IC_TFq>*s)cML>kIU0OxXcu$nRK)PbdIW`a z4v3rV8)3&z-DHA;`c$ZH?ErUtO_T|ieyvxxMQ!``2A_*LgW!sE4U~gP{cQ1nX+b?9 zriBX$rOEfu_p3I=d=Gz2XI{vJC~==%?->>eMBl=|XlY%;JvRqaot093iwon_=AdJQ z+7yo4!<^QD#t&>f?uh|<(&^gTpZOYW5MPe0tSTOo^P{!EqbG${F;~nnV(wtJHsuaF%G-oGjBKUJVS= z(g>}4yjkm61yF{U+!Sh|M>Xh13c)4so|)1?09Ti=Z-JwPn|J~2>@?+G?F~PZ{LO-R zb#Z;fu!*sBWA6Ek6Cn8nOWdP@brc7hEUO-(zxCNUdf*zI{cSk=_m>(gLb^D+#1H#B z0&$N`*Ry8t4Hqg53YFvB$v{<4bW#^e)U>xlsSe*=LeretVEf_dM?|0EDYp|$CJa5@SPx~CUsCkQ zhweeO|2*;r@A7o<6SbM71a3+=7n?B_nv1JEyIj425W(Ev7X5F$6Mgk5tu^S` zfyFK_>G?u=`Nq<@G=e(qtB`j#mRmG%CTh^YuY-I$tag%3!$uoUHPGmKF)z~GYUBW| z3rHnN0$`v!VUi%1!V9}=^jz#s;cKP2@#b8Tt+zkIjXX9Y zWGKH)2tv(aP?MpC{q%^29hvz;DttE0mPG7MRp{df2DTjPJaS>OKSW)1u|L%%@z4@1WQAlkS7H$z84 zd6MN`0U#J)%L0iES0ATk0Fn@+;ZZUUwQEVz;hM55R<`+dO2a$dF^iLokyZ@hKmfVe zril0q{57VTsF$!+C`uP9HlD=w#jHLsi`>d7k9qVe(Hm!y%o`0L;T-X_!pOS3glnda zgN$@U?zJcrQG*1=E)+`fzWZ5q5>^K0f#b3@o2N;co_MN#!oj*0v?|D*W-#Qw2 zaN@AHb%hKi_0ciXWSgpP}4M_S2Eqf*lNcWcH&U~r;8YlYl6_~_@TGw z7IpaV%J0*Oj0LNuMW2R8LH$}#G;a^F2*5cd>C(zf zbtjQLaKGzB2+HtyvA#;#rs4td08bmO%XA=I{?_n-@AQg$H*dX2KM)0* zv@0gM86bN-0vv<%RuAoU2_LTZ?xwDrrP^jGnCHXOrEkQPyL@u-WccpCPSr)H?{W`1 zGIGSJh*(^krO_J3w$;=Rh;zWm2j&iiBm`Dn0h}dC<8k#<%|Q~@__LlU37$j5C;kXy zZ>$n7FKd6ImXOyGZI1K69C&AP-jWl#WIIdw?9{X0wd25=HESFwwL9a%YdrQWW$QUz z{oOD)(uCIG*&7s04ovMasswY*6+kB#SEPsMd z5oOJj5cyEDIZsUIhq<7waNEX22V~9ET?7`%=KXqGh2TZog>t;^AbWLXR9Y2;B+4Fo zDv{ec{pE!0HzA?W&EvF&!lL?*_Odx|ft{ChkFC`c&3Rci;>W7%vC7^;V&}Pzj*vP?=4@N;F(n zUA#-fB6*nX9)^xmFTXl!vmTm69ZVithu(%p(eFjIEq9>Gr7 zo(OFwoSBs7V#DY^Yu$`rvx~5tfAx{Soc~hX^|dROF+{24B;mDFb9@?nx&v>5;>sT} zA=my<;|XA)0r`UF?I7R>YxXf}l5}1xGDvv=f0yJs2?r16-)J%t3VnZI}T$sO?f<$!2vI~6nsnu`U7=#HS{n-ns8lnzf0lv|#X!G@XqXN~E_;R+| z+FtKC%g8Uk6q^-SL;*iT`AD(9UgJA1)GVU`yx_`(S}-uK8EE3A-v37ZY%c?U(FA%t ztDW&Ut`)*#!Yvv|Z7}~b_So8qT5N&J4M=r_7ni0H7rS^q3-p5`%7C%bB>fkq(Wra% zHWDWU!4^Bl~fI$JE=`8Suyu0d;EhI@b5-)(kNq7dTB`I6elvHdU_aKC_;ov}<+^0B;gDjXF1?j3Y1Pj6VF7ACa4Wi3r4 z7tafvYDi_vyiBRj;6WLFsOrWleaKX6TMU67M5XVk_veB-6W_2PR5uHi@APZE@Syal zVn?-I`eb<{HDP9PGbS(s2~)${F)X;25$CgOmZ$`RwGmH!tgBN_Y`K#VQnw$ON0VPk zg3rwiDQ$19MC~r=afvk8p^T`|om@7tYJ?GmgUT8Q1t<%hA72nnCW%R}j)h4O@GXm6 zsY73}3V#v$edNZVtg={BAiqR~-=Cm#Bn{f(m=SWiHRvsH-*62|@oSlQqTlNqzn`cm zW+zsFX!4#cea~K>znXB*9%w6kg&OTsN;;!o03Pqd9j_T$ktOv$H7{3$umIm+o_?6=fUTf;;RsLj0W!fmeo zzP&c#^BSKU&S&RGB^WlBlnfzP$;AfNz-9u2(Ezpq)el>MqiHnV`44szqd(JI7-1Ln za-ldfW30e-duycej~LrqD=oABnv-CFt;b5%(CU18wU=}Aym#_^O?d3>+$*pV@Vj~c zNJYg>9Pg3AOj-XR$RLSu!DBNBQes2=`X!@nRTuX9F3@}~``q+4W^5Ah1D`M&c#m|@ zVTT$88VOO=gAE!Y)Yy4yVk!@aASKJ+Tk)=JVBGm*`QUl#W8k43Wfr77K9#65-eYGO zicDB@$yb3!;Nu~ia2$w)S}9DzNyECF?@P7Y$+Y&jy}F%e|mAyxg* zM-7JWv-=;JZ{wKOy{jt`tW!&j*|iaD^mwWBQs)^k5`@X#xTDMrwGU=W>bWf2OnFJ) z(lWOCkAI&^IG9;e+rz&c*T44m~GK z0q@OF+n@wSBAvuH&VP)cjac{6Q!lOSZfRcHRS&>0y;8PQ%3=1EI-Z>S2!IOdqGwg% zcRGU+CyF0H$2k%*hs5fw=8-nqSju7EKN8q=?+=mUz`xCIsN2p4N{>8aX43cYh^FxfOsD0z5a(6pe7YB*@YnEP^HyZMK zuF1wH#qlxZQ~}YnGnyK>Be>jF29;O?C4Kd0fJ6O zQzZxMH-X&2fWVrbEtZ>um;m3C5^UD0fVNy|1Gu>_5&SO+vb2YDkVzzznqGp_!6p8)^2mAEs5nb6$kuUQ|vwC?Z_(RHPFxY|=uGXDIW zCA9GG)ih;DuNU=CpPq36xW)y27O!Z4#Jhp#&hIW|p;Xx2esqG>0V_2Itw|0B(7&n3v+^9R4Lm1Xpy?*%dUV#Y2pry8Bwxqt5bV4DAPzVYKf^Np1M zzM(%G|KF4g5tqN?fAr(sH?l?hxYLF6Zb)o;#3@gRW)hClF zQFK_WD(ehyr7F`pwm=~Re=mG0*KNN3K7~ID2sl(JwKYcR;FKTqL6_cNbV{%OyWZocB&HqvU$ZO zWWC~`yeTzo3qq#OY7`V=91-$I7V`*lk9CG}YC7mV#U00bW6lcZcQ(>s~G z@a}TA5qHc9eJw!ij~qlv-zL<@ZssvTO`k$3rCBpgM2L9YW;yi%9034>wsQ^jndf?b zMgh6d4Ui9YF<0Teh0vkVSGnk5leD2{`<_qJLe5zg8J}+BGeEo~tZF#7m|Kn(pUd2Yq2djHtj zjbPNnouH`IJ9t+w13n-ji}mw$k+|_nPw+%DCsqx+M0Va6;l==;n+MtW_2=C{aa*LhFba ztCJhlC1XN%=Fli}Ki<7iZw~f@nj+?Uv{NKLEZ_D%wc~EFHwOFtl&uPmJ7k*$wyQQ! zhjOx~hL10V&8TA%rlB82H!Zep^sGP>OUlLN$iSBm5H}88vy3$|XYe9yd?5O>@N<`+ z-^YaD{x8OHK6|HGaY*#%*U|K~-~a>+#u^o6td(D)Ui%AO&taIcT~ii1sPYHiYGY19 z98i}AT8uQdGr8hUG)TtGJa@m^p%AN1iB*LjH~rg(!w)NNPLf}S%~z3%-!(F(lZ||h ziIc^|^+P@FJZrHR$(*$)M(c(-?>JBg(S-qkTz4U-ba77Lu&9XXGD`)T_1MsZg57Mq zU5}j$>v0a{V<8~^d}MpX_-qxK({o@*$!!JTgWHo;!ElGL!jgMp<4yLZuRH`PK;No9 zgX02nKo}0Ifg}5(Iy)FCBC|fQH=n`nQLnuDTGgwe>)=7miGA~2e8mW(;Ff9tF$gyI z={BVd*ICpd?$|hQ7300I^(znezksm!ppAdL$xL7!l_QRr8l}e_f0M&cL9XJwLB=<= zLzZ>_U4avyNCRr~XyA@9LM&qs8jT-H&rh5Y8ck|<5^w0CA0KfVThjCE+oE5zc+i>n zimgftjF>B*^>y-?9jOiygW=!_%NZ|goVoXll6=VFSgc;7GzTCD97@WEVdl=^JBoq| zUGJa_uxOL+ALU2=tNj0i_R#)^_O$*t?fHcHhxW`C{WtCD{q;X<$>)D+3B|u_$tTSJ z)sn`&f7cSVl6I2pvP*#2k`a@a5yMc_pD(DUfD%u3V+y+BJ?(sjDr+2)Siwcfqg65J zXxJg7p|m)vq90+qWH$mfZhx0RUxJIi5lx#)K2Kdj(e>SG!%Q{l7FyFq<;EXf(uKj> zYI&ElfLHM&A0RNC`0|jOCdt2Ms_{8xC@46O$+^Hrql6Y{$)ECr4^Gwb9xLhVXUN(B z9)I$9=g{a}XZ<~;zJ`_jYrFg*UW;Dx~ z&mHP#FAbX@@<@%dH`~DO+r{+}TTeq`ci`;_i%dvRTRrn}8;C}-zUYbq*MuoO>1IJ0 zs}ozpYkH_PlYRo6Z9<4Q6+tKF?rFrL%#%Gz+K`D496eWjGK?kwyq^;009y{G!$9No zzWV$iR=o|MT^(}K;V|~xo!I%Me$VaeALTa9g%iVzuAw8xr87D(=Penr1?oakK~#Fc z`90^e5;N!;tUm%;)?6+M;05ok8O-m$U@FQodt^lH;b{cQg8aGlAD9mLrnlIchLgk0 zmfY9Ef9e40ekY;ALoHu|&LZwnF%IaLR6BuxQ4_DLDG2#RrF3$jst9mNlS1XtpYP?* z-g{E88cj#0!;doydY~Bv8}vMV|LZrX_Pb+J^j;c$e9D6*$fic?S2Y@bIyF*7&XQem z5;?!$K{VQsONHu)n+#o+)+NLb(#9!p?~8Qi{9KU4M9)tvfmi4i4$vobS$wGOk4BU= zrMe5hyq?KsR!{7E5!J&=ut(0AYr9;J%vs2=in!`8YT_13R1;Dt9O-~f)_XN+t${^% zXYn(8R&b?k%3F%oczHtZab>qYgBYr>*GvcSO5LK-xd~>MvmbH+&v+{d+NN<|++Mgf_ljJme$F7tiBS9XSma2R z7syUz^mbe1J`|pcGvF=nlY-mD)lRQfm-49kph@4Ri5sG28K!%XfM2*ILxky?@2`KC zmCdD1RVwM|U5R?htieY;{ZJ0Zhj+C5k|f{SIuW7`E4zdW;i#W&j|JpO@uDyUhC4u#rsts!r-;dlxly+uBZ)sKHHKnp_59-eIsp1 z&Ceq!5D>H$6{Qi*XTWLp*$W_9+9 z9YnN7r?6+3(1cNntfTxrMR}P?AH76nhjj6BVlEO|QQAIQWkWH(n@*I z**~>}aN~a_*nIt?{Nk(sQvNx>rvFoZGvxnY`4#`BRzjr1?(O=$Z-PF6M9kWpF?;_F z{m2B(Ju>L$ceigM2DkmpUu7V)sj;oQ*ZaXT)1l!FUMoqCO2JVj6t$(8%3MKJ{{jl` zyk};dr((BKwRmwLy3Djlt&9>Dfdp0(Nj80TH0h@Vtl(f+GE20*jCCm~u0xDgVcRq- z`%)New`)B>+!j98Q)??$=%-(5(5IzdZhN(}z8z?MO%iE#PshH*3Vid8g#8Lo#{A5! zl_E;Ba~&-Yt(+mIM97md>w)RqecRXX2@J#nBWm`7DVmQkRM!T3yah2upVosT1q;sY zIBPA6r+K*R;uYWkm=Z+>1_|t}D;PJ0ry=>CfSKZeYh4@PB;2pSk_she=u1w$M#=0y zGn0dJP0;&R43E!x#ldF+KF49k(ycu^OisBL`9(AOZ=1RWI_qtKhnL&2OQ^E7uo{D|*2W#r(mC!3R49*z%oX$%SE0ng2vK({;g9_aA zt7JuA&A3ig0ZN4Qnd?bo_`1W$#KTto;^e6_PPAk78w6u#Zq$p=3MA!55G>AU3Al1u zyfuuS`@=$rYl)No0MaN~)yh>PRNqPE{DVV%cAF4Kyd5kGeG@L~<#u}&Z)SveS)yIoX}g|OH{DQ6RAsVo&?tcH z`t;|d6T*RuQzTj9X-c%RurJt?=T>Yf?x!*G zMxHK(_o%C~WM~o%YJ-B|Xk?eF`r?JI8#3#>yN2b<+1Vsf3{rxPvC%KKPG69xuXw|8 z0<1hE3?|9U{3pCZ4W=Z18UcKH=$W*>v3*A>!`{sg#FirrZHw^ng$>_rs`2YLM|V}* zNceey0LD{ia|FE0_W-9m@XWS&K64?eJKB7!BesE>WTE@TY!rW9MRwbVsR+{2C8k94 zyyl&7)bjNy8`SxefgKtGaVSV4>}askm>cyZW;iHC{O^&8X!XyB*+7~~Glf4o9y`={ z>ngGW6+*(8nPQjGu-#g!n}PY3t@7_M6W=;a0dNjOKg41zjS~XPde@CJ5ovDZP?|#R z4E`&mFqrnnP6U*DtlRh@Mi7AwWx_zLqFgMv?jt%^^IT@HlH>19j#HNsehsdr3|!jD zkuO>rx4%-&h1bjrUk$?#D*QP!>I!DdFY)Ka7$_L82!nTh&AttO^upwMCOx6^$UQ=L zLud$9rM2KAh}Er@xe()fC72}U#6Dmx(^CQ83v0dkeOeEF>V>2cP-xFfD^^yLCv`G} z^RDPjleB*276(pNdt~Z2X<_6g!P^K?&JA8>UWJHUb4kWOFl~VASE0ul-YVjBV3#6E zk+jVs47yVz5vfMjAhq`IjD<=y*7U9G0aB8_kD~+Djs|)|&;>#kh$qb}>q>wj!w?uwp>M=fwHtxr5=idZVJj9~-SwmmxQJeyH>&Skx6 z=nd%H4uTWF#G0_y+v-K9J#R63BQ-6+2L_x0rZ*|ldHE)q;8i*7j6dvfSfW&9bDZJ7 zd3Q^vG@WXiPty(=w_Eq55(xq$RdshIhr|>{FoMK82WOW;fDc38&~GC+rY+3b_s6}> zG>kfQ8f6lp)9(FT4Fl9k@*(5k_L~TPb(V_sLTGef#NP9G2!zseIaoQg$i<4O=&b|O zODrTSMC4kU-U8uzKS!PW8Rv9q628@$QQ@m$M82k&`h%T!mO2@Y=bTk$2omDPBetvp zjx0JIvcQ_Zk9lQR(rJ%a*K$&9Z$-v)9|!cSvBbRj$?A*T@V&P z-Lot5w!#uAP{)ncfjL`wrWgpkr;aEYsXbXJrzgfKDbf<3F*VrV%VvCcuP5Tw^gN>( zyOBAc+u2+-vm83_?=suB}i!NwX!N+Fn|NbFs#X#N{E`M$26N!lK=_m@GkRIXe zr0X-CP_);V36^5KnHMOY-Wx#^q~&vE3AZ`4qfEKV=U7aock_%PDC==?qKHKFBnh#8 zQRlY#8(Ai=O%q9ixy^ojLLI^#5{T;axI2vs8^UNjfIbd(I>4pAc}OzT84nAbYEZM+eu|GW`gvMya`?8k%y0--#e-yC}A<} zOv8xoS6Hn>&&kjnN8Xq@SB*TieSK_>N2g}}(#q0gk@m?gJLcKG+Q2l%O1;=)*|r1Q z?I>+t#1AW+{<~=I3 zi-%u{v?VBj$lM=*{4I+k!r$NEIAPrEY z0=Uh)`(Xjmw5)(J{0{Diy%?DNnUR%jpPAfpXX#>a3>oqUp3xyfdLn)$;>v92brgOF z_Ye+}`d62KTS(lWGr|H*(yrFU(Mb~0ti{sW_w{dFzv(`t&#;ku??Ju+`9!s;8?703 z>3G?=UjC0vfI)nnKe$_@A?R6HxjU~r3I|yM+1>#Ma`R0DLLpwvK`Uw zR5I92biEU;=dDi^$}%3JxD>B6Lsd8j;MvZ_ zT-%jyKXGC@(Uf)4ezFsE0J?7hHA4ruTyOv9{CP;dg$oHX25hdJ=!mH3c-rmO zCF>;R9l^L>-MV@6m3Lp#i~b;_yRLA>CbA8WPUFZIUx6Zp8BJE@t9>WhHUl4qL^o?B z5fWO8&ikb51CZ-X%O)bXv;;p8}|%KoIN<-#@oW_dYtN8tdfax+vn zk5>Hu_u74Cax&@|QPeFcuUHVvBSefQI`rZ#Lq2i4<{)E0J>{Tfz zLf0@*USp_S_UV>#M%J`F0LD_WcW-Uil%?|z0w~gIw|}t)ww;bwabyf1a$iTcnM6x@ z@KAj4a!rTK%k8$)-N0*dB)3mTX_-6O-om`E=Vo^dMX~^jG!6d>d#Sz6)JjBu`7@E+ zq+T?g8g=$CVqiFPvNv_)h{pg&z`83<91ztZWpdb%Totp@PoLtt#;<11ys~2bE-(Ru z;5H9^ZuYjDr|-9$$CQ-0Y)9{Ak3ETLLp6+dmk%v~j^9Z$YRG$?r&DD{=uLiHZYg?L z(i1~sCvZL7-iK9s5?9F)4(%R^+xoSCqIaCp?IQcKgy(f@WL4=r6av>hqa;(4O5hE1 zhtmMAdecDFe;62~w3_9QF)F4>*=9W%B{)_oFtnRTJSNiL+Q6Z!x&X7=Z@THX*P$8g zl|RVv`xTf*7U*vh5AQpSE_??k`PSNn(chKZ-^@2KM^R#Z$CvIO zLE8477Sy9yhY;?;a9jD|R@sXtzRH{?>VTz-yet0tM$r?pe*2@Mk(4hbwUnhCd=O4> z-U~q;*PCD!tw95kzm}JU_lZuq@{m5;v`rnG`|wx6FO~zn_@HSvb*wbxV(l@zrGH=7 zj$I6eDO6DG`fc75rY%e?7@8AaWO5TC`RUnF4PZ`VAGJ*cw-m8{7Sz=aVNCh=&KX+P zF#Dv-e@$(&Hsdz~LiVJaU|KX(%iCi9^q9Yf0|5HX+!g?LqRH%_>9swx(f4#fpoRRd z^S#E&)IEuMedmIC1L!yPcaXGuzOPM7las(>OEv;YA@PmM|J1js8Zcbb9gYC*E;oi{ z6^BQ|gGf_kRJSu-hKaD*aESP=_C!ex7xSG8J9=6zQY#DW5mBS$Oj-g+6HVb^(x4tB zEDDsv_7FDC7KrI{n2Gb=b%ToQsPL=UXy-Wu$;0`#aeZ^``{v}c6#GFE3uJxKIx)N? ztz_sMCijsFb1;5-Wt%3(!+K?c6G6&P!KLKu7jzDvg0SsXQfo{FYD^r27`Z7zq2#;# zYUIaDg|$IJb#i?m4CxvyCm4x1h`Fv2a6*tNc+OHc%EQTz6IQ$lDM$i1dIKS2KS17P zG|4M&71k> zXWGNGW!O>?&3Ex>nE*@GkGn2TSkKmoA9Lc$_d`8*wMO8GFqEpdHh5#tcmVM4719V0 z+u@?|S)vtwhOMNcl29HwsK1$hRM@D}HEZW1m9;~{oK~M)i=NG2s)3SDFU90_3r`H6 z9~WZ~VoBryZPMb0>1-Kae;cjB77De-Q!V$|=t>2U%WZMXU6aZFO-PsW<#d;j$g$O;shHUhNatzk7-?rL{kh3oWZxHjtuF8AuAzixz?D z9qZutI_o3Ww$ub{1#TpBq6mqA;7*HZiVuYsaSn zf+Uo$yq9-a#+;jDgE3=P+R#>II&APocbm`X zB(^Zso-qTd3XEKn4D)PlYi4+>W}#X<0F_!fCTj}G^Vr7Y=L8Nwc}z(K5#T-xQmQ2c zs3VW`2jE*3QBzgp58ZK#oM91vOT$e)0sVO9e;j2ipA{T~4xu*SDwDGNB5>d<=Y4=Z zkEfpRsEAfPXUaAxlMBp2q`L2k392tjpB38B%-euNhl5X*Jn(YIO{Y9}z?+0Vs}H_d ze5?Nvhl#c!av(*rkKdk(Q==7d92kHK!&QDm0xZ{`Twmv^xsC2f76A9 zHvX5JNdWlQ%`E<>n?b7lKQ{v_^q+3VWR@*wsTT_XQu#MB0;;gzQa_os5d55)loi1h z%V{~#ZAKlj-=v@PX-2gTLs9dJ6&8#4Ci~CRdZ0|O@0$-T^(LSCZy|x-_jOkgv&OO+ zqL}8~Y)8V#CS=5lw6?cmdKy?9WF%aZ3FVNJq`o!=_eXi4k0YX|7 z%RWm|@Zq3tOJTh(T#X_ZCxw?qVpn_2`{optI0jRsq$GNOK`cN1*8+naiaPkp+I6Mh z{1c``px8%}0^~lG@^~P(R2~sQJ3Lr})Q(%fSIQ)_VhBkiztLn}Smb`nAz#rlJ9u1i z0TD?L&C#8GBn^MPCONfKu1vO_`2(X4$pJ+Bp}r#TS-F<31R3ixB4VenTh6$0ia7)k zwr^R@wwMdRIP_E;{^74JN`BvsVPdmStr=ww68djPHdHq1R`4FdYrI+{(Su>G1V<>6BNF%!>DAusqfqq}uP{oQ;sK<5=Ut$fQCfT}*4d$f1HUw|r% z!I*p&sLey)xHBED$p1uxGnWCIMm{&dm0!@;#OsZAuOMmG?#Q<^>^J*FG{+ClADarT4g)r7d-z*a zpZi)8*=QbL?m_Y65{JVu8 zJs{+V5f^?ZLx+uvB*A1v+E_q@-5jX@mQV?z9}STRd56!opg=n!1}v1e168N~#jy#s zB`(4DIP?B0mldT?9s1RWwdC;wn@dAD1S>oKPfFrX&NULqc%v2239H%uTg}h!()ceX zTZ$&KnH;O?Og^H%dSoX+Rb&m`+v7nuNqYP z-pI#Vkw=NfBQ83b5=@rJnbas^P#p+V(C}SUig~{2!?=s&jQs``!~5W{H2hGcc+q5U z8nf-_HtSrhKmKKOZVpOu0oL&cqFJRa8mhbutlo43z|aXe&a$v@@iY=|M!lqR0l|qp zPffzzf~@6J_i#+B0EoNbH!Xf*)}Cj;#AR7Q8@n9Xq4-BCEg+YKaGsj;=Az-Xo>3I- z{kUv+F_2RC2`*qjNTiDQyA*R-mtBu8=4Jr*rE=q}!z@sXYH6KXz#QPn`Z_rvaa;nw zvNDVK=o<8o&y<$>-@u>*_4bWkF{m=pKAECs^&*LM9I#`^Jn~$-)gUJlgvN*4Kk(14 z1oxnkHH4L-b&yFsuHr=f*4rB5lJm$ijNm^SZK`9-3`eFHnx_{>FT9}KB~=~Bd;I^_ zgMbvc{OOi2(ow5jnj23$(eYH?B>kh8N;z&#A43gZG$<#svZEy?Rj;ip=O{Ud%iT)j z4o?U}o|RNTvoAhe$RqQSS779bO5M4PDeL=6VSjeqy@~$kx2I@aDpl8KtF>$YC3au6 za8#KW<=9Af__B$fVJ#Qib`1p}JMlZWdXzAbPuX}(ldE*g>v#F_@(O1Yhru6A!5s6> zd1~!YKiKFWJF{t;42>?sg)O1M=Vq~+dVt@?ITmHoijd0NE_2P~6w9rdH=quW9K1Y9Q%3+LkG(rj{*!2BlfD9z8lTGLe{Tk(^xneG!xjKYOG6CyS;3=L1ey=g2 zO|LUIUeb}tW!}gz)_UU5@qH?Pg?f?&)+Np%tdFb}2Ao7%C?l8lc zPOGzG?{FQuDc>v)7Surqmss5fyRY0FGRcwID)W2kWK!^LYh|`65h^m6jM9=w&a2+(IfyT zqkmC$uc(bc)Oy81+$1>~5||gJeWP#LG{&~58nZSsmJN-XrruWH7U9)>d8u^p50dV% zU{rXX4ncEHDqwXhNes5YePJd(Adep7&%V@X237@9J3XR(3O9`-(_mGFV9<{0Thi9& zw?Rn`e#~&=x(BWO9-6-!p-lr^7AnOZ*`A?;!vi+?t#&Rn>+ECAwL8Vo;%m!^U)zfu zG0ZK5S|NR>ybPq7SYn*rxP6>mbtWpgwgmCAN8Im-d;^RaT{gZW^9gH%;J#{HRCxC`x!I4OH|DEprC&{POZFp0g$lnTM=h zVfEEer=`5fY*@b++xt~RRx-BXkN1$MsNgjoUxlX*ml$uUL_w(H)2{vUeW7?Gh?-PU zh`$A9MYU%aqXoJW*gC+=HEbLStX&VVjdlt>cVp%arP^-<#3dRqn`==MspO9Mqu2#`hq2sfvBi1r52@B82QJhQcp6C7Qp+}{0r5Kb>HA|qja zzc%`HI$`B-AQAE!$^i%FLa3JPz(vZ02ho^UK(E%x+0wUqdBVtvr{M2Xs+i%w`e*XN z7%62S1Rb3nG#^pkoQN>fDj1eQlpJ9ar%PUOD;lCyC54)C!t4xiNqQJvz%fNs_8PKn^u zi=Nec`(qLpDdJ<8g~;Kcn_YSBwNLj_S2H(0Xa@><MS43mkv$J^q|=~(;0ztcmE94@i|G2-j@PP1tE z2D0SA>r5z%Jl*@Kmp>Aw=fLj}U5WJsT|qWV66HH@bCAcGs4t;@Lx;Y!OKt)t4F>RO z@&gVP1*jwRc_;DR*CSXeOEDT4(N~S9s1RJItVBtA1B=0v?G{|a34M47LG@iEJzle) zc(Ujg3bs;%a_ikyp2TV#4zb)Yovcj>J7ZekUE-3u;Xp^&+9YB=aHH7qs)5=av<`q_ z@a0dNOvWWX-AHC~yogO7xeO+}9xOaDqjWsN`eV&)o(Zsb`sPdGS_wy;HvRgeHAt?& zdPJx@UjSKcrXtCjB7g#V47?8gu<8CO(_Ne@cKPk~mUF8lJv5y?Z2s0ZQG&&5F9wjz z(@-Qd=M{AjKQWuYO}WU6DrwzHOyuIx%yy9FWG|;&3#dzMo^sUlhYWmJXGmbp#Y+{p zo~alSmtum?hyooYCapSaIQgk^!+x`M9)Ug9P`Rd`^+r4YZC+(ADB9;1y+;^!j8#!8cfN+cN1*U^b4GJM$ z>H{fo-(Io$iOy1AI0HpKC$!xyxR3zbcR%|=zy*Nk;=l!kg}lW0H~a39@x&a`veGx1(yy_?TBaA!Cr)pV}GJS$6Z-ws1ZEgj&M2N$GSQ%Tu z$}GF;f>-S?O!?efl*#&b>BjrvO$4rGh_RU^o(QMN08(%q zqA}8!%N!>%I7e0i+?e|=X)NK!PXlF83?vagXhA&bEu4_cALx>PCBHwc$q?Feae}Iq zh0B`;B->gQX*H@{W|2WNO_lNpt5k7n$Tu+XUe%Z6r$Pez%iPR*GZtrtIW-~SDpE07 z_mGZw=B;+z8H|wlkHIOR+)-g+a z_yHWeZ-tokJB=uIi5CDAPp#9FfR|n$9gtharjD@uf>wWEka-k4%SvodxD`IkO(6^k zT|Y!v0gN(N7D1d4vl6P16Zjg^ti(Aj*COM$*?ezPsK1)gx$~+n%Q}Fba#FT_-8{{p zPGWjuj?_m4uuaWZ<5Inlg2V$j4(WrO`3QEtukjlNU)(X*$Pd103g6$_+_g#3a*g>Q18#3A0ZXn3L;ow7OeKip-(% zbYz#0P|5+)17>c&-wC?yle1DkN(YQB>MfPYu_>sRv1V&?hXSr_I9=#A)%IDzg*?tBsQv zJa<+EU~Wg9jqN>Q?tv04a)-l3bYFY#oMjZVjZs+=Y$j9}XL;B{eU+4isTQBj8_ct> zi~+rp!v1kHGJj3V|8O((|GJr`|8_IPh5xvjlK1~`GxGmTgxLI_ZU*>YH#7I2Zicw< z|J=;t-!gJQKnSS6C*XhgW^{HmR+3a!&`H<=I(b5n{r11`?c}AfuqmukF=`rMJl@fo zSm+=Ei${KL`x074Rs7W1RbdwLiR5lDD9P_O3z)wutapAs{n{T#S!(%4w*-{kPScs* z-b`~Hj8K9UT-tfcnJOsu&rW?gC~&1-=Ax9lkUit%J>&Y42zgnoXCv(8aRWqQ!17Ez zO3Cc95LOz)^k28N)jlRiGwD|k8wF6O4a0jE+?N# z<82SC-g%imoQlI_AC5z&Qxt!T>DB+jD?5<0+-Dk#0(vO}xvE0}&-!d&?XCTLY+M0- zJ>Ctss0f`qtviQU09ysbjXa6IM>3y7C8z6?+90wSONjn03lZkhXofY^p_VtjMAN}8yRV1wsfQ{>eAd%jbBOFn$KZ{=9)yT+z)U&Y_ZQwzFCA zIn@Z&7Xa5mzuwE7C=0))cGb=jQ3P9{^669ixoT(s;l~0OfUn$Ts0AN8x|H3m2ZQ?p zxakzm2bx^1_7VspA?hPanD&zFwIXS5`o75z!78!FF@k{acZ+8h%#f z{C*+vQ}k8eREoUBq_VL~w7;VjqU>oX(%N{Tlx4*0nDe80D%cELx1w~5SKMlpmj-*B zk$aRgs@Koo&HAVD-db|Cha|Y+ zcI5Y9R6i#rg}A~sx|!BZdyvgL5iR0x^49KDM`fk+7Icm70JnMXf%DvTcYBB!DJ<1a zrOwT9SYFLWD5!`{HrQm=O^h$pBHos8w*e3lXvcnH%?N)gQT#+IvA_n%-Re3Z`v+fP zD1tPJ1}MvXiMIj`FuFFs&Mn8+c$>h1*}*3fkrYMs(4Cr`T^BUU=f&rHRue^ z*hRl@(6r|81z0e_(*Ic1=fIX6uf+ScI7wm^Au`rV;e zXi}7JjWrZdHy=Bl3}&r)c&9=>t8|{4Xc`9EE^(CL@Lr?>O%J>qSv(_S0jBVs1I!R` z|JLmh&HocDv`qqk0?d_WPD>=ip~1Z`uMStDk&Z=>Mxgxumc zym^jeFJPl7kAZ;KK$e`lhZ+6@AQq8YwI1ZVW6=Unif!4SZVS@kdz($rtimJBCFK=_ z1m^)p+%jGwi~x?zMERV$cILd>RkOR{x$_iu+=Yh8Ypkcxb$_0}>lBe2;0)^NDj>Iq z5THvDj-q!A{f+P~N8G-*2B7%IJF6c=7;9CXz7^#kfxoJr*(!k^XzBfuLcghE<`ws` zEEaDVNYXMJI}+^-Ar$MO!qsFlaP5IqSnnniBS#+vLSB@uJ*cBJ@{B~^4vn#P5%teA zz#A2I8KbUp=p_ooqLci_+b%54GnH`}o9|Mob(VT6RdPnuW<16UG*?l0zFH22kZ%Y! zH(05O6AQhuNZ(~ZP>pOicn#*ye+@}sKzck{ZOEEV+uP*+O56y$jimDEn7;+^{@b;f zji-Zd9BbY_={PdBJWSGssn(Wy2YzOK`hu3jbsUPf2wY3#h_`uH4x;j;z2s!g9@mkg z!LmwY=gUOt!(Qt_kdA1&$wefje~OZ!M|;>O0d8lVavnB7(ChQ7(xr%QifQ zuBH==gbe^uT=O}jAu_JuCet_wRu;BgiIti&D+q&cyGf~*-6=i5NUZuF#KpQj4%N82 zb|vVD8Xw@LGT0Pk6ELuz$MYIj_e4FV`~AP70(*>~QJy#EI7^mOsdy6WN{DLADA8Kfn_pW?4|nPmemo@G$6hK25SlA4uQrNEXam3e_* z33GEoFSBesJ)ffRy!&~o{9}t3lv<=!1c_zr!BfE}n@v>H2&cl`7|&oQLLl%3_Zwdo zxnXv|kk0l=kERH*o%IFE8}fJ)#ZWZ~9=P_J=_4*Q?rB4{A?ySDgh3>gIgz#;UI??* z{9)@%JSZd1xA1IYd^o!Fd>ePF<23`b$d6Im^(_^7ebl}CE41M0mjhLtrh=Nihnl&q z?d5+_-3ho^?)koK_Dr5ja6dPdjKK}6(^~7+n3(gIU%1R_yhj4V>tFQz7_eVRy8BvH_-JQdtN-*I2L2-OdD|u|AJKfT zc^eTn7p?(}_dX*^8PGNjcwlFTlLQR_Am5U>MD|@A<}i}nT%AcYYXzx$%2t-5jI9?^$0JUaS=i1#XZMSn#=Doam|IfwOJ=u zg^Y2g@fnEC=Vvwdb1QPvBFOO1PC73v@x`m>(oel4Xoe`Qo$Qi;puO^eMc}d6zW8#7 z<kwS$)eaF9Bs1+|4kN4b=K`t0Cvf!-G!2hGRU$>;_k54zM=EP(fRY(mE&z zuu+0{ifT7uX|$Zj>Trkvw-*v;EaMRwiMLRTT|qiY*x$ZTKF*z)Q{c(3LZlH3Na7D5 zW9dYh%m6o*+HVkqh^V5wUXgF9KX=vUPFcCN^m17KGgTOH%eM3q&2TZB!PbNf-Ip9W ze*8rFJ~9G`b%tQ+zqPVbCiur3JuRL%(^gCdC(}#3J_eEyHVBm!Mp4z~%Y4vQiCVTPwE;kU}*kiF_Thl{UDvd|k`QObvFK(uk_*ot`+dg6_`t?R>% z8JrPgdYS^YrFWk9Oq|s(>i|oPQOUCxJ}LV;;wWRt1o@^N%d!ciJ!oQwx!S3{m$~X< zq;+3?PE9jm<0fV&?E7qV3&XxZ*xyZn6r1?5Whhss_$W?wOia@v9$Uvc@`!%~6#TlH z8%5?a`b|)gHc&ntI#1PY82H^Jsv6DD>R|1F>O9fcpsEGv5^1`o=FMp{%BF^&$4iQ3 z*9ue+l-FnnHf6+x`hP6L4XKtB;{sArH2(PTTv}D+Mw|Pw?I4QzYI{lRIW(65B5sR7 z7?YI3WSTyKdN+CL`~kr?T2@;mgy(wJU!7j)^2~FBI5Y6hCl*?s+aTS3ggJGaE2Qk} z5ovEVd^eFbPp@_l(Z6%!=_lFItx52wg3>~yl~LE->+n@UAgUIfpS|bqy>-+Dk^Z8> zh)>qoYLLMPl{&dQ_%-22-HffWlj$oAsWIb@;hOk{Pna#N(?mjKlu-=h0a#Y#?QNVn zdsf6ffvjy?TL+vcsoPxa(8ur$Ci+g_qG!&&FuqjgfoWAQmH21V=ey(rp;T&XqoKe9 zNMv^gp%Y9yOIWE&{n+N9IWhpWj@67M+QuKjkuxZ(BSj}2XHT!IaHyYKQf+(~SHpSI z2g|2PDcoO(0)z!WbW5e&Z^go83j`k1m)MBht+DM05zG8tSXVQQ{!fNR*1iCslkCfEw z#2%lT)Tcno8TwHE9egOoGoDp4ztBw|6nu-1dgo2}g+}zJG~ERRk*Ad=ryJR<4gNE_da5qlF>c3PQbvy zBazLUNKpn_>49r!zyKNXwHlLrTj+R)V+;y9L+j;qE!ZOi&hspbEe z6x6>a<$t&thJW2mDINf4Ui# z%>Q#UTb%#tW*7|d2Pdj78^5n0!64%>NrJI2Zf+nd`>&PbEVr)n#J+Yd#T572L2}>H z<(mCXPH*YhL^@B2|G4pOFsk$D>3}G3tYcf3qKX`ptYB-WpP`i5}av#rxLlM;XC} z3!E@4NWEHO^MYGVgKJRtE3$Gyu_e;KgMOzN4rLH%ruoaF^Ud4~>ujQ@7;+UHK)^j??Cqq8fF^r)t>3wm+*zo|&NGhz%_sbI!5nbD9hDg^y7>$TDf!BQ~WnnQ}yu> z9s#OW%iuB-*PLreZX;aqx3xpf(8%%6Sje@RM2Xc0X_r3=e}1Ev?GozEqtb!W_GZ%r zzRkJ+kgr`tMkynUudBHITClccf8$1it=4ci2`HwbdBU{mO;Xrn08-deD!Wwnm~5^& zEzdMswdNW|*_n&R7^kv^ZnC*oYp7bNOOb*I;4;BYMf8FiLF{u8HfIIaZF`EK5u(}85~ILLsX#YC4Q!*9738e30Y3rkE#hb?up~C)@8)|Rm;?tG$HnDs6sJy;HobBz zfl}iLP7NdgxCnVuqv+HW2kT_BXu4;=u0Z5IF;b^NGp^(Nl&`-J^kz)CfL4JA28C7DzcerAP6iZSg~^ZVrx&ZvY3{PlvFmhpMC2;f(drCmoBh8>FTfneqL=# z0#*Z4zBeI^yUrNWOyx?-?Fuu)4xp>XYi~Jw!(pVr+gWbs@V42?6Of-ee-je-Nmg)w zc&`BFyP)r}K6{)*m96S!$p=ibp!?OY(u$T&i&XU6m1Y$Tr=&cjPB zImWu^*VqV7W})e03rravm%@j^0{;FqZ&Bcx0AtC_xP%hN;E=DO=?%C0p9F+0*l3SjQ-i5 z)21l*zu^c+mmp9=(Gll@s0Lro7Xqip0>x-#lRl&{TI>7<7&IHbLV5;Tvd0+bd%l-g zhf=)$d{WqM9*1QjYi_bm@KnW*#5v+;A@XuG%=Xb@g4^!TTkTE~cZKy36UAerT7HoM zMPj_1nIIAN44tmm=u_2QoN8BLQdGk9dn#3_=gkZ1rGgF7L#j3Ytm9})1p zxNOZZs}H(FHcPLY&#HtX?Wg|+0Tspf5TtDR&{l*E(LlweU7XDGd_2{$G%&-O0ted5 zhp{K?NEW`m1*f_zN9~V&!)uQH0Latp>}?sb@4j8zy9s@-4jc!o9rmZw_^o#iBPwI4 zi0B?<-0V9r)D7$Dd3>q5T-EEHe*)t^o!#oEKs}x z`Hs+&L0Onl7(sRsno5%}u)d#4AdszNcn0pdc!~9TYjhLqV6Ua|F|nn$1PSUyekIub z$c}iuB*7K*$Z^htHm^%hh6tk-iQ77}p9ZE|Fq_avH*<$D7)N)$*Cy43(H;iQf8uxd zm4$;4u9B7J2QO6fve6CIF`uEVq8XQ>MBM*R=eX$s~S2k6;#0)2Qh6TQ#1 zN}$bL<_M}_1>^RtW$4jfjz8Gu!YA-8vFL$fO0%L zlE)g{*{7Ssbx8t_Vdg|2RnPD?Q9WL?BbP)7G>8)WfXNd#2-Y^2wZbJ++v!lj&DP+> zz6BwBFY_BmTsS^!a?@Orubb-#N1a)WZAoHZ#8&vq%@)WnV$h~`ZojTzaK|Ajp&m?# z9iDS;GG0`6(M_Q*f*PWmX=bpp+tbAMN(#r*UP+TH3bsyi_p^Q_I5XA-n^C8veBh+M z#->0cQt#;SOXHA}avPHrpQ6SOy!H%^fkgm{3@ixx*-3cBq!=wPjv2@>_R+?q#6Mc8 z0Hd)q&+sGvC4np)uj#1Ci6tNOO=Fz{HE0$(`VKdnK8`lWoYVmZpDj*6ZWZTLI?7-- zIQ*N26hPL5b8_7QP#uL`7&$gFov59<<+ zT!q_UlU1E1jH9_DfCcbSP!?JP^6a2&S8)AI;Zb&I!gQ>XtYHe=Q!&JP1&%^AqWIkQ zhuq0!55B(?*4?1ZP8*Bj!f(G;Rs_oWg!)40E(?1TBH3KkwcDPxR&jU<8!(`hPM+x$ z*41e4rjFWMnRF*CqsGosHC<1M2%Vxx`g84~+OIU7(CfjYPK3*zp@bz_p24{zdbX(P zg~`)YW5R1RkLHj=Kq+|n$+!MQd|1Ec`n) z)H9BT6%t3UY7ZVaY!nO3+2i2C2}$BJpiM)TD0DL;U&Ml z6sG&3YeTFAk08GESq6I$L!F2Bty|@uC$%8Rb`a;=GNfFc?^{|Ik?}EKFnt%pG@Q=7 zMAv>zEm1_dFYf<9aqdL;;yAG#0{G(K!r zfmlpbJeaCsIhiov_%zOeLCX4N&HWuxq1$IsAgc}66rO9F(HOitM!?IDr!mK#s6JVm z39%IkDSss+VgG?NGlj~9Kqc){8^I0$4ajCJv!XdE{@(Bla$QrvBC42|?wvV4?;qxe z-1?u)&-gF%H~csA^I!gD{_Q{I|IPd}e<%JA=7;!~`JMig`S~yZkNK}R|C9Me7YMzp z>KNyVU=_bjV|{@m$5zyaisTodn!h2;fiqwC%=z#B0HuMZj$hOGDx_3d@@0JAt)pRPdw|Ckw~q+2zTi;X0&il0=- zb?po(QgBI+EDhwQhWhTE{VXsFP%EaD`vVr4U*EBu`Dv2@^!4QRL4b5@|Lqm&IlX>} zi(Q3mH#Sgk67uWCk66ytyvAQmrGLLG8^_|<>3Dqd@Lu^oOqdvAhDSofHn=<&{EtB5 z{S0S=%Zq~Xr`p$w|1MXMIGC%p^I_zX6ayXr&(tAqrDggqlp6ANBy(oZ9PeFF!P{)Y z$#=TYt*G}2o5Js8yLVS9%9}Y<4W@~5V>LwHX}#LRaD-LheGy}q^7v_RVfVE&x9=yV z11q^03aQUbSRQOZj#i)BFCE8boXZo+AEmfftMDu4x$5pW9Zg@R4@3eu9T?Twh0BpY zAj%D+gLlx=Mx~m<+2E+A?a6HeP^q#|Pgzyls`#_?%=0Nrf7T`l?J7Yj0E6*a19%3t z%17N-`0JD}ksg;*o{i&Z>2`Nw?PhK1LaL(VmeiR*Ji{+fAXR3$ z-%Ulm#$g+rv^l%9j6>m8jLhW2>LQ@EugURf>(YLZWIqltvE*6d@v($nv5dC?-jq#P z*Oz6fXHRx}2Q%}CoV#sLDgCI}mMpbI@rh(WW6kulm@h~SL9D8WDdEN6)Y)HXUw!x>Z1m!O=B1 zJL?@#F4bLH6}>6AZ%(nhv>45@I(uzg0iEg3_A|1auyDZ9qvDU*OkCo=`o@)uyPhiH zu~{t8;-iFaX`l`v1tM0EcocGd!*HGZSQ{t9D!p{dw{Ne?^mQ>2$V3D!Dk11X@ql1> z{vKfiP1C(z0dI_F)wa}F?!ME5N1^lO@*PF{0bs5m;AXo4H8~hw@XID4o0wTQCm2dM zA?!ghgACHAJ|kV*N8QJWQc+;BPQU!rMC7WXoiubEr^ZIuV#i*v#NdOb+w56<*LnaP z&IFm(maLZSIbLrc&24=4v>itv?Vj9-h;Ri~G%gw|^u$+%7C2%)m88D6k=&lY@zSTD4- zbK82f8|?dCf3Z0vQd!J0{wr^7@acgsk{LcX60P*xFiKQl&?uG#< z7FKqF7<}74Cas|Z!z9g?Q+qfp|20BR&Y_Hz3tan1v|$7Ld_4!dJxb~p!<|T-j{r8* znoQ(~h-5X>HB`4-QY=wcyCsS?is!Tr-8T^DgnvGca{XZ z7STHsren0OBX#NATyBC{3bm%r$xS%Vop>NN<80MKn^BfOR`UWwOY z8HaQf@tan$&t4Y8@gV`eoCy>E%J3xIfZSE>k)56fSf?b&&11?d578esc*$ z>GO)n*c(75-uK1l$JKE=p73V%Jl~=iOABokJcN{Zo6@Gs&hvw@DvJWM86IaC9{;p@ zVb-?W`94o*-MOM}J4}{BpldY&CiZ*!NXLcQErR1J4#>>8cl?LgH`tt*#K;%A-M2WT zwMCH!iFv$mOaCd~ze!6IN!L$dKuexh$sd#uAtzq&)LdUSu@Ucm9mKhGX4oKuiKJEh zgu)9+>Ql)4JJ*}qV=sCFZ$>;`CC0yFkDyDU>Q&s6&T?8nN-RFl0i|(_FpwUxJ?)*u zEfeeh)%T)Xf>!)!gcAPvq!&qNnGcfrI8d$^>b})OI-@MkA3kzPC^BHL{|NZCje%4+ zRZ~X>TeY3QxCnv4^dh#5XQ!~#7t#BepxhqJEgmSrBr3+FqOBRPGy&w|K%vU$%HA1@ z;Pr>S^QFlyzjnzBf@b^ zUEX(z?Pt??lRI_|N~2RBbl})2JEgU{y@p-!#k4F_LXk&UqHZ~*7-HHPs7`!1%vX>n z^wj(h#pNC=T|;LIZX&Ezm2ruR9%fO%5Qk*hpQ3Y!QIx1?++!17TxsaC&H%wv4z~G% zBR&Xz?K#ZL8*2th339`7C0{|H55&Bwn`IwVba~$mIHqv0+_i=-ON=`dvh*^cB~kH= z*q8{@;&74oA|59e`l0Uu{k#C&jZhyd`IN~WWhwn9D=dlbVaX}|@D|;r%I$8v%4%~G z&tZ~)X_{t>AndubwrIe&&COJ!?oqN!tS?X-yc%3=%@2e&f3p$Gv|c$=s=0oED43O7 z7f=p%sfk514`+LJbd5 z@TJ`t`71bC?t`^xO;7={8;4*)vrybaRCY_2&5Jxjt82Jrfxvy`!U}Gu0f@MsKyQ0~ zYY|!0vbNzHYo|~~9wkG%e=h3pu^gdhbltQ=UN+L@PJbv$T~hJTx1W4pW%nDn3qHM= zM)2lghJVS+1Vtu*NZ%Lh&0%ny&+}S;Q zBToDO`1;3KQKD^Y8=bao+qP}nwr$(Cxu$KeY1_7Ke`}xQ++^Q3IX~*}NGhqM^?G_6 zt=;zHw=IZKWW`l2Rx`LQUGNZVyEYu~y*24uu%KdDu|o}cLTocBG=_T!A(ocu<^}b$?1B%`?=<@X zPTTL=wICimQw{aM(5>NEb#Pf4&NYm1{5aguMIRs+PsmLoLivR4Weq%+MZAXS!7-D$ z&3h=UExC1EGCzK+aT?0c!~pg-$ewqJ7}@5*#Bp`htR6rhLEvokn2WOGj^RZ)Ep`u) z%dFso78BMRW(k;L(jB3T*!IKyGdt-~QOLLS&83)u$|oi@>{i3&ZcG_+Xs84@(M>S9 z$ZggQhOae7zpd_Qs8q$VcZsVZhhd!Xwy(9-2p5XMYaNECzBPC?P!T;!<6CzmE9nh_ zieC@su}csG^tWXZRt)&;;ic;w=^t~=r3Y7O@+}D%&k@6EAQF3=j9-hL9{4`^UZ1Kc zY9FxjA$tL)^PX$lxkYPlA!0@=4cPH~3R*F21D(F>oh@icpU#SxP*rfL|J7@|gF|aV z5#aGvConZ61Eg>-y&cE69gH1h3b-^CeS}XSXuLWwEH>25eVgVjyrcFJ9buw|LB?x+ z75$Cq2_jFDRX%>OAwee>|8Y>pHWV=njBMz|A4nZ+{k`6fr)Ox;LW1B4oHJGbSt;?vt_nNvA=H2BN7`&eH8hZSlD~4YG4(*!eJD;j|e$VlC zS#n;wkEwB#!PO+**}8a~wjLG-*0NWvZG=`^N58jllI(B8BDKQM9#6PIx#I-NgHBZT zFY9>KzXR1~^cc9)>N&pb+K&%{`>GnZ!D$rsp2W>cOGhTrAQn^+9ma>#)mL(GV%#wQ z=uHGvA1+{{@IJ~Y^tIjKp7g2y5w5#;3a{i2DilX8vfkOVG_UzIshPud+IJ8;4DO*H z)$kgJ!ciuP-i;gl@(-<TL z84gaiNk+Sm9K7M@EleqA1i!7MZi3*b*WeZc(|4`TiZPOTX(f$rp#jnfM-7YX_y=os z?eDt8NH|3xTF%{CB0M`&qR9fWJyoBwJNlksS5{_gQju&ikbL+DOw2c9xFzTa^nYCn z55KrM1`$S68vyfo;LP9bIleO|W#%Wzq-ArMJ`HQrQgVD>y4cQX8q;wkof1$23r#9f z@<9mpyXeo?>xH+|eoKA8WP)KH@_^~9>-HL^G=Zz2^k&hO@I~RTL%Ncvb09N&3RRqn zOhKPZtD7C^zEY2U`ex+WUL94UBy65}>oqPLR+gE67<4U$QUj78Xw}v&uzS{nKSr2R z*mP(md~Az6FY*G`2GTX{2Z7;9t#FZz<6gPyLPkTunKXwG3I-c+71GG8P{kX{ZZ#G} z`FHHr(y4#$D-6lH6vFwP=^OoCBS8MckFr&O|F4}f^Z#f`!~d%#3P=C6Cf8zDOet!3VIhfECB%Qx| zbQejR^=EhQ-U&4=WaC>-eO>1g8&9;oc{_$;UAkbQD5z0N%ONpFQcyA{A^}p`?Ce?T zGcJH-$3UdeiXjF9I=r2W*&BDz2+-ZNEHkCWmXpH#)(%8x+~JrvHHnH1ESz@TQR1~E ziX(ET?Sx=+Q8GC0V_v5)oj_@PIbb!B&re?=?fk}iI?p?5#RaY4wYsSyyCQ47XfVLU zS?q6n0rBE}4OfP1TcI}2vyO*y0YN_wfzyvu$yd7b&9LX%&T2=LIPYJLRDFVy#B?}4 zp)V@OJ;!R5eT1DLLzw{|`N+-_dBxE%KJkTho25? zQB51YcwDX2h@|o3M^NY^tnIzD7<9oCF4`aCUvU)3m=3lUUC7%>;K~Mo&7odbd6;{+ z@b;fv7hz~Rm>G7{_3c0D6)GM6e38&xUYKKCpn?Qi%A#rbG&-evM2$uGSA@8O6zq}J zcQ95NNCgZv)o5&3v|F(@e$iadZML}j$qUz6qBFF-ffjuM$t^jx42u%*B~vk>Hyco;yXVaRy6eXn8CpNDl^W#kA~&h~xv82{^aSd?c(4ehv__6T}tXG!51&`#6fn z1F6nGAW>Qm(76=?WjL3>X4E6pIXh4 z(VsO5g;+512neT?=5(mRvc$0Di^AMlWE=09N#T!-V2APAroXm5(skzf>RlO-A5##B zkI>afxY@^2z2CYZ!SE)-#|ZoB<4}i^W!Zg|h~5C6Rol9`1?pxIv*Ty77g~~;?IJP$ zq2^TiLLqu#(0(AXxByP4Ww6h-QN>p3*x6}pA>EXOB%TQ&X1q~K>cO^^{DqKxjmFA< z|Kb%MQx?~(yFK8KoXOm`X~=tTTqU#-@Ro0K2V|!xtXd!pfhh8^$CuGDI-OK~zZ8Rs zh&EH8D4!|h!wHbO*xyY@AOU6f^=R0Bj?H`JH4HPj*4zR3>Cz%?IY(8cB zV5I&-O?zajOMVS{x()yU;n%MYNZa%jHAAKXgY0!fqw;eZP6``SDf5xq1dAd|grsoHq(?x4f^m2*wINl9bj&vD4xb?x2;>qX&)!T;$VR+vl z^pI$eJt@e$Ob@2pW@!fTFmpvlk}tG>JHh;y13h9wvjDc;xq1>VU$5SrMm8ENnep>+ zh-jG!Uxih}fwgjBtmC@i7arzoQ1D?CV{jmRI4GW`q(94>N>y8+7f(Es1>7q2Fc%6$ z`)&zg?KSGNPP3R}e(CdqLo}x}VZC(&TN@a<)e2}eEi3i;sq@$YDDMGUrCVdz zl-C&Lte={_+8xb5oq5TtWfEYl!Ma(ADW3vmMPc=ZTxuOLMqc)QtQFGo3lwnvD?ApQ zPQHc$gM(&>7^oV^r4KT$T^WT$m9XZxs$>}!a!3HS4z!inQhL9_xy^#8KA8&cls7uu6Cb`EOmJEk1 zk8hw5+>TfQj2yd;U&TzJa-bNl#I6L~j9qnNQ)5|1w^_rQm_?AN6XC}66+%+fdPDlf z(SE-C+|+%cPy13Yl%?ZBq>6qm{j;ud-zwW>(ZPXW9fj{^?J?sr z7G#yQ4s}QN=xC5?Y+s_=+}}|>R)#HWmy~P`w3_r|v-3PAjF=IXz_fDh%IO-+OPQ0H z+qAwVi`s1NW`tcG`oXKL|1gP5h%eqioR8ST57#XPs=YDvyjpcuUmq>ok}t7sq?aio z;>LcRj=X|vP2@ENXhJsq;VouVpXkih=b|eCOoG&5!8|F6oR{l}V!t|$K2}u*!ei`; z0fe0UbT`JGUIXW|gyYm4FW4nN{}aEI;fuX^jWplmO3mHA)`jm=thX|vZ_&DD_V>y= zy?W)2_sys=c2T#EN0PREH_iDtSnnlT_qcV>JqYgtLiH4gC9U z?Ckn@o&(%CPZRh-4oBBvh%qEOhK>_Po2gTj}phwqZ8vi7h z)Vx-7eI$KT9uqJHI=Q?C*;y;VrJXrcLOi}`>7JVuaolU~zJl@|F|pDW^ZG+RaxSIU z$`nWKZ7FjTYxkLsY8oeuId>jVG{^u}%3r(~`#V!Xh<>9Oh*rL!#_LzPOg*j3LjDu^ zLq$Em1gy~VC^OvXO(4`7V}Fla8v=(O{@J+XXQDByoLRlC59Bb)fS1IWz+9oUK@#!P)9;#%WTw@lIu|Udu}q#&^4lp^`4ZAn?|wn8I4=d7&CAiNgMkx$)R)6SfB0D& z3sTp8cQe!aXa13}#`h#?A@3+HwmBcHDnd)uf$6qqehOkZ6x&ZpH# zAW1-UE$601p=sh#$WD=-KIy*Ixq2Dstrw~jM$0r_Z;MH?e@2PlTq;k@ljQ+wrn5OE zn!i}dlRP4b3SI)nz?Q(*+K?EIwg_wSa2oG}*ms?AxNvqf3mi}N^I-tNk%dAmZ=X~3 z4Z(`0LELxv*qNmh^<#)BfY*_m<3l(sNtirn3IJH{UkkOuzC3RJolkDdNqE#R@_v3KaBn0-Jl&YKghlT>) zQTA}6yT0#cORvo!&+Bxy3jM8Ye9`Xlw0g$g2JFbhpOMjEsLkBz2E@5DDfjiSWifkB zsTif1h^JjR!j;S^(uqF%{bGAR>ag6cI&tzd7Ha|^vGCxc6r0capJTYlEd5V_o2lY zX<zM010$h{0neO_%sxO&vRhBNrkqy5%q9Yf?jjOz_grb$5UTsx+ zy$Dh^gRHsFhaj0n#1jNnE~7eda_;w8;x%me3mTS2wHD5Bep^Yirb~Msq29Ti(fLi6 zSvId~S(PREzDvSZk(fYNCZ9Z_J=~AS-{1W&9h9b82?qsiMp8a;_-=IK`IetWj~$~Q z`IIqic}cisF8?+BlN@DTKhunRavkrc!LtWAPgTCl*z889fd4e4Gx2mE!?lM%6xy@d z%rLmHI{V4IvmSe_SqmBrg9-RNJX>^ef;T3=an+b1kBCkKZ(AFS z>UPFyX{_6sH%3*4qLj7>=tux$Jl^GQ0mGoun|^xR4R@cGKa$4jD4fERq+`@|ir3rbv-w~YaX8NYu{3(cxKILQ zVA#MVlG+29_(KkAKI7(c|2}Z!T`?lC{@?5S+n=_eQj%*23d@qhpm|X6p+O-lxX6n+ z7;K}@gz_)ag6>@``*ZkO2PJGpk|<<-CVJ^=)@YvjW$-C$ca6M26YIB>vHKaP-UKbe zF$#oFb>W-Y(u>iJKadv*<*1mKOBhwYtWcTGAH9uc(&lzgbET?4kT@i66Uz6 zPcqYm_&2hx3rW5i$N5%bz@y=xowzgX1jAFO0UXsfa>*Cwo~t!J6Tt+X-P%UpKymsI zhkUoYPWRerk99b!X`RQmKO}gNW9jcpFFoia35ev;>)w|G#wUg)n_{kjD#(H2z)w4; z=~bXYY?D>QXC!2L2Ff3I=ZuSAzgDuw6iKNc8S<1B-$Z8V2Q_u#vg4lNXYOc?p}<68 zdD_A{bi7KVv34p>XR_;9B*^5+MwTpV+&vu zI#HrtYrY`3HLjwoY>k)LHglk`4`L_pn86(*XgS=CfJd166>He*i5Gfcv5E0L}OIet3_YthhwPR z9TnGMKKN!jM04U&U;O1e%tf~%Zl{Qn?UeK1+#Ci^n+7#ujj|laR2L-wI?e_8&3V$D zCbv;f$KPOPqH2A>K!7Lfw@t5Jj=%I7QsXDuN7GKm*nKndqb(Nm*zzK@a;AR!l0U$U27F*%SX_Esj~WI*0T?!3e(;eN}GrZU&kU%T%aVD*^R(9OmSG58MHU zD`Zi#T3sG|Qnw(^%a6tOjT?pK0x=Q+osFBmk*y`|5*Gq>trXw>`r+?nSuD9DbL_V~ zZhC<;%GlsQB^JYO3?emZ;jPqroFvOARce7d7vP`ECTP_PRRjMuKGc&PCJ`RyPw}-- zCeCYB2{9U0$B2QzLD8A??9Cvi->t|VvFoNeD3|NCk<5X{0+xLkM7s%AZH}7r@MN@( zvZGyIP2jotjoOnfskSOw(Wah48?usgI|04xwCU zXh-(Zx0d-%;xL^}#ae77nq7&?tBKjrAH|zop)Lg4M2C9*P9qc@IIHC8F4&hDtM=1x z!@UL;2y>={ly38qcABzaKX>~`bf=1KOsH3CMUcbrS_(Ap02*n4B;R3f)uybO=4zOV znH8Dpy|i-4EFEx<32Ey-DQjBuPLrk%dReQeqE$UlYE+y}5+C0?W>-swXBi{sfoQ`| z82r?vbPF6)Wz0JLQ@JE$td_`@AAs#y$NGb?w177EAw=X>7_<7bMq|i zaa8i0jA&OK%1c&(D4AG(eOsN5pnh_hy#S1T>wQndZ4Yw?HNioRm<@H~_Z((&C8wf~ zuuZ=dwQRN=F+{Ym0D@j?FgWyUe;|Y>>8AiMlp19?6B4uisHH(%jS4Kxl40pTj z#zIjL8=rf2{(0#$h;01}+f6Y|SoJ&giG#Oxq>27VtJc82E+NETg)3>|EWZ}nPD>mX z_Q1x%G}7v>=gyPF|Ig~-tLP-?NQxwc;9^=aCJVY*PrH*7$9ItxnR^LF}HB!YX{k@%wgr&X#GITki9eayMk zNA0CsbV#`E&UEZqZ!`j?eoeQK@i-`ePGk915*Y#gU!!=!ulD2x^sGII)AL+>EM;YQ zjAaU-%D%63QPS8sfW-5S^hIvl+rmB;7tJ1}{2k`7G|LX@lS*@50P1?w&1!Eerz5YL z9$1WEEYPd|qduoGv+N1jNiGnuDQYEY6a(;dyZpaKbUUNT<+!)*+b)|K@LH!MX=ea*$Zq83NdX7?-d6rwZjm^VE8{#4LW z5F}qq;OlmXN(cv*5m72*l*IcZX-9R#DRJiyt8t@!iUPFT|zU5UFzGp&^VN+oBgQ4IBLGQ6zIJ0m=N}sq?TOoS>%FyNy z%YS-_v1CxNe^sh8UI#nmCy`Bw&a;%YpwFH?naRmkhKpvx0W}Te?$r{ISci&IfBHon zVu*YyA3^faX7M4KsE|cwSD2>uNuFK-&v!suGy>QX{pJ94n*#~s3vwk-EW`ad#if$6 z-$IV1^L%M};g4 zm*g3%LsqX{^47wyw_Sc;8ZD1}3yPk7{UOh>U+w9vK;m=iJp_e#%V8fW2vv@qj^p9R3*{UPau~YwJ4Q`^lB|hv8nF7;4pxmu?rGZ zat0)as`7vY!S57--CBJ`g96FBB8w2AxP>cPw=n>VWi3jdRTa46w)dyZ0REr8sBT=M ziS=}QvH$=_@@h4tXK>j4yfuBTH~@6LN=!jaBU-;?#sD`27WuKu1~^*op3Z>VAOyhpl6V>N zcgDP;!#5#b9r;hZ)}I=e4YQz&iaSm~gF0n<%^GpSiyBCL)OT8qq@fCj@R@ z{xyMC(TOE$$XWFe$xs1V=DuM|CGqzl0X0>Jg)egioBVkn#TKi(xKRc5qW~!<~ zU9DsmM2gR5C@E-R2MT+ily(EC`#vPwK!r%M)|BG5egXc#oJM1siR(7Udu}dm|%akupQ-jbU@X_RKPP%QQWA~l5Fc`H8ptWrU zZza*7u}fI4DO#m!XJ@wBBn}$xMm~&iMo2wuKF}RA`0}}C!;;*4y=SHb5*~d=rGd?M zvRKgG$~`itAso0DdP@4UjFA*jsavX20J|Y9^5bKbU9IyP7;=>VBoj-xGl3+w= z%WJJa{`SqMQ!lI1igBbN9~JCyNz?;-c2UV6`5Z|bBQ0|0@uR|;FZ47g?vuvXs_cA3 z6oqr=4etnFrOn#uvU==F_1Y*xb9z-Q8{W392U0R=n|^I5;GQ$~BJ7=Ae)Z?jXG+|0 zoR`s69Z8rhk8{1;CG3|}#wbng#pQqul-Mpc*yQ{L_yS;4sTT{M1iF@EZ>)toKtPkP zn{Y^!l_Eae9wCtgew_&*WU-;bH$|kZ>>3z@HfFF2csr=#*+0h3D|$mH_nX9y>Vs>? zd6+vOY$^TLf)5^{1vnZ*;`R`gnK-*21Uu{$2l%F>-O;w;haj49d98|wXeS!YO;8RE zW#}CjMcR0nv_hyLwnT6$x6Fq{XiItDx2o}dTH19{>M$}u=v-nE&fF920_(0QI%6L- ze!e{enNcX@jbz%H$RA;CkvGjy#v`4;5xtYtVfQO$=$LwA$h26=oWtvyNug+brtsUK zL%IJDh0vVk?rT7ED%#okMW$x7{*_yo$-yHoknOD0x2+{40+-eCNH@uz>-V(gs24 zB;7(yj$0&`2rA}4Vk-bGJxs`SCtd_=Q*g8VJl082O3QXlM7?Ej`^W%4*8NM>hsmiD zBDmV>tu=TWo=9ZdR0z=l7mmI(bF*YTy2ry`{`9DASNYT>MNc&>YhMA5+j5nDlQfb;%R3Cb<8&gET0cP_vFa2bv);sG@F4&uFRo->rG~ z5wB2RVc_{(M7tZ_$oI~W7ljQ@xn}BmzP%-{aPcWTl9acgtiQLVM=AB@$>a!`YOowh z))%AuGs4S)UJ(O#Y?Toni>;G)k;HEH)sQncA{}J#EVM3eaIlLR5##3~pm$Uv&kT@N*v0_Eye>^|%YMk@*wGe-E$nf#HrS;|L{l3Ej>fw&F5Y#lo{ zm)QKYqSa6#swEu4e_t!)puEaLq6mKfo_u7uu_G47RCUu-*4eHw#c9KZW*2TF@7I5ZL zd29{YzMU@8z&huzmBiqBAKg!fj2Y_cMtAxLFxpM?zgl`sHKR1)0Ig&zM+U5?2o3@> z6t`h6(mYMOrSmRUUzHY+>dA*K_fUO}OIKgd8){zf);|v@Lm-RRmsJCnslOc9r4Rh* z&iRq|5zA&S2L7;=c3OP~RYhTwoCW{Rl+yRtvkftP0CU;WxFCWJWQf`_!a>zmmeZ;O z9O^(I^{EfZO|=mWZUR${EqO8-7B?D6kkVtS(!MAg>Zk~x#4!vR^eyNs{EN|d(7;A_ zkLHJsm3zrOxd;B@I>FPw*&NN27NelG)5?it1oqz=9{FKao6T*ZGE-#$24zCcD%UfZ ztx)O;o(O@MHCM&X8ydqQF#bXrCDz?QiL5Y8f$e0r>zG8IR=gHz>s0M*GNOIMVPpa8 zV#V+*t1y0mB-A54ET(k3U_&X7w1s{KcK;15!)Eh;)LBvxXpIdcpt*%*VeW)S-M@;*= zoKOvKBYwBl_m6Se!1OxHBgP5FSAR}Zh zDKYd&hOf739lj?STAv=tJqnHVk=!*9S)=BJ5fc8-ZS|$;D;muByGqdL7K zna6p%2t~Z!+#5RdiDMz>+9Kxrg#Bu1fELjF9-uR&|M@K!HI`tPrI&2F_2># z5Bt+|xnb($j_vF~cT6byp%d;x`@n#%Fze2jayAVm>RG-6JX%_1uFp+AH8ZcMwy1d^#gi9m9OH>LA71nMN$&_hl*C>pxzsD zsJdqjYx8GXu<|Ytg5)q6!Y=l^wTL^;NOJUuDc^pwPOuOMjFDXR7VlxigrP};hl-1j zKfdR~gkp{Vrh$jpK+A)6)`!&C$Nvjw9Ou_sEt=sv8>+W+32z$@MvJKKF*tZL zLg|631+vLRV$Uv#A>{_7jM4XTIt|HSr|I4P)+1B;c-aHdWMPFmKC+s`$sX;xdnZeA zdCROm+r51m*}U=IincG>EHX|SUh(Gy8a}#m$xclQ{UYzQU3T?tV46!R4HPCfd+u=DZ%lVX-s(;OPSoP~W47oFn zI)z_+%{bH3&ZHchQGPM=N=kGj1{5Vg7k>SydSyBK`foS73v!ZYR)8!a4PEaL^8m;M zQ?c+pZFm2)?y6v3T{vr+HMOB)gPv#UFC=gxh~Vn16%)IV*;Qecbr|Dq4UcOg~)R<`}6d&m)Ti#RQTuJUgA9 z-ge)D>t^(N^i8@Ft{-?WyZSdrYt+^65N41X#6=ggAUDsK&*WgBDj7C}! zMo2yX*XxIenS2Xh2Dpx#?34vM*H^hxXt;eH6-&va1WK{vPJ>fUKR}_PA>!gWvjR7E z6$u9Sy!M&zFR1q4_D~QaaFA{bM#PB;^eqly+@Q){b&7(RS&C)+G()xb?LbpOciaq( zu#dgIUmxgUjyp{B_`3{nKfO=pe5}j79W)b#W>$ZXXx-)2miQ zqV#@E_7~xaIjp`||MMD32joZ7BgPbsyyOoFWYgQev$7qFC{ajCD@ph30E^HL9!9hZ zS(dzxiarQB2{0?dNC)*E-K`uI>JF1f>)c?$YZ7pEth~{#z#T&`Oll4vu_gxw)8f?L zLN2S~3^8hwqdgS8q;PaO;(`TjJ$HY`D5CT@;3mx3ZM&wr)AGzCAr7%G{NOdwqCys( zzb*R_zZ@UZ76hqqJ)0bEBEWPHgB#49tPL8J0iH&y4;|3a68CX5%ZIp$EmUmvwcb1l zmZFA&#Ztp9C;=oZ_x>bQnQ#);0{S@3ZEHm(w(vhxg

    1cLqdc=ns%m>9s>l-@+?O_F!r9*~|lUWt(l1Q2#l?*hw#z7KhacLnr|W zB3798Xb{ww&tffX%S^5%FC)>4i1uzp>T`7Kq<8)dUUhyQ8XDnRozY?6C zjbD@HJupgO;zIqP6P@)6Q!zgAdB>q;|JzO%79Ahs*L{!6J(&voPP}g5O!A?r^YiWX z8E3u1CM(1h{gRgaG8oN))2WfwTfHxWu{0&zv~G`0F)L`0KJ#|>p;eo%=VxQN)%S#< z?N~+Bfh~H3#6!@Zkqp0H8$32cnqDEyM!_ON@Qz`r>(13TugLp&oD@}2Q6VuV7l|5o z`Tncp=)CK1XGEWgPHaA6I*b?Cx_3o8 z=f6Kt5$SecG$q4`k!-#ghkOvemEw7q;Ia#udpp|ri|M2XPmBqH5a=NWZt&{2$2g$t zA6>iY;RzHW{6hiPr+>E&+~os$5dyxJKmq~|*sl8-y?nsm57Pr+~W#>CpY8r*(f`ep#s@6h!}SKw_gdo%8yPG{1i%i_v=)f zP4$$?X8+J$pN!wV;H`QYyzsXQ7g2X>zh?3mbqsBI+mp%+;sqxP^Kf*PJ*o6jc(X@u z`RgV9s|AO`eMIRl?Pa9q__Sw%cGe4XBSASvA->BLhuB{4Tp5m;8tiVx<-S=IIk-5D z|2DhNAR9MJuq0TInJFJ!jHW;3KVkm@OEB9yIq(UZYlyqIyrgyTzNb`dRy>hb4k$^F z0ur3N!Y8Dlu!q;q7C>PG9;%UD>@;qIcZKs>*2yX_A*Xwj6EaR`8H9>{QN9p^-# z(jOB3t8~CaKPaojwRL>?N7B4 z6TNs%$+bs9d&BaLRaR*g z;hszLp0exQkJ%jR2ikKsL#a_}O5SH=bg%DG8_7x%`8}P(pc!j}2EO9TSzK^-jI8;h zE3x75&c^dcX4+FLq5GfwE2#HgJj2K}C1?21`}U281iiUxrU>z4wuu_ky>@N(g?hVe z^j8#q(1IW5$_<p>%c%#YVV}&z0RGT(vz;UC13r?;FY^-F{^oX&l_}Xzneh z>;iEUCi`*-YAbzn6Z|T1N$9H3Yp}JT_X-nVj=38)71sV ztll!1L2L2tox34RQ9Whsj5+(r@vF5`A=vL94d_c0r&d2zU*X~s#F~*zk)6^+4Iju_ zvEU;2XO4WJp)2bX%=viUp_eu;WedUrsc`5S78%`F*Dn<6#oMu~KuUp?7(0z6W5ZhXj# zg?u(TpI+axd#=qv?5vS3bxx#kswL|fm@AmCrD)q1s>=1G<8pO9f(WXO4Jph|w)Y`+ zmo0~+=68F=f?R}?Jw8DhxM%o{#DgjJ=8tn7?wy#h8WZb$37t~KQ z{Aj9Q`pb9Uoe3LnG-0*15>Mq)G4wDyeMw)&Y)5R{+1n(`A(&l{+&uCIfu-p+AGV*t zndb<8hx!vUtC->S!)(KQT;oFfYn}aQvEnE6GC|za9TFZZAs#|VONuQHNz)>+cSWPr zoIGq3v=o8~*FWMMIO`BzNc?|%y=7dMTd+5L(=8<}-AZ>i(jC&BqBPRo-3?OGNT+m5 zcT0D7*L&aW*WYut`y4;a*SV(Fe`c*UYc7jqvbtu1AMjmC4y((t5mmCmU9h5(EOp%( z@>&@J5+9lqP!>C@UQb7?#}bQ{zGujJcF)5O78QXsy)U>DobyjCktHiI!AG{givvS3 z)cvYdv=Gu0cKwslzXJ?m+` z{`0zKT4K_KKSsuf`eP>t7iV8_q_S8@~bYVOArmIhCk-+jpffFX8Vkkm!rTd43zK~Ufsl>T; zp~>6XPdqESk?JGu=-9>`|{wSFe zGN`MIAbu+`P)au^bxA=8rE5tpkPC@Q%o{Cls2E zjwP|6?RE$~HaYUDbq z#pe)nm(bCDdvmNY9j0_aE+)b-!(xX4V!mu=ry`zj$`8TjZ|`hY8ce;&)u5+_b8J^M zP}0|08B%o~y+JV+2aK`*dxv;!@{;Un|JXoePtTJH*g`8A)>eav^j+ z|G#pv^cP(!=j05DF#2!G-bmzlsCB&+Y4XM(|ew6(Y zXXrqczVvQvoXIvoZ%MZQB!pnSL2HoA0^3_OTeX76^Ts3Kvqu}A7&Kf9xb2MHU2i=+ zG&YDmLisCJqZrGvN>9;{eaXAj>Rb6&Vl6+lR+l@2Eluh?yD z_{i-JrszAh|48z|x-M%Zx*=YH@8|s;wg%#u>!8oVO<;zp*SY++I)c@k+2m-}3*&U! z>TrA6h1Z!Y+O3bR(Xf%Zqi#+2S;tOkb+6y+QU!b%hrigYMexl360F4?8~TQAynRnx zfaB0`TpJ-9+yUnrp1kCIjWLm0-{nU5Yk_sCdSt{*VA#>?)R=G;fmQcC4zN4PvJ#Xb zJU_n{Mbsj>JrRt;J0~`WuUmtLz2Phv=lHSd$YD5sX)6`1Bb%(=FUN~kXJr}d1K z$1CvE$w+2xr8hFMLs>sO6zQsOD!)0=Bwx-C!m5PzsN$f(uITUc*tS13k46smJg%rOP67Z}GRGFPLnLS4`l~;I>Wz!=iT7g2ax@y0U(A~x8^vLn9O z0CzOKQOP07IZNG~3VVw0={=~?dS|s5)X5lu%aBEh+|I|X*Gw_No(y{%!7!A$Ck_u# z)T5sJm6byV?CA1F(5-~T`0z1Gx1uN=qy_8sXlM1rsV6fBTvLGJnC%Kq@07AV9uM-e z5q}T_IPO6MW*`AC^d|&B_C4af>>>Vmy%UV{8v?k1x2|n|S(tYd9*@LG1#9Dl2vG@X zDzZ*Il0oU%UWFw3KXVmCT=rq+z4RtyYfx*{B|m22u-Y`TY*URiTq-3n_aBA(JT=pL zZ~|z|EgB6BMp(>*u%*JO$$J5n)yK?Sdv&5ZwEE-cpA+PbwyoFu#EPaLG#vOMXL%~G zMNHE~u$O7P7Gj4czwiKhXWm*&n36Uh)n5*W>e~Tb7mvFH&L~PtqitO2xdQ0 zI3LqhRld91)SaL+>m^>a`syd5F-ECxViV@CcZAZ@iu8(CCf^nd>y-;jlV`@|g&a^Y z^rb{g5#tYDFIM0`m!A!U8cfmn`wryVP-TvvS{TtMD&mJAdWCD_yrYcTRB$g3h+XT* zI&9ln)q-=^G#6N~NfE>LB72|cK`@3<{BcfZsz$A?*nY;+QLqttCI!49c`)BVX3v(? z-Y~t=$u1{&S*_kwqZo#}H4Qm;g_{fce!pmQLPs^VJmkm*+^j0Om9nr5cMj{TLs+3g z1-uJWhR~z7E9Zx!u~ogAlJ#nDjP+|P@45@XiqsW7_4dbVt3JdTKjT%R^cMX|-tQNo ztgR?x#d-WEl$c0jDpwZCl}shN5!VpdBaCl)-yT!y|hfs)&M-oZ23 zclpLqOi5X&=R&m9%=4KRW2UO`l}RB~h=#96i)c;ykR;8QP97`l*XBw*k=~zgqD(Gs zJ|^fCwP<+$aFa7+AMAHt%_%fPzvR5Q-L+aCwYsWK1ihVN`OtB zrmRYm-S=|9Tn4;a=5<^oDKwM)L!JlOEA+;mqLJ*?PM+piL$oYQ!hntL>Ypt%AI%+_ z6}hH&nwf3IEVTWeEE1%@9j%6aT8qg(7Pi>qd8m>^hD7e!MhQ$Bx0#hFzKO+&Czxm+ z-ojE7q3yES5x6#0y0sd(^-B_^hQi?w=k_1{QZnGo%}Ta-St=S+Ft@&ke+hAyE`8yG zqphic($zfEVNbVUP>QwCULi`_Bm*`1DsgWH8rL-LEqW$nOh%c=S+6*XLafjcSncjU zgfx7-YZ@yr*o@FMg#SQ=)Vkkz$mm<{K*5QAnM{1%qlo}{srE!7K?{yxtPzWXh#gz) z$-4!bz55USH$IOjoP_$|>8M26=Js%0`neJ}?Jg*0>;#mX7CCcH1f0x*mN8XdsLkbG zd40rYnDWk;>2f{t(gnnZ9hk51IXizQR>I}AjP{_{bJ~y&YV+BG>ty4&O1?gAITBa) zjJmr)>nKEGPe4Qr_w=d=D>Gz4#Y7#a*uM1xd`#>h zX+9+P6*Ui5xwYu5`5`$hv~bfKD2S8v8DRv*0|D<>G0IXg`2(Zjd2v`jhqf&`D{Z=% zyoGNlPlR2I6vTI>Gcw<7BS2f?vE@wNycV%5+60%=CaaL_8r|;Bo~_Db#)ehnu2J=J zq-4w&pBrd|$iG~&$&Q4*Fvuwheu`_F7A4^ycqz)N_W#yga@_|i%Fg@$D5u(S&%%Fz zin4^-e~L2d6X?GkxZu8kW%$4ArSKoW4_vf>{Y7p5f+gq znf?S`ayWLa(SPFQ>#Bo$o_qrV9GbckiqK8wsbsVgg1K#QG?3r8g|(N07+|E;fZ3zy zY*Ay?ygsZ}d8(E7<~Y%xF{^g){p~%>8xE+=@9?_23wVNhAq%=IGuue1aB)r%t@e5y z`fcG6m=E_n9IV5_#Y*pc2M@@}AzDRp-iyZWBp6Zl30?`+zsrDN(Z=+tC>4CG#i&oE z2$2cTi_2K;&FlppjzbqjeiRi>$$UVA5q&q{-MR_?UN0#BP{O%HGS6pM;0H{F_Xy8y z7^EHP#p-KINAhYD;LUnPY2UCayMQ+BLxo!Hx*mqxmwN9pI`Osdj=X`Rdtgep{f_=^ zx?oFkVFNnhxQRp=U}QXdLqg0OkR(jaa+<`-a62+ z80N}GM}TQRF-)<11RONe9Z|Jj8C*(PwazHmfRPF%nC7QE@%@LKGE#I3POzxx?uK9l z-qWwy=DWpw=dpeWMguF4v@H`Taef0z&*tfKltQ;TGZ~6PKYJ?U3}dGk2))qQ5*HUu z8`^NKun?&e|pMwBl1ReP@Kes4wQ2lb*O4` z^i83{4J_tl8=QyveExw@Z?)&KruFAcO$Bws00Hn^70-5Xd)BEjUQ5%QXT{dPF`hjo zd~_%+m1mIf2bl+95jp)~gssQNV)m@8{-hqt4fz@vOF=8mmZJS} z{>W5UqT=GBD2~&!zNitw-7p``4OquWYCBv{8ZNu+2_N3kHxamso$H+l{R_l(N=J#N zS|?d&b?Q3?Z(A*=Z%e!$FK)nOJjtgqC!L63ph<*RKUiEr(peo2H z@|jxN3T~=-5iv1|JT8!Jc72{aq~AC#h?Vt|8~JEWoW)ycFE$UseNVrl&^rs5uyhwdps-n;B@$?4r7gT&*!~V)`g+6k%ZxwhnFgqx0J-uk(+kc%})U`k%}2A`$jR!rMA3)}y*s`b9hcFf&i%75ZY^8GM8IzJe%VQ2yN53b`2oJ4 zdUE95&r9|gyAMiQ50z6New_`I)G9(*k*Eb*_9{bZ1W?aM1lJ6u7wr(Vyid!2J;qgqRhi|3=K1yx--e77PFY->In;I*{%aP+(z;s#o=`gUXez zu_A;U!QYPDMUBb4o;a)bHJSoEI~o+0?94oM%U7-WLrq;Wi{RXZ3-Kda_7R4F9d^c# zm8&7wKjjfZOwz`NZ$P5$07d)DKE3}XCHyhu&=HstVt}uepHHHJcd#HX-e=GNVE5$< z{YOE;NBkEBwg0VP;`VO^)qrn5OBaiz(!Y_$r$z@=7Q`QzX~eTqC;9n$)`QrW0@(`z z*@Ngmox3d811~~0{WovL+yj4vd~zB6`$x!$+qh>*F9J_K{56NYdC6g+{}wm~_`Ld` zO9L9KdH5-*9F5rPGNc1{;}DGucm|fssFIi1F1i38f%01&?W>f-&Zy zTToxQUYc7jf78xdBde0fke30|^IJ62*YDg{;{v|`(^pJNXo0?z z)$+pPx^9%wQRZ0bbl>Quu_Ln-mUEw%bz@13o7y{S)3vkUYdE=SfB4?FHK@x#T5y6W zwxobbqxvW|UwAjKTg?{cCGec0UX^FDmroS#j)T1Bg*H}juc+?)JW=nrF@@0=sh5L2 zHZ~{qQ-xchH{)5ojp&P+nQNy^l{`6)s-RywO@APPym&;)lwvLnuFvtiA8S60>=y6h zWpkd1z2tE==}ZOSHE@|*KGQ@-#e@)iTw|LxYn44Q>>Ep>RlC;`G41wg&_v$I+scQJNoS`Ne7@lVAMbWHq5Ir4!F9^NB$*<`s+SYRjqp0)B1g^c#W|#SH zqxG1eCtToL#)cbo$$LXGXO=TNdBNAXTIxuqnlPEX0GJe{MZtAu+TaY`(X2TAN+nCy z@@FY3$clT^Qt3INnh>SWSnqIZTR&@^f@@&(;T1`%rp(}aY`ZjckM0QIMZd~fYTctm zIV4Hlto^nDCyIWNqq3vOLvVrMe`>vRQ9Ou(G><5hKsmM%qk9?Khlu{f+cC!xwepI# zwWjHecn^D@!!5WDi|~`}3I$W0H>*Q{{}pS zzj$)kGw$st*Gw}bk9F=5%G6a#6m6O)-nIF5#{%OM<*t2cHA2E(0wN5 zpkB*Pgl%rQF}wFPg%j&ojURZMAbUf4^>Dl-p}Lf4%(QojN->&l*}3R(ZZ*w4lncul z>1c(F$m9&K7Jh#yS8ljvVu>+?{b`JFbeUhu%ykeTz*vf?l>)MS$N6l!S#f0`;Gy5H zScH)eTVlOdm$6yy`^Ag_-vkL|2zO{42!nH;{+cKTUoiNO2T7nrkpuuGiZI~gW)K(6 zXK2725X3?BpF}b6NC?8+@;{#Urvb-M{&UtEkO%-AH8+LEKMs@HnS@Eq^-H)*$*Y>| z8D_;QAFmT6_6yZbrZ2z7%+2P-sDK|u*m9zBKV%$HpRux~P+LVaX5-hPoKX;^Vnpg0 zTwc^Wcx1E1(3M*w<6hB@-_@qwbA}5bbbb}Z){eHs*pRqnWIB>COzP^GEb{tDevYYP zayCJE`fe3m6wKwxRKIkMYG;BR?Ja-1;#Vbl59k!QPcFtKdLhOjMT3Bf{v~A%y_oBd z!C3#83zV`pZ+@q&v;*9;^hgj#;IjSOwu|5;Wd;8`WhDWAr!3ewP|Au#yszp)mCTWk zfSnfjY)*9JhcXyiE=N&arT(U-5so$csEB1{2Fptvyu9I{SWoROS+_iL#%yT=AF8o8 zJDLB?B@9|l_soyXctQfmz4@`QMFLt0tEZ|mYWYIRP}K26NnG@JJC9&!Dx&7jpewbL z%SvjryD6jqUowbf2%9@SbHtpaPsS-Gr`=A}8Xiy>E+ra$5owHOTN>Y8(u>VeLzB|C zZxs*OEhFGYCYMpAb>|2mf5foZu2mD&RQD%hZ3Qx;)H9@ZR|^=tQpabLv6XX#?moX? z3X4+>VyGrlZ(VIHQ;oXO|Jr#N-1v%wC!X8GVY)MXTS4VAhAaMN zmcMR;LpMzCPdMCJzN^bFApME6lJtZAQgi3PLrWT~)rxG#^yZ4p8)~IE8kU^SUk$I^ zfr-`Q{#@T-x0hs3@~aTG@Mz2v`jBz@F}CDEr7wn&@M4)ol6wVc-u3JM;M z$zY6R`0V^d??jQ12qfNyh#?GbULsuUza*et%^wjo86ch5OH|NLpW zLoHdO2)pf&Fc5wHo3J07MgtFYKQEI07JS{smlRhyKt#! zBc){Ax(R&homwCnBOyt}NJECJ6k$yI;#_d~7mOixtAa)M$#;%mL)J;8=%Wa&Ub5S3 zW3N4PdzG1{*Wr-g<5e^v-t^#DYNQg-v* zg#@jhH|!Mnn6u3z50 z2I8Z>U2INBa3nv}^4OD^-~`PXJy+R7w61=qFD%0Ce7Jb(`GH_CP6LMS#&xr1Q-w`O zac0js@eg?;wb$-?3kF*op^W|C?;_APQeEQe%cE9X&&#~E?7sI?h7H<-+ojGj1y9p+ zaW3hlH-a~+zb5=vSi(Pen)L<^Q%N-Fhi19Vu`Dw7T9N4^r1adjGP|xPADki`x|%q4 zH`C7zOt!1H!nj4Jg!;+dvra=Y=jYpTc-ZCq3dL|frONA*j`%nB(f!9%mkPEJ63RlV z)Zg<55cr)yh#3n+%)jhyhF>ta`@h?UbkL-|lYrHKQdYsp-~JGD1M$Me^MB<6yn~#L z1+^_*Y;kYJA6ahI%UQ8Y+zNw)>sM6owuhZ8rJGV`{}lhpNdF&%dJN%Ep--xBKYDCtFA^#AcH1|R{SRNJt`U4g$&77 z_wJyMzZmDOQe~lY_tUU*e>{^J-I++<2)ol?PsN_>e-kuR6cOyX!}Bgre^X8COlA9n zR0i!<&DvX&eM(*SYlB5YT`Ehr)>%e2(W}5I{&6~d0Ut-Z3*#`sy>6Q}th5$ircB5) z3AP+l%%%tPO@km0`V^NMs^LS_r)$#aM!kV{illz0OY!%9(tDSFbe(mJVwrV#!$q>4 zFsXjEbF@_pU>a9Fu*6neiA>0jFr#u#uH&O7SAni8ZHpL^wijK;Ee{>SOS%Qe%mD5=98UYHo z|6RBv3g-C72zE^+<}r==vrV2TJL1L6KFbDzvPZJY}u_BhoeXTwlw?hD3@zxW8Upx8~inNqP zYVGX9KyEVQ1z$VT;fT*hrk#KYL+SZo;+-M4?HfzD6=Hr3gVs*t8;B5-CyKVBmXm!1 z1j?hXsLDRSL+Re!Vrxu=tq67f1+(SijGfkuIDv|fm&{(8-v@qfHHX=Rlp*q{mLU4? zRiZ11e$XdZQ$$`#66t_Y2p{oqOe)vhMQtgXD@;1Qr*EycJiHg+j!H>$iW>50=k_d2 z*L-wNLiKm7OfOIXt3AUfjY>n`ExRS%#n)xTSfuS?kNKF`GC_SoupmO?*h^(-DWS0x zU9M{IDU`$R^t-6l6uno#R8tR3?1*K^+|eMuqEJL}8!;75C#`!VAT?Pdj7y4*lgqWK7)n=EX#EVGg+z7n7zTi0*kCNw?;*eMRh8k^KN?+346Iz%+aqT z3?{<`*0XqHZ4Brq~ z%@v#0!*z+}p(PPhKijoG62v$GbRk&-iK_&SNT8$Lhs6;5=afsX??!AO2;S=O&ZFPk z`AI0fJK;o>>F^DPK>8yC-&4 zez?`Pd7n5`%=h0phbYi1&P`zk0sn&~6YCX|+O)cO0=Aue9|qW@C>jzqxXxl(Zcm z^#(_*un|4UZWS0U1tDh6HVi-?c=7_GKlct`N{_@Zdk3+9BWAYi3u0nF5G#cN0PE#K zG_`D;hb9mZ+;huX^*h;h9$=^R zsbnOEFS&h@)au6HBty}~aG0CcdYj8nfBG(td~g1T*pHJ@Z+l-!H{K#i@bRY$#U2~M zt|ToQw@(Ec!FI=8brPFDwX=TPj(?GaV{-tFLBnFsB- z2hXD?wemH>jEOeMEper5ieQoubk*83%r%r9$0*8GZRXoB`sHKC+CqjwKbVAQC})uWuZY##jmZn-qUVNEqV$pd8Y1)#zI@BDcK|C0HF z|HypfxMw+ep#168@K65i*oOf~0Pog8^rzb(xgSYDZu_qDZ@1-u4nNz0?KQ;kz_YAHRE?=M!!r+6kNTCK6xTU@Q%ff8qvE?hZsQf9zV+*pO?7LA~G*L0fkXMnXhdriH;YGT7{NEgZtnbYh zCRNZ%J~WEo4y>A~53n01ZpyLz+DA>5RciOn+k@UC2=Ud5dDWiWol~Z55*s#VqzeW; zWw1=;WDj<@+Yg0A)LUMU_gs2UbM1S(C6wIN%a(j~TiiD?xKj6S z7IXC@{aVEK<+0k&O-EEQERL96Lmsbr9nIaDL0G0=Mu*R zXFY|Rt3%X3>c4yTJ1M>5hdYsod}}X-Gh?d)-o0*rYbg7=feH3$(Zcvd%6y+w_047A z!%XIpO7vSY{XuW!oXR`ORkKy5dL0$}nq&P|ivY5ehw=~5*CbSD5nrd1m7+|zz>aE} zvZ>t^7A4Fp9X5n`#UBfUoJx!1sbtd|&Q=+Gv{ZC{MCJ!KxZFlH4fazWdyRTdU$#Jt z?I+r~i;!i>5qrTy7+puqCpzmnY_YIaq6@Cs@^Wt%s_2u;V^n{3TJ!jDnF%+ZhPx|E zsi?BO^2Rq%>(jZ$N?>Zep32e(J5q%1A)WQNYSm4J1>I@(J>}|M?z2?6Po|Nkld_y!fKNW~x7Ijse@|W<+$PgP%t75BF2FLW~^PXq5p688( zCqne>e_W6k+GH#A)O@udG?m^n7P^b9*x@P0ZMoF80)>TRaUI<|%ElVkAvN|~t93-S z@Ug6>vW_%IHuBZ$bYEiuua=_M>R;<;b;u9^GPKA-0}i-e?0)%Y?Z(GZ-5e&^+Vkzt z8-0}uJ>|_CQ*0lp<5g`NQ@@e5vP?(Zla(#6B2t^_OR)7I(`&C0$3^SdD?l&${Ru1pwns7$uvF;(8(2zme*??w69Aw`NUfadG|jq5 zwMc_B0>sk=$n*a`wz+v3^Lg&{U&zaE@IraouUGwjY*Uhpdsb2f;>d6f0{|X=z0iN8 zG_=mn{=p$(_)yZOTRzgBf)JOv-l%P(=D>% zeQ@gXh|H3aW@vXJfr&5kB`Fz4jzcJJvxy1#$cGZHmo~xkbpWeF`DB(-f8r|kS|fRw zGJEFgC=N|BwgBJjI1=&(iNEM%H+&oVoS6oGSq6zTxT=QVde$>|yKb}Il%I`)3})B% zEZi*El&hjorGYnB3q7Hzt5c0TDx(Kt&xb!B_^k5AJ~yUJ-x<_!_mRt3(+6d3=dZpo zgDNlv6m4@wVA`CL$YD#;g{A591hJTQG0w@GQInT&#+Jvif1Ta%(PPWosI`47Y9ujP zEHg#-<15Rt9PmzuqxC1|`$7lt4N7`()^e=2XH;3=RGfa8nx|;e6yqDrv!Rh`Jvb{E zog0KGT=IQqj&6k^nN+li9dle4rXClpJk>BviEsS!!8OuJzTZ1V?rhOD*EkEnl%eg{ z!f{XZ_7no?k8=#_CftU=$$q%Q)mMp~V^(XG!=?DgOUIlJ3g?Gkt+>rR(GB~oJy(=v zlw*REw2prIj^-cZ zpCau8Rcp-I)wTrCZ{3TsZZLuiW_0r9p~ATGh<9^^lJmUvVe7#=*9XH`T6vr#h(F)T zxiOM=mc|GgIhVjF4%;U=fs$zGbVKIr?UPes3tN<_NIx&d9NMjuZ27?5K5 zYJRcw1N%NYqeo4833=7Io~e@|{^|&gkMj7@X8TxG*-C5@MbZWDqNuVkRNyRR!+`rQ zm_Dtj2zaKPT!OCk_Nf_n_h}TE)sOF{Q;8l%o$_^!BbT34Ah5b@G-^#7F&dl`Rh@m;IIW%^TbdeF>Go_~IY)fQXzglcZa_J(I~vx2~!JuxBBGRoP| z5D;}uow?0C_xhQ&FqEpwlv=l4tvGA@{7o=)Ju-vLMDy7M^3xLb&aSXLcy;sm*A3RB zpvk9u)k2Pmo8r@a<`W08zOIu1mW)MNH~L~G@G(&oo6Zf|{*j`IBtCLt`NzBWi?HHW z)U!0C!lZ+6iPzj1k%LvE^0iXxy0WqDC~(Ota$=uqvSM!@IuWbinuZVhWmg-%lrSmX|ni!AFF-JDh~VPAywYz5TR-RiT4 z%!oxY=LG|=vX{!{_(r|d*bIua!xDh)_6U+2{+Q?N(*qw#jt2*~@(w*Q1zDWTToDL= zKIFW96Sg!nd=lCaPK5Vflv>nKy*M<7bh=oB4G*Oou|z#rZcg2bu+$8q1p22ZANtnS zDr$GP_Z`OiCiyL*^GY$Z8m7#26vn%dU@VWrRAriSfuS`&-DJhhwVSi{Y~^V8U0Ah4 z@{e23@2BFaiAbb4${;lv^&i8o@+(ht51wIIoP1bc&NV6DN&d|rn7W0z5`=d<*(jhMDX*ZS^?oZ~94`Ck}sb|WD( zuPY7%TPTBb^a93uClB8R;|7S4N+xGfvF=XuRy%!dLY&&CmS*gmRz%fCEtcb59WQI*!!ov~`RuDe6LMOOTR8YC z(|HfPJK?Q!>Dvp+1mdBY@;PX<@XEwW>psR)Bd&QJc%~Ubu*mlF_6D@*W3iey)5w|( zMO6^}>{~fewft;=!ybz6c!GBN6jbAbnS&1-4sG@yza*$H>&y!EYY<6QxY@EF0sG!h z;MG3n`KmD%3EyIysADb9{-R}W!Jp;jq~@GJA~J5wq+Fd)srQLdS9FraiEiO}JC`j* zQGMqfEx+gKT=ag9T!D|Q6B?|)MJ-Yj4U_1C$6JnC%-%FqF@mZrp>EdNhUy)PMtC=+9^Z&wr$PLFzw#l~)0rzU+i2kA2@O3aq)?d^`mg znyX4WY~r{biW|JdbS^ndS10Q61rc>S;BB`cG$f5JzgSc)W;#*4!M;^#9R+h2W1(H@ z#_3e3TvGWN9W?w7?_rGT_L}g@z0j*sMj|}lL*kIVZA0uk<~PBvS@w7M^{uqReaN@V z+1CcHdzxK|T{2|wp-YuGIqtE8KWZ|nLZdE*`-+vM*)GN2bJK7se6U;uOf*D$QX4!k z^RpoDmlJV;XQ2*zo=0RrJ7eZ_%!%hai7X}BZ(`CA@uT%d4X;V;M2GT-q24!-jSdBT z!Q7@}e!X_lg<*E*_O5YrYVBd(t5O0=uzt3UFlXm%(YRXuVsQWN6YVirR`!WltoLH& zd#I^-ud>Al)lX>4vMH?&75Ar==TOqPvu~ zet3Vfq7c>!;>DYuqWQ*`>Z)WkV>~6L6_9?N^_F3EvKp!O`ilDQ3Pa*)uVX`(XW{PW zm#E-NAK9!%DgFAihLA@mq|c;qt#362-qMwz_EK`8B)r||Lv9m+_tU(PfmODy6s+2z zSY6G7gB*yzax>tyR3YUdv9@J?ea|yNRB8f7pme;o+vs=b&S7X(+>f%kn~M`@ZYOtf z85#?Se$wtz_Y0nGA|1Wa`*H0>;o#H^5ZMzll@V$fKi17+tv9&f+YvqL1-FW{lFhIf z@i!#Zis9K#>zS2)U4o!*TcZ4HYoAmWk88eA)JB_P@XZPT4dN#&)9>&4c7Aw$CC9^L zm@U+W{^kGbxS*c#ZI&-6h%39`0a?K11foBK7!dnN{Q`-9{HeRD=64X!ECYks;+pQQ zz6Alqnzz9LzlPO~Ezxq+UEGHtQKRWVlQsAQlJl>#p6D9B-eeHq#0b=e&m`IJEvLR@ z@-T5n)T$<=W2Dp}G8Gb_V)3U+_ny-_^18myGOm-Cj_LDlLxkn4C)R6tHQA>1W3mq< z@KyKUeqwSX{Q?4F{{{gkJlwNtB2blOb@dOFR5~L741pSh=s!@RawGG?1?PX|0=(|K z1NLf8(#{hJ{2GLWqoX@2{#x~HIOhKb`oz3>rbaM9~wgtm7Jsv#(iCbFGk%rK30TEnP| z(qFTn@JH@$!#`fqOB-huPD5@iSyHvv(F*SKgVWpfi%sgM*?I6l?2g$j2m~O z3Nr55*dN9f2fC;WI0m+t<|hDf^QkmYWx>JcCjl#?4<;)S=~M-e=XjfO-&9oMq^#Q# zbB?%Jie9cLmsV8U^+->M%qE9fXo2D2%8}N+sn;B92vqigjCV^&v=>2#8WmP?WN=}# zCqYiAZ}jOz=d*!EaL4sygJ?@pb0YQvNa9I^|1k~Z&oQ4=kMBUfsWAI@VNl%#^i8!q z$~~Q(>pwyD;P?t)1S~B;^rwfxR3B+xJp4y_@&9wdzNdSG1u8G-_Mq0wyEv_cp*ROL zI~?1n5LH&_Hs33s_2>kd{jxIndW&^ElSPNpUSqQ!_N`_oZTMa^vFf8n?c9E2mt%`1 zg2*O3v6}=`%WWpHaGyVrYG8srdqpR_G)W#3?zEWOxOpg_Woc~ z|7_uu&TmGvB)@PtM75zXg@U!Kulw4|e8nya^+Mea#I`$vQEt;9Io%#e* z49m|1Ehx>wx}enZ-C4=$jAu1(Mu>0x?BX}1!u&j6!+~)xk1(3^%Geico0Cr-*((2p z{o@Ih;$6d#2!BC>o-Io1PmP@dF^b+?z3H;Mc#!9~yI%o-O;0cMpI8gHX?}^dKaTR8 zs&UV1&VaGzI*$hcoaj`p#k`U-Q~1=q{`rwl0E?||bxb-?6cL%}gWDqOT~i-Lj`7@Q z1M$oUs!*M;*k6U?;thugGHBXF$Jr>Zrg>$SaH_*qjAq;lEqnT`@wnoPpf@cWiU~Ch zI_6@>fHG<&g8ij#xqX4G)2Dy02WPb3GTyR+>K6Ky?In$sdKq`ECDkmyX$zTU8ACb` zd==)C)`+ingu%QEEH{q${7WRG?Bn`6Iiy}Y8OHrwX+D-AW-gM{4{Y&>;+AdVv>_;;|^oF!5?gMPgB{AmgR0CB0y00#sB4G*F}gB{@X$n?Sm^?&7p z{rv0$2Ml)k!sVEZwf#CNsgX)SYc3WcPh_PjMPUVqWetg$Mnpwv?Ag9@G3YUuYmJ!p zOU-qY&#pwLdV`O(X`-*xjzSZ2|?>!wU!q-4j<|JGM`rt?Pk=(X?B~-V0IeH;7dKtw1h7%Hi1g!W# z^ry~X&yOr1oy&s$t#hpq&~kP_?%Vi?pani7naSF}Uf^BKmxioI6;-+E;df4 z{{3L^IyZR)>9Kn*a5P30((ryJ5JJlBL~FGSi8IfnSQ#~RpY+aUsCSM=5rH0`a&?fL zqq_!NLNI?a6rZ7Oh_)z@v0=ov$6LwaWPe<*TQA6Kb}R0eH1FY? zQo$dw0`DKKY%|U$@OAfW|7O{pp<+`~=H>e5tlzX7-`vp}Vj^u}klrqG?f!GoqJg!}rLexCl4c z`gR=5hHR+;2y9e6?4Dw&q2mwU5rqeyrCNe2?Qfy(F_ZOAvWM`ye*kQsjzl#^1dU=a zjTi&mz8{rV$AUBAV6~a3_71Y;1FGm+$E&ap0CyE|Q8#>axW%Vd>1CLTitAxyrz9T; z1KiW9{6wvnzeq@O@FO%=_NTKSknkIP7mB9Zil{Qk*$4(cSurYX?4c+Pt8Dt}Smdpb z8*nQ!hpLs?tf7V-gXJ0_d?;}>JTZ=Imvc)JYsmwVJZy_e8q{v-74aL?*- zfP0)%i*Nrds~|M!|A%LPF3x~Q)|X`k_;-la1K%kB6JoQRz!1|>Ba>Nhrw)BMWa{9a z*wQ65dH`Sd)Lb}%e=P{9eZZ@B2OW&}AYPE-=1e9GO;t!(U)wL%;~#p?J}F-OeO_(Q zOGShCmn1{OeAoktQw)8UOzuxnstLY9OJ%Dtkf!@7Fn<{u{>b(sBmEyTI{ub1su(CE zonpE*%OkeCR|6|?p6okJFr@C(daXJ3u9gH)`N4db^RKtZcpe`>WUK6=# zWMhBpTVwBv)GCm0-x!eo9~S;O(cI|)ct-_fOZbOye!tna0Rd}A{s#%0%k`3*s@5B2 zCp*=Oj_k6~qjJwVn_q}j+7DR+22hM*Q_KVN@*H{E?rt9zDVHhi;Yd(EQxsEZRy1Wq zh1RodyS{G_`2y`}Jg}z@lIkn|UyB;{7dL7B;U?hCne!wN=L0^H{9`iM-dBKBAl!lI zKZqLs5Dn7pDE$xJCV%Tj3EaA07_ZMKTqgN0iJ}EQ#s@OphfCub#!kqw)g$}+MWgz( z*yFsxxR`SJv~as`bc=ioWtMTP+IAm8vtLLHT-k-8YzlW&;cuqNIPYrd&1~d)0>ZVx zu8C};8hA_G1hZvP*h5#S#(@fZaDn}$?tBD)5taPkqPlSY7IhTphMP}{tF$zx$scz= zBQxsc-aurRh#Q-4`D|@adLF%Qox7j#wEfjic6PuwP*b&8HWD%uP%&-Hw`FY8cy(jf zjZC>*`*gwr$9z3X-3N|%X5)g#5;U>l`aG1F?NvaZTxA(K?28EObZS~`4gpEbh4t4| z%=h9VmH)cP1r*gaAQyqSNSuKGO>b9_-iIZB=ncHO{3ohel|Xu5`KEK3!}|~HPMflP z#fYW4mM}-Vp-{Pj){#mG{T6bVGsnAo(`aUo`$_#Nl%uW0+$AtHq-tMzla)vn9s7Gj zyOeJ0+bG-8CPMnVJq^_G3Sv9*38L7L-fK(T?pmCb^HQ(d`i4o>JYY5=7Mlo!{7X2Q+Gqja9;-i_3S9aarF@W58}`(XtFJiM z9`lR?qrdo7Vp`S+61CO%f57^mfK2ts|KcL$|GLQai#*EX#%~t|^FaT_MNhzLNdWrb z@(+c-{8o4fxb$v50bcWunXg>x`1Uk=U~u;@SMg!rmoO@QJgk5>v%!`#g{4TaW`j5*69DpXapBGMO!Y7rt( zAbuZ=2_G#u#4|h+9NGucTk#C$FFWL?ycdbv{*ZX>x5N`0pdB)|{p7=j<~82|&4fM4 zhdiCvUwx-gf6`MnR#Dku8?)idqIAf^5Gz&stSEv$=`->_P6_{OYJnG1EB)8hZpc7W zOMy&10pxNq2=Ny%2D1hUzB~DE!QGI53l6yn0^`s|{B%wBRFd$)44J6$xtpQkd=WyT zPP}KvAvqLO0fSAU^>h3BkAef#?5rQE33=+|`LAw*FS;rIFS_Xh8-eeC>lRiG{g<23oKW7?r-6y!!_S38z;8e&ECf(I1I}1)?3qWq0U*<%0d|o9sC-*CI?nATmw6 ze{@ot28un+Bs^%ml+fQUN3Ik*>3QmYw&6XWACv^v9+W1l!VH0 zIkpQq*@TFq;eA1B1*a?c`Ce^f$>Ab>I6SW?w0Z1LyN*vBx|XB;SBqFg1|U%v)&Ix; zD}O2sY{mnd9Wwum!oYvmAKm^{I1}k_AshWJ>KYv2d@U0LJcva z<4<}Noji7(ewJw)-#zsP&6=tySFN!9sGqas4FDJKM1#yu)b&9MJM}>QCHO*lfkgdL z{9jQ$fnNdv=QD8P+ym$Htp)QN*m{fEdF|YmwYf}=z7~!gW&4u=|F>nfHC<7zIQC%O z0e${!qI?ESBSlCt-X&NJ*B6pq)-0IOiqm*MuA96>5fqSZPWyRMRfY-2taIKYrhC-Y zM`w$oHYD2Z@@cV0NBQwb1~sH1fFw4^{%f=let}5(Pl!CLfc>bVe<4D0h54J_moIv= z{ib)-zj`CLg7h{D-$EFde=_u;PJQ}0N@3G;os5HMJ>fF+agQ|KP~Ae*XE#GwVNCwp zYo&)Q+Ybw(VP2!)f@YvND>}R==-pYypx6*@l8n)J-x8+_uu@e%@p_YQTz_0Bkr?Dppt(2u|=)ftXBd$ zLu(#wKi8@kNogAM&~9<;wQ0qvk6aUN*T5vRLNJAxI|^}{(K_=3YVweo<3ea zNF#K5H$Q7A6hap_O&jjhA!17o=g6yvh^*a{b*w8W0eO^Y)YIm{?#iHytX;V5co_Z~ z9wd)fVOz&h^9N3HtSv4XC3$sm)y+5019mVu*ha?S12PEGrWwlLq>r(ZIxTIlxoy?^ z!TStN28y48_>kjJp$2JZ4q)6dy7E88i;UT59DH)lkdd_Cg0v2R)T%-R{yN=}G@)1Z z?HxK}L(UUA9)A>XVUcH%Ftu0^N|fz`MV-4Dja&hy>!Ck?ciIDMaJ0vO$%j<_44fm+ zGfS{(zZq(p6BMvXno{58k9ZN8(LM_)t3e;bFn!*9-G;xh^PF6L<_8R^3s9y7hHO$3wJ!3Bbf2~X7Kn%UfS81gOd3X z{-U?*TYF>^%GFZ*Ow68Rh%k(vp07KjNlu){pEAK1`5AqFobeugvV&yn#_K1S(hH|N z(n@L`*Fd?RZISJyeZ8};Ecf#$VLj?XTsj>7D7>?@a(s;DGb{(U>9!QV#bv#1dyS2f zk3_Hh0*wzx-f_o#r4s@_dh zVR8s5iDK2){pzVNHq9?9xkE4`$4}>wNTo-#D?q849%ZCij(V!Sm}G%zTnQh76D8}O zAFg(~;FnFAlE;V0gRlISL&d2Z8Opyj?e6`cLS!>10GgIH0DeR>bt>GRgc}{M6~K_K8ryVHHMQq^udN zAoEU>It5{T{0&?4x)q9LBxd-Qud&9O=UYD}GxUq(w0+$oQ&w7*3z86H?3&YZ>9i7K zkZ|h6h<{7lA74U+#DBf0g#+kCZJ;iu9{oRQ+h6t-zy+usi2hK~3?><*;#SjdDz^Qr z;te4Hur4sDsmSC6tx{6`!7g6z^2^myWP#73bB0KLhUtT+_|;j_RGa5eWl(GY^{;hu z?8=zo$*Xr0bqIuf^?ZT#euM}!Ky74t003K{2q5}H4t>~HFLFryCdc!?a?}n20Lvd# zE>;(|4Ji}w-0r?NDP(azbhF3ET zPSA=$`0)dFY~v6Ud2?H_6RCUKv{%b9NeKQ@LE{M#BG&JCpZM)_}g5C5xoDbRy&E%InRG{Wbqesw@0q3Aq|D={OO zsHSBL`G>X9^b|Hi$k;O-6hvy&-)F+4b@V?9dz)Z$n$zK`$JQ)v+)C{i!97Z<@UAV| z+>+Qpge^&7*UQ};a_ZI+4R^^^Jv|bky11@(@Aax=`HdO_Ak*3?#GM7zqL_( zIR2G*a~u@CQUw_y9X6$vIT}j#Zp-_gRAk8`Y0a8bUkPe;$M)!^T28!WBE*wD_PwW_ zQ*Zhqgv5A&b*PmVK|%1UkUzK~0wl*f?EkS~{BuPC+)W1t50T$I2WWpEH=z9m{ZqK${!(A|_6hQ5jHUzaPR@KZ zH)ql7sfHah+C+%BgaJ8cX|oUeU!KlE!Yf(A0f3+1zR>T(f+0Ks9TXU|e!F1Ma`qxT za9GJ`;IKYh-jn$d=GjN&u7db(x{7e6`c}FOEf{{cO4iP;`xv_XhRkTz5lYvAi`idd z52H4z7hfyh|9X(|H=jXIb_@n)K|(5_GV}52qA7VUwc`-VlKMy3hF#6w;Jc1o)$hGy~hAemy96020HONh<-ra`P zS4|@78w7S^&TLng8z(m~)IJ~K$jukOr%&sHHUI3QrOrR(a62cyo+(|0Da5@aS*P`b z+YkB7i&z#8BnS5KUmNnWFB4qwzZ1N53OLjDf&Hy1ofrUM7RY5f@Sl?vIUqOr9fmlB z7pGqn{7swvf3-QJ1BIz%d4t7S7~ZJ5^qI@qn4SP8Q|Fr7)GuS0fl|~_xtyPPCb+jw zjS!XZKkeCR^fO&FFrk%@l$c%!JHY)qx~d6qy)&Posxlt=Rx~d!6oNRbD`p}%kdtr7VSG#b5W>zU^YNr0Q3_Rxu>$3}4W$nbjZaqgZ3ju&vEb(*ki_#ue{GS- zy&xsj~kXgN`-Rea)X@WGjUNf`Z9}-=AKde!cKJQx%=$FevZFXU4NEfJi%RWte4A!}r zw}e@DeT(N_QW3I>Vx(sT@f=7eQ+wSajzq^-h`c!Z9qDB@Sqc4*{l-6JL;@~G`Jh)$ z|0|;((Z4cIvw~zyJ=hWVyip5au1k_qVx=4PyzzEDcuINpjH5NoC6jc8d&G9oR_;&g zX|Nndt(RpbK3m=u)Ulj)_KEGFD_0ev;--^s)psDgQWcKtu@?#NTkmXL6MI7b&?(OV zLL)Z*uiX&&7c}_)M8l5=h(`LqXef!o0HlB}1ESyKJb?E};e`wJ|H8!+c(9)LQ3e?2 zu>>WW&am%CJCx;F92W3DR+Ez-se^+=%vpp107KIY{o$0FNYyW9{H=EI^8}jl00_1J zyHEgNo)v~UmBJmr@JaLzv50vTR+^+d61mtD0Et{i82|cd-y$cLTCy&2om)hjrLfb$ z16&yqG&0o&EC6_H;f4NCi}OkGMJ@W@)H+C{@T&rH{%;T;2g*oM1SzzdQt-Mt@Qtm@8iFGt6M;6v4wSc&)K!2(R7&FJjsj@rQ$7p z!n(>P5|kX2^bp~a1$_r5Y?gDr(d()Mu5r7QGEMibOa#m(_y>#G-UZ;{BSWc~$9U@v%Q}AcTR7j*x`#FKakVY=_ne{Xx=oB2)DFn+6<#cH`hl z2{`t8PLN+oRC#K943M7B0=ajr=PkaPJEx=5+S8yF)%8yIl|Du)TYp_#l8#FIKNi(vc0sHCVsrMLAZqS`%@pBLgl3N?hX#Hp8!*FHBFrNbs}wKo8mnoSE@g4$@IX}<1q3j3D^Td zovp+~#t&Ub{nIwY1?u5gebRbap^?0$TfN#?g(let>4@uGWD6kHn|s}v6iii%uy8H~ ziRN-OvHXlUQXIBnv@~4ioP)FPP(Fhb1_JJR#QTK^PEl0Qf-+-znlI&`Olwk9hSYev zq++P>UA<5nzWz+H>GpyuPnvtLK=yNw@3ERdLoGWU%PeCq-p-QpLb6VReLD-AX9lw} zT?EZp{sXK@T`er>BSttw%B1vq2C;)hFaw91SDh$*6alAdmhktt9JEk#gd@|c4G%LJ zPs|XlnHAWY$N(&5H~3~ezJ5sd<`o*9eEjQySnj)EQNz%y6!{ANvoKp8;+E*upCK+h z1tnVsyalGU?clDFBXp}GeANViD@p&b0g5`DsqyvPAhEI%x{TyF8q{<4B}{qS667J_ zrJK5X6;r0VIEQ)iH>|z-*bY6oILXB^<}0UWjPWkHr=im(sp_o)yq#6jdu=&l?YCcC zm2D)_d5#^w_!>GTVR07_s6k+a7krWcCtT-!#i}CFWy-^kVWT`)v6T;7(-Jhab0j_ z_69Y>EeXMbh(kZ+n=Hy{=;OvNh z2|Um?CWa9z1-$>e@YG3~5`|Q!h4q1tw?ZCv4qj=;ExMKcK0-~A%l2n&Yh_rx-5E|j zP4xs9Y1P#}e|VW5<)47)O!W3BBycL4e!RK8QDnkU|4`{pTP3iH~;Y-32L6 ztAqcNg01a=H>equR8D@Ol%EJNqnGS`+!)xV(st(%y z=ow45;?(||wU~*Pmg;;3E?0NR#qvSoT2iWLh#Yp$sZyLFq8jSCr!Bv|!sEBp$8w)3 zLURM|m|7QtzZ2$GKw=Zzz&m9znA0nYoWBbcm0OD~ee(cEA-sQq9a|q+syWF2DW1(a zN{~91^%nxQhd99->wQVq({xu|$Vm0hW&gBubaCUDV*3MkpE%497hGSKOwr$4V(L(k z4IM)QjN7(LV-W#YWR~=p=N$+wxu+UK!h^#+zt8|{KXX;YxC@F`_p@U`5fkwz0>BrT z5JB`uRtLC(MuL*e;|xj(!w@miigt2m{s1 zUxe5#qUHH(gIqQQ1@9YwjxQ@tFUE!9dz`i}6-x_pbQSDB50dpNdO@V0arn|i5NLn| z5(WzNf47%j4ZY---%d37!{T0ap8&JenevB!veeJpza|3JmqhT}mSFeEzloq7510r- z)JaK7qOQeAu?@3o^;M;Ul&UR5Nxi&Io6V)hW~CU|B~0m9-zn+_JMRW*(w#9E2KwL&ea4^4l#W1FvbqU$O?I&M+X)b@QazWG<&7kqo)bMLjIzy|38qTD3z!jABG!5QDS$SR5oU+^Q`SuQj&1kKs8J<2(5f@v-+`K?41fYE=Ga7ooHI^@o4okf_v0ceHAhS zcgOxSJ+{gsGpR7unhz@Fa@=4U`TO*`+K83_;v0dc(v=A9QWnmqFaG4JF)PH3CjR4N zKe}B|iY!uC@=&yXWsc&l5e!e^1h8%D3{z*#swvw%nDs0_1io6{%6#QvkjVt*cqtG3 z+}TbE5l1B$CrRL&UY@r+J**@Z&x!ysz#lyjYPOvFqa#Yy8?Sp)qkYP}4#tqYU*GzX z>s@Vc{W+R3S$EWRTim8<^$n|+Z>SV##=X*2`GkvZsmeH^38FAV4&dWYFoUS>5mn=C z7Ay}7wvykRUMKf7TO!CX{lGTu*3S}L%tg+bnRm#D%$!oN9_Z|^&>C+Hv=gF$JfjCQ z)+Hcv)h9t*GqzGw{H`?XS~y>SRi~YlSw{O4awd2q>pAAwzGlCMsc5*hKbm{_*@}fG zQ)CIThF49IFOb?ovH!gfKovuqa;5wj4AMdT2fdThgm@#)4D+{~Sd}%*^cg0eWJ2-g z(no>#l2&PcwiUzXU(j!&erd42-fnSYVQ03neE@rB|Dd^ve>$Ak0arM;l^y>1jy|q- zu!#TO@~En*-iCprggU1%0~B{JejxzzAOSD*dm?~Lcv5?bn8W`~1pSNuCITN-0N~lr z^nT?F1XOl#d%P3WK5yeqauz#FItux?-tDT^PXD;ocTQ~*pT{pBHK3Vc3O>e){X{X& z-hPOSw0y;nEQ&5F(aa>NlDRr?xyt-WmOadZ0QWNm?aHPa&5#jMXHUSx(k5?(eowg+ zawo1FhimO?tD1^Y!L4Rk0nMq6+mR$XIP;tLPREJ94qWx;e0JfHZPqBQz(;UrbadKA zD6tyG{F1yF=2I9mr~J+A_VJpgyR++w> zGK-U!SL-};oOP%282FK^NY}f9)b%uPpk0_ruFba7mzG%+sf{#&s}eLV1pb*^VV$?(h62sOhjry|~> zIn+#SE95n6NTasmEuupbb>vgz}qMc7#GR z7Ud=KGBdAB1RSk{#EO$Wo`Sa5yql-DHks;fE`vW&sG@~O5Q2r*GDh)lQtd8d;H?Sz zHS-yo%3TFDolsvtrQw{Xq946ADcrf;znt$MYd<#mJk(gNCZHA4dzA~T^fUNQd426U zy!qMmS$T)%7_B#FLFPh4z|aC=g@z7JywUSR;WJqtEbp#FOx(K&WXJ_jHdgP#Q3W#_MdZkH7u(zNt78=2Syb zTnBG|tS@&RBO0AZ8B3cAcawnWN{1|A;riKJH1Lb=V+j%jT}w3!KY zCH5bm=qeGE`4rsHg{4_xNsMusJ!%kK>%QsYfpfn5@X=@U&Q?JK&pP`<(wDhjsjZMK zi|=}+L>)GCRTabxdVv}UR%ZA<%hXX4tRDR=0T$(HP=QQnMhfq0$eFG=5ez4ly_;c? zW(rZ^Y`#*S5%vkdduT?$(xr)L)ew6nV=Zjq*x^R(4f{YvKpD*(Y-)N!0rHXxnGSBNQKP_i);RUh@M_)U&1#7A1PFYH_i z8gL)HB{y6{B{R-^1KQ`l+RJ>A$!2)KwEcWm=*r)y|B8|V>{4w6_B)fQMl6kCcPH_q zZT3Qgo|4fb5#)KAln{NM9!w`(8~0lhrO2LFwF9~s=)t8;8=vQxpeB=xaiwoXtW z9KK`^UarRx(T3z1P*0l50l|gXi6!*tgJ*YQ%(YK#CH_& zgHFXaY7Ha4?N1=FX#rx{69zhPj<&4z)MI_yTtZVcoT{kwr@mt*w?2TKY%8>{sn&a{ zBWsc4u)*Q>Q#*^dL$-@aZTor6;QN`I?Fr6)g`grP0RKfj%oh8q&!;e}~pL zks&eLexk<8WOlO}iAG0L5^lVUf`{2eTWw7REX?vS(SwK`^g_&#{ew)o5{_r!)&Uk%S|h#W_Aa zm3SL<>B@}SF)^LTQ`=Oh6fcoCHWKoQLnx}Cva<_rp5toLKk~mvB8#w&(6Z3NimY>q_bO>I1`N8xzN@I1gy%$M%K5u`;Vu43y z&*k$>ID*$wI7XZM5anP+#x)`sjbbXY{Pf115kuw3Bh}vEC{yW`M8`8ktmh zX5E0fb}VizyexXu#4`=9hXltxKl!WNR~}gJNGyCceqhIj zHdMs3;xoT4dfzboaDpi(6t`FH{L6?6MKi15MvsMZs$cGnrUKG`z^=AV|ghcjGs94Fr626G{#nFG_e^f6IQ*qQ4DxvN)`v( zOog7wwWd;y^I>P`YmbTaP|m09FKpj^ihxA@5JXNK*w&X7rKbb>&Zs2Y}%k+ zJSOLoDbQ{BRDcuvnQ2gPJA4G?6a+Qbs`F~MMP(1FfJ zU%G35B48zoQ15GUKVs|BzR9Emli`Re6*CS97gZoG0zgPW^v9+R>#LEM-bu@!`EY_2 z^m_vb=D&~TO#tt%Po{u4E&(};1DS#7cccMaPr#F=z=IHEzah=~@2bEX9eABqd<(UW z-Wd6s+gRdEZvze;?8yei84mt`9C!PDpN{I)=!>l1{*-kx1(>@NME3v5-GK;*0Bztb z1kvyEfyq5-f#j=1`mcPGDgVlcb_be?)QvV7_&N7m?y63uC&ywPwlW)3J~2`Nt^PYc0hai#kJ&bpam`5EUUUXqESk zBQnlqwvQ{XJGU4YVc}gyyH4L$Y@1oXDkxy4_@+?$QA!Hy7W4H3`Z@Vr6|R|0v#BK# zDVA@;*|<;^*^b(4sZR|w=e=(hO;@4xE>>v zIGe3B=LI2h=jNW{Tm(lUY8=PaJLaYmV5wBYQLUUV8SQkX#FSpJfuv#zhUf3hg*ffN zIayswXn)AjsF%9v_HRk^Y#gybD)B@Qa(`ATnvjJkGl#a1+iOLuuAAtyh=noV*pR`|4B>69j(}(|}*j5Tc5$%UGxB~R;>wP7eLb! zkX9MFwK6=YVq3E_XPhpawJu426{?;xCOpgO{FpaoW(3RK`x4{F0W(3E^%zZElbVpk zTqmtn7^nIW*lgLl@U;-Eb>BN_w1kxF^vDZZtq6H?M6+&)pNOcaoMyNZ`?jyq9VNlH zPuU83&Q?8J$o&aWytM67c}(W!MihWvSb=nBzLMX8X@<+j!aU|LB%%i_P|fY^Lz+If zJ=wdd&tbSHgd1*lOKYlR1Yv7NHSvl8xN)raW7_`KpeNu5CNZnD1qn?q-38y{crv@)$=b>jCCNS zs5IPJUNtLNGzM5oxo7qE&6rK}QPYkzpO+A2z*sZgbDbt(8J+JCwilvOamNd{`>Av8 z`P{!tiN|MH*N%(q@t%PVJD!?2+Y&}@$|BalN=psZm!}Q3FZxvrd>wGWE@207pSeV z)pDl;i$%$aL2+&IP6N)#Pt=c)F^b&`F!92$zf_OdhOBpNw&@=@K5=qYy$(Pva|U}_ z)t`YF-e>0wOS;Ov7BAws)!si51U!loBhSquwezRmPY`>6to`QVuQ77_1;5Ha@tb)9 z9z$yrlKv+~g25vJEfKVdQwM1;%?0+ZoL)M0k`4eH9oASS#nBtqzS?s z(y4M|$anbE`!3dN3@%7a4MvxJ^R#oW<6(ci^R0X8hEG&vSHaUrjT4_s%ll@*zzh0L z?Z;+RTrdBu6iF-Kb2>(Ba@0{?UW=B-tHU8t;mZ`ot`XHoZ8P(ndP2ftOs*oOM9p$Pb$8zDe)B()wP;E=OFNr%m~KlY?mB!ns;QaZ?hfC*WH=X zs2tyu)aYvM{LCq++hXM`@S`xe+2O?~exAY#CG7*#yJ_8B$W69!{N*Eoz)e2pKF zb;T6Iit}J0cr90+{st8E(u!a)iCo{k5f;ZLIK`x2pRQ6=_&ZNwDtQSUB}PZ2K!y2+ zw)G0Ar4;xqb%(enLb;Y7HF|pdwChj9;hH-|^R1sjZReqNfsm3AQ0=Pk&_Ac6Q=h~V zBfhJyXO6!9dLVbo_7UOx+D?KF4X;f`b}iwA?!FD3`M$OcPF5-0PEKum@|C6n{LOqU zjmeJl!I`7Frlu43W8-F;=2&8Q!TX)h%EyljtNVR6LOjBIn!N`aV?yg>+QVws0Ga^E z!`ERLaU~2hq#BS5zU(;ndXQxDy5Dph;f`Q*UjH;Gp`Lq z6!`YRL+-{R5YgbTo(%~rv|wflU~Z@~qYjRlJO-#yy-OkA`YdP{G*QY-%OR~loCPc$ zC#bZK4cMat|LVf=Z!sa*x+jEgOML1t5%)UjIdWWWXpS)ZIyy(9O$k}s$=@k;R!HOx z;eO+BFsVDhoImwJHM=|-JiEXY+B2-zkOhvbv4`Dx+|8uV*0m5OBl9RYXvV<(WE#+u zh6uow7=_I9O{k9!xRvLnJWoN#zCv81j<%1}-fRoyiB?Zc4PQoR z!W}Qkhq{nuM0S5ZJ#Qwe<3A;9_^VQi@{3$be?S0>I)za$iJclD8eP;16HL9xeZ`#6 za))HhO#=A^>SJ?H2Yyoeq}e{e$GQAf1#DlhEU6hx)}RTJF7x1Ad#u!C5??e7lCsb? z?7+d-OY`_*9L~)Vm!(w(88(r|pd)0b;p%iq1HleWE89#e3HvcjSwfFcNCk{Nt0M1A z_eh!#JruLrlKXREUm)?R+x%>mtXC#(S`prP8BrHfo(B_t(}Hc}-s)e-Eg&Ihg8w+P zwtNt3Pa9RoMld>`QTukm4Zp7Vdx6OV;sUD*pdQ+-yFtIo7ZLcxEy&Lqs2!A-t(6k3(`-)jO|FE zHRykT!shQDWrOS6zI!GG$8TIwG`F;~jo;Tf3F&_x!K35}&6{7tjMCj#50*Qu7b;_XjCqbHNVCA1z%whIlxUtU zu3=2rIAdV4!<=?{jJ=2%m zJ!*2)B;=^yPr?V|e%+JN#)QX&C+=((mj9Epvi#L_O^b8*LW(-oj zv`UYkH+x>@gKVDr*O`;tvQc$^y+%P3zt!k|_vP!?J`tUo_0?iQdiiRl8PwdJGIYZN6*G`ffQ#Lxh#lBH{f3R*>?1IpOk|# z;cYtwBDLqND;!f`r0{fm{97wVMS%2DZ9!r3|78KFVQ)joDV z-}DjpHb0@YOmLU`6=$}y)4Ps1<(s(IW@{;Z`|$B>+_=$@`pT^dUMFWvTFV;`={v++ zv)2RU5+2H*-vPh9U%UCrmUwf*+aFosVnrCtuzR-g#FuA(e&>37;3~<097l{=8}juE zwq(Db^gFO?hQBi3Y|>3^7gt`5<(yXi+!l|kW*$o}SsU=0#m+z2IZLKh=2mrbVd<@{ z4I_lav`7FB@>@CS@CVh4&q6g1IMV67bIfrWKcZVgJf22eZV;`n4XJdsy)B9_{x zB&lUW9}u#?2SyLMy-Yg--&i8Yy3QB zDL`=@xFN{QzDDVA-JPpF=~mg}^WgWcUaMR&zYnSrxi6<%x{oc1Q)N~L0G30&SKn!o z1J^D7RvTVmN(;CZn9bYKhDh!M^NstHH{a)o^7TRHZ4=asiWv_)3c7TIXo!%G1zPnu z)f7sI&(j8mB70o5NXGO_4_8$uyQM|E@H7D7Ib7DsyYPtX`+}2#5^o&K^JugTOL&f1 z5!uBw65*rG@;V;DdS&fnuWLVi>@q_43hMr0Wh|uX0n5zVrYFlaopUkDjbzoRpKcaJ z&ZCsB9}^pmJm`Kjh$HN#Y|H&9&H0XGZ%SB6sFH55#3ToDe_^2e|KDX7GWtu|<@;yZ zwE+n#yEuSLO%NBvmA{r<1}|mTZx;$SApb49(tAN=7Z=?&*!*F?%>Lavz|&1`tS!V% z5&jyi?n2I(cm7@pb9pVni1KUG_SYeft=IzN#e+$+rtz7R8tCn-9PTbHHkKHD{zXF; zt3mLx8|qRR^j5?k@_sg^%YLkl`?I4kz&o7lGXk;R(4w06VP{`n2kW-yc)J2}Ur8MN z(1_uB+l8}%vp}r5|Ef4#^;)##%xGxJAOA8(Yi9lGW6pEbn2c^`cg7ve!|nV@XB$ic zlH14j;X*HVmcW!?NBWU@S`9O_Y2b6Y)n=ov;hA|zME=`iMWmg9d35Od3CgR%%)&Ub z+w&a~NY3G6yfgZSUv{v%LKJ1Yj|%cUC9sYN@DKDOzJ@RAD25gFDhRq`NiOQK-&0z6 zft9sJ^@I;^u5qIO`tk%uSj0yvMjK3Uyr29XyzVwmT!5iugk#)2?WksNxeH#LM@sU< z3l2>6uCpF`Y&Y=9sU;g8W0i_AA9K=^SK?PG*|`WFnz#>*c)5D0Znm07DjMC_Gm-l< z)_v^}7*`$0;yHp3W4j~k98ppvG;QsnQ12WmhGA{r8qQryNqTal5IybvfJBhIEZmXQ z+&HOZtklFw&OsrwDc+>CPm?AYF;sHLEF`rXe1yz^`x?M7< zH%r(`WE$$DHrwpUT`7{sO}uZUj?tL@Pm0P6UnOFN zM0+s|_8R)m3TzHuIYn}GrwCXN>x|L3fgP$9r!pQiC%?B$9l8COB{kz!8Z1U5hxs1n zm$I>W7j*GrYQv9jqIZM{7oy$b1_omTx&mMpNZmTq0dKaA5s0lH)G2-;Q__UG;P4*(XX{XmDD2bh$Uknw_7pJBBsjqP5|lLlaKdg`8kWYi{AqKUwQ?xQJoM z8+@H2ZQtza**9=eRg=CHU|UCsCV;t?>Dn17birHzypICD$KTM=;8gvit*(Rg=e~jS zl#?4zZ3}uZ{rhwa`ZShrQY%|Ng9QLm-1#Jky1hs6H1T>Oi_v!p3lnk@(VtV{c`Uas z+e!_1=5opoezA(*tX&`C?U+E%e`J*tFH{@!E$kzqMm&PAl}d~gWL>AadP|B8?%WKc z*R%D6hNax7eTvkZYGaWchs&(=a5^qc)raa3_EkB+u-;r;yh#uIE8q4jVmLsdF6n7~ z&^b+nlW761$3?YR*1CI=Ea#sdiQTcz~E zyJG)>sSoTeL2*+Se%47GoRT(dZX9O*_u^yllo_nT=(fVwNG?_bOD0A1M+Nus;O7#U zE2O}^em8Lq2Ic&P6@kgXX>GXABHz3Z7uJY%p?nq<3l~;~1fGRDpN$?ZajvLHpTcDf ziEoNbh0{gVt~VzeYy(3LcGd%iJ4CK;Bca1&K6Aq-g!g)Xu zvwj2kQX8=B0?{93m&=pkOWC#h-?Hlm@UkCpp$aU!Jn@0AmWVC~&}X0SqLG*_W`-Fn z2DG1Nq)1a&%Y8WIYOed*1^*%0>gfT=-9TEoTtXUt@5^vOhf#Z2$pmh%b!#Kmh;!mH zjt}5nXb*WDR-{MRH>@vT$x#}6HLn~up-I-rwk*Y-(ka1(@Ey4B2a?WdkF>B*#-BdV zjU3Nbs^t4|sC4RL4tD#Tdc2G91*OV?rRq5r7ri~ED_^L^T~9)nWwE^2e2-Pz?t#P!}< z>pO}yH~mA_rEFTP9eF5JQUOH_Xg#bS^sl$i72J2sMv0CEL&}>sH%l&WGt35K+`(*< zg{B2_?YtstKAE1zH_VJ+*pv<53qP#w#&7@Vht;nQ%$OFmkef^kgsLrR6rSvWP5IKI9zw{im($cdiztVYGGVMsOPO%;L1yRRWRp z6xyoa#h|?(1-c*r&-ZEwbl)eqIwS{YV}xTy(=tU43rn zf5}G9^;14PWSu{#jTfE8@;C5dzKR$6VSmh}jwd_flM(+`FbkHk}^Pb z$b_61V@mJp63c)j-1@~-?D~GoKOPow%G>}k{BEwNBYx*ZmNug=XCu^j8|Q~JFf6$x@^7OygaOx{O_P`5Sl?C()WE)?5}8eml-wI67fQf+kg zZ_QH#j~~!@#tj1Di48__BBYFSV8ifI(o<^uM@AT-DC(K>&pj&k^TG4>>5^UN6YD5u zNzL3hS75M=(U)(SJI(3vei{rEU6?o(i(?A?f@HTt)3}GyxZ>JdjJLY$GC5TSBc7k; zD5E|2To(~QS8hq)t1NJw<3-5?sgDpZ3d5@XIh(SO+qCs~lj&A^UPm73-5^C4?mdwK zf37^N@F8T`67Op-L#EJA7E&fU-xn0wdU{!Xf} zn|5@r;3^L+yF_972>bwcvQ(p{SM5?C#hi5G?Fu|&*uUjoOMGUOhE)b^y&lU3A` zfkQyM?%|XZTh$__v~XBkX_oAcMI_iH*$n&ct`|8JPA@dgvaWkSK~@>lNv`lQ zUc7+)gb+D5Yie9{GX~1jNnl`-nkf#&*oJ%!U#q}jUOyDl^@bfvw;*;NSsSZUJ2e9cU2W(%Pk?dw?GUuU%Y`8=83(kf}f znn~=QyxY}MiCjeb{LoZc2WSl-S@_@KMcq7)RFL(0+QiCrzJc_WlRK6z#mlOT!@BP~ zhr>Dz`W_ZvBOF3Fm}2iKoe>0qaz&mtned)@pYoDRv@J-;TxAt2Znau?kP<^cE*M7` zAGgJ-@3XBImvZQY$R?I*Ns+q37;yKIEMMgR>+7xKs(haJ;X`+KN=SDrDM&~+0@B^x zNOy-)(w&lmbT`s1ty0pR2cC2A=j-{1@2`K%zq51AUNbxQ-n+9=tUuMmi1c#&vPbje z`S+RZixrX3d8v20N;wE$5Me9mUn^F{mlFMQC9g#Cv96qz>Ec*9;Tls6oFatt1=#-0QhF z{V>6k8p_j|o;%r~HF)RqSo3DDZ~LD}NPW>wmiK5cQB|QtwkzmvM@(L)shefH4JcyG zdA*C<-ZOaGr$B|#y7<9UlvfmfIQ0#C6Hj>dQ>0d;m* zgtUGhV>N)fhGzb&FWh8C!80+<7HWbY4X;(P;4MfDaf8ZS=HpHB8DD>O6K%JJw|FOX z(!00&g86;hxl}8IRopKAXL59uW%95dj@$!LCQdo@ZGC8mY7)$sWQ|xw;ffNo_2WW% zP83~m+$}>T!oFI>B!z}fb$dE)%?UGuEe@;ZECjbX!>Uq0Y*YEZ`<&V6vA=DYWIyRz z4;GbU7!BiVcesSzIt{T35M-Te+Rz zB}mY#0wV9{oE?S7r0?6(kG0W$tdfV~ZO3mMFjx%#T+->H0Jc?r+fa{8u&)WJVqGdIV zAwayj1fJF`(6s(zImLNcP9MEx9{~D~eE@EabV&E+*K(S6i~>jimC0avOb)0JpxHyI z{OE-HLCbG)jBSCI(*Rv)+^nD;z6v8xqk^kV1~tZbcJ9U`BjjW^Y|cilqx8fd+pCO= z?9XXMNk8k~;L(|hrJHN|$ZTJe`!(nc0O4gAwx}RYjnhKTHlK1Wh0E%bJp}vU$dgv}m(*>d*#2)rEF3xy-Y#YZWZ;ck9Ko+ZCz~HF z^$s2GP3$asKKFT+YQ9X#G-r>0s3fqx#dm1euo~%mr0%dC^dbF|PvHrIb*rObdjq61 zQuscLyrS_5y;{^x7Ay`kil#%o8=2?W9-y9GXpXC$#)2mWbC96vmDYW-O>Z#O`=t=~ z5}UrQ#ng`x%$hEp$)pas=lw9va9lV#`81X$;F%? zJw(Xd-=IW{7D=7g1@SxF9QvZ-&oL(V6@&{ZM(E8sSnEqEbP3yP>iKl^qv@U6 zn)p|tb>3U}7Fcz)8f))cj2l_?uOe)^*5uI%>?_{RfBNqEk!wh~=%rwim*`fm8=`JQ z^;XS|unUzOiEknLCA89e!(>ciC^YEVDadKcxco>{(>YtvLzL zCi3&7BlX1)Rpssx22Q1@*jrLKHiUU}P1f_QQ3K7whQ_UM2^3Wc;|>RipYN%M4S=ajoR-|1-g#u_ri+$%dug61`|#_WS5NMcz1nfIQDUMZA_ zY!FnumCvfDcgR`VIrdWIh0lr|ozbTOW;JLpUe-6EGtEYbdQ}Jb$V=$qQqxq1D$jyK zU0e+CuTX#c5bF4USI#HIpisxB2HoHWYf10>S7%kUOt6-PAOEQZ{~lj|5PVL_vtT8&O(m>1OED`S9(CqZ@^IxjZUU`>9kl^=}z^ES*s-pfG0d$8F1 z(G=bMw)h=6_`Qs!h27W$ZfLhwG=g`7H#l-QeC8f3U%}c(%Kq87!{WiKk6La#c=ZOv z&U-4PUtV?9h5JVv6%2i_jq}rg+8BuS+s61?aElTfouLeUcQ4Xnv8^4BBtBya*o=2(C57FZO)(%if;B8|Vi zV0k$ZK8=rOecPdQ$Kb`CkUA^}M*2eVpRKDcACS`i&7VMf5Yn*UNH-1P0ZpJ<3@neA zT!@cAE3lS|od47UY8ayjnvHh9p!JHbrcTZoTGZNU4MAOYG>_nvuA=Qd(cBBq%MCRB zL*|6a7hVI>P3z0tHHOq(mg#I*rOnVP*_WRbs=}S$;s^wZDfXjh$cKihDloZ5t6^yu zT3-k+#s?YD8?fYXEVd=1Viw!jQ?kj5JEQp8T>;Fy8qF}LWv}k2;(#10)BPd-@OtTI z>H$m6Udn@`6}BF1f@y3de%Tt}-EdoWXDCDc7E+jS5zCT-B{o{3%Hl48(Du$KrD zFPKdIuqgB>I-h^W`Q+uo7et}K7z=A1@k2&w%*KyJ?Xi<+;%IT-*6mTW6TfbJPMA9P zRF(K*B#)*7CtBhg7Q!HIu=To9V1LI`eS{814z=LURvm{wchQ_W<3NK`6CGYtHbA&( zVm0h?ti@nAyqVIlmZ z%@s!318E1j73 zn|ta`VSj##_&QO=tA-X#@Q@3Hi2whPkGrs`0K0NJqsXj_cF2FPT(6;f*ji_%)&hmjMcvkkkVNNP~mwg0=) z#C-pN67VQAGe9Uuz?CLN&#wT#AVK-ZFaMOg+fKNTzf!iTf+ zOe~0FVSNzzVBoUei8FU6p1{J7%H*kX|Xn@d1D_DJ+h(ti_lGnS4{}}4n`cwUKn0?OSKku6!2^n z4Vh>W*D;_b$mtmRSoY16$;UYKM*@pYLdOde-%>xcj=J?DN0BrqA0V!LmA>TZ~C za6UFMj^rOMN;b_)hXH{bqNao z;Hz9=q$GA}CVQJiS0zIMtHbOB&l#*hiD=}{>UAEd(^IO$SEX*VSkd%2VG&-fU;kGmY=w=qG80f zCX{&+H@VjHOM#Z}+t88Pv0KPOEye8Fu%HM8h@mB_)odcQlrot$Bzh$5O#hn361iFI znFz&K4li#jV|l8^2fqVb<2I$t-O7-TRq;|HY^m+Ssm*dJ{1uQxu+Z&bjEI3-~+Ls#0(oNPrmfEUK3kuuMwDiRUFFGXATkSO zTRGe=4}7tFe8|<$Tbr5lQLb;uJEs!T%|F0@f;&&mmEq$SSybbl*-u>&f2~~A^x9Ug z&NI$LW`ERY)B+3%oAIu$*-AX)bSWlR742EnL<)BGj@6&oF;#|*Q+*Pxs$QM)Qp6(p zPb8rh@z;6HSoaHg5cj?L@#-j>y=3iOnE~tfk3=rd?}hNwRzR5q4wdYUB%OzIUg ztz^;bUbTdya0f`+9H$XT(8WO>yHEL?OfwiI>Ud46>nCqcZQv^IjI`^?cQ$Z_u*Llu;NA)WEv~>6+=4b=A!_Deb(eoDe+U%hLI^hCgHwjw-#u{^GG!EqH~`j#f~8P!?HY7_yixXq*u^23yd{)r?*v6&iV_)-_R4~OYO4~_l=WZoFyiy7p}bA zSi32{3Tqd(Wims#k(BWyHX|k&by+>6fT|N>pN^w(U-+>&bZmdx=Wv=g-t8M=p0A`; znFJ99e;V$4b+nNpGWQc3K9zpU4Re41pAIYHWv;M9%Is+3(s3F3oSR`$&nsLT6gLW| z7L0h>b>XG4Y%YJCBKAN?y+L$zdS!m(48+kuk!mNHP5ipD@^v#v1tkhDG757|Hw9Gg zmG29{@>B9~(eS(+S9@dcNk3aT8?iTiKjkBxd?y&}P5PnUe30I|4EVO6B>bu> zc+pk7?T~IxtZEz3H;5cSF081o%P(3~ErCspztzoPfFuS}$I~oS-HHEmq`_HM23n|8 zhc4;!{mke`Q^bhcz7}dYnyU4T?Ts_n5dz!%Gsc6u0%GU}0fyCfatH&h^CbvM1?k(9 zJQlWQE5?>2lE@s*6CxVR)tOkn^>eiiX>i6oYX4`(ba=>^Tz_WFo3q~;GlUNSu+=?; z6LK;DvJ_qv6v{;)e;u1-t)=v#FS&sysH1ma8Ncl@w!_RLiHS#Ged4AITP1b?&9dQy zD6!UT6TSc;ny^t*NC74BU8%=uVC__rnM0C;3~K}T@CIVrhIYi50S9yNJ#jl;5?|=q zhbsmxSwqE=cQ4ZR+%&lPR7MdPr9uF8RjgO{gVN_lsS7VSnlxZ8^T= zQIQpXdPzdOb6MTgc`TYSjb9_XA*)`0q_wom&SA2kEJ>k@$cWd9s>Cnn9SnpH4z3KnDwa>llI#I)c_B#T~x^4WSkL=J6sfxi^CBNwGF{{Zn>{N-(F9HvwL?;a(~t2z zY+zaBOqV`8VD6YJ>80J2c4g>YBPVrH67@QH{zZU$9Bi`>#sH9#W+FrsP4XGkwCj9p zidVVh_4`gr)kEFS*{YL^wjxy&Ep6zkQ8({a940RdEgID>AYwQ;Fuo_bcX9=}>2uSw z2h9uXY!ioRba=>fop_P+3KHK52YCFXIP5?r`QdNzrD26W)NBoF#eHmI-iUd?!5%8x z=v8TqIvs;5ifzueQ5x0|{4yazID-LOl+ZW9J$;yZlP482+e-7ha~erPy^;VT0-sp% z;Shw4&EVQd?c|i&r5{uImgP390XkZ{@LbPMbEZxTTYwDRQ6*(j`95cSp}Fb|r=;H! zNEeZREc9g?ek*Q?c$*?rpE@))u0tT%lH~!Jp=WH5u>^Cb$XjyE5@8+4s4rVvrWQlN zC(ufVdFxdB>^6nNB{G`{<{O2EObyBknb-I3e%0X3#GCOGZ4}y6z*I~gjVh8xP7ST@ z3omP5&zRs+UL<@vc0L}o36(pDQp$?%MNikBj4X1?iEup!fa4b|atn%hbsZvxPiFeAdWFBsc4QdeLohiXekL>m)+j!a9GG+9$MwGXzE zHOqXyoU&0EXW3!P7`%?9ivO6RWTjJZbiuq&yNN)w!MGGMxI7E7E*&~ZvNDy~9b=_J z1S5x7gbz7+6-kT2JcJ2|aT%~0O?mh613i+7D8Bjl3vY<0+Zj(hO_Ilu9TgQVSS_5z zG;w%xA$zoEP^oxI@RrumifvQ_^Tp2+zE#$i?V)h11S%Q&{D6v_tHJGhqoOH6f%^i#hwtlKkPDkm-N~panGoZ?t)5CMApq=K&~3o8`=-oy)mKsJANeX zg!IRgE20;rxC7`Miqa)|Ch0Wr4Fa5=XfflCUFU@P8pj(Bue7jGUJRzHf1a?SfaU8P z&_c=H?q|UWJL5s8bi|4WXH43Te^#oM;IE0h*i!O@yKG+}EB&r7Q%k!(N?@z=c)nS<7uMaqDdnZ!^W z$f4L4)J^IX1-2k$+k3T zZ?4(h-dIa~7r&4e>eeXnMuu-xk|X1nWSk!P&KVNcN?7)4B3PrYYPckcvf%aQ3xnlq zi{v+lAKH~|GfSVjQ+poBTf^c&;w-cp3+jJxGg0z9Ro{+o*%ZgVv?-o`TV}l2n-z;L z=2gP-9>~`EeAhJ=63+kjLk>Q{*lW>{CD!3|k|&}L)Jo<|LnH1zPoxL7!m+rY@<4~S zM1vaboGUJ=>RdtEbhnvwo}q^pBY%t6Kl*^$vFUw2a6tK8JNKZt!inw!SA=AKLc{+1 z=7r!1EGgvPixRYECf*RL=SjnPMJcyR*@G`nkAoblxVRUGR2uKfN^m#{MvxLP_aNc= z*LGSzS?HU&bz@%&e$;##?ptF_JxF+J(Ar$jSVUxRI33()OKuWd;qz$|a`a%*A~rNr zeg}2VXktvNgx@(t`lZ%t9Diy2MRgkqGigVdAI1bJ-5~9Y7{BWBk#a7nv@IigAMH^w z*9^f_w@*T)t)Qbw>^xI>g)%!q(?Y0eF(+;2BSZ~B-{lN#lC`EgBFHfCl9mIxriNdJE^XWCJwS%I%__LLYJYk+JuE%5b`>fbCF-AEM+xC-l|m$jn_N9Kb);XyH8^43UnLG$G%lU$8<) z%H6KmhGwbwkaf{#0d)u&-)S>WUdA|>@ZJ_R+M(r(`lK!ug+#Aru2`X???x!n}fcNR@ez zbIxf)B4Mb-4Ixjq@gbgmvb>3>d)VmyZG0B{))6P$J2c%vVO|ZNBCoU*QcJUX%Xn-& zT7VQ}8X$orLdGrJ%FsgR&oXhHILhX67P=mgHY<&A&lU6|pAybId2Q3ut#-R8Jk zGRh8RljN1p3ZvJqi4+5qsKardXY0!a1=yXEYe0Qzd}!t#DkbDe!oq-nGM+)r>~KXfSCNQY5@^Tk=Zqah zWgt~cMToZ>R_Jg;?BIFi_oo-02T)x0C33}!XYt{Hj1=prj`N4%ijC#jPeZD?Xwe)`7LvMt=H{9>>ECf?~S zo~Z+Q&1VwYpXVHfuVSy_vr>i7%_!bgZZ`C{J@2mX3Q1f>rBlBaJu@(J`LwrMAmV7U z9@=;#pXTWvGi2Grc;T+AAM}MT54Y+K%7j}85v3Hp_#4t%6{Y~5)6KQAd|qGus3iUI zswT>>{EGJ1oY=GnkWg*g2EP0q6qtgrbV$Tz*eZ)s*sIE?v%dWSJ*|>?P&dUzo!MePXa{XqCfhZ(_z20S~6@M>uDzX)%R3;mDHPi&e8Esq}C_SDva8U57tnwQc^pU3>_BI59DV%rjTMk#zvIXYbmFHy5K%gqa%27j znR?lKh}=%voY*A^axaBOMJ~r`m@D{q+@Z95>ggM5m|WV&3f5QB)^B=<6AU2S@(k5F z=B!RQ3tr~eY)nIu7(0Xy9yHBN3p2dmo80>ZfNVldKcpw&0)!e(L6Ny|&u3*!)&>7q zV~`ru!{~o;(203`%3UCmy0^%mcB!(9r?rr`bN`dp_VnpkhbY5|P0>>khMDw=K;?jd zYV4&a5)s{4=QS*;7;#=+6CV{{I|zyFYG!a7h1g`gxDH?SR1##VzT1&lAld1`mvmQB zLAw8jVMoJd+WegVNFt!j!Eci==*r-!gOMHcoh^5^eN^v}nbMxH8KsMiJ72!8TbC!scc_`B(GnDzu80t}tC0soT7H4H_ZH zO*yaBQYJ{`HE;AK@|04-3EFL$v$!4zeT`-xj<4-JB8-)(Rx_rk8=IHo+i30We0Sj@ z`hHK(Z6PV{JvN2P=nI=*p~PM(d-KF#V<)Fo04J8PKfsM&$+{i_E~A_^%A(NKW4RK{ z+z4&dx6p?VtI{lPOcN6m7pgNxrWkV0J~G`>Y_1;S?~Iv_Qrd5p&g` zx*U*gkeg95Hj5c5j$uLWG}@6II8 zZZru6PaI-xco;WVK)5viutQC$zsg?oixva(=;VW$0x|IzG>P)K>X~SMwZ1|unt7Wm zI{1#pDc)6~E^ca^sd{}h9=%S8Vi}RLcU!2h8HE7;+(g)~iLICf?^k-K!{-QPqN3Cy ztl=;hqOqfL+?|oX#x-K_LHivGRzHyLacczf7+|F9v@`P`y5JZE`55PiFi%#PK7J)qimA`$%K8 z$LUMvyF}de)-;t9vE;epdA#Ris*Y4R>345vdZEdX6kymbVESyd@P#{8&K4aCaOg-= zb?fI%^tioe*#x%7+^Sq-W;54RGL&KcJ(U-tA_P7O@V5VK@>p-Lj|Mff+qZFXbeo*f zi|z8ttpN;W*PC8$lGp?xs*3Z3D>nEZ7y*1ysYQtw2j<~ABE5>kf*1`E!O4#CJ2apG zv?hb)aXx`e2D&_~%OC$-my!8@=M!SkQ#S4Xb~B($#fCKp?~el8;hB zt(l3b3fHT*d81%+Z`x{I52)gjzVR`tckI3^s2=Y}X?cMXrQe#>w`#m*l7c8cuN1i$ zIh~!#mv>FVG2A^MMdxvSn4&Oos9TYiW)s(g3oIK0fvl~C;2tdD}cXmpt zn-Sp?j}!T*sd7)f_HKVzdht3W6)s_FE;l}1!MMu6qF>Eci{JcQ&FWfs`b;DD(0!P~!p9=QFzU2|narXenPl`QJkbauVt1 zu}SkE?|L;pap$hwXG1zD>8#G*j#BCgB55~&f7(k**MmizqbV4h5BKS66e$Xp6w=`+ z@5K$=_{T|k#``TA<;p_`RgMs`5n@*Iw&O27(FBV4Z)R2f0x#kVt*b^;edZO}%TN{zT2y$y96|~ukDQE# z%Iu25<|Glm8i{JI&Bb+0ibAkE9dlJQ!V-r7BN?(ksBMtpl<4|E@`~)gKmD{zo_eR8p%{y%di>;vu@yg$aDt1Vhh-gffe^atLlvex?9pcir2 zCbjm(*!ptp@P-U6(aUJIdriLD7@~(>LfXB@3Ti ze^0y`jrUUz>#||nBdPYJ%%a+6M^4f|#Jt9(ouxTmx5(wmIuGl%V^v&;<`%X@A%<{F zG=I#|;L^vaV_s8y$~ zo(m(rK+*%oc@T{`;kFcy2GZqxLbbiyl0tT9n}a6k5Blz0`3jp(!?$T=hDGLM!x_fHtZDsh%{e~G=vz;osg2mVhv!aA1Esae*4$My8(%b!4}57P zU6W6KmA^HS|K_@a&|7nJtGS~pBPKyt;Zn@2R*xYy6q#n~Jpwj_m~-UXEq-t%@4mQ4 zhWJ~)X17DhozpA^{FZPcU5^Tfj3cZ}n#OM@FLFYA1-}bNy)7hdki-H7@Te&BDbCpE`_`PlBP$YtscY-v3zjrRC0~Z@BIG(jjR)ai%%6>t<@bg|g|uf3n%G9Iu>P>V zgxEnMoGsPo2Qu>>QCRnvY_&0`&WqHX_6(VL!oF@Bvm1jJggvXHWZ5c;Q1}|Md~}1j zsaD6hsz(rg!a<)ra3}h_@3lzDr``8BXv_)F_B227pp*|jHGW09y-umL+SKzttayH9dxmAtP>@Nddra=B!cMfb@7#2ZT=ne4r`}hBIob>N>I{Xm4 zeSZdTkO1KcRv&oThGP1aPUH090I47VVEL=-XB76vgBHpE)B-wfMg;lgu@^ zN5~Y|Anu8_lFefR9J}Tj@MrAr7He2^R>{ql?+Q+8#_JSJwqb3k|3De$9ucUPcH}Oi z=9fbCI6s9o$#hX-Q|@+rLDehDY6w%Fr5ICo*ZUOqx*WoW?K#WQPZu!YerE&#s6>8{ zzf5(*0iBC^0XseU$kdz%z#vm^U;%(Fg$g^H>>!(EbcQt(SfL;>D|&SS^Hl#E9u&d? zdx6F^wXM2l)3KU+RT#g})(U}wofap%pBKXs;XkU5*Yt^YQ52T1i#|*=`VOTpm;0Mr3Q0tOA_yB;{vy*$pw|PL zZvM<`|4$44oq7)lTRRauMKg~K9Ym`@w7-hS3E8(fyx}xNm-Mp~u$f*+NdI!);)Cs8=HC zsdzHag)$nHoV|kAczO_&kq)BJ(7tAn{{MXo#`ihXzwc%;m-O zN2Z@_XHf3@M$Co`cNxKBPs525^Tl)3HRfL#WHi#WzrQOA2)OW{%$4!Id6xEFLID{! zFwc-lK6G8B9BkFs_GV*Ozl<|$ zLHyVAmi`ZpzyD7y_&|Ci&^~B8=A?+SJrbb4$1wyQaJ=B14Yuy2?_VdE2}!}A$6X$Q z9s{|~1mwDY2uc9pD@aT5^}k$4^spk0*8Qgz{QG`g(6y0n43c1T$XESYcl9Jo(ec${ zV6_uKXn+-nXkht^Z92e!2hd+1fi?lTZVkjX0{;&n(Ad)*4JscWTFmN&(%dt!^eWho^FH%EJFbv0W57W0 z*r0Pv-|#uXuuueG$Usg>`#m<*SJ2o2MPE9LHpyR!Pxgs*cLV^@lAhB=#{z;62qz&9 z+@uV)b#f(K3&V20Tx>S=U8ME*5@lTUpI~P=>CJy29pcwKzIhS46S86$hWU|zf-9)E z0Ef}qEiF}3W9cq9rzCcq&J{o6eUpOqv=B1&I_+A9#>aDOxDwUm)loYS$fDubh$jFd zVI&dESF>s6o}y<(sLBW9FQtupFrzQx;subt#^>G^>q(Qb-Jl%V#PSkP8t)Y=;}r}~ z^$w0V$YBOo1PHFgFfEPP36_=&nz1{&6&;q~Cc89f3|pqw%jzC9Q+ey6=`g)fqtm85 zhd#i~*Sn!Pk{3{={ni~4tlg+}=U#dlx=r7{SyvxXcDv}}5s7J=;NVwY0PQ^QgHWYp zMHxvg_3AWSu+T29eCz8wJvg4>!*HLc2-6L(x0yPNSd95+9j_L)r_lYCzpmE_7NB-7 zu{M!NF~qA{TNz+`=dOpBv-kUnCl+zE)=5t2&ON(_QD`ZeMhcgVHZ>`Pn5O#X zWxzt=O%mmN*ugaJHh@yLJ=D2)x0<`m*A1hhn@WMmk#bCOABl+(cYOr&j2uT3Xrg}R zV4Ytkm`j#xPUR7zZxP|vm=0VP8U0V^-ilstxT%8@?omQX1HcDX$b7sGpF2?q*t47H~|-em%vA11w|&uXcg zbK|X5mGTyW^jU@JIsS8b>)Z6tbe-FM!_fVTowTA0PqLk5zjbpK6PhjfF~5Qz(CbvZ zDG}RxyQyM37WHw#p%0kE5x_sh*%%LHPxmG;G z+C?o^W*CZbmb(&}V`YOcc3+eT3c{GjebrHA!O@P|{69(huacS=lwM!Jj$%GaU~7aY z_@ba%ZtRZXR~md7j`Xh&gP@0e_2?TFU-Wm*C>96h3|=U9__|OXHt5m?s@+NrmRoU- z&*Byzya3m;*pjMbBrSLMr2?V0Bo0!Y`{B%5L$i19FJPV*&jgE~ z`Fj|pbON=h7wo$`^xCO z&-PiN#aQwkSa!f?#a4N!eOxeXDD8TZg@`{JpizI&O|~C3a5e31${@rcuvnW+RIaQ* zA4{=+GIP)`QVlxj9v8=}l2?-r?w=>1SI1jm7UPJaS-{Y{r!x{iZr^?K)L8`2C-o|D zMc{bk5XO1)J;s#$PR{jaZ`m?c&wr=C3b{Rudm8kHTxg90>y?Fq4GYkA>mtI3sbm zQoB;&mn?iJj3Rq5ygMt>GN7odU6?l*(v6)Ui{*gz$k*rM08Wo#BVnA@3c0z)%+)NzV`?ctNsJh;&MKU@gDdNz5T@ymsY z`7r-_up|7z_OnMW1ls1q%=YSqqlGOlAW{ zKA3#>r^!U1YdF75K0kUe83AN6xi8qLAkF`|6Z>~oe)nJ$#D5rt2{Nkl+VYoCPKE!o z+wixR4`3}{uK!aD21tv=FD?DP|MQsp-yb7UU}#makDy_KpnU^ literal 0 HcmV?d00001 From c268898e046008699602b5480e59e7d844308aeb Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sat, 14 Feb 2015 14:01:46 -0800 Subject: [PATCH 014/121] Add btest for FreeRDP pcap sample (NLA authentication) https://github.com/FreeRDP/FreeRDP/wiki/Network-Level-Authentication --- .../btest/Traces/rdp/nla_win7_win2k8r2.pcap | Bin 0 -> 134982 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap diff --git a/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap b/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3a6a2999eba4fa36f1655a95464494db44c8bede GIT binary patch literal 134982 zcmeEubyQVr_wL@5bVy2<(%qc`(jXnuAl)e`A)V47(v7rqN_Tg+bce*`GXSO@~VVE}-ZJYYA-;#$~|_>_&t?!ZXi5X1n#2><{B3c3;q z2?+}XLP3BLxm12ae8l<-7mSER2S$9m{fGuaMdE8=PY%j42ch13KP3i4`TaMdAqbHj zU&tFPu)Sv)HAOx`e7m6x@)gMrBKqyxL03-mwK)nq5 zbpSxb+S=UIh@05b-ogH@p8Z=sAypx%mm+eauaMw@Ab8M^K86=v7Ye`&`WkHi3G6?? zphTj7494j%!LU#^8m9wOKc)oz+T#TdEEWjs73dS#{tJr-iQy4z>9<%Q0e#;e1)w7j z0{~B10T4h~00amK4E##+$)DnD4F>+T2FB??@%8#oe7}KEU_#&kUqFap`>*(>6WII# z1w_vuRDf8JK!5|NFl``#GOEZO!O0%XZ)RW@L(3}{<@W+{B#ErL$XX{dMRWRD0RS8T z1Aq+x4S;V!Z^3ARYk>za12_Tb04NXu1Bk*?04e~0#Kgr+&&1A2&qU9}#t8apXmH&F z0Pp}902BZl1cCsH1OQC`CJYV`1xg#(evK}qFA^h|zERvS(e(mlDn}kfpF;AHKBNjL zrec55pWk`GqAQU{ML1hDNaRZdOc@7b0Y(5LsKgg zdOe4?^ad`BgxE+-OpMG-%*;$I94u@a*htKe9~mDnjsI($_dwErQvgB(Am0N~03gQj z5buFNzz^k4zu^OJn1%YLfC_;dzmLP>_p+|Cs#ZF|R6fa<8kLIldy4sc z23GkfITykN^&y|fFUw($u{{I6ifA+`AtW1qW-r+xO_iq;n6iS$a z)qk3Bd*tAJT(rwiSl-+o)kd0SPVvKS&(YM;ZB5hCCuLz$@91qOV{H~9HeM@P?t1O% z$pZCJzISslb*K+AR;t=ba~00k=gTWgvTbsU#yWvb>&W)FT%U>AC!dT^G?t+G6llIn zwAH+;Ki3g@HT#l4bu9y$3E#2WegSIh-F_!Gpz*7(z39mu5A{Y^)iZ-->RikM;kC?( z#p8GgP!fTepqwxwfU-h>0tE#L0maCO4*u{Q3Xu^W29^c}l({F6z<fdF?A zM2&hxJDj$9PU4*4^F&RxU{M9#eZlu+zVG)H+)ZnH=h?z~hFwVp8c(GJyj8o|$R1*; zM}c|OjPgd`%#>eDPG#Y+I)$Zb*(aVg2rR7;G~#*Tdz3QBS4wb7!Edwq7Hlvo^tI_3 zeJJsF7C#^9-wX2fM-JJ2&hY$(jZHqSk=-uy;$X94JCVIVP}JXrVg9am!8}}WOU;mM zQTS8cIUp>XLwQr32cIT>Ch3z z;G8pD7*;>BmFS>s_7zh{RS|*x7DuONr0OFBl#a9K5S*hL?PLzLf?dbQ#Y+~*p!Et~ zptX^30C&*x1>3Lv1!zTJ``iAKlN^*kD~|)X3qW~XpgE&2&r^HP@S~W9c%jsZ&hhu#bb0?ZwNm+joh1fc(0Qd zOLr_Nc>>9U<>uyni;RFDGa~B#s&idoo`Nr8yz$`~Ljn$t9Q0x?4LJDgAD9_Ufw}JK zl-$gWo)9=bF*g&#d5e0(TBLBbQ@8{BxkS~ZqdB-wh&{qPJ5)$Jz4J>lH@^ak91N7> zLR|$7_8aOfBgFdz=n(JyZp+3#xy8QG4|9jHJgv&pK#72epu+&yBoN$i8Sh8w2$%KJ zb-z@-ZxPEl@U^6K+d=hhsz38m(!T-_!OxNA9^>*Lus^{(pYQb)D*)%hE)@=73(5=F zer=Wj10*JJF5XuC+${5Fm5nC$K)JY=0p;Rf1R}odE6K0ZXIYk>YGw$z^b#;~5tv$~ zMot-R+^kD0^$|i(y0S8fg+@oAFeVVw*MJGUJb(j)fSiNv*J1#85ZL{$7$)|Tg9=Td^fL{+}71Seg+pnX`^~^9z(I3V`LQv7 zQ25xEXa#Q@X^;r`B!keZw^yL$%u>2#a(X&UMP_M{?3+kL*M4_l=9XbhJ>#gVIpksC zo0caXXZFG(K>IeUIWti7xrvYhef|TpxGx?eDwkaI(Aj&JA@0MH{Fz1fr|z+Ma8t$v z5~i{@bw3nX>yPq}sJO%+hYXtF3zXLjKWw}j9ZW0rkCUU=rMi8R+I&F)5f#gn;Sg;q z&OktfIIMdO$IB`b(Iq6(8vL?2J(Nf~Yc^BSF!^aEkYq5Ro8#yc+1SO8NThI$)ft)7 zt+OMF&h>y;dM8(^fKy{hN!B}^Jl8`%V#GcvZyIu6w(sPFguvPhWd}=1ZXfY*tO{^y zd@11pbD;elY`<0w3cz0sG*7Uu;PK-vYt?$D4NiERjderY@F)oBsm3&*6Q2nAd90= zoXJx8`Oq6g(>0dPxejgEd5ID^nf2H@2(JBTQ(~QpI)_l{4fUzUWI0QXK=W{vmY4od zt@x6}-i|lZy?SxJw#FRX2w(_CV=SbuKzf@zLlI~(TQu=15CUp>g?sB>SmRDFKB$xg ztE8<;#jMiI6*tXDYO_#~06~kf%_4U3HGh_XH~x#~1}A+sBL$yeI|7JWMVfHA(5c%7 zF3bEU>x@Q~tFqg$m)8TZf%`aX8CZ*`F&KFD?j+I$rE4vRf@7-e>>VB??K_ z?{w}imJjSh++9e?CiLi@VjpU2^uX2PrX;_vXv~wDxgUGoLUPSUBu;_fIIy|>&KYh# z0{i}lCDdiz@ zp%4X{|LM$n+QHC9Ba@_Ch^&`+w87Bs`U={UezYhD!6eC7-slgl+p;ekB44z_{N_n}5P))a?QQ{ zwL;gI8z(}u&fKMLO)EKzP$f7Tg=v?H@OA>;5WU+rE#)$97a17wWzrcI;R)^*3EE4# zbSx0;^4=reXo3*PLLKPiPa2D2(+C*uib*K^k*B42i1&z{hP~jzTasTc?obCmci}=a zWuuu*@R?>4ys25RB|m(F0p_a`numqobk%V|!%Bsjohx^sw?+uK*MAL_@$po7ete z8?Jn4d`H*WF~5!MGl-z0MUKv3;t(27)Q3(cnw2R%2>v`s!Vy@>JD;R7L2=YNDlD%J z@!ezGVmVjkXZ%6&H%)y}+MFc#6xmB-tSOou)-8kEGTYIRUui=Z1W7H$F7HLQXgGH- zKGp#~BT_3qrrCrM{!d3&hu?Mdna$*&qGoxtzeWS#1dA~Lu~^t1i)HWU1Q#`fie(F2 zEE{{twnBh?mzVWB@W zIRBR076>sx9`)u3Jd^=*GD=7O(@@6c4=6Ywl>hgk4A`kmA@ZMk1LtEPc76#&0u8nt z7MMD63^>5x3yh@z!urEdhU*b);zk8`u| z-{X|60h-PIZS6xsfdTJ@TR>8M(0MIUZ4Z}ig=He#|KD*6nEpjA@}I^j++g}fp})kX z5ESDG5PfI!jbFzpTZ$E-K2N0IkKVTW^CrDwc*x3COAd=DlSjHip(EZ0-O#mte*fy* zil4SMAtP)gVM4BSL3kJ37kwup@>r?=9jE;7IOTuGDgTU9zzdYO0r^kk6t~~@mxvM* z1{isq%lE&GQ@CsLk4y@oJtK>0ZLJ};mu03?zQLnII6tUQqUbG9(;w-iO9Nb#3ZQtVaHY6vFG40cJ<*0iNydfHyZ zT4dy6hV#c<^dSFfoWk?Ci4^|aEE!;Eu;nM@ajuz^K-=)Y2zbm>OGKSEmcH^vt>~Hx z_Qf$|G0@OW#^s`+zk0?Q8)at}Ict|MHYte3GwarUrUWKn(}(=0amu^j6@&Z)s2D&q zi%ao;#wmJqr)$B~^;#E8lCmq!Bb z^AOQA#%XGGYb~#7J8r(dRI`=-K}|plDl3_m<{9RP(aq1*a&Fs{?l5V11SFJ3kq?y~+F`3SBl#6tqScpzU$0J;-Wk0t&f>BW{!07lVSgmId(I-%pxDOL@!DUUN7T z-q*-{OtLih@vuc%Ume(ml!(|OhB)Db9gbs##KnBEMcBX!hwsUe-2X(nEMY<|DL9=; zg^u9cbz=laK(dXF?-KXR@j9GlUUoMpacx*PwzDI@QQ|q~njjOy4V3Rr-M`v4dL8NmM{f$9)#&hjz4)8` z2%~fQ`({NgmGTX0fJIAtLi`54;MYC}-kWPDv}7o*8i$kX8Zy%|Dmb^(Eo(WrZ(H}G z;z`P)wZM@2Fsmop);AmwT_t0-$7FUwjxB46Im3cn&S_Kyiiwx}h_*QbrMUSB&AD}MNEkEmy*%-F3)OnmKWJ;lRFH2f#jr9(=}vimXW|}NAbN) zNSMzTlt2FxL-Pjr?YouW1PNn=4DvHx>KPj*7T_k__;sGLTdwpr!~=zD%F8rLD-F1= z4C?BgocX6}jh&;+G$V3xz0|Osa1VFTwF0t117SA%rrVY=k|LubB7=Q=>E_XMw&Nc# z^%i%htJ6o9Y3s(>AV1}(R^5OeYIvf9;lX3*XzTS6Ptw_eE}?n0efUBdIR` z=Rw&XiKG!jn4Nj5*4-h!L&X5xjA($b%4n!toqLf@@g?JB+ksjW+9*FAxh?U;95hWN z#LcvFl>>sTsXC>8%3R2UJ&<| zVKanidR=fR@z@{c<4&?YH#th|F%cmIF!Y7m6V$Cqda=1 z!WI=f+G2&RN7me^+)<|l|FzWz&eu(;AL={Bc%jEak%@Hbj~$)= zv7?9o77KJ_TB!TGqdVr>n%jp8K^m711K4avQZjA{i3fZYOnXs$CQbEeX|RvX!^&~E zuiS(;_=#n@47X61Ls#JevB^8T3E#Q<^xlxq zTQLQqWp7y|eb{v0!P2D>6V7>EkYIImw&X%-$~h|0FUz(QdJdBSWt3@v0$SXQW6_mC zxYO*4|UloYCXKC%0jNCgPDSI(mZNk}D zvgOS}`Gi!q{q1wJGo9=hQ!|{aRWhj&+`ZXSN-Xvwi3Y^2>cC4Ys*x1_m@Asr&{F1i zP%G`M^C-HTP1`n`BbIbxM7%9P%%)@XF>_;$f+OYo$OGl+n zFSGWd7b&+gjqYkO`*i`2mV-?aAFh-%VL;Bn#(p+;e@>o(*tV?Y76VBxbKX7;?1*~< z0krCiu{UVqj`~C`vgdN%pZUeyOTV3;94U9#1JuG-okDsg@k7qM$mew35=(z{zT3it zFd@*TD;4IGp4|3uj<7(9US=R7DUypjLU&P?#TCm$5vKJN-W=30u_(SRdKLTfMKO(M zH%it7>KO#OjYk{cq}Cx2Q3W1YO_om3ETNBD=U}l`TD&xw&;BK(aPAANm<(MY>-!yM zw-m*wHHqPCRcewmdWyMS{P(^c-fLO}@hIpWQbe5y0*0yd|@Nixo63O5jhGI|`F4Db8lXV#}B(n(WE?ks)M&bL=a`4nfr633D{%bwYHHn?n60m#A zMlsTEJk2{p{s>{ZpbDc|IUWI??4Yjbq(9j~qq<5~;_JtFd4XWk*!Lmw-zV=s6yq?6 z1(mhV?Gb~+M7f9zFbBy3+pjAKpiSWQyA`DRs>FoZ8`LZ`{qFyg#+U_hO;6-(AHN`M zB;2K4oY=xw!;7B_h_t7c*d6p>V~{&}A@-3}HMhP7vNmvnMGovb4&+)B)ncvAO+*+)jb<2#~H^PD%b>#YxN16G0{LIBt`$Lde6 ze^#lDB=V>-{}+|npomR_4wGAf-~O%(&;wC#5qNcQjDvWHFx1^O=@%_7EG!06d)FycUTh-Gb)u4AoZh-%&{+h!+AXXTg zyO}3Sx%*Z7Y8f77tD2F$H<0tZmMPZY3_($sparrL?r>LQD+%?)7VO$^{g0|eA64i5 zqI#AFTMY@Mx*V(KZ`IDw+)N5yBJka?lRZ9YFf2NYI$7Op6)kb%>M+J_&;#iL7`2!d zPo8-!1Ey-KqJzM$+kSTat7_lhsa8WOF=0UgjSu?&QO)H4HW~h_vX_q2X?0A^M{SSX zZuyJw5{uQFZL5wXaAzw6{NZdq#8Ya|8LcvaiJXrSjH;=JH60&g&qNYIyCWRsuOFJ zi$K4cPE2gw+i2i`!C)R0F1IP1r$`If_1Mp@e^njuTh&D%)g>U+bpNP6ev$*Ia{clp zrvj5(javk6X)a@aM9IOyoHRO*!}mh&E<|m)roC#?t=o6*)1_)U*!AVXA5}{{s?PdF zbqPrIiagH6;y~};s#7Xk6t$=^`M(n@PBuDRY9px_)L<{rm8?n_Zau#i+7ZDRaeyI+ zt*B;#fD2Mde+G6Pj*J4>1&zMI_UkSOTp;-HTh%Kd)oY;9*HwV$qibL(@*%0S?%3C% z(P0$UP@pQqhdhl+ftsD(2pbvBph`C}I#Clo(>ScPN+KKoa6wuLGcq`9xxD44JSKts zFw@zm_AXn%9m^#B*NRUd;BBCemI`Z&W$zOR`Sj%(kZ$TkJ$alWD)XWX3Ig!7?s*6M z0+ryKHi63RYZV{X<-`;?xx;s|>&nUQ>wTU5OVyCuS8?uTKNc3uIbE}I+i%pyzI>1t z3!ra+D!e^JUVVvXpcgUe?I1^N=G*<{6_-_&6yKPb_l$(UW)>P(z!Ac?uX~a{Hi<$& z{gIKfO8e=D@F*yPqNkn|vI{y_X^OX4E|IHov}2ASq!S^9YoD zC3dI*gG5qtO8gui*?i{d6-oj;lo?qqx@%Hj;(d+I!ZVcz#Qjjf#B*I!#Z$6^cs#3A z2#2+MpLyXe`JTBvY4w$d?O}F`>+mVmm2?ig&QoYVPzRVD|>+GYj zMd!LzI{Tr$VOt*Xf}29g)Gr~ZPI)vzzM2IdCU&v7_bHlwzTUbrIfVRcQ>IXf7njo~ zn~;t zGq&O{)+XaK6T3)Wre6{iWm9vOmESQ>8|0PVONP(V(p$YjuwA1aSIWQzDBil=6)Q2% z4~N9+02!M|q@DU%R?&(d1b-wgUF!DO$o6e+e2jX%9@lAi{V{p|AZP*|!&w~Xgjwdv zIA%syJ`+d5PRR?wdp}m7ljkuynw(RL0ALYVa8oxcWtJSb`jLY|o4d-!o7c4FqV%)T zT-*MgnaLYktS{dKKC>J*0OuphvTUw1NBJTXF0MM*S_of$S*ouA=#=WMq?zzUis4A~ ztYUpgXjub_5BYHoL5~*K8P#P*dZ+o@^#EyXo8du5_&~PwhNvE`EY)}#HgM^Q5ugC- zK^+Hd|J8Mh2?BrDbu{8iOxSTi4X-`muM-QRcNjM>pEm_#4! z1f~n8Gwtd(bXD&QRvfq9GwsS^K;FFI5=mXB!HX%oHLJz*>DB#Uyw!5PV5$@Q27AeP zBPeca)U`Ii2emfi3VxHX-^%WNEW{p3mVuk9)N-FlE^ zq%x)M!FbhaXwQBhQiru)P12^)@00W5vR4L2rlfNjIrodsgV~sLpU-oR*Av94c4(R* zXG_%=^(i!>4IOy|$x}V}z9joGPcwRq+paUK-D)35kv^!%^8&>>@ai4d_@LpuSbms8 z1RGPLywjyRd|r-KZI&Y()Azy)Pd}`HA)EH-twdo`ag6PDiF=@5-W#cM8kvzyMJM!{ z-8WODL3S;0t)jJzOG`iWi5jF(&?;+YThh)}FJNi(U?=H!@e;bO^I-DwzAaicH>SIS zQyD{q0(b{HeSq!PE&{Mbl6>5|qJQop>^L;oT6mys(_E9|uf0of6;dwig-^)mmXq%Q zAFi>uat>V<8Lrof!4uxcp6oIDTrx}jKbVPK>9fKqhcmmrLuLo0x}-X;2SIpARBDM!8PTbQ20L|FCa>x& z* zG?7%sY-1_dF)^q7WAXkPV&SI!8G=dEz%DA=Z;elL-og81!OE*7(A=IxlsNIo1;i-+)WQ395Nar~W!bv3yoOnUon&@4ToO8Q|k ztGKY1^|{^T#Rm;W>=q|Zm!)XWBvNyO0^F~-=xb#5)9e>YqzHwuG%k)O8ANtEDIRRK zb47!y9UHZaN+H(mEv08CZAp<}%~oIg$~HN8Tsc#KOG5)x8h?0`DCl<$M+>jSgp>I{ zZxVq~4neQ%C4+WLu>IP$Ai@ZO|9}G8F+b4%wPWf=mpcgf2gISpZ;ZVb8bS8eyA)a= z$D?+=qAN`d_jX9YFK>1fhZ*pyd#3~c{Jy1-(3EG-P7pO7Q$Hk%A2x1^LSxaO$>yU^ zggEX{?{YItKPQ=bo?vu~@xWao-GwC1d7|Zv*|lp?8-ii%i%JGif;^a=t4q!=X9l>C?pVY}$vgl}=!-O~puw#~CWofmvQYSypA_K30| zFa*CvPMF;C=(aTco?6K?;cqkIn?)yml5v@z$mbGS1A%68UR=THv1D80_X-~=P)%Q= zm(%J8QXMC%YNUGolW1V0S7tDm-yvUmV0;_p{ppL=(q|kAZ>*CsDyB)}t+#SwFUO0T zS8;_i__fR0a-r(D7_jCx){dy2VU4!6mc5NzPqy{Vr>Y$yLGj>#F*!9)3mTE=?2^u+ zo!%VV{kFl+le4WA*u0rU&zZD_xEO`cU}GvWe-iuI#);2zk$~*r^JrYfldVWpv5lJn z?!Xnk2l=2l91)~DN!J1MphBqOw6gKu{LgM8rDqBJkb{OzvrQ~<3&;XPJ})R3!>D#& zh(~LZt+^~N5#CYBk==Q-&o?Tu5{-xMl~j*TP!MGZQau~$!DbW|1b;l;W zb9^i0YEpd!acuc?`Qe{%c{+T8&u-kKM1)ukvs5AZ0mV|(d)0BlEY7G?-yD1AyEihP z5Jmcb?tRIRZ~{R6Hrjq|^1*E%T&fOsf3@Vl+w#w+8B2nY-<9ec@5h1%PuY?GZp#!B zeziI9evp3Dw{b72@M`LU`(^0q9b@Qc3~Xj1zCyO^>^g$A#*t+V5Z=VT;6i1)R< z+zRY~hAD|QO_Tsrng27D(BD$&_%AA{Ur1}LL;{{IboWi};76JzzYvbn zxl3S=*L-m!m0J3$GW|%Q@FI1fC@NZ-qPr<6UO4&l`A67hFcmBNKSm|&cT{xX|BH&w zUf7%X9sF-$?QHxmfxVSc#5oNn*QQWj){}NC`wEh;;!My+a_=n}EWf46T^B1wa(y#3{+K2ByD>^B|qs28mlpmz@by1-cE zAgn*^!7`6n5kGHye`DcXv~v7)hyw_wl}v5JT-E?&)DKr)HH`Q zM8zcX@46cp-DJ`u*JQ>|N~Rtj*0X%A?#cP0B(I287(ZNy_F&*plgof3>YGDq1d~PJ z;_{}q<+nn%Z#HK+R%{ga{`Ey*DkUH)f9Uz)zfHCrDA^65o^K3(dlZa<@A$_&$vp}h z{Ux>yG}tz5Z6Isd}Kx!|B?{5v@1a55}VL!I0n^vwA7 zCH$08iX3(krQ{sh&vL$OZ?0p1w{Z~1ww}n=vt@7+%L`?py{F@wo7~;# z!!qwmhg5eM9v+R&m4f~(Un0w!D@}MGiD4vsT%e&yYi20wex>-pk{^|9Z-AY*v>he> zbja#pnPU`8tsX?}Us3wCbw&P`T2_h4-_-uoy6UI=Bbei^8W-*-8eg>w(3R-611^PcM zQiaEa4gZ{cE+8oRJMyUKspt9sPCf?+>tC{dx;q8kC@Vf<1^*Tc=RCEg?eFBbBcC6> z(23@9L6K47xb}GdpVmKE#s*JBOM-z8s$AnLaf-T_5e40O*v?+2>s$448*0<0?_6mUME}l}F7iLF{__Cme%3>cy5k-x zoS#paR5grLokuIefZA81wR~(qODh8(JN`Mv`K#^hMI(9=$h+t3VAt|r{+PVij{zV2 zCE#K-*t#O1VMzV1jcu9u4mv+iYq>seStx`ti8 zJEG+?N8bLJRc5`2jX-4so!gBGciE}4I`LTY(e zm;bS)gHQS{L=)B`@R?-5<_AjQB_dsWdyT>U2F$z3kCR@diz5^dcO^^YZmoP87_WDX zi>5_7YmMP>+=JA)oBq31_QfCaBR*pq zR{Bvi&b^Ytw=QCmhlWo(NiNB;G{)VMk3#Y)f%_Fmyj@}I@OoN3C!1rRUI~s%4OU1L zN#@wQA3ZzG{JyjDY4o_mcz-4~l{Zj_;aM!JhGFWpWI-60h-Mldeg?@X;%r5#OMiEi zs_iBEz;Xchv0M@6T^E`*tl!#!L4{Jqx5~S%sVE#)@*xV{i8BEoDDE_2ai(D0A`A@G zCkp$vdxKl$%IlPGhywX$FAoOlYCqG(5(>Kqz4G_ub2w;ijqY*3q!&&Xe{DoTvQ-ov z(A{1#u)KFmMp6Pb%mskt=ZFbJoL?fG|BxhUm%2TosG~d&>vCvYG2jyNAa`(xJ@8bx z`O2P6=vefNV{vf6YsRQ@Ri4{aeyB1EQiaAKp@h}BRh6m*X!5W+H*Qvl#j05=H zHyxP5n_pB>4ED@X-x5y?*pXa3RS!{KTkp{}$Jc|wYS5vcC!#@3#Tvpay$!$aKJYoR z2p;iv%wl@s;y!%6?lc$A!w9e0q9XW;ZG1sR5@V}&E>DWpz_ZW6AZ<(iz|L?X<@>D7 z7Z3SPw48CX`V3V!jr5*eKgq~vKnyeeBK_bpslGL3mrCU^qmg~=PiHSFZlA`cOZs&> zZbselRcVD;Qy)hqLOU0&aibfR0a9wm%UaUb9tx$nx}qi17d|{-OolsWDPJ{!A`)i-VlO2 zM~26q_fWYz7(QPB`%`p;Y zD9)`eTkt9q7k`#(+an8aR>y-Ic2NuJ!dWw2Z-bIAPG}GRd3R}w#BRC3zQ9Jy&F4Bf zbuA*xc~5;dh{R)kC=>JZnf$AMkwSY(f{eZr2^8dIla&FCJ<)Cj#xT5$BwHGS@&v1$ zCP|nhQp`DL)Z!uNufFWopJoGd8+40UMa5Y|i`z5a+j&1-PVd~1M4`lgituJV-nq$| z3cQQt{kiiiKX!hcpF2PQ&3|^0Nhtu}34xpa7b{9^&#nIT7wd)lcF+vp%xj8?s7T?y zM45aXr_E!Xsd4U@a~Hi~v~n@;9UOw*)YJ&nI_1M>d5;oGB^9K&79ph4ZvSk*_%KM` zMMl)|nSw<#{%+B{ORYYGp{MzNx)armL;Ylu*9+d24*|0mV-ZE@N39M%Njq8(LCbvY z37r-~#|#uq=egQRGQ?-+5?>OYNBctPe-mskEA@2IelhE5^>hwfE7|3XVsx7?-`R}S zh?*|J*_(N{noJZyyZ36L%iulpFBu zHdAgvXuQ&kcD!U904IjJew2L#>2v;dj%Bf#2ZKI+{yB@FW)m}sva3qrPV!AW>A0>y z7&=TvY$p{u!68|agcxFZ$yH(wgv{cdP@-(C z&{|=6=cRk^Cz=?~+_tzZ;B*4%`lV_HM>KbM6ab&m|R)Og>v*#i#Pr4W7sM-C8NGr)zIgVSXZtCo-58_H}CC^^Pcpq=fhiYjV84n^H^RQIl zS5ZjwG#z}OPj{^PhNM*E^$kXkwuR(-4RLK1N5Af&_k*%pa5r(Z2qb5t#L3G|hScDp z{O2uK2DpIk-M>eUe|t7hM^^;nkjR5v3NUPja{V%$&8djgj?Z? zeYHkTXR&PSxBK!U-Dv5lLG$j|I%`VZSH&K2Tuf8lPZWGh&!Jh&V)-{4{6fg_Z&EO< zHOqsN6rXXOUA?90?Gd;oR=*d@VYyg$+y4OboI<*1&{iR)q}FSba_5dL*PM98VFYNd zhJbz1Q)h)@h_R>x>kZ_ejR|@P?H3M-CR{@4)EX|7C^PlC&B3|NXyP;Q90ml6i^#uR zM-I)m!SB_R`#4;9h9*rV!;|u{LJm^kXHsa+vNqHVY4x;KvZzUIF_@XyAA@0OBUj&a}^x@!`cA8mXiKOb@qwweJ z=MW{Q7x)jTMQE=m?TdLk}p>%M)U{#Dy~Mq?U3 zl9zw7j&gSu{XvVj){fU-_PEIeI zX)XRxg1&9Ox=6V5On*k#adKmBy6&t`%=Us|#s9k!@i+h(7#@ZM?)*id&JPK?=Lg%b z_xw=jNGgw=|NiIBFA91p4>~{KoQtS10RTG2quE^oc=)$fCn^{(7e=5&o&{(bX0%1$ z7tqRFWFp!Yys6X6Z6y}MBz~I*(fZZZIaGX>;M@?AGe`q|X*5lH#^Z?ydz#m6kY0ai zdL4w@QKekh$&tJV89f3?z+p<_QPj;76X^Bwk?QY4Wedx9_*J~2A>0cZBn;WeSy^+M z8Bt3Tf#G*lU-WK@GYjJ~ zkHDV2?Fw~^0K1{7P+7z57>0I*c@Ht^ihY|*d#)5gzoN@%DG2y}8 zTwCS6ASR@gS#^$ZXF4Q!0coHy*wGl^|H(Nef##4YZdX4jUjHRo%duQS8XJUVKL1jZ z_QosZ;BZX`{H><0WsXJ#`fmDS_Gx)W$(D^_1Khqy;2R}Pe^OLE;lj=E580X*;)~BG=6#M zBZpW8XG~o=q`sSN)KR}&M}Fuer!-Pm+%?rU_)9jc2))2#q&08ML28MeI|Z1iyg$qlknqwlZuRp03H}W2}~=BPFQ|4 zgST9nr!Yo8y)zW6NjexOY^gBj8x_vEf&VOAys!ZwHT+|P4DjF4;u={{l_xP(2;8BX@0cYSh) zc2-j(C3FFbJCP_zad6Mqd_ux-Tf_@nB&R58l%x34&`o;Eq*YYFR6{V(;%(C#tFZp% zMN?x{YoHNa$kSZrr4QWQCWhN$f~UT+#H-;;0hwISkC(PXZu#EDw!!lSi*@*hrs_j) zp3ASYdN-)wn77b|kzpRieET}&l_pO-Q9UxEmcY;Xga4+diUJRFLJ4_Bn0$idm=`BF z>1CuS@wKx+H*joYo+lZf5PE;3{|y=IQL&*Wp+|-4gscCSK#B|;6_N;465PQ_{~b+8 zEf9lTe@Da;1>=NL)!1HZmI*~KKNZi~+*U)7K%Yede&H?j;Q~g~`FF(=9Wj^hq;TuvRinzH(jH#+=B=K>3QZne za~Tk=3b+TcX3l=m-Y7tDODy~I&9LfYOT_xQCBAz1pPS)6gvT)mnhj=D^X(U%ojPh4 zcZJ@sZ+_H>xCVF_;}xO|ZfAP0AX6z5^u{I$ii&5|!$^KOGn47CA>@A%n;m`ij3de) z`qMKajf~@pu<*EH*m)18cDulIGObRiFA=%X&1-1lE>GB@>ONVf46jS(4U(=hdNrve zGFxu+EwK;5cCmy0D~uRK#4Vr^&Rx4m6cdKIHdzhVTNs#ru?i{`H-B+T3XxE*Cl;5L z@*xDgZq{MM$lpS}rUaH__mdCf&(AZM&aGv&x`W1YAplA&)d1jDgN2|JF{8n2)8liv?}j| z-qGe79Y-t#+IRXD#5(YdAPm?TmcVjzu9RlmV!*x(sSD?Ir>}RS_{1h4N00pD4a&J= z5VI#QTf(H}OtuP4VPnJ!q|qLEUVKH`$lKW#wiQLDd9&!lh>kBAgR;e>+j9<611yU} z+KC!jrUNG^UvR1(Cezk)Q^cwc8Z5qdo9fYA9y!iroeI{ta9fn{eiMKnQfZC-p25KK zno)MRi7y=JPV>b-CHuzxMg)uGFr9rNF5qjtCBPUpPbqeJ%Yl=wDrUEFE#qwG^dfQf zay(*^{voSXj7sR0RwYSew!3hFPG8ImQR?aN_jNW?sS{nQdY$ePl$rA>Vta71TumMH z{QNkokyYf}7{2Yer*`GG5?nmVcK-Y?Ebu9U66Fm;Q9U4<7giB*iFbV9ViZv3apTy{ zbkDk<3g>Tpjd6gqTE#<}zu&|N&W2DtTnXqcGHQ9#JIgpnxq>e7tnu}n{7V`C;?cGM$VmdM~!!k0}^i%oUlv6GF`R>K}cVDNv*B2-_Lmk|Du23KPy5L=( zZUAjGpGL@5E}VN{2-n1OpgEe&SW%2_5Z2C>GT=}?7yqURRW#M7@a3t^L2wtE*SgN*N{e2@MQU*{c9 z<@^6}GLq~qvdK*L3Q-BkNMvS(gR*z_UTF}r$(Cdj$;ilx%*>4JnJwdY&iy&}_owry z`w#z~r|0W^pXq ze&E%{Orn+G7V2-jl$nEaTp=F?d#D))OL}dyGh_ve)rF2Za6TDb2(J4fS-eU>X{a1Y zF+#YoIL;D?`y(;_h5F8D9MNYC1J#S`g!=1vlg!w!aTdQkX8Y1{`!3#oV3w4ua;8OT z!EilY3z?_9$_(1Y<{00Z3rMM9?)iL+H1cW8)uE9Jx_F_1T2H&l=QK0Q zL*Lc3ecr`*A!@W5WON==QBmcJV|AKTyZDdKgtOcI(dN&Fzi1!Ta0Jb~ap&{qx51Xv zFZP;^$K1qDeX`F*ckFAR@bT5l6DO}RoS_Gcf9{Vb>p93;nSNs6vJ{;XR%1O>yL2K-}m=PJW#<+Kk(&W z({t)~8|Cb@T~;!-o?p~5+$;!X<2Q)wIdzRH zhq+s;dy4si@B7JAd3uNYe8y*ss`0x*Ij8kG1`7!bH!cOHNRj5f(|@Lj)8FO6)1_@^ z;z@I;e9Sy+GHUfk?GkHUU(Jd}B>T%eR}%SdOtbtCADFbbuE9(O%f!@<@)d=J-#J8G zEPeHO{h>`t-C!Hz1yTjhhhTzsw9^ER2HortGQwrNwZo#N*&Zr^d>9OPM@)+ zlb)Mr@}cP{=sh1FFJi3gxKaA;XR%cfnq*R>$C>t90-iWsy)c1BajnR?=xk@@6PpOn zqL;L+v+ruh<)74r=h$tyrcCB81)K4Oa!3|w(OHU}J9n{G|ElVU)za$%Q&D?Rh zN+E}}Xq%a@TfqmFvlT{dm@nUD;dkGO9>JKw%CW^)+OycWG&oUauZCj0glEl4z?=>E7QUL8M zbsanX+R*j$mrQ-w=x4_hRJ)~<=tH2&t&-G zJ5t!4exjEHzK&5Y$cuYqzAh1NswW}wRy-r;l(LdL_&c~c@GUtmeFjssD&wTl{f1F7 zA1ymJ?vVf54Qazat~M&FluV=F^EtNd;dn*hIzy9CA^21?kk}e6A}|Xt_IZ*n9;P>Z z2z7AM<9bcGM~}B4IK6jXQ7ndZr{udK&2#Y#>c%Y-Isz5-yfL(xpy7?NhcOk95Di->b`vtj2%6w<&y~+ldf^H<71pOW)(9yw+bRwN=JzF0j zb#>hCOrJG-JlkSb7WMrjw%=(jRa6^37w*nrs~hMr#7sXY{bZ2IBpVOA|Mbmpsd!*X z;N^tK?@m?c)at&ZbmA_Hb=>_th)Z(YAeU2xPPT6}d^hQgrf{&9YggoEvW0O#QyePBtgL%u2oJ{B^q8eSh*!W5}~O zY_ufA{X+?QQBa4zOCbXo|?=NBJ~=>6&LA3y$w6AJL=_m zxO-Zi^KszAilO_y>`mTi{c+c_l~zVVuJ?)D*`_QdWvy$pfqY7sDqQ3}dt?;X+9sZ{ z<VU*lbo<#$%X=D7|o{jFAF;~0Tq<0bXGj213)0O*U z?-yG}ScTd{gY%vly&83v+2!PgjZqK3n=x6gL5-Rv{ zWgh)}H)+Tk$@}s+U|#gjrFC+phQ7P+Lpk^hBZ<@=F4HoiFva^>wE~iKMhY4sEE?r2OSP)EzDzbX zCuhcZmaatxXX@X)#>R);DQZK%85!Kjo)kKJy>KnAac)21*V0_(UEEJ8bKPd#r5!8N zgk40AWAV55ZMlvt&llZSshM-fln879%Hp1Da|Rs^akN6C{?tOx37i{a%KE5 zrz*_GP*A;)sX-?pf#Y8r-{>D6sj~B_d2}2lJbNL6 z`G&F75Idz*YteMmM{&(}&2JG;XPBN_4s(LF5tb!NU}jKR>4~+8|LLyoU7}m?Av~Ge>NeGN zOUK4g5o`?i{pYOfyjDFDt|_;@DO|-y`do^&i#%K$Z=*jX;de1H_rPEa|M@!Q%wy)q zi^g%)yY8PwhPf7dPMBUs`D;eFbE>%i$d{=hc}4ZjF8%&1?)7+eQKRI#Io~dE8m#7) zb%#K;?GQ$_x>&A>?|Y4d*!J9x8A0I~5rail6uhhhH+o=&52bckal$rYzEZ_98mr#HStGnmzT87uMRf`z;)!-xlIr#595Pzs`bhO|2I*5_qeCyAVUk839oIZb2};eru(j3^Ld2jWpbg% ztoP{^?7)l3b4Hp=5?=YYdS{*)oAYx_JA~%Cyu-UYkrI9HzPpe@3Nsyy%l8Od;VV9^ zzsKI=PDf)y@faG5r7JIhtx*A2UvufLjs~>x3t-6<6oZ@!k4KES+=e)F~hP_C`)WT zdfFZ|kh6b6BPTR+vz*|H<&s-%%@f|ST>S!?Nln^cE-w%X)zK$9e6!Vj|4?LG^;}^t z|fO2Q4w3ti}Pkz=JX!3 zveD`Rwww$T(E}wQ?Pc0Awsc1=W(Rc^pyJ@->dtq zHl%8P!L{psW^y*g9@j6-J_)1Ut4tnca zlitnt*1u7@Qu5>@W!{f+l?Kl>hnI$-JUPG0%MBR3Lwmo@n9g+@CUYhBd9Vq8zr|!n zbhF1X=DLr9{6wxEeL_(xNtU#L-%ZYW7aNXl-KkbgR|d`MsupS?}a`V z9Ag||{)O}E!ue#Abt|31$!;x29!W-D?|oCtwh76^lbL?65uNT%&RUr$&#>@e%9l4` zbVCfk>!%brF1uLY)0Yv5_^~QkRAb^ICOsR_lzb;xd8h5XVB_7DJ1KFLOC6y?_jc1Y zzP?vHs2uIK5iy*W65Hq6vSUTy4D z$={zY{KEgCL}vOxj(qF0dtfDTySifk7vs$~zlKQ;bP0xZ<-WRWM3>1GR&K?QsM$Fr zGM0Atx#gjGP98QVb9`nRi|kG3Tc-LUT6(7tdVegNO{PTW)G)akbuV=5M}d`*ps+N>!1c48qRc-cuZ zBO0NKNpl8jtb6sZvCbd>zKePQ+>1@{{0!9D7WzP7DSrlL5C8@?fZQ3(z&qIay`|S+ zw){vrI;7Ds{LZIt79ZoX(q7u!hDjPmFT_9W2uCf!cYq@PP={5tG5iMriU0+b3!*y9 z|EtaW)E6cZ)HEfnn7U$Eo7Y#4f|%x-sSRnL>N!f1?9gRNl-{msA8iO-%eJXDoSOPd zNmF`RU|A@{07r1NUvU&2N5HSGLB>+*Jr<2ebMHoSPa40nfO2H7r@<5Ugp2q!v_3mL ze2GykDdRpqjs7g;4)tf^6N{^U#eX{^>sELpoqPg=g@}&RFF3pPu`qcr3-S57@${vk zN{kl$vrn|8Jnh9Kk5?jyemin*)~dZ9vQ`E_ zfJuJ_X!rmO@YU1*0%Rb@k^1oZ!9MoN9)@IHmruk+DT8N*(w8-?N1Sn@j(5%=YUMO= z=Jd&ue}0cV@eKjgBNUWBh_Yh-52eaI*)FqnD6;PF>hv4Nn7M39!pz{ z_}8Ap|22p#WB-}u5IjpiFiWh#Gp7$)`BP9I-v|&4M-dzX1@mtHCwOK5`~9;4c)0hy z&)i{YT=Zy9CkV3TwN8Zj5EIMxmOYQH3C(5WN(?7|BS3ul)7mTnLLdejZ497McC8!X zgJ@?pBsyltrK8ii<*j_-|qUoB0Yv zBGI@*12hLW`z+TZ4p`|^>{irr4ZP7>ACHyZ`u;W_Ev%%8z5GJtYT&LK`?t98N(yyE z*<_&6rT{t^1^pI8+yA#vi*`j4<3Oq^F?~w$yYXk*EN${3GI|$YJ!fWmkwrRkv#6;~ zjt)F;Im;SfJp zUQ{r4I1!*h;=KB9{~2d{0;AaL+x4kB-xF`m`%`AFw%pn|yx(MgB3Bu*W5$IL=z>O@ z1L(j%(Z&=YnqnDQw)dLRW)?lo;v5gZ>|S#C@E{y7#hXWt_LhV2$?6r=^ZP*;Et_l= zz3t_ABNJp?G0!8=SR;_x#s4ci+R_`dt5|m3q8^FTd4^JX(R$sX1v`be8NnrGLcMqo1?!T5rB= zA<)`zG(>iZ|H{sU9-bX3m|YIEz#~Aw=T89>dQhN^4k zf5FjpqOmW|AtTC9-fG@D`XZ}I@#7%Qr1-H^|3#{$z_PaCM4<;9DZ!Z6C|Bta=v`>E zHGuX)L5G59M@A%iYm;2n)x6&xqgtbBlu|z>kbbsh!B|yWpLs~2t-1oZ2`0g3VIVn zw|OAZ=Ukda-rT61&Z4ZzQ*_V%_{N%JI`BcK@Mz*v-6#8fa`un1tyTI0T$K@~1TT(z zfGZ{&j)u78lmC_7Lw0y}xL|eybCB8D0Rm6{6nMxE3N(Sk#X>>s3V+2ap^ZZKmPg!y zCy`J?(Hk8fOgRc{oAmgJj&PladBRxtuWa}#>)r^pqjA0*n*N)CQ~)Pw7rU2E)GUqdY{+%bx!0>Ji}m}R4M#` zh-<8EbSk%bWxcnGJw$e+&}b(B z?Sg_n1kpC|AFv}Dj919>HMFiWg;T%&=0}vkrq*50w?5p+8+h|v|EkPo=E!(4mK?*! zCDPul){V;P73xk1^e;FXBD>UoWoOC<&kh~TPHYh}J7++^`A-2;K2YG^C8WUoxm72N z+7|hjQQq<+|N(__iYw0x->A#fEM?E;{k zP|#)|nt>0AR&OZ$EIGvOJh7lR6>`kTZgR&YO?T8eyDvWIYKP#RapF!^om?+|EpI2t0mw0~xo0B>N#g4xwV3%CLTjwk{Npuoi#q`+-0CFRJpo!!Gbl!o{A z*B7-o<1Yt)7oL3im4OtOx>N;E)e^J+!=wQI!~33?lIMWz#S0b|0 zhod2~OaE7PW?1m-c);vhp#|Il0sB7%%&SQ`r~{MdS%Eph2R<@p|<|STrov9T(O#`@0G*W%4St5 zi%J(N5{M@dXfHS#qHJ&eS+)##?;;W`+rt&e?11CGVKyiN8K6KM{KN!cyvwwm6euEg zx*TPT$x2ZXVeMw5qoZYt#(zvRCv{tuBY?x1lc!L1J>eD;_rN=?j%kE|IW*b}$j%xC z{T)RASVN*cnSR{b_I$UaMYH&0cVn~UoH#$%lch#)4a~kl5w7_}K`+YoCC*pjVM(2jci2;?+mE1d*;{#H==P|$Ii}9RA2zWrFeSqvxdTQp^LG%qS zB)aw5kzE*3qPhR=9|}$aYv1i(>tF}Qz01`@ht8 z{Q{1L$S(7r*}1~A3j(h@tTo8&d;tL~lk!9{`Xu(NeS8UAcZJYse*kTP zf}R4=z2Fto`(9~+8f{a%rSidx`3oPkJVYenI5761sq{uF>wf&%v2$g<%jk)pdqh<}fC*Q{0; zSI|7eT<PvQ{xdWhIQAB1j)GSDA6f~C zwqp@nr~d4~*IZoJ_UyiwZF!SFtnq%uYSfn7={&EA2mFg(Q`-E2GUYw5fukyh z;b@5Lvj3T#@9Eyf@CIadK|pq9C<4Bqz=JZRzz@X{DV6BrO}3XK2^;t-dSTmg9=!?@ zMoq+o_@Cml0(=A>~!w}a|<%Na3DJ)6oD{M;94&-JDDJKPRn4R9WW_83yqEd(1s}JPary{28r$}O5Eo* zU8l&sHQ}--?jE@AbL{T)%HqO%8GWV8;Z#1>n|G(Fq_4!X)#?SF`|*haksTcz4RPJ& z{WH6*)4hvmXo07IfB}lY7AQc~ffR7QAmAX=Zb&TotuWFkG->$S6?zyeSDv6ZA8o*N zt8BrnXZ+_6*Q+CxSO}|BAB~kD1oXBc%N7ZsAN+~7IDf(0F^5;5n2qHXM}%X!YtLlEX*wzE1=i4rF$~@mMfD6oDu(JLVvyKu^f+JD!|*s&Y0ICUotb@0Qw` zI7oNGgV(Q?Ckb*f{>Gr?ei9 z|C!y<>E1=pE@XDVX;d&B6oDg905=3FK+-yhzp)d4V}Zcdf-|M4ULMX{pOR8G;Yn3zkBQfD=gjpwUslC9nM_+6sQ&-+#9$RdA@?>R|R+`gC!( zc#< z%KUWiLURu?yJ$c_3q`;j6i^4VD^VvElG_^BOS0jrmLzT-JNiUnX=S9}8NpXQ$(+S3 zSkzodl6!$|vBJXW?q@D}AiD!-G_ZRFb{_?u_&@YMvTVI*f`*enE?B09Tn@~le^D>m zW4B|iTS}-%hDJc2z2GA1{V=9&JY(1L^^H=h)P7(te+-QVHbcNPQP4dg`sM%0G4 zBjcvpPvmq)S9gc=KVOeE)+RCf_0^Jrsc?cm@;!4fLVyGs9S5NAp`ax|wCf5IUA*k4 z6@ZELhEZ#&(~EfhT*?B;#-mr-oA@c#jFhoNyyM>!*SfGDkbl26I9V__gM&bGz|jzw zeBnQ{vpwCrVE7H09k7%QQ%4c71qHe^kpg+wFAoYNKIBvHuUJ>kNDIVv^%;mP6p85d ztvs80%vUZ|$l>5*&-v>oPZN!Eyip25fEgMMtOUdEqM+d~xcRSaU-6OXb(>FlMaOB@ zdzDvsIXH84UU0aOZ^CXxTxB>a)irV$PkqZVWX(IFs&5@g@mtUZIKop5j)utY{XerC zKHa;>f))UlV__)!QXj$JRr8-fv;_s8HDT>Ub26{T~EZfr$)#te&+Hz%GYh%Tf729R0y;dG#XfugQ=jP z;cspE4?Q1=w9famV>@ug9cP}xR>3(|TkCo6eo`MV#gnVbXsk3J*%TmEAH$s<`$d*& z+?5;t`V0ix29Aa(ThYJD_So(8z6<>$$n1b+F_ls zk-lr0zl(7l6jY_CAHO>DQFtUHV2Uk_o|e?=OVpn6xtW9Et=u(SiagM$9w zc`M#k$n1^=qjPdNp7^;vy5-l=j9Jqt8!O#uN*Pbr(L9**B!ZE2LQC%>UH`>v^BNnt zBJ~7_?403fi0q30ncej1-i7TkWOl&%3QP$_;J@EE!4Hhd3`Pp{-)@R^lJ6uNw!U6p zaZN(_z*9?<(dUE6qJiQkG4aj%`j(d;qc*A>zp=e&A2m*4KnOTMqtg%qu-kv4t*OAW z)kGlCO~IWy(LTiY@s^1<%04#x&L(T{%SZRD@ur_m&1WJvKfX7ts!OQn)i8FXz4iV< zHUgawM?+*+@~`Zy@0{*k96<{JYXmSw6oEUSz)CVwU@DYXaG$s(pY1lkamjWbVR-|y zj-bE*NzgJY=j4j@);p)D(b&xzvTutSCEqdxj1dA2Cy-?W`rI%D6to|R_J$$Rk-R-; zT7IM{$!uASQK4@|2T*KgN%W$=$YI-H})VO-ppq5DxRS-j-l^Y(TK-&=NA#^^U!FZ-w2cY z6K%r?qPvShG{g3Vdl|RFD_z{`Zm;HgdZM|8ALV>lNfwSC)*SwIWO-&hCn|f9mJ|Ew zts6LWO$am-91T&nvVWD$M)P#<;t*N@X!^l!q6lb$0wNqpf%|994|see-K8Aac%r2y39*tJ3*3>PoQ}}e9w5+U zXCSjH|7Uh}r+XK_;h$oK_P_T+qV9+Vx<|0oVElKRs!l;>Cw#+dyZIVT)!kH= z7b?S4tqczau_Yxpl+X(unrI~-sc@<{+-8jNX>VLEe@S!UJa8c7F*F)zzQANr(Ayx| zxg3d3k>t+XB$dd@OMVpG6dbR%IfG3^!Lm2HzTm${X@ASfyXC^@<|>m5?YF6(H@39E z69E|pWOfz*%FdP({t%oBJ`s3hLS_fFAz(6p3fOXj0#CtP{PcYPBwBKMPB+hdw21a? zO>>DjjGuDWmjnV`Znejg{_g2>x!Z#mOF$l)uyH|!NdZxOKWH@Y6c4+Gf;Irrht$aI zn(qhNXBx>6aacZ)ej<)lKH!tJlOTsDb$hU}>aiDIr;bvG;w)0&f|8p(gG6nNk5$`^BvF@JIm4=A zSal9ICGN*^sdF)BRx4ggjf#rDKYlK6v#Z|m1R*d8jRqbEVNxjQFCf|}35h1pacGRl zK4Ne-QgrG+xLw`tI`t+!UYvl?S@GkL?K?xGM-pUlEmbxv{knvzXUTy+_Xso^c$$Jq zqM(mK^x0{!Y`MR?8pdBow?xsE^}WHt;!;|2?OfeovuoMEBEV`}JM^vb*5OtCt}o|j z&Pd%I3PD(}!_g3BtNK^j>;z8tE;_Iw%LY8sz^?u&U?%_y+$BZ|SkX8;XEjQ!9P2!P zyBYVX>Z^4Iv0?DOE2~F0#@40Qtpl#+_(G}(dYz3N|Ne|N6@)-HG#Z$e!z579Fc3Z2 zi$o6=h0U56XwPQD1iWx1o4hq{fBs}HLFOM4LloD;@Y?UYLrmjylb~Y_x8F{gJxVkP z^eh|=k==)XW|wq&-vtQ{WOl&Z7$%M)kOT@e$RY*Q%$j?#PsaC^k6#5=6~vB64qc#O z6CJ5e+Qt59p;KblR4?m%4p)b$#(nge4#lW7LVz3^4NNUzVkqcuAX*z7<` znJgZOwQh8zINW<&GOqCR%0nZ3)(6y4%i@yil@+}n>2X!xYbH37{KXMyZa5kuyXt>s zXMYynKxhPqi=cCm*_9$b1t$8Zfc;reVE;8TyX4y4eG;l8i<5FgTm`+FpLV8cm)mW| ziz1c2l@WAv(=KLSkkl?=N%oXrkgl8Z$3_T*LZg8>3QPnAeHBDYfwS73sJjG4c6A+9 zBl7*Ybt8VAYwB~&zt358CFDQ6k7-)no?Lw_PL?M1?1vjK`OQ{f0Y4RvhRCkwpV`^L zv(pB%Q^bYL4wxvwgi!?SK!GA{WOgmM(-F9ghfH)!;U=LQs{G7v_pfVF@ttG1Z9E;l zmi+SO`GUdaU7R)Mi!2X`jEC1|E5}%ya`S?(nwxR#c#z?h^+8Kdn zg`*+L_VHh3b09k1_p!r+%nlf^VFG^&I1qsXgs+g<`4CJrzO!L2wd3!<<7j2uWM7=K zM%a}Yjnm*MNBxMjY3}##&m$Lt7Dw#Ei;RQTMhF2%Xf!b1!T3?oH$k*O8xmdccw-j} z-?pQ<`0!q-zk!LEz-D@l>*yG>==nt^XCkUaJ9ep;uL|*w7T*Lv$?pdip~K*4i0o?r znVtLTJuA2IA+rMp9T*>qfIBGAb{8q&)GiRBqt%F&;*WNpt+3PdD;wu^46&EnYHPh0 zsFY>!-+g}OHIh$2YEVN2Q}}h8O<>SngkjRWC!CxK`Vo3NlPSp`aaW6 zRdR>jkHHrm^Jcn-;b{ZWK2XcCj>qe`_@(zXadMO(p5NLKd8lr4< z|06Pp1kV5!DGbV04P|3}wPZJ85Cy6eIFCn-@)rbF36 zDiSZIFwZ7bckJ+mWykSl5Z1k_21a=_BFM7UBLrYvDCkNsyIHd z>Aue)v_JzOz=3!kfCRGm zp8)}O6oLDoz)m_+;69a3P?&tCa8>%1jSFQP8=hnv`?fbful9v**Ef_^?0qlsy=)w8jo4ENjyWzRv0$=vchXQ@Q zrA%iV4Wr@b<|wynR9R(I6BJrrO_^4YxzFS_h(No;(Gb@iP`1BjR}arl8q97UTA&#a zU_%k82L;+xkpgIpI#)u-Jv^|&t8|;{H>>qI-iS{zWJPr(I}>n@;f!8Jd$KpWtzD@h z8Hc8!@c?*p)mKu;vb6wcRuuFOi2gc+MC&~ZA#$ne6IUh~#u{<^ah|K@pBvx%$-2P~(%bJC zO6jtsVzeZQr*(@x<=`AyztLZ5jnNuAL1**hM8R_efj)qvA+iI$ZGX+K?R4MgBROPt z?SKFyia;AEz+!e9`}wor@s6fzSaC7wHs`*>wT} z^nYgOA_xj>Md@$~0Qw>dIvGTN_=-g1ugQ>*M0iPC&i?-B zy7S^p+Bu={yU+Jr?~=*z(_6Dm&Pg<-Ilq4voyDSq*LFbwn9DoD(GX<=2Fbsct@m`_ zN0|yTyKX>$7Db>J6mXvt*`3r?}8>n1C7-WQxbwde9E=;c35-!NmwRDDP7K^3)u7Qm0Gj4cv?~sXZc;*`oi(m@;yrAwQ{jnmFP5dyQLr6{1^9>@>ljrpJ}O0{bpta5O}Az$pK>>|7;J_kA!fKxX$1 z5V(LMAPEZOE+Yl(8*eDYVRe+kNFHUF;Ath}cBrygP1l*vi-r$=`W|lz6DPsLrEk12 z>eFtNC7A1qxb6s`(Y*i~xl28;+U!b(zESIg;T10{)7D=jLaSPR|12KDni`IVC>wBZ`)k=o zPxmh9Xduhh4+v1Alx-9gxM748Fus|5o=oEz!P7AZl`J>rr*#d#bR}3RibC@ENTW+G zlGW!uIyR|#yR=+_M=+5sOn?wzghmelXo^44Zp0v3m8YvV)H}j8xMQBkt8X`O3=KQzp+~iL8E<9-= zvl|2iP>%L?`|oX=@XZfT%aH=z7G3>8A#IK)Z_LYz(z-D|mOJ3!mf>B!P)wdVsi${KAWe(`^iIBbUab za5+fSOvah19O)(gbp0Y2B?%;v`HLCCt&|;5)qam^b<^_Mv?)~ZB#R;^) zcR+v?Mc_SH{N~$80V8%P;z2XU?YbATS@+%vctrWwISX4ZyNX4JhY`Bo`>t3VB z6KVW!bloTIOQFY`BT8uWsxL&On5bj*yMew>Bs6*iKokFocE13koA!}tjk0`C0{?I> zBX|7=G-$V4B*KN8KZr9=dKU_)nP$IW7+bYypd(;BzVRc`ux`|u6k%NeM?;him{a|& zZ0_)vI{*J!AvJW6*^L4ML?{9(pun31q`;eJX&(Gb}I)49K92Y&^@ z|L{dbauL2|*quk`mS`EgGK1=LP{g=K} z?BN?*zct-!!l^d1Lp@s@uLs7FbgU0d>ePP7`H-~1hRCiCj)uq%n2-J~yC=-2dlwpv zklFnJ1n~Y8c)|<{4A>zB!k(ngD<16!g*o}AzwO*rO0&54AaH_{{Yh14>urJJwY!90 zGlG;^L_AAzvaYn;$VCWfL8B)D^m!Dt7Kk2SLZXGXP1iMNU_C4=(cw+%;(9x9EM2KIC&NxJ(J9+1RkeODo zx-C58n*J{FfGR%$v)A$l_J`e6512O0gmS}vedJJ#ohYVy>VcQTQv})`j)o{3Fqi*p z*&0soS&3(YEZa07a1KSF0Ti$bKnf^gRZgwO1_eGB#*2$$m&=~ufA;GAohK`{rVpEi zCO%zIcC4YN@sq!oQu}r!(DYdgLLdnmJp-U|P|&*|+FcWgUQ+w)vMIuTmzq!Y>GMR< zenb1`4butSpIGOp3~yLrHe7jQde?m^{)h=(4BL8uJ|BTDg`**|10Ey(mYoOp>D~n^ z3uJab0fDoB3V3jX0tXIAfi1p9t)7XEwJG5I%X~N>)+~m@eO85 zyN246*q(l8X&7ZJPGrAYm??7BJVW-wdFC!ec2aOOM0UV)&|kBQIo-P$gcg_s1h7y9 zVnBftE@XDs`Nh95JRNqQer;EAXH4dz^xS!h#~ggcjgav5iq5Fx7u*eQEHz8JP`?R0YuJ1ptllC)yJYMBma!q9=y2mxFLdrsS?!t`HSJ zedy1{GQ{>~>8?oou`8>U3^kU;cY1+>(Wubh1g-_ti^PbsHNw#lWdol6{#G_mq0@U- zWG+Eww+INFK@kuF1$xdQ1$d4GiVv1^r|YzCq91l%#^-r)m*miIgPZaL#(^|S9!DYx*%y? zHc375XzA@*c@iF@V-raWY`urpL8}ID3O%I}Xk9oOB0J#m^{?5bobFw`VTa6a84y52 z5l8_AssfP$o+OTPST&Dnxx0R!@B042=*Qu!{o+xB)M-zir5S-A!(2R1V_#Lcn6XK8 zdHw2D0-i*(pwTM`wD}1Nx(`Gzjw8{&{6)@+)7yBKoEKwo^LS*bKN=L?KtC(+JA!^b zK-kQhn1!b!nx5o9J=d9~GWIU8fxZTghRCiDf&N=|Ugu8tE>t)mvs(oOj{g+!ItL2S z(;x-*IL^}FVRsAZvz5+j@=I%4M>k|OY;!U*zWD)%Rx?|GA!QBUNBGEnj|g|ID5s_p zQG5kXNc0+jK0-lDfoOjVBzp7s8cp@TP)xy0>cS%}*!BdoNhyeRR4= ze<-vvX3;%~=hq=z2ynOXc zUaEVv^S~jup*)c2UjX_51w96$%V&_;8AWLLm`BFuCM>ELkfMbfQd8hId`Yv8EaC6! zSzSDVYekXyoJno|VNB*iD=aM?+)>v`zk&oj1wp-o=~CkOG^4!2X{C-Xx&F z!V9Fpj;VH7k|Np~ufRe$7v74TAcLwbdDTd)zPLp5ICVxJ+Xj&7%`dnGOW6J$dns@(U9SrR|FY^gMZ-g4p8PMe z=6tRXI$v5|bQTuQJugx_5Dj7c#qTKwuX|zylNrd4v=|JIp?& zleIHQAXHZ(=SJt6NgtxcRPe3syooW%f1zYuuaGVO84l*^kklF7)Z|KFsC{w;61@YU zcTmtpAo|cAiN0~JjZa@rLHga)&*$|sJGyt;dlh)tkIb05-$fqn-`wUfc(y@!51aB@ zuRvQH<3KPXJ1=PTE`Z)fLC=C{7YZag|8v75{{_tAs|$~qj`o26h=+f~|yN6nv`ZY?rAARiKYvWgIF|$eFvG3%lVt8oZnVlBmY!bPWJ`(?Sa@Oa= zGD5%#8odvoH&M{4Ao{xr5{OmHpNnk$e3r9m_2Q=FLnqA=O-UWvMWOfIDz%LYmKv1A92Px2+G4pfc zjrs``4(JsAHM_Oby^AtvfkQxG9YtUb6p-OT3T#A3VR2qjc>3BR^;U(# z{+ub+Ejq&h^{G!va;BJG-pAVaQ^U^BW1rhEdvlz87*UE42or=X+Yx|X`xEWU0;10i zBGKv?YbFjiEkwPR4-_P~NmlT}B`zf#IehBE;$US+dXW(t|DkCBP621#zBri zzko&`1L##0v^I#A1Uohp`@drsYG`7Og_v0tX^0$NwcL2;SX@?~A8$TO(QgqKYS=k{ z?LGg!Gbh<9Hzgu~qc*bPXo#`_UDm&q%{TIN?;>0XGP@H%UczU<-|`%%{cAbYP{K>HzT|~K8_bRwn57ysKBgczg6>Z!jWFs@V!dLj3Ynts`V9vxuJVL+(8hr*pFaC-4;{nlm z`AGCa@wzWfs^{DM!YFO>a5}D-m#xS1Hg845d~a4Vn?3cT#>`~px}oVjMf<42Jmxvj zyKsY}A+iHH)PKv)&-irjVhUOS0}xn15ikY?n2M1Cg-rdf%_>HZ9*;f{PdyA|xNJzj zFZn<*aNec!<`#3#uDD`n*#+BRTL6Y32LD%VZS%KTAtpFI^2znd_fuP+>Ee0*HD%|jwoSL3$kh~g^hC0DR%*@Ig}XBot5ad5 zCwt8bjKIMO({MCI*?_+M-^%8Xe!6#2CkB}vHXtzjr+_~?C~yMq5c4&2m5-TUoiP=p zJ{~2CzvkwjO@DbWDK@7QPd47yIk7K~bs=-<>hAA*nNPNaJp&NgHA17$0_dM8XkifT z-Hgo64gJ7FvUF-9w8&w_#Na}|=q&f2<$RAw&Fa?6 z5$Nx5G(>j5!opv(vpU_oxFZ3X9S$HcgCbxB3jDf)6bN9s-12p@lORE+@=Zt`P` zh&<9beY21JVQJmIpLwNktsf>Og~;=Syf7qX4+S=ks6wO90qAKIbSj8G=Z!> z{DcKt$%EjSSYN;DM|r&MRgaQueU5k|?h~!VWEMS{P0qdJ1_Apf&K;Y;j#x7|8X`Mj zP2;cG^`Gutv_K2s0s>Pg0{x)C=sZ$jhjl}aY+0p6#U5*}F|QaszvGge+t-=3zM9vc zOdMl6=saWCnnwv3W65?X z3!`h0*%1Q*BPas$pul7)GCPL4otU}`HcTTa-QC@-bf-CEeW}(g=ujceiwZuwL26-h6xWWBuh^=XK99JZqkNW`35mcpv73G&i@!x?GE~ z2=P~SWAa?^FkGc(H16|!7FHc&*7^|sm>nMfi)bVOdiojK?FkM0R5k;8*OFL8lc3IU z;uz>AxbqGs5!@=MX{5$?m*zgIdbiitl|ULt1|V%^TM($VXMm1a!k5v=0QA%|bomq7 zzy4{+m-R@W_y|-`zV}AA7_E*`8Vy4zT!0K5Z|?tLlQ)c4uefW_M~t~T5G?n*ga-@o z4~G2#{X*GRAJP9>wvE59UC;@mj0VDg#3#*+Xz(H{W`()8xtYn=+4^N!;5&+!2% z3w26ruKR2pO?Bqq&*1&4S>hSqe?Q9@v7@tV-&zM`$M`ZD6@Z@jC)yw92|WS*2Q8+e z%=)dM(ZQNH$=1j;SJo|1CRzxxcSn*b2Uw9U4Gj{F#89|2Etcx}!iF4pndy16uu_ah%{qVeMv zsTLiPB-RZPd0`h?2X*>sODLM$&Mt{IuFxNcyyMGgbO3tn8QT8|{cZdYdVH2oiG8%7 ztKwr=TF=35^i*n!y^R96{@W=a?-RB|f{#3iZNxb8)HapmYP<`4rH|;a2lNZs0p8*M zYjzEPU%L<&dNDf;fWYW8frcl6k(ECJZ>f;=**mXJe=#$9zy8H2|a7&ng0ZsI+bN`g$B;UInr%5ySQoee-~RAv?h9b((b_^j4O97{5w7!hS2B3$Zq1B(zdh&m=+cmmGx|bg9O^T#Ts4#D8 zvxW9==c;>Cq|!-?ITv9^_nQyad%y|%pUu)+)3}eC<)g`6XhNRtd zaaP@OKyAsXf1rF02NG6%EIy^^i)dT`dgvLt;|V?F^ap)p#)El@Mv6};%||8*9aLge zhu_`7-C2@}e9qqY!+(^8ew$b>-ok7i?~44LM-Jc`Hky~wcmVX^GxX&X`mZw^zCn~o zHkma!z0SEjLff`1*=&-zfa!o~*hZBi>W2TZ{mUhBF?jf(>qLZfb;b-1Z~~sd1Nw!s z0eT1it!#mGe_y*W6nil{e1O2fKLrBmo&+3F|77P|&lN2KWlG;3)!^YCb$DTd*Sw_t zy^nIq0f`ffeV!%LPC&^6O!kf}?aYp~%@fc~Z1OUi0D%7S46Xl!&M*6erX(-cJCi#I z*m2>E`!$q+9PDR?FZWAiYKeHi(eP^0mq6MEv;B+tFRj*bumY|2n#U32`G9^QyX{Bx zzh)Qr@FV!IJtK4CFJ?yw5a@p<5cecN{q%ZbYCj-m{i72YL#LW1>yO;i6XVgVuri+{ z<*!DsuCD3$WBpFp!kiJt@NCyVI}}R-dPA39MiT+heb3MXPw2^~he8C(((cj4lI@%E z3Sc2VP5v5L(eMI7)*8}b&w%-wWQpDrs<{NgU+QCxpbRaQN@9=Moj;&o$ZqGqvI_!v z$WHHRx-gS?F*{;_K<_^Vf|*^lldBS>wR$Fu>;#%S3^l6Qbk#a0PD8Eud=ek_z|%_uH+G& z@_>G!Y=CZ)e;e{aX@6h4D3f|IJ2HSk*E4~%Cjsl}KiQ?^fH&VbMpFjiLEhCSGaN#9 zgVa~**nAZR(uu>js&{^^Vqcpg#?&65iyZ(>?gtq1l`o^o0qD+W=16>bfI#~*0lO!G3#mT>wV;~Gz`8wpg_Jd`=WWIM1tj}|#p!)-9M**z zbtde@N`{h47+mQH#B*U|vrnu5eP*NYUMw3m0NwTso&SVhto?%~2rU2ciR1iBTW*`j zD#)=I(icr>jZ5zly*va=PN!~mBk@cBnl(D36K|$INA1q*$LuCwM$-V$tjKk|!@!K7rF9UWzjVN3)lB%Wn09n(dydbqCPvC7W{%*n6xS$(A_11z z4<67jly4f^D`>nRT~`^cgQ)1L zV75X`AK0Bl2|UPvPPb&h>!dS`3h)wbE;Z^mOVKIx7XeePz1)jvIsm%)8Cv`aP389| zyX7?DeaAAY9Vfp$s7x#b*81-b=b4?g)kF4W(P*8k?#CQC)%oAzYc~u1`-0k0upY}6 z@_>FJyTkv?&i&y>@Lw0?Cd{7L7QJA!cu7<#YS~ADZ!e=60O-bN=!z$_+S9s^)kV#Q zmkdc1-P^Y$U`DLk*I)!1;>_Bqt}Jc$${1zyz;p5r`$Ws{GqVj-=C7pWrr^GOSX4S z4`IGPqPZW?FO==~Bl_RU78>yI`}?m;W(bsC%#H;hQ2R_E;7K4G^G|j$PU8h%L<)!& zd&UL~k-_O~)ybLMEEz~dm_L9u#ovWW>vE$tgqpr;aVy(tV6Y^A6d-vS%?d!*JVQ4= zp*0Bpp!@7nf!V*~6yPuR{gD2mJ-QuU>~jv?FCUDgDA+W_@%l)z+FP%yPkX2N5{QzJ zH1HA4_keyOyW{`N?&u-Azb?ofQhqTzHh@6&Gl8Qg0Vb0_0u*P~hHf%h#2v#AfHqrO1NAj4PoqX3qPn)$Me~0+ZEjQU_k3sz>z1 z%V-V&y7C$N{S*2_%pbJj$YQ&lqmy%J+e)-&O`-_jTEL1~If`$WDE$=;8tWLfKCKt8AYm{=RHNrut&pH~|6`&jcc#1kj$|X67NtZPA)$ zZ29NLI(oF32rVdojB=0D-b+0#{E0=}%8)43!{1I5*ZPz;h({ z!@vd-t-BMz&ZW?nWzTwr6Y^am(q`}At#6LWouMiP2FT0+?+8j>M!yB1OaF-uqklp# z3H`~g0GR^9@O4<1IlfM;1%ei??kM@U*0FYYlwA%W#3Qd8U&ky`mx?XHJc$#PcA#3e z$Lz{pMsowuCC|_wp3oT0f6$JM8*&ujH7BPMK#b|0wPkbDIfPnj4?dyEr~YKudVhX=YkM#cr>?Ij_;C0uQrq+a9`!fBE_;rHobm4zPPA29Uem_* zKV^BOxEa>pJfg`T&@W^MXvY1w|B&IJe_u8U(ReXCK7c^sKLx@;p9Jb#{s@??B7KCl zx|%DiQcU?`sx%%_qD6iY>kC^EQ(K>f&s<79Z>%TeIJxA6S$b;|&H>ok81^!nAAl}+ zhUR!e+j;##OZNXflXy*%fW?HNXii~eMUtH3gw^Ap zlYrh?c}5={|23d}JMRJgLfI}J(f?Yu^uI5g+-tsAHbH6fS%bs>FF_y#1Lx7io zAX+b?g#hT>XXuG1be!HF^iZHW$Q(#G5SYE5AGx$ZrDW=0KWO7?()B~i-7(6vdQ$z0>S`+oPP>Lz&;6hTK*BRTx7&| zx)B9;c@I2`&A8od$O!4sxP^WIaf37z6%gdIdh7MdM+4K9o0Ty!`L_pP&&d4CXb}K9 z`x%=530>m)2mL#c94ZO#t_V-QUi|xk9XhW;yf>V|xL+RF`@Xj@$FJNyX=wY~A2xO7 z%?A!+?V~&n`IDEkyZX=U?Ek)OGNAop@kIdwSA(*{_&zHjzmw`c%SOhm+oTExbTb_g@XDqKcgF8g;OEO|F#tOA8M@#J{rUV4 z+P)D6x*Uttr8)Yle!O!DczxKJSj4-JC%=^!y+Dd|L!8E~N(n)X5rJa0`|TQ6+#`D9 z0sX?byZ+DY79Xuz2}ofoqc2MA<56Igr_ps@NQaFA_-aJ)lR8;ZJ(Q)D2@xC6I$ z10G<9%bR_B%8lm71TDdLM z#0)K<$kuY+W5X>heFoi_oo4hi?VTQX_#)bd=bb5y$z?HxXN_BWTgdX5z$2ReWway! zo%ReZ@q`9{h#he5-gt#PUS)5$BWy6Q@fPa+pbu3ckfl;4ZWC0{+7jH>_m?n z=6~Cy9?&mjcl)2&ZT)@O#6kbX>|_7}DbED9o&?%1{|GE8eS)3c>xbqnNxNVFt$Lz+ zdPd%SXU&0KmEvHT-nn_s)Rboumy_gtbloPuX}Iw??wlXcAwWQY&nqDEf8Leh2LBF# zcKav#3*HktkMnO>#+5&e=(TxFBTWxfZ(r^o@jMh>1}-dDeM25k8J`ta3W$oB5P zvi)N7@caDu>4n$r%h}2T1e2Z#{E-i2bTLsv)ddStpd^_Z@(lgguFI9P z|DpM8J&;^2<{DgpI${HK;CHNh;><%lB=FEF>YE4SwhA&U*&}?@BcH)hcjg_oSw3@I|T#U1_uIso(qA`!plGY z6}@LiuYK7A3>Jh_LG@UG5apqkA9brCA-wWeejLjjjBQXb`^s9r7UMOwHM^dDly5&s z{aZ4USkz#azQGS(>qxRjskpc2DHnDuX-Qfnzv>>T3LHld;?o@BFi``sYaUxOkooc! zS8i>735k!3@e4?jt5Cl(-2syTCURk3C5I@muSupB0_X2VB2LG5&dM%lYw5omdn3o# z%+ArZc}cHXbgV>o)2S{gl#mJR1Bn_se#i!#LOVehPT1x*Su|JT8gddLXzuW<9!sVh z?o9fX^&%!|iy8L(pz^5@>~k*pNfhVy(S!c1!);br$bO-I2|{LmBH#uZolS5d2^x76 zh5ed#E2%Es-bV@Z&<5sXoU|$$*{YYWUVuj8E2f{+s+TOe(3aAwts*1ukAX4Hy(4OQ z`VtG6?KVaWK4*d@b*R88-~M2TH**RR&hCt{yq)|`Mg@9)tWU*wH3;d__7(JFKLvGw zy>|GGMbeEH*)WoK4eiE=c6?@wSoAUyk5-<8s*=`E!HH@+tcZ@w1*>=7+(zGS?1$Dx zv$|Td$(zm@n3Il`1aDzSz1*{p(njusb1GdW#5H~K79ld&Ky}S4LT%^S2jC#MyU)H?^-Q*Nm$SNVCEP}tij0Ohky)I>y}l_Z{OSpm z3Ub+P;ZZvHdf0@}3t!uJs4Y&}$0GYR5F*w1Vw)$SenD*P=w7fLhkH-)4Uv1zdvR+# z<~^k(FeUU8d9jMm3OVpMU`L92Ebr<)({nN$vV*2lk(E?Kq5E9rEGqPOKICKzvVA=M zjfxj%Y)eVKp!fkrt;4Xr&0+QY6ZI+e`c@IJrwXM7dwygS9wVl;C%xF)JG+Uw2G=RJvU#OK9a30G+%sFc2hDW z(ll_64(z!UBv_?gD293k3q^kAT=siMi^2ya-~WSGY?2m^ojNW!y)EneW)nFh{&ku2 zXjKgPf`KrUv3}u|AzK33aMU{qbLEe1*Pp5tB)xu$`U4HjAr zM7CD6=^a`dC>7X;;Qd8x%vH(P4c|k1@wIm_@njotf$mS(R8-EYZB}W0Lc_@Fd@ymu zn6rb$w?ax9@H($O6Zpw+gJ!kr_PV`+4wQwpN!SY(LsF$~FebZGM>S z3LsMlrD8#$J3WLUgMi^(i%k><)$ZdJl3JVyV|~8yVk*WoYelzUkx9rE%BnAZ zI$2Ds>@~-9Jx*o+B{)f_H)?&^?{(do=hJM0uyzwbbnYL^)bV9{15t?60uCfe-?w&q z1tU0{&~X`hav#O^AfyHSSI1Kdec*+S%$d_D%U$`)EJRAZo zZq{7{i5bF;9;rL7&W*r#-^k@zx<0(6kdyy<_4xn8>E)SU0WkAFJF_zGfBgp!Gk@h8 z5YX+pDN!&)8Qd5*7zl}BPA6I^?Pwsmp~nwIXC;kdE^QR#MR~+V?ys`+O!a4!g0h+U zJ-)a?(|aK7gb611&k{8GD`5N8XmLv5u7<$)G`&g`Ut$4JY;?B;8}#}n7map9{nJAVQzB)7**ezTPHP4y>{ zpoN_YJ}_nIJS5ze8i<4C`1r5jorc|1#!?AhumbNI9IhAp;Q8eB5m7pHf@8D@#@&Btrh z#^<7+R{Ol=6sHuTsCV}UU9*y!GhYh}TRW(hXwv$da_oI$NQ-=3q8`YH_{~Q)oD?|O z{UaWoOUU>t8obI5`Kq2a5FWMGEPW)Zw+NA9q0dn~DOanv{3QYbCKhGKv3 zPy-J~ExeTyI+KPkAv=tV&yAJwGwA}YJl1CF=-5&|N!ALKf`sRMjbMz>5e+0&zC~dR zH<9WBh0w(|K##tzs?kcf;?UcPg+`i;yF&kJOv88;q55PUXslC*N(PpumrB?3w-ifc zxSRtM2-v2>_h3acKTw>r=8#+WH-q*5xALIDumRH-aUI5x#aHndJZ6H`0eeofFQ5{zs*AKpP#Orq#vd+`Ba0{sm`^kw(&9lxB zX)R?6p}!b!3{D5)1}7s$+R8z19KOjg|0E$;6HR?nMx8CKB}+`mp#b(<+dZer`|xWy zS$om%1PHRbgzk z!rh<-(C_MH!O7B)mT<3R?9(JMIha?)TZK;ndmuJ2w^O~>xeO;fSH&jMDXWOPpj@Ak z*_`I?QyE>4(8{LU24X*iEbM5TGCoTxKFZ6Qe}?Q`6r@Sk%ZQ8ULX48}B-Sg~iVRwII-yw{>r169(Ed06Wo|PXhaE zX$mo!vIe}NO2*GscGk`rytkTq_WE$Ox81vZRazueBK&*tG9;J?M79IS2|4X=2=H<3 zlK5%WH{WwpSwTqo2)e3{FvcdgjMi2LkFNrZ{~#FaKA}?tFP5 zX|u2)ffDwC-F0B+*S40WF&L+9P2`+?SKV<0*@%xml$kD8vSuVvss8ArF~DO~zUW(3oikw6_%k;Rptj-)xgBEcF3q@uoZlzp ziv^~N-R#{7z`k!;oRe-E*lbmv_z*QQ&(L)EU4?zX(vsuJ+RAJ<-Z{?+l9S5~9I`OX0oaqH23V%QHDd5=OaQ{muh z6}kF;8Ue;2nM7^30*PDm)RF6-Jvu3HTI8T}0&B@i=W0`gmUY~KD3l^vrks<(%a(pwlGD$8fGlc=@E+dbj0* z)1W6(+O{CsQvzvLWLQ01!dGdDJ-Ko1WWAad>fw^ec-j?1%_Jld%4fhS0#f%|St3DO zlF9ev{C;<$GDV~Wuh_j~74E%5sz^YO^ot`k?Y^N`B>?Lod`GwXRRbrH9oXsms6Z+L z6BI=%xUBIWY10SQMvZ@^q6BMIT}4LMr$zhSnfY6GxpEM$Ps4jV9!f=8A8Z;p^oHm#p+qIg z?muX3WWeiQqiRDs8ZXiSiQ)3JDK4-{8g~zq+H6m;RLiQ57mr~Z4oR@H;B9u@WgiU|9|}Xz_$JFgL^8QMYR`hKQW-%6Zt&{V zW1&(zw^o|_Ug=`=O^mxNMv%ES+mAdA_MDE?k$uB*>#|r&w_#9yAM#W^WkJQDogKW% zAW4IInMH=cDtzec7So1rJrQMIp6&;U;^<&Ixt%QbSTz1z-Uv>2bY|Pq+5H>)*3_Pr zU^dk-g!vDzZ1iiDi zF8O?D(%i2h_#Q0s^@5dY!ZRF!HHk<;Y`s0^y?ok&_d>DYGJc9(E#5#s;Qcdsf;r_M zpZPsrp81skGyk&_+cW=n*4x7~KT|IdQ1uUAMUXC_9I+pJZMVAY7gfNCop#mmg`lQM zSf8goTT~`Ka5@*L{SJlVDEjVZ(w~fZ8{ps;cokkqP@DQ{cmylMoV{Tq`CL2eJc*c; zR3z5!lg|c|>n-lbieHINg)`v=zz(5BI+9@?L+37MtlYXW9K0pnw7my;B|%e2UpGH* z;-*HVms_2VyIS7ylZIGRSzW+8_*Luv+F4Q%4#K@mofxF_Ue9%Th3|S8hZ#1lexL0o z2|gI_D^u(|rzrSAdKL=dNP*|JEEz#)hUJDqBK5rvGpJoAdD)QQg$Jn3S+dTKZs4_A zRjRc^7f!9@u_!7tClXS!)85H(hmDV+3~F`lY0>b|T~hKXlYDyr$||8@8lIc0vN;Z= zW*fx(Jm`SGuTc0-5^~a2`H18;zoW4ev(UO`+4nYM?gm%B8Pw=9MoMHG_&Ku;wqZXL?4pUMsEP9T72aPlxrwjvdu$^^GX`rG&$DZbs?SRfG zTnF&3ZRWMrgTR3iZP8C}>+@GsL)3|M9j)LOXm<9wS1yY(z&^JBk|6V8`}W)NlTbxaI_!5Yq=vGw4(J z>&&_)Zd{$V|F)P1l4@Dn>?Wl9c1*!~$7vw+H>G>=aj4bG}tHV`7_PH7Zg zG{B31p(~9=4IDe8%!e5G>oNslm!J1fhI0I&+w$vVDcb35?})oiAskm01*din9vHtlv@hvvVFdyLqtsxp^ozmMU2>oNQt{yD9pHLZ83(oa|f? zA<)IumsS*}e&nL_VF*YusTWZj)S$rnfDHZX*yWd%2A!>LQ2d zZAaMB3R3s>$DgHq=m%$V9pF3pM7+o=MZ~&It;&V@ih?1m@9`?jW{gOMT7+DLpdY~QF($6ttsgQRpDN33=%Hbb+8b*UF*UT*N$a+($nJmRdD zU8%?;R9VQ5O2C}AR4l=IOIWWG(2_I|Ej$nTOFz8?_;q=ms7&>0!a>bGT#2_{?dc}V zYw~!FC44<4KSNO-0=+07wt{9*AMQJqh&QVv9TU0t0^zSk-&MqQY2x!eMibOuNW(yjLjIa*?gW1l0;Fqdk@V@%l|CTQcp#{L%O>&b z07BLm2XS_*eb!&^q|&I&Mk$SU$JRe2q0QNG-QZUE{PeKi7F6NyfgA3iyoKSLCOwfJ zmelK0#As}M*w@qrG2pEvIyz?AQ3t1I7N?0gp+9+8Ol$52$+gyWREVy=s*ClIijbBbQ#Dk(Grv=Z1wJ)?g zsmWNn=#`K@kD|gc#4?A;i|W26@~mtANqn;9f!g84A(qMYje}w=v6CTk+O2p(t9d4ZjUM- zZUo|*TsyVv#T!h znx3BdBN4@L(FFsYTj{$L){yt)1 z4r(pCFB!artQv*rmRKNbE7d;4XE4rO)R5N5DzwgKWjy0E+{z~UaE(ne)+4N zsgzn}{6o#%j>2GX)!KPWRrfWVOH`fqO&`wFT?$>{{vce*r6)(QP(S$Iy4@wKphj=H$eQG& zTgmk!<2#SnImj_-i4Z92CXEgk>{Y2jKpXy~YcVp#D%e3l=*Xdd7T&qkB1VRKAFatX zC3X6EGY1Cx2+X;_bLa6Ksa?YJ9J99Tl&}%ppr>2Mk4!ULU5+^Ih<{6n()7!eO!1J` zE}!|5Le67FXuW$^QePN*5}j4NRzMOWS>EDDn18(_00zCtb<>LEy7)0u;PH~fLls8GMNcOj`C ze9dw(qPw&Z+~>)OE(3BuHfoSqYW{ErehUf8k@MEltqQUN17*-$sxoM^puyZCN>1%= zsjSG49@M^(;I?k9D-l=*0pDR>1&lBi9_a2t7l4*xhb7NjPI9wwo4#Jm1pZk&>?FFt z%MFx{XEJb*k9g+a-I zd1LR_dM8PomRza`I-Twc!-GKbsVYf=@sLF!GDP~5*|v!=Kl=*hchz@k?5Rbs*39RA zXI%|kB>!Atg=15R=O3-(s z&Svdts;Suy1J6;FRORXZ$rYySt{`gms~2(xm;xt*Qs2B!M&xhs^ZmWy9vbXCF-edw zTeA{hOn*<%NzHbKzuTHA25H1X>`ZPu+KN%jBi)LkJi|T+i3UR0jZ!E-KKE?iZ2Mws zl;nqu3+6?;=td05?FvWynj7ucxUG*nNqrG}QiRw^?UXaVtEb)lG*`3JZK{R<^1CA< zuMIS1tUYMRUv{r#5676jL(^5>0{6voBAiFiR=UwPPtAiuz50b)&$?W-gsV|n`HGlB zu%MnE)=L~tcPN}-On7ee7JBJ5**u@Hyxf8742?*~3Z~K*RNsILSzi8%Vb*mJw>5It zpNPjk+s6uTgJC6Q#av3Wa^?&!X{OnE?WWIu2Kc=%qOufBnB#1rX7lJo@g&P0u>U5y zIc-Fn*H=uWGlvk#YDYJ`=5|_bGR=c0l?%1f+5pN(zAOdZt({Gb$Lsa;Zfj;1HbU2L zJL@fEV}bBy?|!ee(syo@aIt!krHN*;xweRyy{|R!=iRQvG}16_)%hO$!9wXRK5BIe zi4i@`&S@RZvIckX*#ppNNJY98nPiix8PKs``U2743A(9=h#C}wxZm|1AC^#wvoq-7 zSZxNI)wLL(-;^OVJJAS>kR*L3@|oGwOv;oC;4s7^TN(T$vm>luR@2H#w~JS8ScEw1 zS_Eq3=ioGe;V^4}G?C#uF-gT)F-vYMAIa$<_B{Z4oEr~kf>SUb`ZxwEJ4YwpTDAqNbTZVE+UMb)2-EV6VvQ}Q-U zN-ch;#=~_5CsDHJwjTG_VFT=j>Q3=7jzd4AzII*Z0nLOV!+r$IFPHDlB$aFnw#DnZ ze?_Mpy*W&>ZT$u{((OKuz9JzUJO6R!_kDThR{_lY&u$tj`SdjN>+k~sp~ainL8$u| zoF@ulo??mgd&uoqeQq*oWn7t+M!82uS>Va7h8;B`z1?fEbPVNb`jR>YrO!q&bsK#( zi)QP`rx<3)dDSo7E`QQP-F^+x4qG~F20R&Xeb40A-pf;wL%deMv0RWNfJ;Ah0-+YQ z%&9BQRO21x!?YE4{Jy`(p6PAdcGE_=UcHJYfiCZ|OWLRjZvp3d_ATM= z#QUiTO@0IC2JfukEO}9{hegOj6SqJ#c{}si`yU#+ORA_yA1$J76=f;XTBRzlk&0W= z+lVg6>^v_tYI2W%5Fr-a1Vf^tFwbN#=KL^C_{3PROrS}1)q-s+C>@X=5KunNSTkTe z!ED2@6;o$Wf`b-27tSI1I>Y@V0vk$9tdnYm)ta33tS(9zdDwcvh@B&nA(D({UoqmK zEv(punx6zMaVl@zFqW8c)+fn4FQ8Ury7v_jXoMIlar5hmL1frEHyH1&!+(nsFIAbn^h?i5hn5(N>6uJ z-_3+rSBM3)&!v0>OL|?ZiF<B=l_S>dapY7H$vJ4ye_?Bs9mU+^pLD zJJW2w*CHhID@PvW>Gn1@-e-l5CCl#o!t>q6CF8Ho-bBq2-O4Cw4^? znQr3(>4HJWTb`2C0iFE>1SV@u+4x zN;W6xA7CapX`(Q|Q7V2Y-1azGId%@}A2GQLj=1|{qg9g2I*#=i1qxu!JDg8sw$b-6 z<4V%~SX4How(z6d@s%;sUKRA08cc01@uJqSUe!uvmzX5s`kVkWrQd7uZR8E{4*sG} zJr)*G`WK<2*_>g4C7zqzU)T?i`ER5Q&aN4>ShmodLDQFpxxtnE_4RP7-wb9EmK1M! zldG~N@XF0qQboqKvG)sOFGktvkvbR93y#hWXE&N;GStO`%}8@td}bj6qS5X^K?eFx z`>xmy0w|Cd;p_>%*I${4Y{TGU#)Eg1;L7iRMD5+G#)hakB&5Zw z1v}6-Hd53=g&s_SP%ACK@am&%83sfRfbeygc)(0%rbaSF~0A?+liQ)gI`F=Ax>Sx?g0kGe~{ohLx(dB7=3rwjp>= zb@{8(->@eH=$34U5BHIj7Ow5KQsSzwn16f|bZvq_M9NayqfW*4F|{=1VObdEdUoA%Od<}Jiv5X*5 zGu}#8yz`W5%CD*V72!Eh+3}?SeW`y)WK)E4AUvFvI9n%*HznuLh80(;`lQgaFG@qx zc)7Hl8d`uv)Aao-i8|(SHt&1IWD|(=d*jQ(OGXx;7FYI=NcDOpZt)@D0fP`*i4-F= z3O>&*<4*`{9LI#oxdVcWqr!`CV92uHaGBsZUizQYAgo;}Mq>Lj#tk*uvKoFif4GuY zWHe77^bl-$2AQ|}PJh@2;We07^!vfr>B{ST*0Wg^fy(;!Ygtg^tT%&-jq);#@tOgtG#uI0fO@v=_a1BF3Ln?*?jWRlE{mP_hR&T*e|^zFU^!Rcr`;=giJj+gnp&8=HQ# z6smayZwg3GNxvrf*}R6vwFDRUac-XFwat$=c>EthhcZ&2eoPxLF(A47;lu|Xg{V>A z8YV#B7FrPZYndDqc@~=ZQx+8S`^LSybZ3%_uA%w?_m*F6{3w5z0T$Ejv-~n)^N{)| zhVDkMD9(D_FJ%MlV&<7b>maEV&2B5@c^!yk)guuO`XsVN%8H)~vFem_T?IF>W~v;K z%xIA|v;rRWDIJM+c$uRLx%obDBn5#D2in7i0(A8D_*Zym7hPmvOyiYCoQC?s7#8q6v;QgzH8Y-rBhwE9zldkcJVd4Fx*+*tZfRX%c(dLnu8J0$9w?Ov#TeVdrYO(Hmg0bV-Sl@C?m2B5U8(ev9-8fD3h z3e8Iu?D^T&dAJ zx&n_sjae{u=l9_&A77L|2Kn1#x+cCG$mp5H@};<~bh%3M4r<~?LGzh4239!-}c1NXCe|{P!~=VAmFrY2W*4&NM;zYtY91e36V)Ao)=&i6&%cu<)t+{RdEhbEtwJW`14} zAi(E&S0@M~yxQZ;Z}9A}fch!GGylU4nZox#Kr2@BL7(=s2WlzdqDuroIF46h-_z%PV|2Jq<_tiQ0B^pZIo2FM$#t?k0UioTVikt#42^R1?@C$hn@ z1(_y$Mb>iW)C-fM!0CJ$MGF(Lgsn;9?EO|ifwbdF2i_^>pfSD0M81^$qMrLp%7Rzv z=oRfCT|x@h$m$r*u*W-Y?6;p8-yx%MHk-M{g$P zhtrYM-j(8<_udf(0W%cy(|g6xC#=AT9o8Oepv(97n_P?GHef|_B_K7S(#=~d&KFH2&&whvADe` z!m-{e9SPT%35ze_%L4#_q6QI?YzO`P9Bbuaz!X*_HA#PUd3zXvf zVe~-n8?SE~3Y&>U0iK#WZ*lz3Q^8nRRn$RnC(W>mPE?jNiU?QZynA{o#bR(Zq3T~F zNbVgB9buBP#+;J^dEW9$JL0|#k_?o3i%0LEQ;c1}8?KocXbekJxn*g35l$ym+e7pQ zD7|@a)6e)d8uKl8uQD-9w?}4b5L@(w4~fBwO49W{zaW_rC(C;zR}NL=+u3;N;Mmpy z|KD)0SD7NZAQ-Qwu-R)EUt3^Yz+Y2pP7KmXWMCIlS_IqlbcrHl8HvtxyBd3GqVcDx zCqfC?|N0J^lB*yzr4hm2r!!zbRAY1wyMu6)sqBRK4Puk~%bJ;B{<)2rEerNq^}TY? zCKm9z>upHhwRrK}ijOP19^Ld{I>-jmJq;GaJ! z@h^x*qtvE%P7=ZdC~+otl8vPs-Faf@^Wgh;NlgsPfAeDzX&O(O+tK&^z*CX!Pj+S= z9u(mqW87OEUE-NaJv=+csO#!-9PLxiAO!wCYx?|6w>z{728KL%j4CgtbN6ksyH_0l zE3D{3l{5TZLj15dY%EqQvC`<|Msulg&tvaMFWIIzd1=H+1C`C!G6~O9q!P zHGYA(Hb*UAaQjWz$d|IMvWfDw8D*A;j_mYs3^VC=ot7G-f=SwLq7?4e9T22TAut1Z zXq|Ein7C*AD#GLdujY{AoN@3_Q)q$z(4HlCscw1C+7uK-_-cacAbEfOn4!tdUGMmo zhH1zo-xP}d7^s^p7WOS;oqP)xOS0Z;cWsHdJ4^gNf3+&tt^nmB3-xH*>(txrW+?QH=i|XFlOGNK#RkfqkQn+ieZ(j2*51F7tb-&I}DZxr9#%UQ|S?SW0KfA?r#3XuIW!24?=XvgmgU5A9jI zbndK)NyJ8IgP7NHLPdz>7TeU%(E&?yF(dId8B^jJKsL<=7)##3=?L$)VvT2c=yh4 zBI@%s6`>-re=vL0+bV}Ow=@bD^3?Xra*FwnbgNq7CP&HKy)?c#4L<4VZ@9ZGoJrZu zbqj8DBd5h?v?9}?&?2Fv2ybNF}|R~HVp z$b5|+7m`=vJ$J+;b?luoPzd+2J9dezBG^8Y!S#UUa@&3U-nYH~ITv&{ zHQ`&!yUvOatqxM1XEg&1KktssTk>A*Nr?Lt2UN<@=WKqWt23n-!Jp{d-@4w_W=LuP zi|g;omBWHks=U_oVb&1oH*bzcJ8L-KroVYzvifkgF``uF*6ZK|C`1J?wPGSPhxWZU zbGllN8huRTEH zmtJ=6yuqiPq5f-v>&bO%J5d|Nj= zt9odgy0y#u%`e}${3Jyvr@70S<`N{V3y>K;uQJ|mc z+Ua+Y;!^?(^{4n&7Tl`c3RCGGq6#@PZ09cS5~ubkMl*wNq6B<$-r9Q9_o;6 z(J~+q1BE1e`ZXb)L3en&VAq^Ky6_GS9}@4?LuRCZ`?7ZALMQC?b0fpQi5hYNTz+VR zhA2!VrSjOy+aPl$MyY6H+HZBXAE&nHOJzbf(@ort09Be^Jq|;Rv$jWgwg`5kIrss^ z$XWYb|4Q3V~+J>)JRh*Rzd`%jqD)#z}HFLxtQIpX4<12PQ1MJJMfp+;x8 zZO~nHT6t>S6SY>o0<>}Q-Q7G1p+OlYFB^3 z5kQ%+5KU=WRFTHRMh$5~iTcfgQ9>_^7S^vv#;><4E)*p#EE(?1Ye^*oi_f|;gDAw} zq=ReqISDkcH4`S2FEPSra1;)b?75h#xi2+{C*iXwFe*aN7ds3_*4*dZQE7SkjxHVt z$Gj(yVGU>b;v+I_7Oo%rk_$B-&+^>-shYoO&uJ;DYar~<{OG5YnETYCJ~Y}s`D$9f z^kH6wf^uxIx0yTgqF+GCMBz*wpRRs{;aCA2p!f6uhWaN!?}o<$0Kv;$i2DS1{uM{x zw3A#4>2RLDqeAy7KdP%^6uOtQ1F{If)N-0cc)w}}4|pE4G)Zqmll#QrVXWo0!Vr?RMi(_8FlWM^>Srm0OsCoVdQbm@6{fUn?D=Ap>&mnVxC|k% zbK2zugRSVkG%0bE7pL#*k#%;7YRty--PoqKBVrM-7K>Q+ zyY}eJgEAF06mw`r&50IOru) zOj4qkmxl}zNKm~phF7}3FfUPfTU?8CNa-^tR;MyUTTQr6@n@9tGt@ThF8Eqt0NTs- zP#nr;7_quBP#`Badw9T)JUzfjtP-4Bsg9L23Wv7iT)dsn8444u?TsT#iGz^eW`M{1 zxFsN6_mhecgJUwQ=1DBJ7Fbyv?0>8X4-{A2g0%J#>x2*%mBQ2926s__&J3lHIgzI9!vT)|_yle8hMfO2Q_Oq9koGSigM%`55$*zWn=C z1&VKVF(TI$UUD?`B;Ah7!=p5aJ{qdwz%`!Aq0AxRCP1kZw=GDM zM*slJbQMpC6dz-mJ#@7h)Kz&GhnI3DmkHpFT7dG{xu~I^s->~_^KHm!-!^x2AaRbp z4z8SP99Y|-tNqci%dyXb@m9G;adJgDv=lSE_DBmsla!H`HudrV^XC$1$G>jJnnX-UCbDQG;G}ed@k&C-$VQom5oL2*buRS>#vcrSJ0S&$St1$AS*i0}tx=g) z7`TO!57fK*ab1*eRB18Dh6gI*g<3zruYXYB6K(9O2dry+l!g7}ZIJjuJ*daJi4>?> z>bBwW_I9Vzv2lh9>X|j2QF9&D4oMw)7o|N7XnfkpRdxd&P#SfQk*-;Saxoj56~6(O z_-3K9iLl~mm5E!%tCpNMIwCJG5zbs+C;->k!TS+cv1@EGI(^1hi)+w8#Ynm|DR%f%z}$2gAfw#7HOKQGGYDu&l9Efx2XAw( zEJXlwpr*~S?-d_#<{8+2p6?o=hJo~KB_PzP_mm<%uJKXK1x$g{y7?c4(%~4L@&^NF z&q%Ls!LhMjgERQ+teEiuSE#pJHsAmx0 zYL>Oyxc!6!G+R7e=*7BVo{+@-dy*)1lYA8oF*L z>el!>fJ+RQ#c9|Gh^?)wE9leU(2lhk3TtF3rD=(*B zmu3zulCS4Cqs>iJR7J)e&J}GPz*Yr_A`LVeUta)z7!B8>{_ah#WvT+* zlUf`ewx0q-;^BBxsaB6=VSdJXAug26$?g!R%lX35ws$X+&q*xzz1r5!fH7LJdJwdo zbl9F|r!b0YpaUlChdjK8Ij^c#I!xvu1kgQ|`~)XQb8&};c!!ZnY?r+U50sGK4`t%x z-t`Nn0S+=dBRwh38ZRGuGa^khHZiKe)uZw8YI8DT9$GkI`W39hWuuB{%_ja)yL^Do zTl+`u297Hx=x74D5t>ew6e6E|ErU{79f}_F1ST?Hs*ViPn7sB`?aDNQ8mqzUvf0ln z^>WxoAB6pwi=+yU!35_4 zFHLqMdtO7tJTx@J)_;fGrz_!=7;-}`G;SAulZ$T0RUX>+vS?tC;0t9=>Q44HBPg> z&8%wlMUf(ADR#_c;Xe1QYGpQYeMZZi%CqUzyzi4tNE-S}l}idmWqG7zd2kCXF?gt-jS2l;ulFXTSgpm<9?i zkff(L2_%)~s0O#NK$iDQpq+^Ly>*z8R9kHtAR#wLg_J#kLZoLs*|J-zxoR%gsxSl? z5{HhYw5Qubnctu*XM~MY+F;n)2}$M=8_SrD@&%jeg%k*XZ;ofZ$F-<3s1P3vR2nb; zlt6zy!6$WLufY=)bTy9Qysg=X=ed!Q9d7-HqY9V>K;)y`wuv9X<%{Q)a2RA2Ak#-= z>xoo8E)rF%y1E$)FPp9Eu31~W`I-`BDjy!421D~6yA4lV#WAx#<*$`0KRmnVrq$nC zpzoCGpuI31FvGwzi}dI4Z?dr3de2j(o=3Kl9Ji{6)@;Kb59p2DeMg^a9_e^(Ol`~T zRd6(rrEqIp_8Xid3uqQReXu;XNNLsUussx<8t_0{7I3003D1b1Hl`Gg0n(FAU8otE0B;0&aNjMOV}gB_!I5o(*I!(1_0_06$z^(3PAdN`CErcpqHFXkgma zJ9Do0y2tCYNgZ|Sua9u94?VSa2YPV>uj(ZNx7cjy$1*pq^C>bCsa+ji%Yoyw(h!39 z0lDvxawH=2WNvHJ?FaJ>4edBL?gSdzxD@dFdlfecJos$~@6fryoKIYXH|WUCH$h}; z0NO%G-X8tlTE^eh#UHQ30pNvPW7s}5x1jD~9Y?eQBYw((+%Rw2UlPhIT3QSm;F0nq z0P#qou3+fK#$zLl%21LuB{iCrj8FV#iyL!wiXh#^am>1b^$pigcN7|wo0~W6tLbB$DhTR+2dRtmMR&$+GVhsVHg00m%d zZrwWkM0YkY1(0? zSz`K8E?b6Ooft#1JI1%g?w&EmSZx43$z7iCgIJ!OGB=fnGw8dLYXu*%CGkS0ai4|_ z$9|NL#Na7m2ZNu-l(1O8ilY|>2o>kv?N9mOgv1hggi`?DOZCwUI+sH(_A1Al)1wLa za>4G9w8f_LSkXeW=P1w6QkEsTc53YLB8v1*%>6n`GD86xR z*WsEmhCE~CcGq(1lNb5qZm75F42+~SNvV-B`_&O9`F;Fg%LCH|Hn1fo$Dw2`Yd+5o zF7OqyK5l0ek%80+RQb>;cy+@y*&ofaSbec4U34Ut^y33@W|zZFVblCcf>@>`;KIRZ zn#s2Ii%bKPnjhe6xd#~Aw1pLG>T-7`>8%hJj7JuzqH}5TYH~+&2S-s2+Orgs)dBA| zmrzh7w5I=)vYGi{il1-?b*v(Y!6+==z4#ND{Oo{`aR9Q}sFb{)dKmCHZF;H;ADGEas1a<^q!q5gs6l;UBVJNn^mg zu*rY!$O2LvLMReZqFd{+Z8FUdLtWk3%N&g;PLp*xS2B zwvo)f(JQQV?2B8O%1SF=mR^kQG!fi)c{Nq|99e!yVgGj7!z!qD4Ln2*>;THEtSf3c z1cQY``YT!3qPEI-^6+{qMO^CK9-i|zD;=*o0hG^Uw|s)d&oF&p-prJ%WURW!Kkw;t z6Cw{j`5@lAVhk|_o^F{g$FJ?(%xVp@^>Y$?^I{}1YmT6T7PF0~Pr0q8@PVKP5D9H);t5eV z%v7Wb66ZisiBG?(d-%9vdtK0!bD2P@1c&_R82tK*ZMg>gGQ3A2 z{tF&ksHvM8hU-UD~9TIqGP7KexA^M;P zCUFEuczn$m18QFmUYs_oF9IoG=~4@I167i=SSS3@Z3_pCH=rA$O#U;+i*V8oPlQtB z^oatupQE+~&btB|ggx6%R`KkOZ$^FkZgNyG4PU(SCyl(r@H2E#km@tPV}*#Ebkj_x zeZQQ`8Itk&2G4piOXq_0coGU7x5i!*zNPu=Dc|G2Gr!g^=7;%{`R5IOulWJrTIqxg zd-<|lxbG9GpZ@{;ocy3u~ zsNk^Qr$OF?vy03;OfWH)I}?qOd{bkt7QTpbAUW|SNA;|9E|ZG?Rx|iVB2ly!i*}ub zSrEqXCezimbtU!y3EJ~_wSggJ8-z$|T%$?-hf#rq+xod&=bVeab3k!~uh5#i%Pe=p z`}VMr;^>RnxtwIH-!r_GTl2d{?(DrCr(fzXn;s#JiATox&Cv4w>0Zd{UZ~;iJv^yO zrS<}I^Jv(KQ0C4l!WU$~Z`~}X*wmycR1>FSX*J8dgs2h5b%_BM;;tog;M~E+l(6O& zJt)N$YY(_79E4>9GUn>#9R_+3_M$t@T7*e1hOC8Y)#bqEAO zY0}1*Dsa}-@cM48)GzCz%G@#TI(?W!xM`M5ktP#Ty!#MWc~pX`q?{__vTrrzJHu+~ zSa;Ylm@nOC<2jo+F0z8Rf*uG1+sm5|kB?3=4vMvfpo(a&rvakjj=mP8I>5^dJaomon@80pw(Z?=LD=3dLC}0|! z**=3gg~B62kf3HVB?E_YN@awFx_Jeu&Ob-`%& z1~Tx8Ux=YSkT;8B%w$O>dXOEiHieW4!SdP4J^QoSM^ppF1on;gO%8nuWz~ga@@H{2 znnvu6wmE4u)t9b-{xMQV(W$A0*yLBn`OP7cC^YP>KMh;`e7ydsrt5~vS}uF^*1J^& z67M$gLO}bh$eBw-t#%S!52RBW9d3ClpFG@casE~b8}NKe!@tnUHDhea8~>= zt5*;zY8VtOSg-btdE?KSfHdYcxJHG;LA&#!NZ~fG>4v8PLI5f{9=MDoy#{j%JJngt z;y+8Rm$LU+FNQW-?vR!l9{PS@8S-*CgzX3(P$8Sy+Z|d$=_tCjbQEomS)BvbknAyoJ6ZxaL4HuWSZ67Wh8i&n<0u zx3!iC;NyE@S^+h4TMyMwS=dSGc*S0#4+m9Jkpu=3`3-&qRTTp8=V%97#18!2`O^8Q|IDzk5_rr?i6YocH%<{__L;6OC zt|kjSqak*&@Y4xX>X2o7)ja%#DW4CbIVK#52>~e)L%CE>15FLjv~b;BOXcfP+1v;7 z*UWSrn4@uxrLhx%vFrJ5?8SgMq)SyV=vz3gbY+(Mifz@orj{~~p2eK;K3USuR29Fg z9cH$3jb$`jgF<$ft>AD0^1;%qX;UrB>47PGeLH{;>C~p`!o26U$0B-^DE5WjfYtu? z6RP}%k+2-cQlcy@dNscB33YhglCsd!?q+d-lB$DKzjAjmrv`gQI_z97H+q30FFau~ zAwo<5UUhGxMQ~xKO6}Gn#K?|BPSuMG17pusiNrmMkHcLrFf**LXp#KG2g*~{md%Ih^EF@jPI#9M=!exePtu%<}BwbgcI*JcApy$GKV~ zw+xQVg)>_HSx3F`hm||CXw$14h4?;=2wDN3XV=-+g_^{rdO?A~}@)3^aQ*t&DGU%5&$;t=yyZ#i~B-gm=07Y9E7HmQca>yi` z7)85neRl)h40WS!1f{^oI};aC78TN`T~U%0dXs~;IgTK_F$3bw^H{N3;C;K%S?=kR zZ>=q0%S^7KvjEf;k8PuowX+Y^TA;Jfn}5bk$0}0W-4c;QlPuliXJ;mO=dWnu=`E>m zN`H?{X<1*CyjQ3TGKax+4l!hjiXd`7?kx$$5|NQ@YglohUareAxZ+H#?=C$W)I^{A zDfPjlxSnGVE7m!R)-)1oU(IsyHW$UF1P^jT?=DS>lm3cFQKRJP&^@un+9}&YAv!pn zM89^g)t);vysKg!?I(EPD4ZJTH4cTp`ZpHx|5#iWKqz(;8aV8 zkrI4UTd%uFwpMvy$>8|CmkcNVh#QloMx)1;wluj(2&aTE?3EGBj0v@vH6};|G<9zI zo#Nn6##h*+>0%xCTzLF7CUhKENdboH>Fzy`F5vpxwl)!jzBTahJ8p6fmi} z%u1!r^KCd9+|e5-yf7coM|feLZi2Rlnn9&quPBXW4$Y492gRz%)`wBq+LDy1Cs4t+ zfOLA}+&WQa#U*I?ESx0}iqYKc&9TD_VQcq0GEf*lJ8yMunMGd3#+;?zS0qvU=E(4+ zm6XE}5%d)T*n>$GN8eOqIvj@g80X$l79}XgLqk4lOzm#d!{dt@XffTB<8~uJ?5MDH zW6Q-r-lp4^LKQ6be15^gpN_-p=+a0#7JOU?GzIS#8`CIHl86V zOM8q;om8C!nohnd%mQ=_1+iN?p3oa` zwsT=1x*^uQdB7x!poe9#Eo=GW!9g9tNeGLMz*5dCq|b*{(Ox_YV#A|_=K74YUC~f# z5hoYQaH{P1ky85$n}TY%)$)~8DHL^ss2)ZL2dWKFwn;{3;pUQD&@l@ci;%*x4Z7uu z`G-<$_ef|t8V$e|!d=}-s`yj^9UGMo=O^rYUjT-3jXCpn+m++8_*bSL>*A?60ynUl z$Us&!xj)V`DY0#_>la%UB?+v6KqE9HR6y9eu|tx7vlR>p|no^ z1C!?mWnZ}S|2ybUAo&^?*)zch;i&K0*lFeFO##Sk|lbhVn;xMVL@ zKc%+_R6<{KQA+zktuUjrk?Yqw**{#3(>kIsy=W|brgJ)Q6!ew{-dzZ7RcGAjc6D|R z;0herlCis6tcI3_0w#~h545WYDk?C!Ld4J(qiv-thb&aA%g?0>dsJT_-EXN)uXb^N z+a-2AIp#0CCdCG6f&W(fu_OU+&DXoG$I3QC&(+Wp@e-aC$CEQ;L(l~l zu!K#D{uRw}B`l^I{LOlE)twKa5R;xR#tyJ8ZOkn0-C6nHGS(|`>%hmuklUUq@ti?6 z3krXXpyruELA%qrrlZWHA8}(Yl^I9(HgAq&$=W4;ybPtUm`9DP1jz}4;r0n*6s{tt zyilu&GWK!ckd$N(Av6F#BEck$GI?s^`D(wMXo%<2 zOBD+mxvXGBrwv?hR8t&*>R3D|dRK0Cb+{FwM=`X_LlIyNq-VK*!g_ex@!cS4R2X)7 zW)>cDw{duPux>Ri)1?kwZqcGuM`1Wpxm#R`cSYL(uLN^+K$b+Bc}YTH^Tq;>9$4fH zg^w{t+{}EM-KHIpE0quqr|y`pwGIgK)Km_VsdmlGe%@P)z-I4JW48o%6CXYP&BF2a ziE5^9i!gM4BT+mF9fypG(lAB~GztkR<|m;b&n4CpgPf`&@sA=9d?kGO%_?P;{=o^g zNf0Mm-dGQwyHS#e)oKf3d==UHxxwTV)aI3rSE)%g@6#ba(r1PZH4<6QP}>$3rei=5f=*evUb5l*f{~+y(garCt6AF9V-oXz4Ijtl$@Q zCC;`dzq7jyh}=5&v5GYfp4rrdXdE{DuIBU)&-Mb2plhcEBmQAE>uZsUUS3U%YYlqD z<_vc|5qNtuqq87g_ZKnRc8K(VMtZoStX3jmxge{aEJl^MjLWr}MgTdacX~fceXGCj z_XVAerFaryIA!dg98y-9G0mSm4aA>u9*n4yub6m5uYEY@^<@aE+HDNciC5t%htttk z&E?cxwOw9rftW^85pvoBu9uSGeP8omzcIhs+a;6t@xLyaNW$p8Gym7bKbil)>(`q9 z?UG4r2mnCdYs=*i+rxm`uNPQR7OA}h<_0s#>#1y&#KnT!px)`n?X=N^udJDq`4X8; z3<5s;v90bn$T@DeXc!L39OUD;ZIE0M+UT0JglI`EhujcAXJTQL*C(E>t@qaWgP?#9 z=RW~Ko~$}+<))RiPURh(lAc?2&7GIW=Rcv`U3a0!o>Q3Y)x6|BG^A-PtSK6|^1GWz zOBQE`^{$&7UJGs(obANzj?5VG=LLiN?vEM?zQkOrc_+Af#-E6pT+;C(bz6rhI)dO@ z9s& znm^|M2{u?^sYCNH9aILa@Y(se0`1v037WKzj$l2N=EJb@oro%UGni07RL|FT+sLra z@*xh@2ch*wFv#mj&b$Nib*4-T;4Ue|Fdo2K97f*iuS}Lv&fsG>I3-ioQ;!^d1;@xPcHTOxLj`$OTY=GiNR!><` z_~;SxSKxYnv!yh@irL4Y0|SXT(!2uL9AU?=N@}7WyWrz&(NFK8hH&@S3n+l^q4wV{ zpd97Nz;#;uzJQXe0Q$Gb`}N+X7&`qKut#~n0~Ut%Kacl+%}pu1D7AE)lEvb%8ieDL zZPr8nsR1#607ma8MZ)dGn>)FCV6MA`%ol|YDMG|MX?!{_A&RI{iV{%z71{^s-JnEe zPyo}n9s=*<-?;;z0i*v5ivPc$9Q}qOzWxssS}piXg_|Ksefyj|Oy6oMm)LNVCQA>Y z`Rho@b;joMXQsL#)7qh-+oE+vu*NF*k$2T~Z>s-tnFr|q^5rp}3|zzS&cPWd5 zpa4*BiT^(SZ2;gi%-44*Uw8jB;27_>0Vh?z3;-Nk=qtw?!K>3VR<3Ez8A=WtfgR4- z$5Sz9sV>JaRU7Erqg+D+$h;NMgUArOn!SkZgIRk? zwN|!eL7^&Kr4!mQ!OlHDcBlIV_G&w7W{EzIO1E5GF(D=Qcoc1(5h_(SqjwGTyKVM0 zo=12(5o^LSzer0kJJFgy(W}1(dAJ;mTAlg~X=ugK-B?v#L+Nm=`6v8+rTpkIE|PLU zE(WJPn~=1X%?GWH7!Ju7++z8@gCRb>19mgvu&Vo}dUipoc9YNLE~G%xvh}?vb`6B) ziS9^An^^$!>pm48?VElX1~Y0si4t19T+-1>Kro>Fh`BxwUFDb}ESn&p$f+~&@R2kM z(+zM6mLikI)*W^rSj~?B+5+3FwPyMwIBf2do5-+zUJUw}$Xpvo5Bd5QnVEIoJPMCX zeFjM)xaIagFD=!a(LdwK1h5Kr<Q80GkpZ9yne?Y!tgf{}YO$FQ4UN~gR&7cdxRjT0ONtR=Y^Oj2Ke6s4EX;Fu#=m&ocVI~LwV2%y)7b&O@XFp*6ldOiZ+oR5qsE4=4{?A~HKVXynp#tgkR+NHS z$?8p6y6n51_tY@DfKPkHa9%XO7EeR=ZpUhq3E;zbt?>n`spfOcBG#5=YN&?x@6d|kzyXrp zQt*Ae`R5O4Kq1&*{}tNuZ)kqhzn}qW>j3YQ4@o;t7OhrwvD8RrqjFfP69)ebHNF%x zMsI~C%v1uw)p{kcZyaCQuT~juNaf4Isc^?_i`dhHyj33@q7tVfWJjKt&T8s9|EkNg z1+Cl#mjKO6b}V8Ig$Gh-R$PL%-#OH%2Fa|C0C3$f<#v%j=X=_pa@ly=v!b%11J_+C zk0mzjZbhl)pY1x6(8R^0Mp~iDWkP3GFpgIUWOj%%xt$4d_ZbR+nSDFF?FXY83bY%*>#7+SkuXdGy_lQOUwb9Mxf8Rch3l_E+31E>?u}g zt5(xA$N7ao60iA;;`6mqianjKiCF`?yW}%)rFCMtYp1bJ9J8}}YD_($F>&pyZk+YgeS-S(^J zF$}SC3b`Y$b)O=SCTsN)@d=^)QwTG%RXQ9OPPB(Aa<~fT8#6&Q$t0Xrh5Kd|rz_b5 zWtlxuPl2l2FMKLxkF~;S+LboD{*d(A4^6oY!~XV`3=B~^`KdKeAkLQ)&v9D8=d~Nt zq4GguPoLK<)5_mN)i(aG2@U?=LRF9Ncc}jVgboP{7-09LJni=!vy z{9Q%`$3H9JI}5&A<432frIEhUL=(anJV`}rbt)Oty?t8lHN-dD!504VWE-{#y-z_=^{Ca_j)Z5c z#NFxUSz!Y(Qt!SM8Tu;}$o~pu=$Ao%KoM>TusX3c)u!gq%4D9AjE$LbiRBq9h260E za7QvFJ29SCb0o%x3@lWOKhk`AZ@}|JTV@Dm6TVeCtNH^gEHl$Dse`=f)q)1ON@} zkAIPZ`X=S&AA@KiR;r%{qmY=+c#~b67O-m5q8(&j3}7{|!d~JoMFFwyL?Z%k_sOdq zs2iFgXRG?&4cMQC22gvO=lAiyxKXaBJBPb$`cG5@8?<6o-YI!XVdYWU-S ztjw)?iCH@T5eUVsor1inhytOdK{MoD!yNV+Re6Ze$(HfifJa``Cn4Qj0h^IeanI@S3>foTaY0`h2Ca>SqWHR?xUs?PzAoO1by!E60$AG{$7r%Fm#C5I!Ir#Bu z&Buw#FcBkfO*`F0nXja~#nU=qmtCJB!uQ=*O7qYFMIZpb#=oZpBn8IuU6mf^zf=YM zRu%b{sBfx3tmL^UKp(u^A&5MM^q!glso%aZGkFLj8#EvFb9I46(jK=5_T@MxQRnO` zSI$>W5@s^BPDORSZ(ZTs!>JY>`7<{bw_Ai$BE1%v?zlhgThz%==wXk|z*cvZxv3if zvJXmLY0FfIaGPwsZkliJ_kZn1&Qd0CSUcDq3-( zI*FLj9yg{;Eft@Q2*QzjXB71WNEe|~xU#}fC^tx~gjpI&wbl!8rc9jMg^?qvpEN`pi%8@&N4$`K$y(!6?@# zIxiS<4_b3+$A$fe2_Xy}XW+RLq<=hh$5tf<==w^>7&kS5OB)h11adO&zzSLw_Yzax zpUU#03>)*~gxHoORtMa+i#-XcE;_};fkQgrRB=q?N%Z-8^qrar82-o7wR@*!8 z{0(Vz?WKQ2RvR;*cd?CghOVui)z*wc{)-mnQNtEZWy(_90gkjsTV3YlM?Kdkc0q~Z zHH9&=q!I^ObGm32!cIhwoCu9FqtbraukMKg=-i7t6RyJGy))Y%fQXaUhN@ayP@0l^ z7x6_bggBksXga0a{j?qz+fo^%st&0(=yo+h?q&sHjD!iP%7Y6ZBK2MJr z;3CQ=&N`n?(G8VzYps7NAP@$Zt$4eje~E zp`AIereWJ#idRNM(6i`hqu>Se&Q2Tk!b;pVbe3x>TdJ1`|@4ePt1jjLg01AJM02U(@=MlajnIxh> z#Ww;A*PSYJVbI6jtq zOczss?47#4yiwQtzS;ZuH+8-3omu^2N!LHA>+0=h(LXFn{7=hD0NVb5U4*nelf9uF zY+GbpfQ)Me2@U#-0){XOiiJ-xIepVVLqQZ^+t>=$u#nSfbj03OTfeFP3(dp+Uo?Ns z@ISXU&fcW_r6gMaGT>iLM6Vfs8=xlqADX{h`yQJ3Xkg+j+1Ze)l{EY%r~RkbdVzbz zvXC2mljE<3s|D-O08MXu1MlPCz5*(Nv3XbZmHba%U90?7HOT)<6_DrWD|lh$@wOmP zXy+jiMo|^Ksj*U$tWJo+f=uF@4^T|7e8=aSRaRQ~Rc(62QcYzGk-;EJ5xsIU9&!lE zar@}Z-n)5gT)dkQQ~Xlhj`Po%XPfGT&U(UMW^4+a7mW6@lw3?aK2cR7Z*+FPz&$m~ zjg*Ko+7tv`k=CU`GHRq=VqgY7$F-gDPdk-)%rg<;^H?W=pcS)wP6)bzGuRZ0-amAx z01YOAF9S{9F%8Hh;3NZLc$2g84$_ixX(P&@SV11ToR`_z))d>1cZStpW2pPHwKM-n z!HyR(Rtlo!d^#!_peqrC`H7er@RKMYX5_Uq$H_CmG&7oiG3XIlo5bRBE+UL+s__pK~Hg|qG)Yo4q^zqbJkl<+bms?SKRvXK1cNsO+RJtgS1(RNXW%V>Lb3r{#D z3iuQ2qL^4qb_*y8riT^=y~q#z z!z&ZX4BLbgO!|T)I@k}vX!&x1g`+*y zA_qRgmm7{Qz*FNW#}m&*^A>0ACuKFB!OQA}(#Rf`oUj9qMLBek8qqO^b)vTJ;-9y5 z8z3^?@=1J66z{oL@)pXAZ(;mC{#Pgu!`S``Wr#mR`F8ntC_LYxH7?Cblp}|qK&=b-y7aWlk;Gz?oqtbA(z!S2Fj~>ypfa#o>Gz;VMLYVKG=A{* z%&}o@(?If`7-gHPDsT)mXbSNba-dMzz(#LL`<+2z#t9hQetWz5kG`9Yh@(=4JkKeo zrvJ2PD(^cEmTm8D#BxG-Bk^1w<63F^KThPHw; zLtKWj0w5=Ig8MMmHDF(cB*9>d*Cbm{Z9!dr^`Ap6qR&B&iMvgVeA1lv{pdVVYdzL4X=bzPmM2ZfqTN$GRLG)rEYBgfp7j)Dc z$UPUuVP`*tQ=Kgso&;p&(LRLT8dcg)f)ROu#bz`}alA(A%|nEFkpPOs6P(=iz+Gqj{+bAQlk&Ds|26)dFaYK-cE8Gu(Vq$P@b>%cKXr02@t-ooql@BVai4Lr zBjIb9K&=X%GE)^waQSR+#IXnxKL>3RxFyZHpm0N<*1MZGop7)f1Sh4yXo*F9IdTew z;(r2(`)&{}@W;QE>~FuIIQ$Dr?{6qR!~Z~`WwnjKo4MX%TqwcN6TL) zN0iYh(X`J~-}-XqQ){Cq?Ey3TqmUs;zNBXB$56MaArz@$H0lF<6gmDl*#;yn%TexB z7D%A#+a=0p(l+Ggh7E+_a_gt)alMAL3;$ zCwII#-+i*jSbw{#s%KZPJy*|eoi%h_rm|y|y%E7TCh~h8)sFELG9T=V)}LIdqA! z-`HSsZP3V}x6iUT-l2YdgZh`3PUl}x|CL*Pd`t8GXB2)m{u9AB1_r|4Z3YI9>eb7rFPcPh`t`?G*tWRwhB30fYI!-#F^RjjwXcb)at^lqqeI%6a6+~aOU>F}#NAx)ZV!r?N_1>Nb_HRb?^;g$=|LXel@2+LB{?j#|Das~) zx2QCmSybsm;%R*^r1ZIor$;D}o_Ybx9yf-aHe{0FX_XnXr-M|tL^)Ibp+>8D1hthCMfB58YVTLyaiY6{k=4JSkMwYUJhPG2wh`B2FWI zXz#lD0{TvfRPe7;$n}@D{QuH6j|$xoR2Ji=@4MeWQwU^s>QmKy6gXhK*jIlPXho%O z9W(S<1l|=;g390TP)+tz-j!0tj(p`C-}z;V5UL7#btO7#ZyFYA%pFQ}jYg!=rJ3H%RKxQTzl zz;4N!i3Cm}j%f~B`=@EsKml{j(Y61Nw`2&^am`?}^V=?oXMssj4I&wa>?mL;L5$@7|hrz&GE1_@J_5Qrs*PmhF zj)(r2Rxs|;|NC8-?t>&&W=tOWz;kTLSG=whRfP(x{DKe~o6=98l6NccU09_OW=wZ> zT?jmCQ$rNVgoHQ%I(EC}?F;+_;P_%SXda#f8Raa%A1KFa&xonRAP=wQCVAMtr@r3y#72dqXXI@D?OnCFH>m$l zg#HQD5)bo#LT&pmRJeas(>pl&7`E^G7~~WCI6ASh_Vv>2=8-jMcc7d>(BKRTeAJ+F zC6h5ig>SlE8@C*xqy~wK!ROk#x9sCNI|#SHuUEirQP{tIS@HNafI0sfz__;oY?DQ} zfukIK3&~%Kf3<$kUu{|b&$cjb;DA2-hZenN=Ot>Qweu08$;c`$1AT0ZlLNpx za&-bHu*ld2~XL8Y|OUKzc2Xe4jY{^9{x|7);~ zK+23?@ZP>%jr{h21<5}M{uwgvc-Vhw1><()zaD_}1u#E|=8AGGF+~4WgjJ4qx9?l* zN?T{#4!+^7C1p7W{Mm;DnV!#b;(YQf4>=COB>T;4ONz9Yv1 ziD~CzPz6Wt1chY&h~_`Fw}kWlrMnMSBiMq;c2qBOTZeCmtZV4(Dn`CaK#` zSB;+UgfxQxs9?Qhxpk-i}>iy?MHYAKXJOanPqFHcJf3UR=6yU z(mS+-H)wy+8u$Ow`c?kT)KY$HeNg-d!GBLVyuY-9ag*}jDQAN%1t+S$GJ0o?hUiel z40%==0Rd2#D69+1#D7X4eEv06`NR0exztA~rjXqNDQyZ~Zyx+CIB=l10|Za0O0EhL zbdK-8^RcxDRZ=8Lb^ppym6ZJPU+qt5t$6tV6IxlB@f*Q+XxjhLKB}wcfRyo=z0Qlj z$Cyxs@{?&_F=a563hyh6!H|_!0)da-JnaXDJvP-jUlw_)q-#)ljiSfcLQi-QO8Eqc z2v|`tgM^@s71ED`SZCaPJFTV>#buq|eE?J1cRpx~2sW2qT!Tk&k|s387wtg)B-cgc zBbEUp8k$`f^ge*0-$t7r*L){d9rH1!USjjVl ze~;U05HRM|#hA1SW*7MKVV)l>cX27!P1cZ@XjP7c4$IT)4t}!lUHVo0NqNB?Hv3L+4In z$dGj!eT6dWhgz(;XS{r|d68H;> z(!Zc2{-X5;h5Mgi;@j?Eb%LI(qhB42vg16&gD63Gi1Jl@RoI@ESoEm#;uU~%ARS`MY-Kt$rzbQqlTFFfrsj-ZZyc>Z2WIG~k&@K3oy zCZBfv@^LYw3633e>2?ml$_dUl8T3^+9;<$Z%mxD7-`@0y{trSX0EBOA6(LP=3bl-ZE5b>u{Tu{}&$^qCn4d#1p&Ik~i(5IJCH`fv< zJdWOi0J>*<{Iyjo0r?Lof3A&|aKXP+QTRiZHyCfKEX!itcgQULql&q&68k-xa$;ct zmj5Olu~`mX>;PHtpq3ZeKECm4OEwdtNOZhvLkY7;b{{`jk{Eq)X(MOcH}gb89kUj(1ISP*0j69rP{%0S z+vSWr&VUrUR+t+efLT`)$}xy9X^(~F%jpSy<1z?rR-YCG(cYo-yg~WPQt>uv|NlGw zjhD+z0E*vIp!~lhjsW$q+J^ojB=;{u#lH#VR{le1il55HxK{OoyUD4ppaPxb;{g?i zK;DpO890;M%80s<^ITV*V&H5?P3}!g{t*=nIOcwERjWar&!-2F4W+rmcS7d&aQ|(8Yj9FOGxBy{#`6Y=lALHp)|KTdcf3eT2t@Zfh!Y4bZsza%%V+VzN%fGw~KrXbVq z%Bn!9o8`OC<*tIJhl}e-8vl4{iIF|DNlPem+k*Z2f$mOCh-hW*-30+BX0kh+ z-97#zJ509UOPJMr$050v+RcR)uQ-Jhsu>s?$$Y)hj!eUKosC>9Kz`fpJV9&zV;^9w zJ{{pCyusPUEas>9GF@7B53Q_{0tO>%PnxQ1>hE)TdHib6&s4!RwI+~;4=RQDj7Ljf z!i8rp!s&T+H(n~j0_MGouhljs&}p;?J_unEIM>; zzJZy1Efq#;oe73=$^pIIvG+f<-#^yrSdwyk9+E&!CoT`Bj_()zGMJ>EJ{x8khq3lO zcB%vgWU|<=aValEM39zKBN?);!yQrvmUOB~x~E17Vmej6o^!0j(%CE@T1YGh+C4v9 zpCgNaXn-A(0&h)&%~nOGAR(Gs>{TiIZW>~Kvpg^;9GA}l;!Ni=$C|cUo>Ol;PmzcK zhHbd@kHec?>u=gh$bIF9a+L8b23hM)=_^XI#(Z2Wp=9^wZ>J}Ee+UNRMn7K*o#Ui- zE0Ff)zB-y^M)P5;OfKSaU#(1J8>^+npBk7LJU(lg= zz;vpoZ>g+otRVM-Ly@mSPOjyY;OP!skF*UwvUwZYyC=?^$3en~i--tYFJGN4vfPHB zqqi?^mVq@8d?R6$3R9;^ytr~VM1tdUDW3PqWAt7Q=`Of(GhP*5^HRz8Nj{oVMn9FW zFB86f-*U?V2@5inTZ%$2QkYX#oN`Os*%4q`<6?zs_Y_?x*s`&wo<;%As@4}^a-_60 zYhcfPm#qm8@NwMZ6Ny`p}BdcTF>}Il$@0wogaI$cug|T!XZiDxc&E^A>@|t1* zFq6J}Ike6yDMpTdhJwF=USE?TOD(x-geyhbP!$t8fXMf8Q+KvhmVp1>QWzx+E`%aZ z7e62YF-WZ9W#i(ei~l-u(6tceAhJjK_4ANoKoNW;90lLQGGyU^ggCD(vWt>)df0+i zYkvs}tEH6%lOQf37Rf zsqI3g%U%qY!Y~Lcu=zsLLe;cGHq58`_Pt4^)V!AhZ{`CVQ8B2zttsQSxDvOBbH?H5 zEFMM>@O#URI(p;J&1ly;#He790xm(=i*;FgT1$m2=vd_s3wkOdj5W?>{gbtew8l42|}4R@S6b<4|T^`bR@ zd+n*%g85b{UbmokbHqr523L*(Z-H&J{gm`IM9a@rv*etBi;xSXd2nX!89HvBmXyez zcJWHrjgii&ykKipfj)^5x?3C!%qf6{(Ej@|wyNEgohs=o>lBmIx@VoC9^H2FZk*ac zO((!?QbC<58OB+-QyKY`1RZY4DZuMX66bZoGjaS9wcR>a^ekhj4kkXC-mL_RYKH@? zAkx^!C>;+Qa-RlI+R5`52y`jjfnx`xCUaS80_ks(bJ4TJ88Z&<+07jH=)_fr$-&>a zp>(QaakRSFLy8Ge8me@gv{Nu_s&hGyv&L5YRx-|w&Ks^F%kTl^Ttde&rhS5gs2n_UqtB2B za`5G}yNtJ+N)Vw}QcM>J4adv6f-$yM0$p+o$}EA|hzFk*;!P1SjU`xvWqQ&;g)IZuP&jzv z@?Ph<%u0od(FVMG2>8B7jJ9uT@>6AB*X84QN@=ggAG8|CL`przpl%OG4OT-A+KW2c z&>~QElf86yfE&vT$quK65i@+&q3>;K#c!GC3RI$GwZG9#gT^MngFS0^*fUYqvC z7y^JDZM?6Z@P$Ac3<*ZT>7X$=h1i#1Yp>%;Om(gyO2JG8AX7{KLN*;@X{gvmsRJ_- z$^$gZ6z1JUShDpvRb_*Sl5S0}-xAYL{7mTbSJEl%3qg1@ToZBox zpZI(yDJQMJcs!ACuAYn|RL=U)u)r?7-=29PUaSp#Xj|6qq6K|fFmPYuL zlp6gf#3~cealo#P%z^vW-ixnG7rfr7-5gN*ys0V32BU}%MtD|L-l~dMB_QV#tRHpN zbydsC$Zdm$18x|q6486|bfhJ%c{xeS^o8AT{0_vvvC@#z$}7_V$$*{NDJ~q@&}N|6 zxt5WxCfVGry5I`0LXqR&hxUO-$AIEeE#N_wRQtu`7pM=*6y8zMBG@{tD>!}N(HSNC zg0XW@1u+&qsV4Iqqn8S z=7`*b@+0V8Z(7~3FKs5dK{2((7?#E>W*370}AE3 zZ2|jcuuv>ACxR~#B&Q~eO-W%KLnEjHaBNB=4-BqVBXhn_ZT)t&z*qGKV7q%=zJS3} z+%o&!2qw|Cz;OeE2?5p%ZTn2>d^6))Z27$E(6Ou418f0c^TI2=tW`rdGL!-y3-L9Z z<=s~E5E(mhijFLOk)>_2+vkoW58*;>&)HPL_IYVio$I}eA3>iYuA_tzAbIwTmm%(D z1oU-}>N+U9ufJFX?Pi_8%6A7FnTh6)xXQ`1wXOEn%nmzf2i&F?ivr%paPBE&U&TH( z7v>~B@O?VVjmDi=v$>=yp9RefnK|s+n)=R!vfP4;qDonHEZ3KB{?R42#|}oC0<!Zk0ssaf|?Qo_6Qzx>_#BYrvm>YvUJ^R`j& zKkxhyo&W%!yd91zeT*p$r%`UuhnD3Ytygm4n8^UN$pgf`F%8oiO6m=s1U~r{eazHV zMClz04Ta4R)7%Eb*dd?t$z#Ud;7`5F2Pz*;Rq-pB|1gKpfCmOa}OH8W`GvO$w_tMn~4%uHg4!r2WI#xA@8M` zJOGqAnVLO}(r3R|d;%>stITg#99+Fv1abPBkpya9HJhIfI_5i{W+XBsVA|z&w$p{s zPaV0XZw)#Vp{`<#+V!Z7qkhtyLrH>}qZ-~9OpwqfR045>%jKe7!9jS>o(t-H0l$yc z>(dD%vPh)*0CS9Fu?$x7Y57r0S?B{a3@euf!Y6w=BSS#Cz3VH$L~Tw&7{`Y!*IO3K zBZ7|C^4E_k6Chu)fO3I8PiUvIq}SvSx9Eb9!lj9zGS5M+`@v6 z-ojYMpdmE5GkGpS(f_=-qSRkr;@!salcXVc$A|G`QS6H{pr$B_sexC4vT@+~Aq|NO z)P13<7o@f998?c^hPoi|gE;tAr^?On6zbzEZ|4QTh-vVOg^KGrG!_S(BNF<(TTJa4 zp%-^IJ)tYE)SM0)lDKJa7Wbe%9IL>g0Z?H*GhFNzIN01o`PB3XQ$cOY0EYtm3*O2aUn0rOE03NvbUB?w?4w>Y2{CP=h?&U<{o zsvUutavZ$FR%A={W50{X2I2xoJRZdUXm_NPY&+a!u2>lY-L=zL007!OVPnjRW+_WP zh(yK~=cnk^+5TaCwx*}EVm~(eo+jWXQGHj0!2g=x@^v?5u`4%l*?>xgEd59J6yYM3 zTAq3lpM0QYi&k9s1VH`x1Fv}!vS(h=4q^^a>!59o&2>VJk>f;QLMJS=*k|>J5mI}N zX5k5~(Yyl$MTp}S(4k-|`dWx(Gy!q@W}gL@Kn{{Axd5g5*mcBOcJ2C&ao(us$JOn( zS6694h>}fdm$SYUnacJbdLP%%qlwZGoC%QmvJhcXkUu=c(koebRq=BVZrUl7XQQfk z;aGkL>L{XVcPz6&GNTbFP6wJ+F%YaYJ)dJg7;`b!m+F04uT79)#t@#8krnl%^_SH@ zIc$TkMHejBAz4ntQ&eKhIv>z#W^o*=V1DXlNR=BR*BU2V4fFb%rHy$Lo}oDeT%20l6o>GqGkZvHbX%t=;nMetU?GTY#fhVuG$b#cW&kN+L!@`hus*vPm0(T zg=Pm|RaxEC&X4BZYol8U=XY9U>?vzCw9?xrtZ(pC)lVsXd0RX3t7<}>!o0XZY^a9p zV&_E@eeO-rVW#g#5oZjY>7{*~pIoU9C=f6_cpdt3V)&q+ZG0^S`|B|g#OT2R*9eS zm-K+3?r^mAs{Y)Q_cQ} zSml3?aQN(KZ5$gz7B! zOf8CtWks&8jYLzFYdoW#oz~Ckc5uw9?@+O!bu3$u$Rb?C>-RuX9&d%yCx2kP6M>mI z_Z|3K3YKhDHniPiuyjLNQf;k&i+_-}e)&hmG*nEZ+5o1$(mKcCGoxy249J^BE*ZS1Sh~GA&cGTsK=lf%l2kg|0@S=$_#Sp4te8y#=AbzeC zmp^nlSps8EH(*1kpmhgqQF=$?8>y^kO`)_XQLa{YQ%ih->s`#99(8lKG&2Nc7QyeVf<^QAuN1%L~Q@X-47cQ;b~ zw^WC^etGWayu_kA6bTU}OFhD4HU`;SIionNxY6iUbsEHzHkpRwGz^VcTy18}aY?f1 zxA7S@aeTxPC1|$hW*lbd%5RJC1RS1ms>EfYW0h;}Ca693gyX#&)nEkVfx5BD*T(G( z|L8uotheURs=I_-BWmAiXIX$L((t8d&3T$IlB5xChut4IfCLf3-tm_8H7}@docWbJ zh&(r*X@V*M!P%GqGnjch)gWr#fs59#{5qU8xSCDihMCm|r6l>hzB{l`=NZ-}RtT&x zW2}`^Z201(5)2%h!i})*q~!|k8-~5*Q6mI#5WacfK%KTF(_2Vx-&(y?xca>$%o~EN z#n+I~5ZtOVSJ(#Ls)TwD%DY$<6=3e6C-8RgAncaiS7DVi~Z0$WD03%=gOoI9)_ePQhi&DuZd*L(`sA`E|l(O%G&{|GU?PsK7x1v5sqOIGpL4%+#;Xz>YT(e#*DrZ`hU;@h+3GR~+2kMQxCZC;0A?pR6K*(ZNSK_*;E?s?#V zp(vj3V^s)83k+OnG0x;8u$8TX1bk|6;uo@1tmm_sBPg><9hYJROo^m%fPI> zou@nnI2rx0uz+Z_ie#Bn0Hg!kbBrPe-WhI*1AfvyMc^a#S1Ux#SlW#Meu!S3@6HeM zcju4#<^0QkIzM{*Z|Aq12LO;l(;>AuH`?D{!PG(Sbd~DX7|>HCYu;z4liWC*set_s z*AZpqB$SaN;kBTi9l5)kucTaU&sdmwT`lDNs0~C(FQz9kQ|bk@F7&9?s@}Oj*ej7k zGw4+`*ZO)yh#9$3ZGCOkGF*{tS_sFwN=AO7Pk#l~4M{Q&$~$$D<-9*EBB;lL_v8Q* z%=U1K%l#bUn|Y-g=dXBa5#<5+M06`wQ7CdiBII7BLnxWq60?NC!d`44$iE$JSDbrY#I!`F>Ec8l*O1~1Y8)GP z41NU;tmO$A+ZiPKjd==m|0qP4A65g!{TtM4>%pwQP%4l+@emBMTMld9swspYqSlw*($43tx%pJTrx2Mf)5|wszbg#1zkUX zDJ9U>nhorIiLyNy*Hj*5D93=1X3vGgu4W83{ru&~T_pnh7O4N$%xjFz)KeyHF(C9K z3vTO0L%$<-;s=EaCP>NUZ@%PoY3V zklIdYrcak!(wcE*kER$yqyd#Wm6DgJY-b*KUEBY3vkJK2GupU)j?hideN_!qmA zW{+ikhvM@<5L9@{mz%`hXFu9xVj`Sfm0g|ACDQ0l zv5o$WeMfraLtea;z*vuMO1KI>F~Ftf&Er^~Ef>G}BDq*^U&i9~Q!lY#?dS7}>gO=m z+}QFRuE5rg+A;fFl>0@O?p)kkby%1EQNzLkg?1Pnp0ldD^`77exzHdhF}%@1&%W7B zBtWvur%ItF1SVfFvXh7W0pvIUZ*gj!MPoORuzRQ7qZOEvPM%kyII~Yfg*An>l&Uo& zdeR}d9iDS1IJ=r)4i1RkI<^V-&sp_->-Vj-<2Oh9hM$K8S~YzZRvcmKBHhA}tgW$u zGNJ&7>E=|ADmQ;C2ZTtF)O4{B-XnoBNM3{8|Dk;t}wF1Yp}0@DkY#WCykMN=?yzwbzug!Xeq-%n-GtZDNse8 zG*ly-9`&Pp{w2-vrW-$U->fNezeg*O+w*1DLSLNh3g;V9|1E{Ms(9S%&mJ}|HGnyz zG5O@`@;JoPkcWhvWLrK<6RU193jSu+)%>aQfF@;y=#q0tgRs_1qr3BN>uca6StrQG zMo^wwlTlFs#PP6CH(HBU+hR_hdl6b1mcCeLs5HBJbjsA$pRWzstxG{;?3{g5x+J`F z-S>ymf`Nx8?XuDB3iF8D=D}`}n=~%dzgxL3a_mf+&8QphNm(HrkW!I--@!r(L>-`# zCKu0)O;TxeDI^FRYD%?Z&W;AP4tUl4=`^?29zNx%H+ER8X4nK8kI0Ew!MgpGe7f}s z*DT#@fJ05j-)h7LU!1SiugEM>D3pf*)}JTgE_kON@y3$X2Uoi}Po9J&E|)+#I-Vsl z^f78&@hNyP#pzJkZ*OF1w7}%VTB%HBh2skA-TA@)?)=feoPX(0=f`#U?fhfe0036n zt`q>8>6N0V&9QZw1@4}v5LICk^lbxtF398kO~##;2I4bc@tA~`2^ljhlE09n3B&E~ zfO2|pHMe(mT)_>-mB=pX5@f%^QC0@Y-U+kat|jMkk!aO_=k5V=IK;F$b$HA^85l0n zR#fBwR}p7`DM=pfm4s65h&j?}8Tyg02=k3ry}e?+hxqk#=fQWm3~2d-v`4;$KsArE ziDiFPe17b#obcY4j~$=f%`ch7^XiLW+)spBJVq@pH!^gye3=pY6zP+1)Jv1jrTBz# z2UVP25Cz&<@N!%yh08&O2>AkJFGFL4(m3)Vo|9NV1a#llIZz|qI6us*w00K@^HP?y zFMna$zidV55ZZRl=KJPxe|D!fkb~-zSDAqaGa5x8rgaW_bazuTA6qs*WLxgwrs$XT z;kNb*k%3vmTe0I50rpd;KVIp9W5VR1^_{0b%PWhot0#J) zJDojIb4F)axUiLW3|E1NBUZXEIRo5C$q5D)&S5?$p&g~!ORXXpNFy{W>L(C9i;R1@ z4ownvas(`&43kC8SDy&q!+q=S@K1i6I<`fV)aM&Ojp zFih1wo)nrCT?~0mN-->j4cL(0i5_Qx3Ua#GSm1!_$qOcD-h=h|#`kCADx3KuEFz@O zywT~nv$bfuz&NYL=gL5<6dq^U(TnPA-SX@^ycDo32?%NGa&cpDLLlz9JRkUI!A3FN zTgd=U1|C00URm&bQ2~$8SDMjVWBA;EAm=hdz2ZI8?&sPCKnbr$0;i7H{#CL)8c`rg zytKMd3Z+QvTD0r2z8h+TMb6PNkmz+ul5ewvL>#*ZwI0XCc9v(fPx333V~{_It3mAf zMMRf-VNsp%EF6aLigYc~0kU)a+L6A|go_3AR(V^m4HQQKg}P0UU_;vKIUSOOm0kHO z72m*k{>#2n`rMArfvUEv0a4L1^bo6wIgL5*@nD7Jv~_~Bv_%9Jm6C!3WS<_EZE$kvky#R`jaKHo{RJ=GPB z60tRLv)^ZDQi1|i-BBnRe1xK&`~Ld%SI? z<$-W2Gp(eTNOr&41Dm2|W{e|_HzaY1c2h=K$cT0fw|OYztMu;RcgUnNIk}l=E#58P zCsUARv&QLcbUdq zSGudVpqoxs;p}`oru9r1QIbC2f=tpi<#kTl^O2Cf3Gn%9tOk~+*H z(a_qTE?#rLDqo=f?))*ooPY68=O-rr?fjuiZ&x(k;lwPg5&^_-DsiGCQk;^7HhWED zoSJ|MTC1fe0wb75pWCLIovwb`24Spcu#iMWD%Wb>@Hy{{ew7AdE!y0nD?0pI-_>a* zC)@+I{4KYRTErZJHGBo^G%riasR`J*8deeu|0MNcH&~_H$?8P)I1kUk*zK#{(?S1B z;>8Nuql+)}A>-A$ij0+)?y1r^l?~TK@eZ>pgQ4^f=*ZUc`e3&}NjsQq$}zW64(63w zm#lL(#4?M06q*c&iL56@c=#>e-3*<&`#9N@YGlEgoABAe>dx7ds%!a783s!<;8rGk zdm$UE!9#e;(cnmK_kD^Cl)#Nd8K72LKkY0tMXzM+omb?wr?Ymq6A|9Vi%f$mZ#NTa z+_Jjr8b637`k>eXk%&M)pDMQ3lKF4s5lS`yhf;-xe8PksQ2Yde!;#f4a7;F@Jbfot z<$_}PE)o*%@#HXITsmM@=zS7ab{VOhmzEN6=Ld zvQJ6X%fOqn%Vb%vl_`J>%{+$dQ2@4CC~?V-)PquM&7Gm($pUN-PYAF=aX4oN-q~cK z*`sQz+3uz$tHU00ih`@Ih*|ICvduU2MM8s+1}EGqcb(H&yW}JrwSDSB!&A|NdhOHZ z;c2V>F^C_5*Q~QMrLD!62QI4{gRBc)I&CU&1wgfGnEX_e@Hzaf1l?sM{fr$^Y&DY$ zn{3Ror~-qXx)7Tt4-~X0t13|@K1cM!A*#ILV1Fkp6KK4?06~tgB3BNhd^{1QsPQnzghV34EjPVu^y?|XQVvfqR7TUE1{6U`tf#;lEvI%> zO4uDsz+&K(inLVAe^&U9RY5!zYG>+4FpmXbaA`ip_8`CPjeOhh$o=U!xJF^&Xn>uj zGjG_6poa~c>b##=m?P$#9~DW%8%MKkzs05b;72~N7ydX)pDT08+E7t@hgRYA;$>({ zXQ9kPK^g=uW!f>^TOoNOBAx{EWwQtibr>d{dkP;NyV_hFGs#}bNt$N!!S0I1!$}a? zwHOaHt&W^mhqOfJ*~!drZi)QSQ<`g?lwZ)7mIZNbzreB%8v0EjSf5TbN)K-lbp$|c(gi#@Bczrf7TNRlG@IZ_2mV`=W6Zr@MO$ za;!wu<8~xDl@=A@zI<3nd4gF~oJ0apR3^%8u|AvRHxHe4MTri2tZk;J1-dBFpfiHs zV4%K1f)`G-%39H>1KOxUK}UmIwaynDSI$Z(l7rZ@m}NO?F*JXF=ZE>b^T+;j{)IoC zpZsn2^?$zb8Y=(*bRBL%c|E{W@hiPTaTSSk2}BZ(KEcZ^v53K9OwM zTPaycFN+p03MLRvsv({|ER_PuC!dl|myMaqpe5MuR)i@c>BMI;E?fqs-z|2Tn>h$_ zCO=x8_78@9s*IJfMyOF$S{z2_^3=};H)GF(w_3}6)*w4ZURd@)zu#>l?vy^&jg2DQ z>$j=+saS)vVea0~WgX?O7bHwinQfkes%FV}_=!vwqw5=G@+0{V_R?xS+pHP5p1!1{ zpdn*Xgk;9uuiOaAQw8S>u#P=8Ga;f{bIj+ba88@5V<*KMs)l}tCCn1i} zLa!8NCggR_x!*4h@nBS;R~8j_&&-k)AuNdWho$4K4QHhR+bW8et0_qZUJi-8FmzZt zZGRMM03QPk3h^qWh%B+MEb`Vqvt{woq<}1knxzxKo`*-N8j8qxCjt!ZrvR0q6)SqO zm<%ab3ym&lFp$tGEIVN8;UQ~tiuAZ+%9;y$~;S!P|TMc;(G*6dLE;Pl#XSikaQBSqVZ2Grf!8!IHY8 zL*eG|a^(G4B1{DUsF?;SaDdYJX2PHG$8*4a0+5`E5)Gub_I7NnLl|p&}A%)}e2@oeckcOXKpX=puC1gIk3gZ|LUcGQsIH~TXh%DCL_JDxm~R>dEV z!FLNM1QKgCq9-$iVZw5#(R>RXEuXt5ul(kmjAj;NOHaNFK~#;^$2G6nPsHM=EmeL* zQ??#r8o3|VW8Ac@bdsRBx~Gtl`P7Ne(j;%a&x@0{1x=&Pk`#kX@a>4+z1p(}G{lIb zUZl={@Yb#*dUn^ChnpA#Ri)Pxc_ugkv=cO(&~k-vr|+TUJ{a}LfF))10rFXoC?ffC z){9aE%Hamvi9U$l3KA0n#>d({pr(38VKE5) zskO1dEW(dCGMuWS)9@|KMO1_8zHuIUbF#wx2Ljq`$a$vIcT#HT5%CzEWO3^lZYD|O z-wVNv*bO@CF;n7xGFVz^jFzfOuZVfjgL0hXXvc)H0-Ea{-;O|5HlF8Mbj9Ac>q9r$ zj^gkbkvsDM+{_P7oj>i1j2)uvrSEBiILJ`N9Q(5k|3K(c4=ffcUph8ODx|VA>&3D> ziTwIWc0r|3BL{}z`*}0bN>XtcNx&KQQpej7zFSrxY#KChnA%W}9cv6dUGYs%3of0G zO_rVa74^unDk?@U@iRieg{U%HS`$MH+`X+=Hk}ca2M{`<01(}3! zw-YCy4ZSA#OhrIRubi4Kz%q&1JaChYqDlRRIPuLdeH(iX+x=z{(~AX@CgnCD*CAse z*Cu%LF@|8hkDIgZiGM=az~)6(*50E7lr_PAcNE1^WxUgdapz`1)Ww&W6AA$O7;=BB zEUU6-O=?Xp&3eL{dC+A=hjPjw9hnmt`q%}1RQW8k5e=3)sdPG9T?AJ7N%GdS%T$Y4 zzuFLLrw(YFPs!jb?}C$rnM9qDhNYrKa~`tPk7Sn;K+Ek_EarWpUUXac;CR;;LH{V7 z+e4pdFbV+gh~+aj=}0ZjVWXBhV(@q8hktW^jkmKN-=BZ)=LeC3i+gu|{XY+aF`ZofdpqyF3gE-EeRoi9r+ za`Q6qeTF+`^tG`Y;rOhke$e;QI)ks&ckoJ_I zq@*#U^!qKrpOF^pg0>1jZ%`2}f>jp=7i8XcOfdm20G-~(JvK+geRzGAbYEnCxSla# z*O;qgpOy2zfQujFb-g;#Dn}UM$f1un}{exgH{e!xQPtWT`pcHx1c+_ zBs?gal3!-WYc&?`w?W%42C*vFBzxD%<`?jbBRU4OQT&6P5qfhiYMNLH*&kM&@zC~~2Ir}j ztzKS_;_Q)I3EILGCwZ7&9d`yNYk>Bu3)ny#4E8NaIPyX8m%MgJ|DZ!NHu2pFra}3y_P|tlu9h)L9IJ>2Ly_Y+i{(#(;Ii) z0cY3b=yN=rRLam3^5rUv^~=M@`dw$0Xf|xMY{&?c2HY#f3!6d$g=MdOFF&-Zu?H2$e1qrhI^qoONlgh+&!5SXX8OiZpxrXKWEom<+5N z^7S?kC6A7C(Ce;My>P#-K4rP^9FznJ6&?wf_6b=Vfuki{1L#qf!O9cLm2PX2IGNiw z)@ZF1CxnUm3yS_oVbPPR_-1w5glgAKrl0UAf(K-E~l<;~WmJO#z_dD|j5i9;k zh;Zb@{sF=mND|Su#uLL`Fs26*MkW8Rg5XbYL;aTuy$|n0{qH+@Oa#hInAK$w_J91Y z(93*Zo8Ag=-=BX641g3|!h0*mMt}Y*VOIYgFo!Vzsn8?X2lRk3L=hVJ{F9*wPR?Dx znSw=5sXeKD8~~B#J4?>5)21L={tB4%{{-y$|DFVvxD5wz_y+dmj+`S@ihkn(F0D5d#haQ4vC>#O$CSx4O8wQJa;h!c3-Mp8q6U0my zw37#0OAlN?0Xw@R3u8u3^ljE`#jpHJz198r`{eF8_-i#~;;*s#^SCY(X3w{=x_vvz zrC@F3Kh*gqFiFFa`)_P&7~TqGWlxTH*ec}n_yiUi;^xkz-4FClEPpE0j}#6bbH`#s zLK|vffH=#+c)!$!dtxVkj18xFhoW)yS13uppa}gdY`T9#sr-Gu&1Trc*CBcyq#^@Q z3bO|TcbZhc@3X)+@oWT3(?|h_|6gC{8IIS|^>LjbdW+~nlqk`A?=1*|=)IR9y6By# z(QEYHqt|HB1wqshqL(N^@a|i3yytd2T-SW?W$yp_tu?b}ubI8ZTqj^`D9G}`A&l-* z_QiS#nqoP~hWEb%D&r+Ft+5w%A=dR9=Ju*-q)mlZlPIaO==ey{w4LsV0L3gNBU_(d%2Z zDZ+Y1VttEc%%=}6&f_PY+;jq#{i378CT6l`h(7>>R2TkKWJ|g&!o!HD|EEE6z?Z6| z*9Cjfg@c!7G7q;X>I*Km>B>1A5SISrSa=gi0#$%VQp89^Q58siBO8 znJe56i!DG>@#3NGD(I7V<=}uD4wj?EHEjdxjLdEUm3aUBf%>YGfw{|U+FQ+T`;Xb{ z9y;-CW-i}kf=V7^Ro#0pdSMeu9T!*+;n0d=siSMkW#U8*h!uVrF zU!0w)kdE!1mIF<5yO}wL>*<%W&K2bCeI!-7sD3A@i7Eo!qPbsdBFf>!AgMnWVehJu z_2f3GW|Y@b|0x?0pwH1l^&pJS_j_VaZu(U4vGvZ&U774j+zb3%x_LRrhH1VkaXRkj z&(ZJIVxuhK;20NRl8!xCoRP?|H!3j5kJ82t*MIFo7Sfx7Q%WZA03>a98TKxZBwcyL z|GyqFa|Jv?4(^fSTHqcgz(N0G%+TFxrt7tt^nZr0j)L-l!+5nx=aWO!6!Yz8-zq<# z`AzN)n+(J4Zv|2m<@K=d$!fF136WcmBArrWV_~jdsExnJK=M;vubU1LMj-zkk*FW~ z845)#KA#@0VT!HjFs-ZYH%38&0SVI(w-(53>=Af~20$vP{pX2WjFNn1HpDGvF90=4 znqU3;Bh_|}O&pi8$Q%coQ)^8=jZztwPyObKJk7>YbWt;3)i*kpp5z>rpv6ziWSiyVj@J4+K(VC= zSAua5PqfMNrYz@>H1e~ZI)Mor7WQe4E3rI~OUh-`Ol}a_q+G_>_^G>?gml)`P4rW1 z;k$Fep@z<>Wlr6${O`<|FiQrZkPHO^0#7ORPDyQ$w2ZhrZ$?SEqU?Kv@@HCHb5@{Y zhUsSWpTQ0R0qV=40j%IT_>x1Dh~YLf%~}63^Sb!xX+c!*O0J#!7AH4sEhXrqgx!FHvT-V&F`x(7f_WB#Yu=9feCz2g6Qn`8KsWPKD zp)PDO1~G%2DCF}Y0-T465bacm!e-BE&}!LNbBJM|J~_B}Dx{Y61SADE7EH>`r)}Dm zS>U%{06_zIrxYmvv6DRh_h~!LCP0fdO7t@G*|#TAZWE2>lPauhv)z>|9N$c!0_AZN z`GO9ZB~CiAr$70&_|#aQK-v#F4Fyhyq6W1?=cdYmq%3B^-L-spdMlOE5)(E&pxD9- z&@vj-i!d9)zuDe2DE-PH9&kUg;r(NfBk=jwRoNQ1`AgXq)v6Uo>>Y{i-Fa0E`k>F5 z>xBd(()ac5rCZdiu2ZTb5+Ep5aofG8DpX~5%tJYPA>L8{ep>+=B;}L`Ov+6v8CO)eZ&1+$s2l)pF2JbyOC=-W zqtSzmKFsQj>~}N?4Nd}2(a^X?TTI|~xuhN?ExrEsxsE)-zp;^b3r?Oab?Nm8%u^$n z3!)FUDpnHbk0!-IQo7W@q}-&!d@Gd$z|EP!+IirbiikGZ=)+2+!TSO+Mmt?*V-rhKjrBl>GPa$>pZ!ap zdPHih9D^)R_`oy&2k$R3r>K_Do}?r z@Sotvfdeb80&Y+k%KIyW9^5c!^&f-!`2QHBvvygoNo6LO<2S(;J^IXeO-a6pX4DO3 zN~fr{-uu0RzZLdmeSh&`#fbP)T~&JgD>93HUlPrguOabt_hE5<&(E(WclS^68=04W zn2+r=PYuVE)mYK+`p{Ur*t!GxY8_ z{Gh&uFJnFk%T{DZT{4YQIi#iZecQ}f+(_PtvHZj$D$Q2zsr_Sf!OY#x+WU`C^Ol|r zamc$Er5p3R5E{LbR&=X$C?)e=g%Rua-W#GTn~)f3z~Z4!i*a5IAq@#m5tSl75#4%z z(F;T9BFFdq*bse@s|sV85l(-Ker-BwsbV1;bMDkZy^$0RHYJ^r?-9HFzIzYJ>7<;RkDkMxSr%||OvfpOb-Ys#5r5tk)J?B-s|EL<{Cv|v}KK6KgKW(&(Jju5) zTEa9Q8h^A7T|L?loaVuCl}fV2M`$TLXKBO+6l^;ba|Y-SS7W>gqF<@c#?F_myrHg$ zzf^uF9ZbWpw1M6h;HHL*$kpMbBc?}Rj%)Fz`$g`wSy2Y(Q6&olZND8w$QuN?Bretk z`iQpSw-QqF5^AuF`)?qSy6wt>HV|p_`Cb^Dt0OX-gn1KL*%@Tonw#*r<|eqcY!pY248*4+#{_3*?k1N!i1qA$uI02uo=VvAo^Jm=Zy2fRU8qoz(p0Bq@Mg@c;H(ta>8$zZpejCNNr&4^3o<{YtXZ2D*EH$_c_ zMC*tLnov&oIp!;mkKh;j*NIvTI?TCr?K-|he)Ebdl>PcV9h=JvG_*;@fs_Q0_5`(? zLmSePi0!taZ9Q0G@@HuKqg)MbNPz-ODYes=kC4CZ#H7{0z)P7>{}e~r+=#->;uOgC z@qD+G&*!Xuu!d`h*!4XBUA*2aE`-Zrma|Yk4!oR2T-e5;kzEBvai1{%DK?cU4c`&= zr*3QK@m#OCwKR?>1Z`QK|LP>9vM3yUTz_CNm4h7*kx$bLZ*O2!#v?=Un2W2Kz+i$y zrE_A|MxM6W?a}gg)k;f6VuOv4FIhY-k@bqtWrT`E`d?jI#KFRTO;jw8#3gJ}LjGW6{ z47Su{ zqByFyIx+EL$+HgEd0{%V>dC6aeY7jQg8pLt`&lS7eJRKl(SR#n0&W1c|F}Yyi2XKK z*kb^ILWN({7uEGFu@>IcC=8^x@%FDghjtFa9n4xali7rTwtr&)B+KI z9`lEk_OscapWEeB_LFK=@rXJ|LL#x*SWbRqB+2`rLKZP+0(zc7ueUL?~-`)manIGSk+-Qyo~j&=Mj-7vhL%$UeJEb9G%40G2e z4Vk>PI6;!SI%Zienj!*W;iLLb;TA$nuQiZ-zRxO_!Pnztk_B1SHj2*&oRI4vtcNKy zRxhbP<`B02aY9%4ou?+0!)WV0vFPt=WF*lI#_&Fu-lyDwp>pc9IR@oAQ8nTFjX#(i zN!erV4?->1Wy<_ugM1N8CG^fLcRuwTzHH^b6jv~hI#)29{rrXdTMY;`y95e^G=Le@ z{)3vAh~qZYuQ;wz&;3D-CMe>0q}l_oi54$!UdeZF_G7a+L84sI%xp_JX6(BtMpHf@ zifhDQoE0VzEIV%t#T+R)s#RZ0DU5S!$Z@^BK;a zLOynUxz4HFGPsRL7IR-+~08Z3WPR-n;(CyH^$nt+6}!vW8uT z7S|RNSR7F;<^A&t3F?agxQ&Gta1p5e$4!JpoVU5jPWIYO!0RaJ{a|;t;-KE~8CRaM z87C0Xmd%Gsl4eB=#uf5y&oFZ+DC^VI!mMG|+y;{RgY+0RtW{IEMA|Bcf3BJw%QRvq z@Ar{)Nb8xpRs@zU?xgD`dljL@`wuGBv+0R4*&c_te&TQqAgQ+VMHx~Y! zmudAKtw2}8LPzuy^`l6Jm?$qK9;QzgBJ{S+zD_QLl}CR z7%}?xv25XZDw*qdn7N13dc$tg*~C5<$rd8aDcIPw?_ShS%!U)}H3U)CxTYUL*y)UK zv2}>dI7=E^TEipYs+@6Bs8AS0TE?*Tfzb5>=s?MSP`il^VwQ;OHgxvDKF6PV{W{@a zh@mRkQ*pU1b^1|%O{16$!V9}*SZB|&#GJVKVkm5Bx>jNa4P$IZaj1ZEhBHd(yaL1U z>9cl|7!Am7nZn;jV#^GrpV)h{+oC26(7osPs1_r(0vwU(-)>45AP;auaKw z&dX?7Z`&f%O*iwNZeCV`#}2@^&>9i3s_L(=YV|KG@Te#VTjTw_L(|Vp{f2PUvt}!d zXnKlSF-mcJfA_Va2zGFsz9mlB7m(>Ifa!NcVD?o6g5R_Tm`#goCkqr|+y;+8QK>sI za^H#(NR!{d*k^C6@Y53E!Y!8o8(pD@8_jj>)RBwvvC;!JoBoP0;xRii$x<~zjIcC9 z>~|L*KO^?FeJO<5)K#909)aPlkehx7@Bezq&~^X)@HUFSGd3}CY-7%X zvL13A3zrvD$^CWTI2e5|3d0NUtxr+7TI2$Xc|q_XjE#WlcVNu9!sz0TC>0-k<9@Ot^&xYuX$*=_*yO|ZUIg35=8I7v=D?P#y{B}*% z7LP@@-{};ux$Q8_4nOI}6yZ71uGPs?z-(PYA`|WKG&2cl9j3N93<@R*vkP|$ru*d^ zBR(BBbtpT|ryREL55NBM!8k8) zNM)X{*uZGaL3Buw{@Iu z1mRGR2QTayoRDHGs?fOJAMzbkqr6dCzhoZ|5oW1F+lHfXzZ!U~vUg(1yTao9Uo4Jn zK!*P}IF<@|lz-=%!IKQ`DEU`?k>Ao+1L%5c zZZ_qdP4t3j=@5}HOupq;t3T`m3K;F0iB=|x6N%~<8_SgLii+njK778(E`24UPl9$Y z-l;W;v`yWkET;u|UtIxA8o0;YiTH2zSOeg(3_#ld-$7s*@=|PVQ-8uMt}HhWKmRMM zD$NO*uV>MlR#J(y98?M+Q5#XFpn=}hRM;yR%L(#TXW|5D3^SY^3qq)tqW_Sp-b zThxMXh&0FSe*7;Rq$&q*F9hr`+vt=|5 z%nY-b5G6Elp=773vEQ$ryIU?`(r!{KyrM>WgBozzl#?N_MKe$hlw`TOHDg;G$K&3b zS3C#B_{AHXpPqB46dsW^N~rFKU5d=A26kT0iP>C6J9D;sjUFK~EV#KKeF`y+k1(<# zZ-$R#o|O|36O(aq?%R&QJkRjAU(yFrLjdZ8g#gbUQ2WpG$DK&jE3DyK#SBR$x3=ff7Jr1v8&SIebbW3k*qjB%hLe}9B;>zXPM_A)It)@o?LYvjm$ z9m(w|2w9(L2NTVn8}{bQv6e&Xv9OGnPU}4$7?8Am;3&zzq}`-ebVZE>oEnETK&>92 z<}^wFm)h|;^=i;^sOm1M&@SY|hE@2g1nCqjhq#z0`^F(h)%`yZHVn7eR3zUf%jV*w zE<>;GC~U~n(ux)Zq_^{7s?Qnt-1|!9n?LSdMK;RfJ+%gs_QM-Y+Ra!Kx|LczKrJ1R zHgrvG#MZ-H=ZS=zmDen0_lFdv6=d|2nWp)QaI_jewzRt4&P|(lyobYu549D{M+Do% ziJwj!jT*;##OpdG{NA@vX~0COABQ&LH=&(+E2`fb0FvhG3nuL*wc;yk#5bs=)8aa# z0@BD8{@z?6uM_{Xy<&uL)~i=RFcq3DIn(VEF41cN0#oc6GEHc0s0s5m&B`7!L|Aru z8fIG;&n-T8t4^jWg7A+N^dp}tmx*&@shd`X4f*Fq8R}l8e+5bN4o86~1YTG`?Pjb& zrVt6=M$H)&pmqpIbMfc9aww$DkJmOYVh*Gn+ePi{6r;AGJav^q%F9_i8k9s(-xd$@ zTB^K!^C=Fs>nZbBf7Ia3;7a!&S}X!(%5I9Q0j_&cVWojAJ3r@}3(m;NgQO;?ett!* zRQf9Np#|y_hGct~D&eCe!+R}4eppenxNDJhrt0XIsG}1jEz;OYamh_6Po*_|d?}zx zrJ<$~?#~V8-qRwiDO9$R(m=<_?k#Q~%Vn#UF7u8#U`#TBG)nsMQ8aQ(!~vo~^TEXc zJhu4*p$*-Vl%a#w;{&(qV4I`q*B12QGpNJFaHOljf^9g9gtDQ-Btm54pZbWN7d?2- zcMs+Jc$8YDlc|vPH{sH))&YO_`=T@kl)KTN?tLBjIDfp_x$2I(gNHJ`+PKv53f4xS z`2c&;!uy$l5sNFO!BcY4K18cEJJ)-Okp{)l_XWxDer6ySk^F)T3?=$JZD2tyslJlW zci=X*K8A2U6RbgRp*5psjd8xl_S`Hue?Tu!>I2Ai(R6nnXDPXgD*78ybx4cr;tQ&F zju!D}EDDfL1umj&&=G8}nja0Q6P$X`e;~2L<|aL&*xM|9$+XL7WJjK%%Bw%<>gCv7 zFMCvqzZ%iE2%VRZ%H@Mr)0eakNXgp!a|NdBpBW20z%5ZqucXj{OX1}DM~dZ>zfz3$ zpT>xmmPyZgIYMJpj0IQf>u%o{%~f59e%l65e`uYw`qsJ{CuY`Ju6Ie;WG^xL9SQXy znWE=Z?VC_qUvt)wzxc^^8beo#H*HOsO~L=t+aj1R z%EnE@j=*3IB&A&q^50T!QW3kAN-x0nBe1Jgcuj@V>Kw}h}ESPFao^QSY4 z_mr}8o-p(&pWjwVz%AxD^!Hj+^zKlFMLLNb5na+@Pdu(pgtGHgrKOR&a*zg?l$#M( zeno}$1{L6Nnkx!G#VE1tFO?tF_y?vg26HZPnFXqXLM5O0RNB#Yq0dIwvJbkSv93Fd z^4EW#EJ*T%9K+!|iPjEq9~yf4xW6(c%PA-&Q~nc3O7kw{zwiGBqXJb-Bz_weSCkSH zu6qC#qkun)c_>ew^G@%GHO{OyxBl)1!s63=@;~6RiQDJSSi4~b=o^SZ(Nd2LGl2?$W-2^(9 zFuj||@um&eyu9HMJoYzt@;b5kEWCA#-xN=%huGH74xLZZXyK@@Zs55UwDTpJ!c5Kj zPkosCswK_4vCqf!#^e{xM=3Qu%(}*o7nq~wZI~$A)%Wm+zhse05<;qec;%+zk+7=aWYM2kOn)C5_{h@>$)Wv~U_=@QyNpH+_ zpi?5vGJs1|egPAqKI#Gfcj41}X)nK3K3*!%M^AVL`zm?1!UjRM{DlCSkRXQH@}iwS z6-$lhj~&s@0qhveO);}Y3^(%RflBC{-%A7+Lc%J3X;X&~QT&`@Rj%toJVM<|iIz4n zI(uBpY_OC8^!W+{*JkBs~+ClFdJ?;AJE7MSl z5vQj}=IBM_))MQQbVTxcfr7p3RrwgMkl^z7wT()K#L#93x(+I)?y};>37(YcY)BaV zkDZq9*d^rkBP-C1_sH|_4`a+M*7hz7I@%Ii_3TwY)T#~-C3No+Db#lL7YT+;&g8!@ zSQk6&ORJliUQWM9@r3{Rp_!GXOu^dkbG@Mgnn2Dfj6hH*%k4qlm4}nKEtK7({|V*m zJX~@S?5r3T{<{EGhPp7+z>S`$k1))1Us)d21{uNI(zJ?irAM;Gt2UmF**^9{)Tu^z zv;RsU_Upnj@~#2OOp~<>YQ7uhE@z5WgAlh%>(tiaZyMGl4;^%^acfA7+8su_6_Ieb zlPUr`gz(kvg-^8oMNIb&weDAyXZDh+kvkFjt*qFj)B3FPy^ivKuHqI%lY;5jqhHfx zGF#fxHeR6e&8DqZ(^p33vrC2up`L*m->f3mk1=N9wa-G?!* zeq`pOVUYphv4vTJ+PD>KQ$PKNFXt^;n6in!r7O!MArQW`6T;2^EOWo?vW(l)LdVr( zoS46&0_qf2xYK;la%WzoWMK*x51R@1l$pIyoE+Oa;ZT&rkle3v@IG}cD{a&GP(Rvp z#~&5yok=tq`Q;XM%wDpqP_s3HhBP%851`h1wz#$D@F_%c^i&?y1fu8>M#GW%%3|zU zKw{I*R1eSTKPl&Io|)3_?R4*T_t<6Uzc4P;U|g$|2xHM)5;d9_aa8K3aNJEzDD0mC8>%(011-jBHg zBpl=|wgJSKni;TZo_v;TCMC~`rE8G(w)0p>Pii^x8frSabXB*ts%iPGCf?X-cp(bp zdezTQ7LyUzILaVe29xr>DI`;%{cs{cwu-))O{IJPnT%pdrwFxv{Wp!Y4=czSW^nWJ zv^5{^&30f+%K*ANl1ddIbjH@;k1;ObNV10nkUe=aRspOF zuKqxM5&VRNKmwNWpmuX94{=T;eVZFRnXcWC`sa~2Y?*M6wfBO{DtjE$V}Qj;xw|lD z3|~L4xOy~ghS8et-wJJ+q&sEF7D{xyLi()z5Ez!rP#KZaLC#g=Oji4|{qLXZFQ-@34H5Gb==B9gfcvlsj|X01P%Bh=i>*R$L)^iHZrlvk?mGm+Y)suWtF zx(FyI*LajVtCS$ZvE;N0{^WeS!@LQX>4yKE;H{EUyzii|+MWcfu)2J-L1Cq-I^Lx`GBKdD0F-G==V~A4qD<;hi3>y7DOaeXGEN zix$@l9?16#56=7uXF)@ z;hjkC#{P*8dDKw60X^h)8g;_B4jM@U;=R#vOS5;qAyRQ?pP6KRFRO!^a8R>;hhq*T zu-KHCVFmBWeH~!;CWdi-l1ZLBC*kh)bX-7#r$zPP$$KA%VSW&@9dK#jf$L5rcbj*; zAp!4df!-Id6C^%Q9{$FfcrB)MKr(o;Rn3~x@*>A%h$w4r6j+ST^AU^*M6iVTvwq3{ zYIxKcHOeN={)&uz(d}hFLV#7JcCQ5tRF?OCzsLaQ(bzExp92&~TFvh}seQPjhJC{W zTC}*{D!`Gg13RL>)Kq*iygxcsFDZ{kwh9=aBZ_-@bO#zruuFy?75i^|BBdEtdWTfJ zC#Yq~SXqm;esZ=?U#a=9MYC?70Io5{dso^0q<$_tJ4@#!-iVq$CM`%>!8w?;o7A4& zN=*fzRtZo`x~9gL@ES3n9QHhJ{KW86^xi}9HV2cr%_)p3JtT!XG51YsTs@7}9`Zz+ zMq5hf!afI_jnWgMLiKU0i-Pv;t!7=7441;!XXZWm(xcL*-^!vu(n>DDq=CN!xueux zQNy}HtrDPC2vAF_a{EgyWX^7T?jWOphDCC9C<|d7cZ?$s*`hl~T~)Y&aYP%YA7-Al z!NlYJ;V;=IA)KmwHctpm-|vOw&i3FuK`?s7yEwtOHbS=07Fx4s`5aOGJxH1h1k}HW z!A)xNw^A!CG2uo4sEJ)ud&Dx~^7JUt`ef`i3NyRRD{bz_n$R@#*%$}Pwj`Zl5I*x^ zc+TI$ux6Ylsp1lBGk9tkZTLzaebvM!7%yN)WbLjnDtZ5*L-=WYQf;^i2MI`;2NamJ zo7C#As9}Or<3^yx^??AWNhPNLLyd0V+*_NaQ|co$>XtF3gE5iv<5vg7Nv;BBWqu?@ z{I3|^w(Iw(QlgB|ZEN+$O)j8IlKt9y;?{zk$ckf78H@Q&+Bxs3;`?6}4;W0K@?}8M zSfIhA-K3^)8#NyYfEwsn@7^`F-ZY1zOO5$AmYioUWhF{AYj3ChUiS}JFDt)Q7v$=P zH3(jLQ#eQ-N{^=(o!o0`sXD#>s^r&Hac}p2A#_wCq9m@W_7=CN?2_}2H3rV_6_7Lv zSTJcfsnuUm!?-~WIOgl44CJH_Wt0C>7u!#H*8X z3Lt4rNKg=kz{z8Usr7jg>YS!qOa;zx!)^4h2VJzON(^l-n0s@_7AmG_$Xe~Js#`#}%E zg=Q@g&)Ck-Qy!~W){qbpZL=qm%AJEd)$;5!v--y@e4VlF(AJlb>8v2>S`Y7}+Hge` z{RY(vfa)iJswaNcKU70B@f5>oLw@p1>wNhpiZh6>ir&Hhy~+IgG_b?>0sDo@b+B2|#IDk3mxH)FB! ziW(X?H6D0cTwh{<8f{O)UurVg^k-)pW{#ACWS&Yx%HWi+o;s0tb}%*8}~zt4HGj+nmsX? zw42nFZlmT)3{cYmCYSwdY9ACTzB+9(C^T(l5bZK#N<;+29Q!V;cgPPzk4>eKPmZl{ zmk5`^Sm#4V3kbtHa+#Enm+EoGef=4#(tgMU%ubvd3?ph7W|Oe4U1g zQA02=MaW_O4a1Z!fm7u{B7oj9E2923%A7>7$J}Ay{e}-UG_Ycw@kf7L%H4#&cbN1A zK0*9Tv!u{zQG~oF2V;0eYP`^A(N-5UHT00)gU`P@$w1P>9z)%gcT~QWsy#q;1fc4E zop*F|L|A}lv*l{9tqNA7q88S6@pJVtn~2njewlQ6f1;^nG$7V>=pL)MZw|4xKH3-J z3l`Iu`oe(mhfdEol}E19%Skj~4hE;_j?#P;dnh+3jsO(v0E&?(9e-nwuf4+)`lx}h z$wQ|9+;iH4?#yHPk#_DFI4U*Rhw}z773RCtbS$ z1?Gq>#zLh8sO&YoX!We+a0%bar-s#>-MVLHU45{?Kzk{MnK~g)SB{J?etziN&(#>b zJd+Eu(XP>CL%|fJ43*qp?(||HX|{A=(r!{~xuSL-oEk4BEv_Gstv%wI8vRR+?F19z z_{#-SPQnW{V~qUA4&@%Djx7~+(qc+VE^V$trV* z+5Ww&x2zNzT#%F+(yDq<@JcLfp)Vq31|&_G9!%OzYA2hyMaz^PnyJW4h8%SC;1DLd%)LO5oA>W|p3Q*Gr63eT7bAPER ztBA)4LA};{EZ3gFA$|yZs+KThCN0(Ej5jz!LZ>xPk6D0wO1vnR(MXAwv*kF?V7l@> zBmEitRCe2hih7iJuqzxJ2PO)FLM@}@PfK0_kTgoxJ4dAIt<>}ZYQq3EkLwZXcd|-_ zJ{qnipEt+1^+l^zsUs~fx*%(JOHWc^SfM3gc&MR(w|IK|tLFlG_gJ!0iW}#jS}&W6@^>M4 zB6|7+W@r1TfTXc;fJwUjZgbD}JD(14~$(-5T zs;n8$SNC7oAZh$uU=9S2ElZU4D{A=Q)c7a>YUcno*~!K~)CAhHpa}DE$a)kU?34Kn znb%Y_+}2*xqwdR1S)4hMc>ZD-ZdOOCKmWZRNY2G`DfQV(>zBcfIjNLdTm!G%FMEHG zlmQ_yDd3bWiPUeUbPiB5115*%>sUhLMk!|u$!>njRz-5@uM!S*NbDLs0O7{Iin%+3 zli*D8OR*ZM^#o02uTuam)%|tH+5^hNr;wW*Q926tnGbV8Ql!P8Ah?0_8K?nENiZsq zbSNDlDMo5HsF=~>`U`BKjPn zBHb2?aV%Q?#W9NVDgK(^=qDp4f^OXg2Gq*(###U!7MRb z-_^F6Gbl`7(gx);e&>au|3!jlSCAM1lcuE@VE(vH^gYrzAKi8ioqN`y8*dj?foZgi zG&&Wt(uTZaQbi}1Mv3f!K-zs+%!j{0DDhRH?%GOtd7D@Lfg`>A)yzo3)=S@ZLI95Ch13}W{;=$iu*}0 zYgZcxM^_c&lAic*lEAYzy@wU=sL|t5TO$0f&`(FB8Opq)BLkNxMm{^NJe$4QjxSZUFGv-pNYA zyoZ8s1EOC1SzRNiQ)$!O^Dy>k@7SZ77^+K$kR$^zqNyrGM<@+MSj`yssWDSC1 zA7tTBGrR9=I0q9U^gXP0w&y}?@Bp9& zoJ%~3bbIu79@l-%&$|O$A%*U`|L_upt$$(Ew)?$0;h^P#Dov!C*u*kIe>CZ5h-@7C z4zW&YqMXCL>42ENgk}Ete%zyb)72m;3;JMEz$sZ0Y28XG1E2)TFaH1O0F(~*?%33F zh6g&?g{pnOxVzrgPn`+U?nEx22rUwsn{)V9$9TN3FWP8VR*!9w#bKM)pPujL+t4kI zmHS*;@)0DZni~ef97qR%+J904nnc>SN?G|w%JtX$W~izIxykTSn>FpPGXxfT-xY@R z44j`CPv>_z=sT^A|BOM5#dd;TNn2}NEQ?0FqJYQ;bJtcw_mxA`!NXVpNM!~-1d_?P z?P-AGt3Qw#l`j$hUAPIHs4S7rZDs^Myf$O|k8??Wv;9tad5~IMbcO(B<6J67FQ`xa zu3BX5(kzY8{mC=|=%++A5bruRqkHR530(aY`f1@m$7aa15brX+=gRmS&(AC41%c0L e_S;kcZG8CMef3`TrFsiUL3u2o@ Date: Sun, 15 Feb 2015 09:24:28 -0800 Subject: [PATCH 015/121] Removed debug code for SSL --- scripts/base/protocols/rdp/main.bro | 67 ++--------- src/analyzer/protocol/rdp/RDP.cc | 3 - src/analyzer/protocol/rdp/events.bif | 33 +----- src/analyzer/protocol/rdp/rdp-analyzer.pac | 92 +++++---------- src/analyzer/protocol/rdp/rdp-protocol.pac | 125 +++++++-------------- 5 files changed, 80 insertions(+), 240 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 94aa26b6ec..0369cad3d4 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -14,7 +14,7 @@ export { id: conn_id &log; ## Cookie value used by the client machine. ## This is typically a username. - cookie: string &log &optional; + cookie: string &log &optional; ## Keyboard layout (language) of the client machine. keyboard_layout: string &log &optional; ## RDP client version used by the client machine. @@ -23,11 +23,8 @@ export { client_hostname: string &log &optional; ## Product ID of the client machine. client_product_id: string &log &optional; - ## Name of the server. - server_name: vector of string &log &optional; - ## Authentication result for the connection. This value is extracted from the payload for native authentication. - ## TODO: Perform heuristic authentication determination for NLA. - authentication_result: string &log &optional; + ## GCC result for the connection. This value is extracted from the payload for native encryption. + result: string &log &optional; ## Encryption level of the connection. encryption_level: string &log &optional; ## Encryption method of the connection. @@ -36,12 +33,6 @@ export { done: bool &default=F; }; - ## Variable to track if NTLM authentication is used. - global ntlm = F; - - ## Size in bytes of data sent by the server at which the RDP connection is presumed to be successful (NTLM authentication only). - const authentication_data_size = 1000 &redef; - ## Event that can be handled to access the rdp record as it is sent on ## to the loggin framework. global log_rdp: event(rec: Info); @@ -66,17 +57,6 @@ function rdp_done(c: connection, done: bool) { c$rdp$done = T; - # Not currently implemented -# if ( ntlm && use_conn_size_analyzer ) -# { -# if ( c$resp$size > authentication_data_size ) -# c$rdp$authentication_result = "Success (H)"; -# else c$rdp$authentication_result = "Undetermined"; -# } - - if ( c$rdp?$authentication_result && ( ! c$rdp?$encryption_method || ! c$rdp?$encryption_level ) ) - Reporter::error(fmt("Error parsing RDP security data in connection %s",c$uid)); - Log::write(RDP::LOG, c$rdp); skip_further_processing(c$id); set_record_packets(c$id, F); @@ -110,7 +90,7 @@ event rdp_tracker(c: connection) } } - # schedule the event to run again if necessary + # Schedule the event to run again if necessary schedule +5secs { rdp_tracker(c) }; } @@ -130,7 +110,7 @@ event connection_state_remove(c: connection) &priority=-5 rdp_done(c,T); } -event rdp_native_client_request(c: connection, cookie: string) &priority=5 +event rdp_client_request(c: connection, cookie: string) &priority=5 { if ( "Cookie" in clean(cookie) ) { @@ -142,7 +122,7 @@ event rdp_native_client_request(c: connection, cookie: string) &priority=5 } } -event rdp_native_client_info(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string) &priority=5 +event rdp_client_data(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string) &priority=5 { set_session(c); c$rdp$keyboard_layout = languages[keyboard_layout]; @@ -153,15 +133,15 @@ event rdp_native_client_info(c: connection, keyboard_layout: count, build: count schedule +5secs { rdp_tracker(c) }; } -event rdp_native_authentication(c: connection, result: count) &priority=5 +event rdp_result(c: connection, result: count) &priority=5 { set_session(c); - c$rdp$authentication_result = results[result]; + c$rdp$result = results[result]; schedule +5secs { rdp_tracker(c) }; } -event rdp_native_server_security(c: connection, encryption_method: count, encryption_level: count, random: string, certificate: string) &priority=5 +event rdp_server_security(c: connection, encryption_method: count, encryption_level: count) &priority=5 { set_session(c); c$rdp$encryption_method = encryption_methods[encryption_method]; @@ -169,32 +149,3 @@ event rdp_native_server_security(c: connection, encryption_method: count, encryp schedule +5secs { rdp_tracker(c) }; } - -event rdp_ntlm_client_request(c: connection, server: string) &priority=5 - { - set_session(c); - ntlm = T; - - if ( ! c$rdp?$server_name ) - c$rdp$server_name = vector(); - c$rdp$server_name[|c$rdp$server_name|] = server; - - schedule +5secs { rdp_tracker(c) }; - } - -event rdp_ntlm_server_response(c: connection, server: string) &priority=5 - { - set_session(c); - ntlm = T; - - if ( ! c$rdp?$server_name ) - c$rdp$server_name = vector(); - c$rdp$server_name[|c$rdp$server_name|] = server; - - schedule +5secs { rdp_tracker(c) }; - } - -event rdp_debug(c: connection, remainder: string) - { - Reporter::error(fmt("Debug RDP data generated in connection %s: %s",c$uid,remainder)); - } diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc index 70cad773fe..aca184d844 100644 --- a/src/analyzer/protocol/rdp/RDP.cc +++ b/src/analyzer/protocol/rdp/RDP.cc @@ -1,9 +1,6 @@ #include "RDP.h" - #include "analyzer/protocol/tcp/TCP_Reassembler.h" - #include "Reporter.h" - #include "events.bif.h" using namespace analyzer::rdp; diff --git a/src/analyzer/protocol/rdp/events.bif b/src/analyzer/protocol/rdp/events.bif index dad76f801b..65917e98be 100644 --- a/src/analyzer/protocol/rdp/events.bif +++ b/src/analyzer/protocol/rdp/events.bif @@ -1,23 +1,9 @@ -## Generated for client-to-server RDP requests when NTLM authentication is used. -## -## c: The connection record for the underlying transport-layer session/flow. -## -## server: The RDP server name requested by the client. -event rdp_ntlm_client_request%(c: connection, server: string%); - -## Generated for server-to-client RDP responses when NTLM authentication is used. -## -## c: The connection record for the underlying transport-layer session/flow. -## -## server: The RDP server name responsed by the server. -event rdp_ntlm_server_response%(c: connection, server: string%); - ## Generated for X.224 client requests when native RDP encryption is used. ## ## c: The connection record for the underlying transport-layer session/flow. ## ## cookie: The cookie included in the request. -event rdp_native_client_request%(c: connection, cookie: string%); +event rdp_client_request%(c: connection, cookie: string%); ## Generated for MCS client requests when native RDP encryption is used. ## @@ -30,14 +16,14 @@ event rdp_native_client_request%(c: connection, cookie: string%); ## hostname: The hostname of the client machine (optional). ## ## product_id: The product ID of the client machine (optional). -event rdp_native_client_info%(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string%); +event rdp_client_data%(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string%); ## Generated for MCS server responses when native RDP encryption is used. ## ## c: The connection record for the underlying transport-layer session/flow. ## ## result: The 8-bit integer representing the GCC Conference Create Response result. -event rdp_native_authentication%(c: connection, result: count%); +event rdp_result%(c: connection, result: count%); ## Generated for MCS server responses when native RDP encryption is used. ## @@ -46,15 +32,4 @@ event rdp_native_authentication%(c: connection, result: count%); ## encryption_method: The 32-bit integer representing the encryption method used in the connection. ## ## encryption_level: The 32-bit integer representing the encryption level used in the connection. -## -## random: The random value used to derive session keys (optional). -## -## certificate: The certificate containing the server's public key information. -event rdp_native_server_security%(c: connection, encryption_method: count, encryption_level: count, random: string, certificate: string%); - -## Generated for unknown elements in RDP connections. Used for debugging and development purposes only. -## -## c: The connection record for the underlying transport-layer session/flow. -## -## remainder: The data to be debugged. -event rdp_debug%(c: connection, remainder: string%); +event rdp_server_security%(c: connection, encryption_method: count, encryption_level: count%); diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index f95ff9f589..04d64409bd 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -1,101 +1,59 @@ refine flow RDP_Flow += { - function proc_rdp_debug(debug: Debug): bool - %{ - BifEvent::generate_rdp_debug(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${debug.remainder})); + function proc_rdp_client_request(client_request: ClientRequest): bool + %{ + BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${client_request.cookie})); return true; %} - function proc_rdp_ntlm_server_response(ntlm_server: NTLMServerResponse): bool + function proc_rdp_result(gcc_response: GCC_Server_CreateResponse): bool %{ - BifEvent::generate_rdp_ntlm_server_response(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${ntlm_server.server_name})); - - return true; - %} - - function proc_rdp_ntlm_client_request(ntlm_client: NTLMClientRequest): bool - %{ - BifEvent::generate_rdp_ntlm_client_request(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${ntlm_client.server_name})); - - return true; - %} - - function proc_rdp_native_client_request(client_request: ClientRequest): bool - %{ - BifEvent::generate_rdp_native_client_request(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${client_request.cookie})); - - return true; - %} - - - function proc_rdp_native_authentication(gcc_response: GCC_Server_CreateResponse): bool - %{ - BifEvent::generate_rdp_native_authentication(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${gcc_response.result}); + BifEvent::generate_rdp_result(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${gcc_response.result}); return true; %} - function proc_rdp_native_client_info(ccore: ClientCore): bool + function proc_rdp_client_data(ccore: ClientCore): bool %{ - BifEvent::generate_rdp_native_client_info(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${ccore.keyboard_layout}, - ${ccore.client_build}, - bytestring_to_val(${ccore.client_name}), - bytestring_to_val(${ccore.dig_product_id})); + BifEvent::generate_rdp_client_data(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ccore.keyboard_layout}, + ${ccore.client_build}, + bytestring_to_val(${ccore.client_name}), + bytestring_to_val(${ccore.dig_product_id})); return true; %} - function proc_rdp_native_server_security(ssd: ServerSecurityData): bool + function proc_rdp_server_security(ssd: ServerSecurityData): bool %{ - BifEvent::generate_rdp_native_server_security(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - ${ssd.encryption_method}, - ${ssd.encryption_level}, - bytestring_to_val(${ssd.server_random}), - bytestring_to_val(${ssd.server_certificate})); + BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + ${ssd.encryption_method}, + ${ssd.encryption_level}); return true; %} }; -refine typeattr Debug += &let { - proc: bool = $context.flow.proc_rdp_debug(this); -}; - -refine typeattr NTLMServerResponse += &let { - proc: bool = $context.flow.proc_rdp_ntlm_server_response(this); -}; - -refine typeattr NTLMClientRequest += &let { - proc: bool = $context.flow.proc_rdp_ntlm_client_request(this); -}; - refine typeattr ClientRequest += &let { - proc: bool = $context.flow.proc_rdp_native_client_request(this); + proc: bool = $context.flow.proc_rdp_client_request(this); }; refine typeattr ClientCore += &let { - proc: bool = $context.flow.proc_rdp_native_client_info(this); + proc: bool = $context.flow.proc_rdp_client_data(this); }; refine typeattr GCC_Server_CreateResponse += &let { - proc: bool = $context.flow.proc_rdp_native_authentication(this); + proc: bool = $context.flow.proc_rdp_result(this); }; refine typeattr ServerSecurityData += &let { - proc: bool = $context.flow.proc_rdp_native_server_security(this); + proc: bool = $context.flow.proc_rdp_server_security(this); }; diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index ea68040314..d9546dbdc9 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -1,8 +1,8 @@ type RDP_PDU(is_orig: bool) = record { - type: uint16; + type: uint8; switch: case type of { - 0x1603 -> ntlm_authentication: NTLMAuthentication; # NTLM authentication appears to be flagged by this 16-bit integer - default -> native_encryption: NativeEncryption; # assume native encryption, this should be the value of the TPKT version + 0x16 -> ssl_encryption: bytestring &restofdata &transient; # send to SSL analyzer in the future + default -> native_encryption: NativeEncryption; # TPKT version }; } &byteorder=bigendian; @@ -11,8 +11,9 @@ type RDP_PDU(is_orig: bool) = record { ###################################################################### type NativeEncryption = record { - pad: padding[2]; # remaining TPKT values - cotp: COTP; + tpkt_reserved: uint8; + tpkt_length: uint16; + cotp: COTP; }; type COTP = record { @@ -20,12 +21,12 @@ type COTP = record { pdu: uint8; switch: case pdu of { 0xe0 -> cRequest: ClientRequest; - 0xf0 -> hdr: Header; + 0xf0 -> hdr: COTPHeader; default -> data: bytestring &restofdata &transient; }; } &byteorder=littleendian; -type Header = record { +type COTPHeader = record { tpdu_number: uint8; application_defined_type: uint8; # this begins a BER encoded multiple octet variant, but can be safely skipped application_type: uint8; # this is value for the BER encoded octet variant above @@ -36,6 +37,11 @@ type Header = record { }; } &byteorder=littleendian; +type DataHdr = record { + type: uint16; + length: uint16; +} &byteorder=littleendian; + ###################################################################### # Client X.224 ###################################################################### @@ -130,7 +136,7 @@ type ServerHeader = record { network_header: DataHdr; net_data: padding[network_header.length - 4]; # skip this data security_header: DataHdr; - security_data: ServerSecurityData; # there is some issue / bug where the length reported by the security header overruns the end of the packet + security_data: ServerSecurityData; }; type GCC_Server_ConnectionData = record { @@ -152,11 +158,6 @@ type GCC_Server_CreateResponse = record { user_data_value_length: uint16; }; -type DataHdr = record { - type: uint16; - length: uint16; -} &byteorder=littleendian; - type ServerCoreData = record { version_major: uint16; version_minor: uint16; @@ -174,83 +175,40 @@ type ServerSecurityData = record { server_random_length: uint32 &byteorder=littleendian; server_cert_length: uint32 &byteorder=littleendian; server_random: bytestring &length=server_random_length; - server_certificate: bytestring &length=server_cert_length-8; # arbitrarily cutting off 8 chars so the certificate doesn't overrun the end of the packet + server_certificate: ServerCertificate; }; -###################################################################### -# NTLM Authentication -###################################################################### - -type NTLMAuthentication = record { - type: uint16; - switch: case type of { # there may be further type bytes that need to be added to this switch - 0x0100 -> client_request: NTLMClientRequest; - 0x0300 -> client_request2: NTLMClientRequest; - 0x0103 -> server_response: NTLMServerResponse; - 0x0104 -> server_response2: NTLMServerResponse; - default -> data: bytestring &restofdata &transient; +type ServerCertificate = record { + cert_type: uint8; + switch: case cert_type of { + 0x01 -> proprietary: ServerProprietary; + 0x02 -> ssl: SSL; }; +} &byteorder=littleendian; + +type ServerProprietary = record { + cert_type: uint8[3]; # remainder of cert_type value + signature_algorithm: uint32; + key_algorithm: uint32; + public_key_blob_type: uint16; + public_key_blob_length: uint16; + public_key_blob: PublicKeyBlob &length=public_key_blob_length; + signature_blob_type: uint16; + signature_blob_length: uint16; + signature_blob: bytestring &length=signature_blob_length; }; -###################################################################### -# NTLM Client -###################################################################### - -type NTLMClientRequest = record { - payload_length: uint8; # total payload length - pad1: padding[3]; # arbitrary 3 bytes - remaining_length1: uint8; # remaining length of the payload - pad2: padding[36]; # arbitrary 36 bytes - unknown_length: uint8; # an unknown length value - unknown_value1: padding[unknown_length]; # arbitrary padding for the length value above - pad3: padding[3]; # arbitrary 3 bytes - remainder_length2: uint8; # remaining length of the payload - unknown: uint8; # this unknown field affects the length between here and the beginning of the requested server name - switch: case unknown of { - 0x00 -> case1: uint8[7]; # jump 7 bytes - 0xff -> case2: uint8[12]; # jump 12 bytes - default -> case3: Debug; # debug if an unknown value is seen - }; - server_length: uint8; - server_name: bytestring &length=server_length; - data: bytestring &restofdata &transient; +type PublicKeyBlob = record { + magic: bytestring &length=4; + key_length: uint32; + bit_length: uint32; + public_exponent: uint32; + modulus: bytestring &length=key_length; }; -###################################################################### -# NTLM Server -###################################################################### - -type NTLMServerResponse = record { - unknown_value1: uint8; # 1 variable byte - unknown_value2: uint8[3]; # 3 bytes that may be static - unknown_value3: uint8; # 1 variable byte - unknown_value4: uint8[2]; # 2 bytes that may be static - unknown_length1: uint8; # an unknown length value - pad1: padding[unknown_length1]; # arbitrary padding for the length value above - unknown_value5: uint8[3]; # 3 bytes that may be static - unknown_value6: uint8; # 1 variable byte - unknown_value7: uint8[3]; # 3 bytes that may be static - unknown_value8: uint8; # 1 variable byte - unknown_value9: uint8[7]; # 7 bytes that may be static - unknown_value10: uint8[16]; # 16 bytes that may be static - unknown_value11: uint8[16]; # 16 bytes that may be static - unknown_value12: uint8; # 1 variable byte - unknown_value13: uint8; # 1 byte that may be static - unknown_value14: uint8; # 1 variable byte - unknown_value15: uint8; # 1 byte that may be static - unknown_value16: uint8; # 1 variable byte - unknown_value17: uint8[6]; # 6 bytes that may be static - server_length: uint8; # length of server name - server_name: bytestring &length=server_length; # server name - data: bytestring &restofdata &transient; -} &byteorder=bigendian; - -###################################################################### -# Debugging -###################################################################### - -type Debug = record { - remainder: bytestring &restofdata; +type SSL = record { + pad1: padding[11]; + x509_cert: bytestring &restofdata &transient; # send to x509 analyzer }; ###################################################################### @@ -311,3 +269,4 @@ function binary_to_int64(bs: bytestring): int64 return rval; %} + From 0648dafa5456952caa10057757acad264518ed4f Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 10:08:31 -0800 Subject: [PATCH 016/121] Removed scheduling of rdp_tracker event in server response events --- scripts/base/protocols/rdp/main.bro | 49 ++++++++++++++--------------- 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 0369cad3d4..6f6af9d4cf 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -14,23 +14,23 @@ export { id: conn_id &log; ## Cookie value used by the client machine. ## This is typically a username. - cookie: string &log &optional; + cookie: string &log &optional; ## Keyboard layout (language) of the client machine. - keyboard_layout: string &log &optional; + keyboard_layout: string &log &optional; ## RDP client version used by the client machine. - client_build: string &log &optional; + client_build: string &log &optional; ## Hostname of the client machine. - client_hostname: string &log &optional; + client_hostname: string &log &optional; ## Product ID of the client machine. - client_product_id: string &log &optional; - ## GCC result for the connection. This value is extracted from the payload for native encryption. - result: string &log &optional; + client_product_id: string &log &optional; + ## GCC result for the connection. + result: string &log &optional; ## Encryption level of the connection. - encryption_level: string &log &optional; + encryption_level: string &log &optional; ## Encryption method of the connection. - encryption_method: string &log &optional; + encryption_method: string &log &optional; ## Track status of logging RDP connections. - done: bool &default=F; + done: bool &default=F; }; ## Event that can be handled to access the rdp record as it is sent on @@ -38,6 +38,10 @@ export { global log_rdp: event(rec: Info); } +redef record connection += { + rdp: Info &optional; + }; + const ports = { 3389/tcp }; redef likely_server_ports += { ports }; @@ -47,9 +51,15 @@ event bro_init() &priority=5 Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); } -redef record connection += { - rdp: Info &optional; - }; +function set_session(c: connection) + { + if ( ! c?$rdp ) + { + c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; + # Need to do this manually because the DPD framework does not seem to register the protocol (even though DPD is working) + add c$service["rdp"]; + } + } function rdp_done(c: connection, done: bool) { @@ -94,15 +104,6 @@ event rdp_tracker(c: connection) schedule +5secs { rdp_tracker(c) }; } -function set_session(c: connection) - { - if ( ! c?$rdp ) - { - c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; - add c$service["rdp"]; - } - } - event connection_state_remove(c: connection) &priority=-5 { # Log the RDP connection if the connection is removed but the session has not been marked as done @@ -137,8 +138,6 @@ event rdp_result(c: connection, result: count) &priority=5 { set_session(c); c$rdp$result = results[result]; - - schedule +5secs { rdp_tracker(c) }; } event rdp_server_security(c: connection, encryption_method: count, encryption_level: count) &priority=5 @@ -146,6 +145,4 @@ event rdp_server_security(c: connection, encryption_method: count, encryption_le set_session(c); c$rdp$encryption_method = encryption_methods[encryption_method]; c$rdp$encryption_level = encryption_levels[encryption_level]; - - schedule +5secs { rdp_tracker(c) }; } From af1f4be5294a6b734723d0b118e92c69b4177973 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 10:16:16 -0800 Subject: [PATCH 017/121] Added comments and TODOs --- scripts/base/protocols/rdp/main.bro | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 6f6af9d4cf..a1026208de 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -34,7 +34,7 @@ export { }; ## Event that can be handled to access the rdp record as it is sent on - ## to the loggin framework. + ## to the logging framework. global log_rdp: event(rec: Info); } @@ -56,7 +56,8 @@ function set_session(c: connection) if ( ! c?$rdp ) { c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; - # Need to do this manually because the DPD framework does not seem to register the protocol (even though DPD is working) + ## Need to do this manually because the DPD framework does not seem to register the protocol (even though DPD is working) + ## TODO: Find out why DPD framework isn't working add c$service["rdp"]; } } @@ -113,12 +114,14 @@ event connection_state_remove(c: connection) &priority=-5 event rdp_client_request(c: connection, cookie: string) &priority=5 { + ## Possibly better to avoid this clean up and use regex in binpac to extract the cookie value if ( "Cookie" in clean(cookie) ) { set_session(c); local cookie_val = sub(cookie,/Cookie.*\=/,""); c$rdp$cookie = sub(cookie_val,/\x0d\x0a.*$/,""); + ## Schedule the rdp_tracker event so remaining data can be collected schedule +5secs { rdp_tracker(c) }; } } @@ -131,6 +134,8 @@ event rdp_client_data(c: connection, keyboard_layout: count, build: count, hostn c$rdp$client_hostname = gsub(cat(hostname),/\\0/,""); c$rdp$client_product_id = gsub(cat(product_id),/\\0/,""); + ## Schedule the rdp_tracker event so remaining data can be collected + ## This is scheduled twice because the cookie in rdp_client_request may not exist schedule +5secs { rdp_tracker(c) }; } From a3ab9f5b09517d469383419f150896aa0fb29834 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 10:18:52 -0800 Subject: [PATCH 018/121] Added comments and TODOs --- scripts/base/protocols/rdp/main.bro | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index a1026208de..718fb3fe87 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -62,6 +62,8 @@ function set_session(c: connection) } } +## Currently rdp_done and rdp_tracker mimic the SSH analyzer for disabling analysis, but there might be a better method +## Once the DPD framework bug is fixed, we could possibly use the same method as SSL analyzer function rdp_done(c: connection, done: bool) { if ( done ) @@ -91,8 +93,8 @@ event rdp_tracker(c: connection) if ( connection_exists(id) ) { - # If the RDP connection has been alive for more than 5secs, log it - # This duration should be sufficient to collect the data that needs to be logged + ## If the RDP connection has been alive for more than 5secs, log it + ## This duration should be sufficient to collect the data that needs to be logged local diff = network_time() - c$rdp$ts; if ( diff > 5secs ) { @@ -101,13 +103,13 @@ event rdp_tracker(c: connection) } } - # Schedule the event to run again if necessary + ## Schedule the event to run again if necessary schedule +5secs { rdp_tracker(c) }; } event connection_state_remove(c: connection) &priority=-5 { - # Log the RDP connection if the connection is removed but the session has not been marked as done + ## Log the RDP connection if the connection is removed but the session has not been marked as done if ( c?$rdp && ! c$rdp$done ) rdp_done(c,T); } From 90bfbf900295c425ea548e1ec0fe237b301d9505 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 22:43:31 -0800 Subject: [PATCH 019/121] Added comments, changed logging events to reduce analyzer errors --- scripts/base/protocols/rdp/main.bro | 165 ++++++++++++++++------------ 1 file changed, 94 insertions(+), 71 deletions(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 718fb3fe87..c4309e3686 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -29,10 +29,24 @@ export { encryption_level: string &log &optional; ## Encryption method of the connection. encryption_method: string &log &optional; + + ## The analyzer ID used for the analyzer instance attached + ## to each connection. It is not used for logging since it's a + ## meaningless arbitrary number. + analyzer_id: count &optional; ## Track status of logging RDP connections. done: bool &default=F; }; + ## If true, detach the RDP analyzer from the connection to prevent + ## continuing to process encrypted traffic. Helps with performance + ## (especially with large file transfers). + const disable_analyzer_after_detection = T &redef; + + ## The amount of time to monitor an RDP session from when it is first + ## identified. When this interval is reached, the session is logged. + const rdp_interval = 10secs &redef; + ## Event that can be handled to access the rdp record as it is sent on ## to the logging framework. global log_rdp: event(rec: Info); @@ -51,81 +65,71 @@ event bro_init() &priority=5 Analyzer::register_for_ports(Analyzer::ANALYZER_RDP, ports); } +# Verify that the RDP session contains +# RDP data before writing it to the log. +function verify_rdp(c: connection) + { + local info = c$rdp; + if ( info?$cookie || info?$keyboard_layout || info?$result ) + Log::write(RDP::LOG,info); + else + Reporter::error("RDP analyzer was initialized but no data was found"); + } + +event log_record(c: connection, remove_analyzer: bool) + { + # If the record was logged, then stop processing. + if ( c$rdp$done ) + return; + + # If the analyzer is no logger attached, then + # log the record and stop processing. + if ( ! remove_analyzer ) + { + c$rdp$done = T; + verify_rdp(c); + return; + } + + # If the value rdp_interval has passed since the + # RDP session was started, then log the record. + local diff = network_time() - c$rdp$ts; + if ( diff > rdp_interval ) + { + c$rdp$done = T; + verify_rdp(c); + + # Remove the analyzer if it is still attached. + if ( remove_analyzer && disable_analyzer_after_detection && c$rdp?$analyzer_id ) + { + disable_analyzer(c$id, c$rdp$analyzer_id); + delete c$rdp$analyzer_id; + } + + return; + } + # If the analyzer is attached and the duration + # to monitor the RDP session was not met, then + # reschedule the logging event. + else + schedule +rdp_interval { log_record(c,remove_analyzer) }; + } + function set_session(c: connection) { if ( ! c?$rdp ) - { + { c$rdp = [$ts=network_time(),$id=c$id,$uid=c$uid]; - ## Need to do this manually because the DPD framework does not seem to register the protocol (even though DPD is working) - ## TODO: Find out why DPD framework isn't working - add c$service["rdp"]; - } + # The RDP session is scheduled to be logged from + # the time it is first initiated. + schedule +rdp_interval { log_record(c,T) }; + } } -## Currently rdp_done and rdp_tracker mimic the SSH analyzer for disabling analysis, but there might be a better method -## Once the DPD framework bug is fixed, we could possibly use the same method as SSL analyzer -function rdp_done(c: connection, done: bool) - { - if ( done ) - { - c$rdp$done = T; - - Log::write(RDP::LOG, c$rdp); - skip_further_processing(c$id); - set_record_packets(c$id, F); - } - } - -event rdp_tracker(c: connection) - { - if ( c$rdp$done ) - return; - - local id = c$id; - - if ( ! connection_exists(id) ) - { - rdp_done(c,T); - return; - } - - lookup_connection(id); - - if ( connection_exists(id) ) - { - ## If the RDP connection has been alive for more than 5secs, log it - ## This duration should be sufficient to collect the data that needs to be logged - local diff = network_time() - c$rdp$ts; - if ( diff > 5secs ) - { - rdp_done(c,T); - return; - } - } - - ## Schedule the event to run again if necessary - schedule +5secs { rdp_tracker(c) }; - } - -event connection_state_remove(c: connection) &priority=-5 - { - ## Log the RDP connection if the connection is removed but the session has not been marked as done - if ( c?$rdp && ! c$rdp$done ) - rdp_done(c,T); - } - event rdp_client_request(c: connection, cookie: string) &priority=5 { - ## Possibly better to avoid this clean up and use regex in binpac to extract the cookie value - if ( "Cookie" in clean(cookie) ) - { - set_session(c); - local cookie_val = sub(cookie,/Cookie.*\=/,""); - c$rdp$cookie = sub(cookie_val,/\x0d\x0a.*$/,""); - - ## Schedule the rdp_tracker event so remaining data can be collected - schedule +5secs { rdp_tracker(c) }; - } + set_session(c); + c$rdp$cookie = cookie; } event rdp_client_data(c: connection, keyboard_layout: count, build: count, hostname: string, product_id: string) &priority=5 @@ -135,10 +139,6 @@ event rdp_client_data(c: connection, keyboard_layout: count, build: count, hostn c$rdp$client_build = builds[build]; c$rdp$client_hostname = gsub(cat(hostname),/\\0/,""); c$rdp$client_product_id = gsub(cat(product_id),/\\0/,""); - - ## Schedule the rdp_tracker event so remaining data can be collected - ## This is scheduled twice because the cookie in rdp_client_request may not exist - schedule +5secs { rdp_tracker(c) }; } event rdp_result(c: connection, result: count) &priority=5 @@ -153,3 +153,26 @@ event rdp_server_security(c: connection, encryption_method: count, encryption_le c$rdp$encryption_method = encryption_methods[encryption_method]; c$rdp$encryption_level = encryption_levels[encryption_level]; } + +event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=5 + { + if ( atype == Analyzer::ANALYZER_RDP ) + { + set_session(c); + c$rdp$analyzer_id = aid; + } + } + +event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason: string) &priority=5 + { + # If a protocol violation occurs, then log the record immediately. + if ( c?$rdp ) + schedule +0secs { log_record(c,F) }; + } + +event connection_state_remove(c: connection) &priority=-5 + { + # If the connection is removed, then log the record immediately. + if ( c?$rdp ) + schedule +0secs { log_record(c,F) }; + } From 0ef8a106df3f23d5946b7e934400dfcea472b6f4 Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 22:44:00 -0800 Subject: [PATCH 020/121] Moved DPD to each individual event process --- src/analyzer/protocol/rdp/rdp-analyzer.pac | 30 ++++++++++++---------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index 04d64409bd..28fb4afa6a 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -1,16 +1,18 @@ refine flow RDP_Flow += { - function proc_rdp_client_request(client_request: ClientRequest): bool + function proc_rdp_client_request(client_request: Client_Request): bool %{ - BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), - connection()->bro_analyzer()->Conn(), - bytestring_to_val(${client_request.cookie})); + connection()->bro_analyzer()->ProtocolConfirmation(); - return true; + BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), + connection()->bro_analyzer()->Conn(), + bytestring_to_val(${client_request.cookie_value})); + + return true; %} - - function proc_rdp_result(gcc_response: GCC_Server_CreateResponse): bool + function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool %{ + connection()->bro_analyzer()->ProtocolConfirmation(); BifEvent::generate_rdp_result(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${gcc_response.result}); @@ -19,8 +21,9 @@ refine flow RDP_Flow += { %} - function proc_rdp_client_data(ccore: ClientCore): bool + function proc_rdp_client_data(ccore: Client_Core_Data): bool %{ + connection()->bro_analyzer()->ProtocolConfirmation(); BifEvent::generate_rdp_client_data(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${ccore.keyboard_layout}, @@ -31,8 +34,9 @@ refine flow RDP_Flow += { return true; %} - function proc_rdp_server_security(ssd: ServerSecurityData): bool + function proc_rdp_server_security(ssd: Server_Security_Data): bool %{ + connection()->bro_analyzer()->ProtocolConfirmation(); BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), ${ssd.encryption_method}, @@ -42,18 +46,18 @@ refine flow RDP_Flow += { %} }; -refine typeattr ClientRequest += &let { +refine typeattr Client_Request += &let { proc: bool = $context.flow.proc_rdp_client_request(this); }; -refine typeattr ClientCore += &let { +refine typeattr Client_Core_Data += &let { proc: bool = $context.flow.proc_rdp_client_data(this); }; -refine typeattr GCC_Server_CreateResponse += &let { +refine typeattr GCC_Server_Create_Response += &let { proc: bool = $context.flow.proc_rdp_result(this); }; -refine typeattr ServerSecurityData += &let { +refine typeattr Server_Security_Data += &let { proc: bool = $context.flow.proc_rdp_server_security(this); }; From b1614b7fe9900f759bcdff193f6833633203073c Mon Sep 17 00:00:00 2001 From: Josh Liburdi Date: Sun, 15 Feb 2015 22:45:16 -0800 Subject: [PATCH 021/121] Modified how cookie value is handled --- src/analyzer/protocol/rdp/rdp-protocol.pac | 81 +++++++++++----------- 1 file changed, 41 insertions(+), 40 deletions(-) diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index d9546dbdc9..a89e622539 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -2,7 +2,7 @@ type RDP_PDU(is_orig: bool) = record { type: uint8; switch: case type of { 0x16 -> ssl_encryption: bytestring &restofdata &transient; # send to SSL analyzer in the future - default -> native_encryption: NativeEncryption; # TPKT version + default -> native_encryption: Native_Encryption; # TPKT version }; } &byteorder=bigendian; @@ -10,7 +10,7 @@ type RDP_PDU(is_orig: bool) = record { # Native Encryption ###################################################################### -type NativeEncryption = record { +type Native_Encryption = record { tpkt_reserved: uint8; tpkt_length: uint16; cotp: COTP; @@ -20,24 +20,24 @@ type COTP = record { length: uint8; pdu: uint8; switch: case pdu of { - 0xe0 -> cRequest: ClientRequest; - 0xf0 -> hdr: COTPHeader; + 0xe0 -> cRequest: Client_Request; + 0xf0 -> hdr: COTP_Header; default -> data: bytestring &restofdata &transient; }; } &byteorder=littleendian; -type COTPHeader = record { +type COTP_Header = record { tpdu_number: uint8; application_defined_type: uint8; # this begins a BER encoded multiple octet variant, but can be safely skipped application_type: uint8; # this is value for the BER encoded octet variant above - switch: case application_type of { - 0x65 -> cHeader: ClientHeader; # 0x65 is a client - 0x66 -> sHeader: ServerHeader; # 0x66 is a server - default -> data: bytestring &restofdata &transient; + switch: case application_type of { # this seems to cause a binpac exception error + 0x65 -> cHeader: Client_Header; # 0x65 is a client + 0x66 -> sHeader: Server_Header; # 0x66 is a server + default -> data: bytestring &restofdata; }; } &byteorder=littleendian; -type DataHdr = record { +type Data_Header = record { type: uint16; length: uint16; } &byteorder=littleendian; @@ -46,19 +46,20 @@ type DataHdr = record { # Client X.224 ###################################################################### -type ClientRequest = record { +type Client_Request = record { destination_reference: uint16; source_reference: uint16; flow_control: uint8; - cookie: bytestring &restofdata; # cookie value is a variable length field, so everything is captured + cookie_mstshash: RE/Cookie: mstshash\=/; # &check would be better here, but it is not implemented + cookie_value: RE/[^\x0d]*/; # the value is anything up to \x0d }; ###################################################################### # Client MCS ###################################################################### -type ClientHeader = record { - type_length: padding[3]; # BER encoded long variant, can be safely skipped for now +type Client_Header = record { + type_length: uint8[3]; # BER encoded long variant, can be safely skipped for now calling_domain_selector: ASN1OctetString; called_domain_selector: ASN1OctetString; upward_flag: ASN1Boolean; @@ -69,20 +70,20 @@ type ClientHeader = record { maximum_parameters: ASN1SequenceMeta; max_parameters_pad: padding[maximum_parameters.encoding.length]; user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now - gcc_connection_data: GCC_Client_ConnectionData; - gcc_client_create_request: GCC_Client_CreateRequest; - core_header: DataHdr; - core_data: ClientCore; + gcc_connection_data: GCC_Client_Connection_Data; + gcc_client_create_request: GCC_Client_Create_Request; + core_header: Data_Header; + core_data: Client_Core_Data; remainder: bytestring &restofdata &transient; # everything after core_data can be discarded }; -type GCC_Client_ConnectionData = record { +type GCC_Client_Connection_Data = record { key_object_length: uint16; key_object: uint8[key_object_length]; connect_data_connect_pdu: uint16; } &byteorder=bigendian; -type GCC_Client_CreateRequest = record { +type GCC_Client_Create_Request = record { extension_bit: uint8; privileges: uint8; numeric_length: uint8; @@ -95,7 +96,7 @@ type GCC_Client_CreateRequest = record { user_data_value_length: uint16; }; -type ClientCore = record { +type Client_Core_Data = record { version_major: uint16; version_minor: uint16; desktop_width: uint16; @@ -122,30 +123,30 @@ type ClientCore = record { # Server MCS ###################################################################### -type ServerHeader = record { - type_length: padding[3]; # BER encoded long variant, can be safely skipped for now +type Server_Header = record { + type_length: uint8[3]; # BER encoded long variant, can be safely skipped for now connect_response_result: ASN1Enumerated; connect_response_called_id: ASN1Integer; connect_response_domain_parameters: ASN1SequenceMeta; domain_parameters_pad: padding[connect_response_domain_parameters.encoding.length]; # skip this data user_data_length: uint32; # BER encoded OctetString and long variant, can be safely skipped for now - gcc_connection_data: GCC_Server_ConnectionData; - gcc_create_response: GCC_Server_CreateResponse; - core_header: DataHdr; + gcc_connection_data: GCC_Server_Connection_Data; + gcc_create_response: GCC_Server_Create_Response; + core_header: Data_Header; core_data: padding[core_header.length - 4]; # skip this data - network_header: DataHdr; + network_header: Data_Header; net_data: padding[network_header.length - 4]; # skip this data - security_header: DataHdr; - security_data: ServerSecurityData; + security_header: Data_Header; + security_data: Server_Security_Data; }; -type GCC_Server_ConnectionData = record { +type GCC_Server_Connection_Data = record { key_object_length: uint16; key_object: uint8[key_object_length]; connect_data_connect_pdu: uint8; } &byteorder=bigendian; -type GCC_Server_CreateResponse = record { +type GCC_Server_Create_Response = record { extension_bit: uint8; node_id: uint8[2]; tag_length: uint8; @@ -158,47 +159,47 @@ type GCC_Server_CreateResponse = record { user_data_value_length: uint16; }; -type ServerCoreData = record { +type Server_Core_Data = record { version_major: uint16; version_minor: uint16; client_requested_protocols: uint32; }; -type ServerNetworkData = record { +type Server_Network_Data = record { mcs_channel_id: uint16; channel_count: uint16; }; -type ServerSecurityData = record { +type Server_Security_Data = record { encryption_method: uint32; encryption_level: uint32; server_random_length: uint32 &byteorder=littleendian; server_cert_length: uint32 &byteorder=littleendian; server_random: bytestring &length=server_random_length; - server_certificate: ServerCertificate; + server_certificate: Server_Certificate; }; -type ServerCertificate = record { +type Server_Certificate = record { cert_type: uint8; switch: case cert_type of { - 0x01 -> proprietary: ServerProprietary; + 0x01 -> proprietary: Server_Proprietary; 0x02 -> ssl: SSL; }; } &byteorder=littleendian; -type ServerProprietary = record { +type Server_Proprietary = record { cert_type: uint8[3]; # remainder of cert_type value signature_algorithm: uint32; key_algorithm: uint32; public_key_blob_type: uint16; public_key_blob_length: uint16; - public_key_blob: PublicKeyBlob &length=public_key_blob_length; + public_key_blob: Public_Key_Blob &length=public_key_blob_length; signature_blob_type: uint16; signature_blob_length: uint16; signature_blob: bytestring &length=signature_blob_length; }; -type PublicKeyBlob = record { +type Public_Key_Blob = record { magic: bytestring &length=4; key_length: uint32; bit_length: uint32; From 8a5bb0f6a7e0410098dcb2fbd7948ef98fefb8ed Mon Sep 17 00:00:00 2001 From: jshlbrd Date: Sun, 15 Feb 2015 23:04:31 -0800 Subject: [PATCH 022/121] Added check for connection existence Added a check for connection existence before trying to remove the RDP analyzer from a connection. --- scripts/base/protocols/rdp/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index c4309e3686..1f120d1b98 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -100,7 +100,7 @@ event log_record(c: connection, remove_analyzer: bool) verify_rdp(c); # Remove the analyzer if it is still attached. - if ( remove_analyzer && disable_analyzer_after_detection && c$rdp?$analyzer_id ) + if ( remove_analyzer && disable_analyzer_after_detection && connection_exists(c$id) && c$rdp?$analyzer_id ) { disable_analyzer(c$id, c$rdp$analyzer_id); delete c$rdp$analyzer_id; From 10071ffddf7718e0bcb7cd2ae6bd560914c1ffd7 Mon Sep 17 00:00:00 2001 From: jshlbrd Date: Sun, 15 Feb 2015 23:05:11 -0800 Subject: [PATCH 023/121] Fixed typo --- scripts/base/protocols/rdp/main.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index 1f120d1b98..2e3c3f8892 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -82,7 +82,7 @@ event log_record(c: connection, remove_analyzer: bool) if ( c$rdp$done ) return; - # If the analyzer is no logger attached, then + # If the analyzer is no longer attached, then # log the record and stop processing. if ( ! remove_analyzer ) { From dade1936be9e9a0dcc656587b57668326b663073 Mon Sep 17 00:00:00 2001 From: jshlbrd Date: Sun, 15 Feb 2015 23:06:36 -0800 Subject: [PATCH 024/121] Update dpd.sig --- scripts/base/protocols/rdp/dpd.sig | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/base/protocols/rdp/dpd.sig b/scripts/base/protocols/rdp/dpd.sig index 35aa8f9257..4ecb7999af 100644 --- a/scripts/base/protocols/rdp/dpd.sig +++ b/scripts/base/protocols/rdp/dpd.sig @@ -1,5 +1,3 @@ -# Generated by binpac_quickstart - signature dpd_rdp_client_request { ip-proto == tcp payload /.*Cookie: mstshash\=.*/ From 55a0b344af9a63e6b4fe2215587a9d24a4cb9910 Mon Sep 17 00:00:00 2001 From: jshlbrd Date: Sun, 15 Feb 2015 23:09:50 -0800 Subject: [PATCH 025/121] Delete nla_win7_win2k8r2.pcap --- .../btest/Traces/rdp/nla_win7_win2k8r2.pcap | Bin 134982 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap diff --git a/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap b/testing/btest/Traces/rdp/nla_win7_win2k8r2.pcap deleted file mode 100644 index 3a6a2999eba4fa36f1655a95464494db44c8bede..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 134982 zcmeEubyQVr_wL@5bVy2<(%qc`(jXnuAl)e`A)V47(v7rqN_Tg+bce*`GXSO@~VVE}-ZJYYA-;#$~|_>_&t?!ZXi5X1n#2><{B3c3;q z2?+}XLP3BLxm12ae8l<-7mSER2S$9m{fGuaMdE8=PY%j42ch13KP3i4`TaMdAqbHj zU&tFPu)Sv)HAOx`e7m6x@)gMrBKqyxL03-mwK)nq5 zbpSxb+S=UIh@05b-ogH@p8Z=sAypx%mm+eauaMw@Ab8M^K86=v7Ye`&`WkHi3G6?? zphTj7494j%!LU#^8m9wOKc)oz+T#TdEEWjs73dS#{tJr-iQy4z>9<%Q0e#;e1)w7j z0{~B10T4h~00amK4E##+$)DnD4F>+T2FB??@%8#oe7}KEU_#&kUqFap`>*(>6WII# z1w_vuRDf8JK!5|NFl``#GOEZO!O0%XZ)RW@L(3}{<@W+{B#ErL$XX{dMRWRD0RS8T z1Aq+x4S;V!Z^3ARYk>za12_Tb04NXu1Bk*?04e~0#Kgr+&&1A2&qU9}#t8apXmH&F z0Pp}902BZl1cCsH1OQC`CJYV`1xg#(evK}qFA^h|zERvS(e(mlDn}kfpF;AHKBNjL zrec55pWk`GqAQU{ML1hDNaRZdOc@7b0Y(5LsKgg zdOe4?^ad`BgxE+-OpMG-%*;$I94u@a*htKe9~mDnjsI($_dwErQvgB(Am0N~03gQj z5buFNzz^k4zu^OJn1%YLfC_;dzmLP>_p+|Cs#ZF|R6fa<8kLIldy4sc z23GkfITykN^&y|fFUw($u{{I6ifA+`AtW1qW-r+xO_iq;n6iS$a z)qk3Bd*tAJT(rwiSl-+o)kd0SPVvKS&(YM;ZB5hCCuLz$@91qOV{H~9HeM@P?t1O% z$pZCJzISslb*K+AR;t=ba~00k=gTWgvTbsU#yWvb>&W)FT%U>AC!dT^G?t+G6llIn zwAH+;Ki3g@HT#l4bu9y$3E#2WegSIh-F_!Gpz*7(z39mu5A{Y^)iZ-->RikM;kC?( z#p8GgP!fTepqwxwfU-h>0tE#L0maCO4*u{Q3Xu^W29^c}l({F6z<fdF?A zM2&hxJDj$9PU4*4^F&RxU{M9#eZlu+zVG)H+)ZnH=h?z~hFwVp8c(GJyj8o|$R1*; zM}c|OjPgd`%#>eDPG#Y+I)$Zb*(aVg2rR7;G~#*Tdz3QBS4wb7!Edwq7Hlvo^tI_3 zeJJsF7C#^9-wX2fM-JJ2&hY$(jZHqSk=-uy;$X94JCVIVP}JXrVg9am!8}}WOU;mM zQTS8cIUp>XLwQr32cIT>Ch3z z;G8pD7*;>BmFS>s_7zh{RS|*x7DuONr0OFBl#a9K5S*hL?PLzLf?dbQ#Y+~*p!Et~ zptX^30C&*x1>3Lv1!zTJ``iAKlN^*kD~|)X3qW~XpgE&2&r^HP@S~W9c%jsZ&hhu#bb0?ZwNm+joh1fc(0Qd zOLr_Nc>>9U<>uyni;RFDGa~B#s&idoo`Nr8yz$`~Ljn$t9Q0x?4LJDgAD9_Ufw}JK zl-$gWo)9=bF*g&#d5e0(TBLBbQ@8{BxkS~ZqdB-wh&{qPJ5)$Jz4J>lH@^ak91N7> zLR|$7_8aOfBgFdz=n(JyZp+3#xy8QG4|9jHJgv&pK#72epu+&yBoN$i8Sh8w2$%KJ zb-z@-ZxPEl@U^6K+d=hhsz38m(!T-_!OxNA9^>*Lus^{(pYQb)D*)%hE)@=73(5=F zer=Wj10*JJF5XuC+${5Fm5nC$K)JY=0p;Rf1R}odE6K0ZXIYk>YGw$z^b#;~5tv$~ zMot-R+^kD0^$|i(y0S8fg+@oAFeVVw*MJGUJb(j)fSiNv*J1#85ZL{$7$)|Tg9=Td^fL{+}71Seg+pnX`^~^9z(I3V`LQv7 zQ25xEXa#Q@X^;r`B!keZw^yL$%u>2#a(X&UMP_M{?3+kL*M4_l=9XbhJ>#gVIpksC zo0caXXZFG(K>IeUIWti7xrvYhef|TpxGx?eDwkaI(Aj&JA@0MH{Fz1fr|z+Ma8t$v z5~i{@bw3nX>yPq}sJO%+hYXtF3zXLjKWw}j9ZW0rkCUU=rMi8R+I&F)5f#gn;Sg;q z&OktfIIMdO$IB`b(Iq6(8vL?2J(Nf~Yc^BSF!^aEkYq5Ro8#yc+1SO8NThI$)ft)7 zt+OMF&h>y;dM8(^fKy{hN!B}^Jl8`%V#GcvZyIu6w(sPFguvPhWd}=1ZXfY*tO{^y zd@11pbD;elY`<0w3cz0sG*7Uu;PK-vYt?$D4NiERjderY@F)oBsm3&*6Q2nAd90= zoXJx8`Oq6g(>0dPxejgEd5ID^nf2H@2(JBTQ(~QpI)_l{4fUzUWI0QXK=W{vmY4od zt@x6}-i|lZy?SxJw#FRX2w(_CV=SbuKzf@zLlI~(TQu=15CUp>g?sB>SmRDFKB$xg ztE8<;#jMiI6*tXDYO_#~06~kf%_4U3HGh_XH~x#~1}A+sBL$yeI|7JWMVfHA(5c%7 zF3bEU>x@Q~tFqg$m)8TZf%`aX8CZ*`F&KFD?j+I$rE4vRf@7-e>>VB??K_ z?{w}imJjSh++9e?CiLi@VjpU2^uX2PrX;_vXv~wDxgUGoLUPSUBu;_fIIy|>&KYh# z0{i}lCDdiz@ zp%4X{|LM$n+QHC9Ba@_Ch^&`+w87Bs`U={UezYhD!6eC7-slgl+p;ekB44z_{N_n}5P))a?QQ{ zwL;gI8z(}u&fKMLO)EKzP$f7Tg=v?H@OA>;5WU+rE#)$97a17wWzrcI;R)^*3EE4# zbSx0;^4=reXo3*PLLKPiPa2D2(+C*uib*K^k*B42i1&z{hP~jzTasTc?obCmci}=a zWuuu*@R?>4ys25RB|m(F0p_a`numqobk%V|!%Bsjohx^sw?+uK*MAL_@$po7ete z8?Jn4d`H*WF~5!MGl-z0MUKv3;t(27)Q3(cnw2R%2>v`s!Vy@>JD;R7L2=YNDlD%J z@!ezGVmVjkXZ%6&H%)y}+MFc#6xmB-tSOou)-8kEGTYIRUui=Z1W7H$F7HLQXgGH- zKGp#~BT_3qrrCrM{!d3&hu?Mdna$*&qGoxtzeWS#1dA~Lu~^t1i)HWU1Q#`fie(F2 zEE{{twnBh?mzVWB@W zIRBR076>sx9`)u3Jd^=*GD=7O(@@6c4=6Ywl>hgk4A`kmA@ZMk1LtEPc76#&0u8nt z7MMD63^>5x3yh@z!urEdhU*b);zk8`u| z-{X|60h-PIZS6xsfdTJ@TR>8M(0MIUZ4Z}ig=He#|KD*6nEpjA@}I^j++g}fp})kX z5ESDG5PfI!jbFzpTZ$E-K2N0IkKVTW^CrDwc*x3COAd=DlSjHip(EZ0-O#mte*fy* zil4SMAtP)gVM4BSL3kJ37kwup@>r?=9jE;7IOTuGDgTU9zzdYO0r^kk6t~~@mxvM* z1{isq%lE&GQ@CsLk4y@oJtK>0ZLJ};mu03?zQLnII6tUQqUbG9(;w-iO9Nb#3ZQtVaHY6vFG40cJ<*0iNydfHyZ zT4dy6hV#c<^dSFfoWk?Ci4^|aEE!;Eu;nM@ajuz^K-=)Y2zbm>OGKSEmcH^vt>~Hx z_Qf$|G0@OW#^s`+zk0?Q8)at}Ict|MHYte3GwarUrUWKn(}(=0amu^j6@&Z)s2D&q zi%ao;#wmJqr)$B~^;#E8lCmq!Bb z^AOQA#%XGGYb~#7J8r(dRI`=-K}|plDl3_m<{9RP(aq1*a&Fs{?l5V11SFJ3kq?y~+F`3SBl#6tqScpzU$0J;-Wk0t&f>BW{!07lVSgmId(I-%pxDOL@!DUUN7T z-q*-{OtLih@vuc%Ume(ml!(|OhB)Db9gbs##KnBEMcBX!hwsUe-2X(nEMY<|DL9=; zg^u9cbz=laK(dXF?-KXR@j9GlUUoMpacx*PwzDI@QQ|q~njjOy4V3Rr-M`v4dL8NmM{f$9)#&hjz4)8` z2%~fQ`({NgmGTX0fJIAtLi`54;MYC}-kWPDv}7o*8i$kX8Zy%|Dmb^(Eo(WrZ(H}G z;z`P)wZM@2Fsmop);AmwT_t0-$7FUwjxB46Im3cn&S_Kyiiwx}h_*QbrMUSB&AD}MNEkEmy*%-F3)OnmKWJ;lRFH2f#jr9(=}vimXW|}NAbN) zNSMzTlt2FxL-Pjr?YouW1PNn=4DvHx>KPj*7T_k__;sGLTdwpr!~=zD%F8rLD-F1= z4C?BgocX6}jh&;+G$V3xz0|Osa1VFTwF0t117SA%rrVY=k|LubB7=Q=>E_XMw&Nc# z^%i%htJ6o9Y3s(>AV1}(R^5OeYIvf9;lX3*XzTS6Ptw_eE}?n0efUBdIR` z=Rw&XiKG!jn4Nj5*4-h!L&X5xjA($b%4n!toqLf@@g?JB+ksjW+9*FAxh?U;95hWN z#LcvFl>>sTsXC>8%3R2UJ&<| zVKanidR=fR@z@{c<4&?YH#th|F%cmIF!Y7m6V$Cqda=1 z!WI=f+G2&RN7me^+)<|l|FzWz&eu(;AL={Bc%jEak%@Hbj~$)= zv7?9o77KJ_TB!TGqdVr>n%jp8K^m711K4avQZjA{i3fZYOnXs$CQbEeX|RvX!^&~E zuiS(;_=#n@47X61Ls#JevB^8T3E#Q<^xlxq zTQLQqWp7y|eb{v0!P2D>6V7>EkYIImw&X%-$~h|0FUz(QdJdBSWt3@v0$SXQW6_mC zxYO*4|UloYCXKC%0jNCgPDSI(mZNk}D zvgOS}`Gi!q{q1wJGo9=hQ!|{aRWhj&+`ZXSN-Xvwi3Y^2>cC4Ys*x1_m@Asr&{F1i zP%G`M^C-HTP1`n`BbIbxM7%9P%%)@XF>_;$f+OYo$OGl+n zFSGWd7b&+gjqYkO`*i`2mV-?aAFh-%VL;Bn#(p+;e@>o(*tV?Y76VBxbKX7;?1*~< z0krCiu{UVqj`~C`vgdN%pZUeyOTV3;94U9#1JuG-okDsg@k7qM$mew35=(z{zT3it zFd@*TD;4IGp4|3uj<7(9US=R7DUypjLU&P?#TCm$5vKJN-W=30u_(SRdKLTfMKO(M zH%it7>KO#OjYk{cq}Cx2Q3W1YO_om3ETNBD=U}l`TD&xw&;BK(aPAANm<(MY>-!yM zw-m*wHHqPCRcewmdWyMS{P(^c-fLO}@hIpWQbe5y0*0yd|@Nixo63O5jhGI|`F4Db8lXV#}B(n(WE?ks)M&bL=a`4nfr633D{%bwYHHn?n60m#A zMlsTEJk2{p{s>{ZpbDc|IUWI??4Yjbq(9j~qq<5~;_JtFd4XWk*!Lmw-zV=s6yq?6 z1(mhV?Gb~+M7f9zFbBy3+pjAKpiSWQyA`DRs>FoZ8`LZ`{qFyg#+U_hO;6-(AHN`M zB;2K4oY=xw!;7B_h_t7c*d6p>V~{&}A@-3}HMhP7vNmvnMGovb4&+)B)ncvAO+*+)jb<2#~H^PD%b>#YxN16G0{LIBt`$Lde6 ze^#lDB=V>-{}+|npomR_4wGAf-~O%(&;wC#5qNcQjDvWHFx1^O=@%_7EG!06d)FycUTh-Gb)u4AoZh-%&{+h!+AXXTg zyO}3Sx%*Z7Y8f77tD2F$H<0tZmMPZY3_($sparrL?r>LQD+%?)7VO$^{g0|eA64i5 zqI#AFTMY@Mx*V(KZ`IDw+)N5yBJka?lRZ9YFf2NYI$7Op6)kb%>M+J_&;#iL7`2!d zPo8-!1Ey-KqJzM$+kSTat7_lhsa8WOF=0UgjSu?&QO)H4HW~h_vX_q2X?0A^M{SSX zZuyJw5{uQFZL5wXaAzw6{NZdq#8Ya|8LcvaiJXrSjH;=JH60&g&qNYIyCWRsuOFJ zi$K4cPE2gw+i2i`!C)R0F1IP1r$`If_1Mp@e^njuTh&D%)g>U+bpNP6ev$*Ia{clp zrvj5(javk6X)a@aM9IOyoHRO*!}mh&E<|m)roC#?t=o6*)1_)U*!AVXA5}{{s?PdF zbqPrIiagH6;y~};s#7Xk6t$=^`M(n@PBuDRY9px_)L<{rm8?n_Zau#i+7ZDRaeyI+ zt*B;#fD2Mde+G6Pj*J4>1&zMI_UkSOTp;-HTh%Kd)oY;9*HwV$qibL(@*%0S?%3C% z(P0$UP@pQqhdhl+ftsD(2pbvBph`C}I#Clo(>ScPN+KKoa6wuLGcq`9xxD44JSKts zFw@zm_AXn%9m^#B*NRUd;BBCemI`Z&W$zOR`Sj%(kZ$TkJ$alWD)XWX3Ig!7?s*6M z0+ryKHi63RYZV{X<-`;?xx;s|>&nUQ>wTU5OVyCuS8?uTKNc3uIbE}I+i%pyzI>1t z3!ra+D!e^JUVVvXpcgUe?I1^N=G*<{6_-_&6yKPb_l$(UW)>P(z!Ac?uX~a{Hi<$& z{gIKfO8e=D@F*yPqNkn|vI{y_X^OX4E|IHov}2ASq!S^9YoD zC3dI*gG5qtO8gui*?i{d6-oj;lo?qqx@%Hj;(d+I!ZVcz#Qjjf#B*I!#Z$6^cs#3A z2#2+MpLyXe`JTBvY4w$d?O}F`>+mVmm2?ig&QoYVPzRVD|>+GYj zMd!LzI{Tr$VOt*Xf}29g)Gr~ZPI)vzzM2IdCU&v7_bHlwzTUbrIfVRcQ>IXf7njo~ zn~;t zGq&O{)+XaK6T3)Wre6{iWm9vOmESQ>8|0PVONP(V(p$YjuwA1aSIWQzDBil=6)Q2% z4~N9+02!M|q@DU%R?&(d1b-wgUF!DO$o6e+e2jX%9@lAi{V{p|AZP*|!&w~Xgjwdv zIA%syJ`+d5PRR?wdp}m7ljkuynw(RL0ALYVa8oxcWtJSb`jLY|o4d-!o7c4FqV%)T zT-*MgnaLYktS{dKKC>J*0OuphvTUw1NBJTXF0MM*S_of$S*ouA=#=WMq?zzUis4A~ ztYUpgXjub_5BYHoL5~*K8P#P*dZ+o@^#EyXo8du5_&~PwhNvE`EY)}#HgM^Q5ugC- zK^+Hd|J8Mh2?BrDbu{8iOxSTi4X-`muM-QRcNjM>pEm_#4! z1f~n8Gwtd(bXD&QRvfq9GwsS^K;FFI5=mXB!HX%oHLJz*>DB#Uyw!5PV5$@Q27AeP zBPeca)U`Ii2emfi3VxHX-^%WNEW{p3mVuk9)N-FlE^ zq%x)M!FbhaXwQBhQiru)P12^)@00W5vR4L2rlfNjIrodsgV~sLpU-oR*Av94c4(R* zXG_%=^(i!>4IOy|$x}V}z9joGPcwRq+paUK-D)35kv^!%^8&>>@ai4d_@LpuSbms8 z1RGPLywjyRd|r-KZI&Y()Azy)Pd}`HA)EH-twdo`ag6PDiF=@5-W#cM8kvzyMJM!{ z-8WODL3S;0t)jJzOG`iWi5jF(&?;+YThh)}FJNi(U?=H!@e;bO^I-DwzAaicH>SIS zQyD{q0(b{HeSq!PE&{Mbl6>5|qJQop>^L;oT6mys(_E9|uf0of6;dwig-^)mmXq%Q zAFi>uat>V<8Lrof!4uxcp6oIDTrx}jKbVPK>9fKqhcmmrLuLo0x}-X;2SIpARBDM!8PTbQ20L|FCa>x& z* zG?7%sY-1_dF)^q7WAXkPV&SI!8G=dEz%DA=Z;elL-og81!OE*7(A=IxlsNIo1;i-+)WQ395Nar~W!bv3yoOnUon&@4ToO8Q|k ztGKY1^|{^T#Rm;W>=q|Zm!)XWBvNyO0^F~-=xb#5)9e>YqzHwuG%k)O8ANtEDIRRK zb47!y9UHZaN+H(mEv08CZAp<}%~oIg$~HN8Tsc#KOG5)x8h?0`DCl<$M+>jSgp>I{ zZxVq~4neQ%C4+WLu>IP$Ai@ZO|9}G8F+b4%wPWf=mpcgf2gISpZ;ZVb8bS8eyA)a= z$D?+=qAN`d_jX9YFK>1fhZ*pyd#3~c{Jy1-(3EG-P7pO7Q$Hk%A2x1^LSxaO$>yU^ zggEX{?{YItKPQ=bo?vu~@xWao-GwC1d7|Zv*|lp?8-ii%i%JGif;^a=t4q!=X9l>C?pVY}$vgl}=!-O~puw#~CWofmvQYSypA_K30| zFa*CvPMF;C=(aTco?6K?;cqkIn?)yml5v@z$mbGS1A%68UR=THv1D80_X-~=P)%Q= zm(%J8QXMC%YNUGolW1V0S7tDm-yvUmV0;_p{ppL=(q|kAZ>*CsDyB)}t+#SwFUO0T zS8;_i__fR0a-r(D7_jCx){dy2VU4!6mc5NzPqy{Vr>Y$yLGj>#F*!9)3mTE=?2^u+ zo!%VV{kFl+le4WA*u0rU&zZD_xEO`cU}GvWe-iuI#);2zk$~*r^JrYfldVWpv5lJn z?!Xnk2l=2l91)~DN!J1MphBqOw6gKu{LgM8rDqBJkb{OzvrQ~<3&;XPJ})R3!>D#& zh(~LZt+^~N5#CYBk==Q-&o?Tu5{-xMl~j*TP!MGZQau~$!DbW|1b;l;W zb9^i0YEpd!acuc?`Qe{%c{+T8&u-kKM1)ukvs5AZ0mV|(d)0BlEY7G?-yD1AyEihP z5Jmcb?tRIRZ~{R6Hrjq|^1*E%T&fOsf3@Vl+w#w+8B2nY-<9ec@5h1%PuY?GZp#!B zeziI9evp3Dw{b72@M`LU`(^0q9b@Qc3~Xj1zCyO^>^g$A#*t+V5Z=VT;6i1)R< z+zRY~hAD|QO_Tsrng27D(BD$&_%AA{Ur1}LL;{{IboWi};76JzzYvbn zxl3S=*L-m!m0J3$GW|%Q@FI1fC@NZ-qPr<6UO4&l`A67hFcmBNKSm|&cT{xX|BH&w zUf7%X9sF-$?QHxmfxVSc#5oNn*QQWj){}NC`wEh;;!My+a_=n}EWf46T^B1wa(y#3{+K2ByD>^B|qs28mlpmz@by1-cE zAgn*^!7`6n5kGHye`DcXv~v7)hyw_wl}v5JT-E?&)DKr)HH`Q zM8zcX@46cp-DJ`u*JQ>|N~Rtj*0X%A?#cP0B(I287(ZNy_F&*plgof3>YGDq1d~PJ z;_{}q<+nn%Z#HK+R%{ga{`Ey*DkUH)f9Uz)zfHCrDA^65o^K3(dlZa<@A$_&$vp}h z{Ux>yG}tz5Z6Isd}Kx!|B?{5v@1a55}VL!I0n^vwA7 zCH$08iX3(krQ{sh&vL$OZ?0p1w{Z~1ww}n=vt@7+%L`?py{F@wo7~;# z!!qwmhg5eM9v+R&m4f~(Un0w!D@}MGiD4vsT%e&yYi20wex>-pk{^|9Z-AY*v>he> zbja#pnPU`8tsX?}Us3wCbw&P`T2_h4-_-uoy6UI=Bbei^8W-*-8eg>w(3R-611^PcM zQiaEa4gZ{cE+8oRJMyUKspt9sPCf?+>tC{dx;q8kC@Vf<1^*Tc=RCEg?eFBbBcC6> z(23@9L6K47xb}GdpVmKE#s*JBOM-z8s$AnLaf-T_5e40O*v?+2>s$448*0<0?_6mUME}l}F7iLF{__Cme%3>cy5k-x zoS#paR5grLokuIefZA81wR~(qODh8(JN`Mv`K#^hMI(9=$h+t3VAt|r{+PVij{zV2 zCE#K-*t#O1VMzV1jcu9u4mv+iYq>seStx`ti8 zJEG+?N8bLJRc5`2jX-4so!gBGciE}4I`LTY(e zm;bS)gHQS{L=)B`@R?-5<_AjQB_dsWdyT>U2F$z3kCR@diz5^dcO^^YZmoP87_WDX zi>5_7YmMP>+=JA)oBq31_QfCaBR*pq zR{Bvi&b^Ytw=QCmhlWo(NiNB;G{)VMk3#Y)f%_Fmyj@}I@OoN3C!1rRUI~s%4OU1L zN#@wQA3ZzG{JyjDY4o_mcz-4~l{Zj_;aM!JhGFWpWI-60h-Mldeg?@X;%r5#OMiEi zs_iBEz;Xchv0M@6T^E`*tl!#!L4{Jqx5~S%sVE#)@*xV{i8BEoDDE_2ai(D0A`A@G zCkp$vdxKl$%IlPGhywX$FAoOlYCqG(5(>Kqz4G_ub2w;ijqY*3q!&&Xe{DoTvQ-ov z(A{1#u)KFmMp6Pb%mskt=ZFbJoL?fG|BxhUm%2TosG~d&>vCvYG2jyNAa`(xJ@8bx z`O2P6=vefNV{vf6YsRQ@Ri4{aeyB1EQiaAKp@h}BRh6m*X!5W+H*Qvl#j05=H zHyxP5n_pB>4ED@X-x5y?*pXa3RS!{KTkp{}$Jc|wYS5vcC!#@3#Tvpay$!$aKJYoR z2p;iv%wl@s;y!%6?lc$A!w9e0q9XW;ZG1sR5@V}&E>DWpz_ZW6AZ<(iz|L?X<@>D7 z7Z3SPw48CX`V3V!jr5*eKgq~vKnyeeBK_bpslGL3mrCU^qmg~=PiHSFZlA`cOZs&> zZbselRcVD;Qy)hqLOU0&aibfR0a9wm%UaUb9tx$nx}qi17d|{-OolsWDPJ{!A`)i-VlO2 zM~26q_fWYz7(QPB`%`p;Y zD9)`eTkt9q7k`#(+an8aR>y-Ic2NuJ!dWw2Z-bIAPG}GRd3R}w#BRC3zQ9Jy&F4Bf zbuA*xc~5;dh{R)kC=>JZnf$AMkwSY(f{eZr2^8dIla&FCJ<)Cj#xT5$BwHGS@&v1$ zCP|nhQp`DL)Z!uNufFWopJoGd8+40UMa5Y|i`z5a+j&1-PVd~1M4`lgituJV-nq$| z3cQQt{kiiiKX!hcpF2PQ&3|^0Nhtu}34xpa7b{9^&#nIT7wd)lcF+vp%xj8?s7T?y zM45aXr_E!Xsd4U@a~Hi~v~n@;9UOw*)YJ&nI_1M>d5;oGB^9K&79ph4ZvSk*_%KM` zMMl)|nSw<#{%+B{ORYYGp{MzNx)armL;Ylu*9+d24*|0mV-ZE@N39M%Njq8(LCbvY z37r-~#|#uq=egQRGQ?-+5?>OYNBctPe-mskEA@2IelhE5^>hwfE7|3XVsx7?-`R}S zh?*|J*_(N{noJZyyZ36L%iulpFBu zHdAgvXuQ&kcD!U904IjJew2L#>2v;dj%Bf#2ZKI+{yB@FW)m}sva3qrPV!AW>A0>y z7&=TvY$p{u!68|agcxFZ$yH(wgv{cdP@-(C z&{|=6=cRk^Cz=?~+_tzZ;B*4%`lV_HM>KbM6ab&m|R)Og>v*#i#Pr4W7sM-C8NGr)zIgVSXZtCo-58_H}CC^^Pcpq=fhiYjV84n^H^RQIl zS5ZjwG#z}OPj{^PhNM*E^$kXkwuR(-4RLK1N5Af&_k*%pa5r(Z2qb5t#L3G|hScDp z{O2uK2DpIk-M>eUe|t7hM^^;nkjR5v3NUPja{V%$&8djgj?Z? zeYHkTXR&PSxBK!U-Dv5lLG$j|I%`VZSH&K2Tuf8lPZWGh&!Jh&V)-{4{6fg_Z&EO< zHOqsN6rXXOUA?90?Gd;oR=*d@VYyg$+y4OboI<*1&{iR)q}FSba_5dL*PM98VFYNd zhJbz1Q)h)@h_R>x>kZ_ejR|@P?H3M-CR{@4)EX|7C^PlC&B3|NXyP;Q90ml6i^#uR zM-I)m!SB_R`#4;9h9*rV!;|u{LJm^kXHsa+vNqHVY4x;KvZzUIF_@XyAA@0OBUj&a}^x@!`cA8mXiKOb@qwweJ z=MW{Q7x)jTMQE=m?TdLk}p>%M)U{#Dy~Mq?U3 zl9zw7j&gSu{XvVj){fU-_PEIeI zX)XRxg1&9Ox=6V5On*k#adKmBy6&t`%=Us|#s9k!@i+h(7#@ZM?)*id&JPK?=Lg%b z_xw=jNGgw=|NiIBFA91p4>~{KoQtS10RTG2quE^oc=)$fCn^{(7e=5&o&{(bX0%1$ z7tqRFWFp!Yys6X6Z6y}MBz~I*(fZZZIaGX>;M@?AGe`q|X*5lH#^Z?ydz#m6kY0ai zdL4w@QKekh$&tJV89f3?z+p<_QPj;76X^Bwk?QY4Wedx9_*J~2A>0cZBn;WeSy^+M z8Bt3Tf#G*lU-WK@GYjJ~ zkHDV2?Fw~^0K1{7P+7z57>0I*c@Ht^ihY|*d#)5gzoN@%DG2y}8 zTwCS6ASR@gS#^$ZXF4Q!0coHy*wGl^|H(Nef##4YZdX4jUjHRo%duQS8XJUVKL1jZ z_QosZ;BZX`{H><0WsXJ#`fmDS_Gx)W$(D^_1Khqy;2R}Pe^OLE;lj=E580X*;)~BG=6#M zBZpW8XG~o=q`sSN)KR}&M}Fuer!-Pm+%?rU_)9jc2))2#q&08ML28MeI|Z1iyg$qlknqwlZuRp03H}W2}~=BPFQ|4 zgST9nr!Yo8y)zW6NjexOY^gBj8x_vEf&VOAys!ZwHT+|P4DjF4;u={{l_xP(2;8BX@0cYSh) zc2-j(C3FFbJCP_zad6Mqd_ux-Tf_@nB&R58l%x34&`o;Eq*YYFR6{V(;%(C#tFZp% zMN?x{YoHNa$kSZrr4QWQCWhN$f~UT+#H-;;0hwISkC(PXZu#EDw!!lSi*@*hrs_j) zp3ASYdN-)wn77b|kzpRieET}&l_pO-Q9UxEmcY;Xga4+diUJRFLJ4_Bn0$idm=`BF z>1CuS@wKx+H*joYo+lZf5PE;3{|y=IQL&*Wp+|-4gscCSK#B|;6_N;465PQ_{~b+8 zEf9lTe@Da;1>=NL)!1HZmI*~KKNZi~+*U)7K%Yede&H?j;Q~g~`FF(=9Wj^hq;TuvRinzH(jH#+=B=K>3QZne za~Tk=3b+TcX3l=m-Y7tDODy~I&9LfYOT_xQCBAz1pPS)6gvT)mnhj=D^X(U%ojPh4 zcZJ@sZ+_H>xCVF_;}xO|ZfAP0AX6z5^u{I$ii&5|!$^KOGn47CA>@A%n;m`ij3de) z`qMKajf~@pu<*EH*m)18cDulIGObRiFA=%X&1-1lE>GB@>ONVf46jS(4U(=hdNrve zGFxu+EwK;5cCmy0D~uRK#4Vr^&Rx4m6cdKIHdzhVTNs#ru?i{`H-B+T3XxE*Cl;5L z@*xDgZq{MM$lpS}rUaH__mdCf&(AZM&aGv&x`W1YAplA&)d1jDgN2|JF{8n2)8liv?}j| z-qGe79Y-t#+IRXD#5(YdAPm?TmcVjzu9RlmV!*x(sSD?Ir>}RS_{1h4N00pD4a&J= z5VI#QTf(H}OtuP4VPnJ!q|qLEUVKH`$lKW#wiQLDd9&!lh>kBAgR;e>+j9<611yU} z+KC!jrUNG^UvR1(Cezk)Q^cwc8Z5qdo9fYA9y!iroeI{ta9fn{eiMKnQfZC-p25KK zno)MRi7y=JPV>b-CHuzxMg)uGFr9rNF5qjtCBPUpPbqeJ%Yl=wDrUEFE#qwG^dfQf zay(*^{voSXj7sR0RwYSew!3hFPG8ImQR?aN_jNW?sS{nQdY$ePl$rA>Vta71TumMH z{QNkokyYf}7{2Yer*`GG5?nmVcK-Y?Ebu9U66Fm;Q9U4<7giB*iFbV9ViZv3apTy{ zbkDk<3g>Tpjd6gqTE#<}zu&|N&W2DtTnXqcGHQ9#JIgpnxq>e7tnu}n{7V`C;?cGM$VmdM~!!k0}^i%oUlv6GF`R>K}cVDNv*B2-_Lmk|Du23KPy5L=( zZUAjGpGL@5E}VN{2-n1OpgEe&SW%2_5Z2C>GT=}?7yqURRW#M7@a3t^L2wtE*SgN*N{e2@MQU*{c9 z<@^6}GLq~qvdK*L3Q-BkNMvS(gR*z_UTF}r$(Cdj$;ilx%*>4JnJwdY&iy&}_owry z`w#z~r|0W^pXq ze&E%{Orn+G7V2-jl$nEaTp=F?d#D))OL}dyGh_ve)rF2Za6TDb2(J4fS-eU>X{a1Y zF+#YoIL;D?`y(;_h5F8D9MNYC1J#S`g!=1vlg!w!aTdQkX8Y1{`!3#oV3w4ua;8OT z!EilY3z?_9$_(1Y<{00Z3rMM9?)iL+H1cW8)uE9Jx_F_1T2H&l=QK0Q zL*Lc3ecr`*A!@W5WON==QBmcJV|AKTyZDdKgtOcI(dN&Fzi1!Ta0Jb~ap&{qx51Xv zFZP;^$K1qDeX`F*ckFAR@bT5l6DO}RoS_Gcf9{Vb>p93;nSNs6vJ{;XR%1O>yL2K-}m=PJW#<+Kk(&W z({t)~8|Cb@T~;!-o?p~5+$;!X<2Q)wIdzRH zhq+s;dy4si@B7JAd3uNYe8y*ss`0x*Ij8kG1`7!bH!cOHNRj5f(|@Lj)8FO6)1_@^ z;z@I;e9Sy+GHUfk?GkHUU(Jd}B>T%eR}%SdOtbtCADFbbuE9(O%f!@<@)d=J-#J8G zEPeHO{h>`t-C!Hz1yTjhhhTzsw9^ER2HortGQwrNwZo#N*&Zr^d>9OPM@)+ zlb)Mr@}cP{=sh1FFJi3gxKaA;XR%cfnq*R>$C>t90-iWsy)c1BajnR?=xk@@6PpOn zqL;L+v+ruh<)74r=h$tyrcCB81)K4Oa!3|w(OHU}J9n{G|ElVU)za$%Q&D?Rh zN+E}}Xq%a@TfqmFvlT{dm@nUD;dkGO9>JKw%CW^)+OycWG&oUauZCj0glEl4z?=>E7QUL8M zbsanX+R*j$mrQ-w=x4_hRJ)~<=tH2&t&-G zJ5t!4exjEHzK&5Y$cuYqzAh1NswW}wRy-r;l(LdL_&c~c@GUtmeFjssD&wTl{f1F7 zA1ymJ?vVf54Qazat~M&FluV=F^EtNd;dn*hIzy9CA^21?kk}e6A}|Xt_IZ*n9;P>Z z2z7AM<9bcGM~}B4IK6jXQ7ndZr{udK&2#Y#>c%Y-Isz5-yfL(xpy7?NhcOk95Di->b`vtj2%6w<&y~+ldf^H<71pOW)(9yw+bRwN=JzF0j zb#>hCOrJG-JlkSb7WMrjw%=(jRa6^37w*nrs~hMr#7sXY{bZ2IBpVOA|Mbmpsd!*X z;N^tK?@m?c)at&ZbmA_Hb=>_th)Z(YAeU2xPPT6}d^hQgrf{&9YggoEvW0O#QyePBtgL%u2oJ{B^q8eSh*!W5}~O zY_ufA{X+?QQBa4zOCbXo|?=NBJ~=>6&LA3y$w6AJL=_m zxO-Zi^KszAilO_y>`mTi{c+c_l~zVVuJ?)D*`_QdWvy$pfqY7sDqQ3}dt?;X+9sZ{ z<VU*lbo<#$%X=D7|o{jFAF;~0Tq<0bXGj213)0O*U z?-yG}ScTd{gY%vly&83v+2!PgjZqK3n=x6gL5-Rv{ zWgh)}H)+Tk$@}s+U|#gjrFC+phQ7P+Lpk^hBZ<@=F4HoiFva^>wE~iKMhY4sEE?r2OSP)EzDzbX zCuhcZmaatxXX@X)#>R);DQZK%85!Kjo)kKJy>KnAac)21*V0_(UEEJ8bKPd#r5!8N zgk40AWAV55ZMlvt&llZSshM-fln879%Hp1Da|Rs^akN6C{?tOx37i{a%KE5 zrz*_GP*A;)sX-?pf#Y8r-{>D6sj~B_d2}2lJbNL6 z`G&F75Idz*YteMmM{&(}&2JG;XPBN_4s(LF5tb!NU}jKR>4~+8|LLyoU7}m?Av~Ge>NeGN zOUK4g5o`?i{pYOfyjDFDt|_;@DO|-y`do^&i#%K$Z=*jX;de1H_rPEa|M@!Q%wy)q zi^g%)yY8PwhPf7dPMBUs`D;eFbE>%i$d{=hc}4ZjF8%&1?)7+eQKRI#Io~dE8m#7) zb%#K;?GQ$_x>&A>?|Y4d*!J9x8A0I~5rail6uhhhH+o=&52bckal$rYzEZ_98mr#HStGnmzT87uMRf`z;)!-xlIr#595Pzs`bhO|2I*5_qeCyAVUk839oIZb2};eru(j3^Ld2jWpbg% ztoP{^?7)l3b4Hp=5?=YYdS{*)oAYx_JA~%Cyu-UYkrI9HzPpe@3Nsyy%l8Od;VV9^ zzsKI=PDf)y@faG5r7JIhtx*A2UvufLjs~>x3t-6<6oZ@!k4KES+=e)F~hP_C`)WT zdfFZ|kh6b6BPTR+vz*|H<&s-%%@f|ST>S!?Nln^cE-w%X)zK$9e6!Vj|4?LG^;}^t z|fO2Q4w3ti}Pkz=JX!3 zveD`Rwww$T(E}wQ?Pc0Awsc1=W(Rc^pyJ@->dtq zHl%8P!L{psW^y*g9@j6-J_)1Ut4tnca zlitnt*1u7@Qu5>@W!{f+l?Kl>hnI$-JUPG0%MBR3Lwmo@n9g+@CUYhBd9Vq8zr|!n zbhF1X=DLr9{6wxEeL_(xNtU#L-%ZYW7aNXl-KkbgR|d`MsupS?}a`V z9Ag||{)O}E!ue#Abt|31$!;x29!W-D?|oCtwh76^lbL?65uNT%&RUr$&#>@e%9l4` zbVCfk>!%brF1uLY)0Yv5_^~QkRAb^ICOsR_lzb;xd8h5XVB_7DJ1KFLOC6y?_jc1Y zzP?vHs2uIK5iy*W65Hq6vSUTy4D z$={zY{KEgCL}vOxj(qF0dtfDTySifk7vs$~zlKQ;bP0xZ<-WRWM3>1GR&K?QsM$Fr zGM0Atx#gjGP98QVb9`nRi|kG3Tc-LUT6(7tdVegNO{PTW)G)akbuV=5M}d`*ps+N>!1c48qRc-cuZ zBO0NKNpl8jtb6sZvCbd>zKePQ+>1@{{0!9D7WzP7DSrlL5C8@?fZQ3(z&qIay`|S+ zw){vrI;7Ds{LZIt79ZoX(q7u!hDjPmFT_9W2uCf!cYq@PP={5tG5iMriU0+b3!*y9 z|EtaW)E6cZ)HEfnn7U$Eo7Y#4f|%x-sSRnL>N!f1?9gRNl-{msA8iO-%eJXDoSOPd zNmF`RU|A@{07r1NUvU&2N5HSGLB>+*Jr<2ebMHoSPa40nfO2H7r@<5Ugp2q!v_3mL ze2GykDdRpqjs7g;4)tf^6N{^U#eX{^>sELpoqPg=g@}&RFF3pPu`qcr3-S57@${vk zN{kl$vrn|8Jnh9Kk5?jyemin*)~dZ9vQ`E_ zfJuJ_X!rmO@YU1*0%Rb@k^1oZ!9MoN9)@IHmruk+DT8N*(w8-?N1Sn@j(5%=YUMO= z=Jd&ue}0cV@eKjgBNUWBh_Yh-52eaI*)FqnD6;PF>hv4Nn7M39!pz{ z_}8Ap|22p#WB-}u5IjpiFiWh#Gp7$)`BP9I-v|&4M-dzX1@mtHCwOK5`~9;4c)0hy z&)i{YT=Zy9CkV3TwN8Zj5EIMxmOYQH3C(5WN(?7|BS3ul)7mTnLLdejZ497McC8!X zgJ@?pBsyltrK8ii<*j_-|qUoB0Yv zBGI@*12hLW`z+TZ4p`|^>{irr4ZP7>ACHyZ`u;W_Ev%%8z5GJtYT&LK`?t98N(yyE z*<_&6rT{t^1^pI8+yA#vi*`j4<3Oq^F?~w$yYXk*EN${3GI|$YJ!fWmkwrRkv#6;~ zjt)F;Im;SfJp zUQ{r4I1!*h;=KB9{~2d{0;AaL+x4kB-xF`m`%`AFw%pn|yx(MgB3Bu*W5$IL=z>O@ z1L(j%(Z&=YnqnDQw)dLRW)?lo;v5gZ>|S#C@E{y7#hXWt_LhV2$?6r=^ZP*;Et_l= zz3t_ABNJp?G0!8=SR;_x#s4ci+R_`dt5|m3q8^FTd4^JX(R$sX1v`be8NnrGLcMqo1?!T5rB= zA<)`zG(>iZ|H{sU9-bX3m|YIEz#~Aw=T89>dQhN^4k zf5FjpqOmW|AtTC9-fG@D`XZ}I@#7%Qr1-H^|3#{$z_PaCM4<;9DZ!Z6C|Bta=v`>E zHGuX)L5G59M@A%iYm;2n)x6&xqgtbBlu|z>kbbsh!B|yWpLs~2t-1oZ2`0g3VIVn zw|OAZ=Ukda-rT61&Z4ZzQ*_V%_{N%JI`BcK@Mz*v-6#8fa`un1tyTI0T$K@~1TT(z zfGZ{&j)u78lmC_7Lw0y}xL|eybCB8D0Rm6{6nMxE3N(Sk#X>>s3V+2ap^ZZKmPg!y zCy`J?(Hk8fOgRc{oAmgJj&PladBRxtuWa}#>)r^pqjA0*n*N)CQ~)Pw7rU2E)GUqdY{+%bx!0>Ji}m}R4M#` zh-<8EbSk%bWxcnGJw$e+&}b(B z?Sg_n1kpC|AFv}Dj919>HMFiWg;T%&=0}vkrq*50w?5p+8+h|v|EkPo=E!(4mK?*! zCDPul){V;P73xk1^e;FXBD>UoWoOC<&kh~TPHYh}J7++^`A-2;K2YG^C8WUoxm72N z+7|hjQQq<+|N(__iYw0x->A#fEM?E;{k zP|#)|nt>0AR&OZ$EIGvOJh7lR6>`kTZgR&YO?T8eyDvWIYKP#RapF!^om?+|EpI2t0mw0~xo0B>N#g4xwV3%CLTjwk{Npuoi#q`+-0CFRJpo!!Gbl!o{A z*B7-o<1Yt)7oL3im4OtOx>N;E)e^J+!=wQI!~33?lIMWz#S0b|0 zhod2~OaE7PW?1m-c);vhp#|Il0sB7%%&SQ`r~{MdS%Eph2R<@p|<|STrov9T(O#`@0G*W%4St5 zi%J(N5{M@dXfHS#qHJ&eS+)##?;;W`+rt&e?11CGVKyiN8K6KM{KN!cyvwwm6euEg zx*TPT$x2ZXVeMw5qoZYt#(zvRCv{tuBY?x1lc!L1J>eD;_rN=?j%kE|IW*b}$j%xC z{T)RASVN*cnSR{b_I$UaMYH&0cVn~UoH#$%lch#)4a~kl5w7_}K`+YoCC*pjVM(2jci2;?+mE1d*;{#H==P|$Ii}9RA2zWrFeSqvxdTQp^LG%qS zB)aw5kzE*3qPhR=9|}$aYv1i(>tF}Qz01`@ht8 z{Q{1L$S(7r*}1~A3j(h@tTo8&d;tL~lk!9{`Xu(NeS8UAcZJYse*kTP zf}R4=z2Fto`(9~+8f{a%rSidx`3oPkJVYenI5761sq{uF>wf&%v2$g<%jk)pdqh<}fC*Q{0; zSI|7eT<PvQ{xdWhIQAB1j)GSDA6f~C zwqp@nr~d4~*IZoJ_UyiwZF!SFtnq%uYSfn7={&EA2mFg(Q`-E2GUYw5fukyh z;b@5Lvj3T#@9Eyf@CIadK|pq9C<4Bqz=JZRzz@X{DV6BrO}3XK2^;t-dSTmg9=!?@ zMoq+o_@Cml0(=A>~!w}a|<%Na3DJ)6oD{M;94&-JDDJKPRn4R9WW_83yqEd(1s}JPary{28r$}O5Eo* zU8l&sHQ}--?jE@AbL{T)%HqO%8GWV8;Z#1>n|G(Fq_4!X)#?SF`|*haksTcz4RPJ& z{WH6*)4hvmXo07IfB}lY7AQc~ffR7QAmAX=Zb&TotuWFkG->$S6?zyeSDv6ZA8o*N zt8BrnXZ+_6*Q+CxSO}|BAB~kD1oXBc%N7ZsAN+~7IDf(0F^5;5n2qHXM}%X!YtLlEX*wzE1=i4rF$~@mMfD6oDu(JLVvyKu^f+JD!|*s&Y0ICUotb@0Qw` zI7oNGgV(Q?Ckb*f{>Gr?ei9 z|C!y<>E1=pE@XDVX;d&B6oDg905=3FK+-yhzp)d4V}Zcdf-|M4ULMX{pOR8G;Yn3zkBQfD=gjpwUslC9nM_+6sQ&-+#9$RdA@?>R|R+`gC!( zc#< z%KUWiLURu?yJ$c_3q`;j6i^4VD^VvElG_^BOS0jrmLzT-JNiUnX=S9}8NpXQ$(+S3 zSkzodl6!$|vBJXW?q@D}AiD!-G_ZRFb{_?u_&@YMvTVI*f`*enE?B09Tn@~le^D>m zW4B|iTS}-%hDJc2z2GA1{V=9&JY(1L^^H=h)P7(te+-QVHbcNPQP4dg`sM%0G4 zBjcvpPvmq)S9gc=KVOeE)+RCf_0^Jrsc?cm@;!4fLVyGs9S5NAp`ax|wCf5IUA*k4 z6@ZELhEZ#&(~EfhT*?B;#-mr-oA@c#jFhoNyyM>!*SfGDkbl26I9V__gM&bGz|jzw zeBnQ{vpwCrVE7H09k7%QQ%4c71qHe^kpg+wFAoYNKIBvHuUJ>kNDIVv^%;mP6p85d ztvs80%vUZ|$l>5*&-v>oPZN!Eyip25fEgMMtOUdEqM+d~xcRSaU-6OXb(>FlMaOB@ zdzDvsIXH84UU0aOZ^CXxTxB>a)irV$PkqZVWX(IFs&5@g@mtUZIKop5j)utY{XerC zKHa;>f))UlV__)!QXj$JRr8-fv;_s8HDT>Ub26{T~EZfr$)#te&+Hz%GYh%Tf729R0y;dG#XfugQ=jP z;cspE4?Q1=w9famV>@ug9cP}xR>3(|TkCo6eo`MV#gnVbXsk3J*%TmEAH$s<`$d*& z+?5;t`V0ix29Aa(ThYJD_So(8z6<>$$n1b+F_ls zk-lr0zl(7l6jY_CAHO>DQFtUHV2Uk_o|e?=OVpn6xtW9Et=u(SiagM$9w zc`M#k$n1^=qjPdNp7^;vy5-l=j9Jqt8!O#uN*Pbr(L9**B!ZE2LQC%>UH`>v^BNnt zBJ~7_?403fi0q30ncej1-i7TkWOl&%3QP$_;J@EE!4Hhd3`Pp{-)@R^lJ6uNw!U6p zaZN(_z*9?<(dUE6qJiQkG4aj%`j(d;qc*A>zp=e&A2m*4KnOTMqtg%qu-kv4t*OAW z)kGlCO~IWy(LTiY@s^1<%04#x&L(T{%SZRD@ur_m&1WJvKfX7ts!OQn)i8FXz4iV< zHUgawM?+*+@~`Zy@0{*k96<{JYXmSw6oEUSz)CVwU@DYXaG$s(pY1lkamjWbVR-|y zj-bE*NzgJY=j4j@);p)D(b&xzvTutSCEqdxj1dA2Cy-?W`rI%D6to|R_J$$Rk-R-; zT7IM{$!uASQK4@|2T*KgN%W$=$YI-H})VO-ppq5DxRS-j-l^Y(TK-&=NA#^^U!FZ-w2cY z6K%r?qPvShG{g3Vdl|RFD_z{`Zm;HgdZM|8ALV>lNfwSC)*SwIWO-&hCn|f9mJ|Ew zts6LWO$am-91T&nvVWD$M)P#<;t*N@X!^l!q6lb$0wNqpf%|994|see-K8Aac%r2y39*tJ3*3>PoQ}}e9w5+U zXCSjH|7Uh}r+XK_;h$oK_P_T+qV9+Vx<|0oVElKRs!l;>Cw#+dyZIVT)!kH= z7b?S4tqczau_Yxpl+X(unrI~-sc@<{+-8jNX>VLEe@S!UJa8c7F*F)zzQANr(Ayx| zxg3d3k>t+XB$dd@OMVpG6dbR%IfG3^!Lm2HzTm${X@ASfyXC^@<|>m5?YF6(H@39E z69E|pWOfz*%FdP({t%oBJ`s3hLS_fFAz(6p3fOXj0#CtP{PcYPBwBKMPB+hdw21a? zO>>DjjGuDWmjnV`Znejg{_g2>x!Z#mOF$l)uyH|!NdZxOKWH@Y6c4+Gf;Irrht$aI zn(qhNXBx>6aacZ)ej<)lKH!tJlOTsDb$hU}>aiDIr;bvG;w)0&f|8p(gG6nNk5$`^BvF@JIm4=A zSal9ICGN*^sdF)BRx4ggjf#rDKYlK6v#Z|m1R*d8jRqbEVNxjQFCf|}35h1pacGRl zK4Ne-QgrG+xLw`tI`t+!UYvl?S@GkL?K?xGM-pUlEmbxv{knvzXUTy+_Xso^c$$Jq zqM(mK^x0{!Y`MR?8pdBow?xsE^}WHt;!;|2?OfeovuoMEBEV`}JM^vb*5OtCt}o|j z&Pd%I3PD(}!_g3BtNK^j>;z8tE;_Iw%LY8sz^?u&U?%_y+$BZ|SkX8;XEjQ!9P2!P zyBYVX>Z^4Iv0?DOE2~F0#@40Qtpl#+_(G}(dYz3N|Ne|N6@)-HG#Z$e!z579Fc3Z2 zi$o6=h0U56XwPQD1iWx1o4hq{fBs}HLFOM4LloD;@Y?UYLrmjylb~Y_x8F{gJxVkP z^eh|=k==)XW|wq&-vtQ{WOl&Z7$%M)kOT@e$RY*Q%$j?#PsaC^k6#5=6~vB64qc#O z6CJ5e+Qt59p;KblR4?m%4p)b$#(nge4#lW7LVz3^4NNUzVkqcuAX*z7<` znJgZOwQh8zINW<&GOqCR%0nZ3)(6y4%i@yil@+}n>2X!xYbH37{KXMyZa5kuyXt>s zXMYynKxhPqi=cCm*_9$b1t$8Zfc;reVE;8TyX4y4eG;l8i<5FgTm`+FpLV8cm)mW| ziz1c2l@WAv(=KLSkkl?=N%oXrkgl8Z$3_T*LZg8>3QPnAeHBDYfwS73sJjG4c6A+9 zBl7*Ybt8VAYwB~&zt358CFDQ6k7-)no?Lw_PL?M1?1vjK`OQ{f0Y4RvhRCkwpV`^L zv(pB%Q^bYL4wxvwgi!?SK!GA{WOgmM(-F9ghfH)!;U=LQs{G7v_pfVF@ttG1Z9E;l zmi+SO`GUdaU7R)Mi!2X`jEC1|E5}%ya`S?(nwxR#c#z?h^+8Kdn zg`*+L_VHh3b09k1_p!r+%nlf^VFG^&I1qsXgs+g<`4CJrzO!L2wd3!<<7j2uWM7=K zM%a}Yjnm*MNBxMjY3}##&m$Lt7Dw#Ei;RQTMhF2%Xf!b1!T3?oH$k*O8xmdccw-j} z-?pQ<`0!q-zk!LEz-D@l>*yG>==nt^XCkUaJ9ep;uL|*w7T*Lv$?pdip~K*4i0o?r znVtLTJuA2IA+rMp9T*>qfIBGAb{8q&)GiRBqt%F&;*WNpt+3PdD;wu^46&EnYHPh0 zsFY>!-+g}OHIh$2YEVN2Q}}h8O<>SngkjRWC!CxK`Vo3NlPSp`aaW6 zRdR>jkHHrm^Jcn-;b{ZWK2XcCj>qe`_@(zXadMO(p5NLKd8lr4< z|06Pp1kV5!DGbV04P|3}wPZJ85Cy6eIFCn-@)rbF36 zDiSZIFwZ7bckJ+mWykSl5Z1k_21a=_BFM7UBLrYvDCkNsyIHd z>Aue)v_JzOz=3!kfCRGm zp8)}O6oLDoz)m_+;69a3P?&tCa8>%1jSFQP8=hnv`?fbful9v**Ef_^?0qlsy=)w8jo4ENjyWzRv0$=vchXQ@Q zrA%iV4Wr@b<|wynR9R(I6BJrrO_^4YxzFS_h(No;(Gb@iP`1BjR}arl8q97UTA&#a zU_%k82L;+xkpgIpI#)u-Jv^|&t8|;{H>>qI-iS{zWJPr(I}>n@;f!8Jd$KpWtzD@h z8Hc8!@c?*p)mKu;vb6wcRuuFOi2gc+MC&~ZA#$ne6IUh~#u{<^ah|K@pBvx%$-2P~(%bJC zO6jtsVzeZQr*(@x<=`AyztLZ5jnNuAL1**hM8R_efj)qvA+iI$ZGX+K?R4MgBROPt z?SKFyia;AEz+!e9`}wor@s6fzSaC7wHs`*>wT} z^nYgOA_xj>Md@$~0Qw>dIvGTN_=-g1ugQ>*M0iPC&i?-B zy7S^p+Bu={yU+Jr?~=*z(_6Dm&Pg<-Ilq4voyDSq*LFbwn9DoD(GX<=2Fbsct@m`_ zN0|yTyKX>$7Db>J6mXvt*`3r?}8>n1C7-WQxbwde9E=;c35-!NmwRDDP7K^3)u7Qm0Gj4cv?~sXZc;*`oi(m@;yrAwQ{jnmFP5dyQLr6{1^9>@>ljrpJ}O0{bpta5O}Az$pK>>|7;J_kA!fKxX$1 z5V(LMAPEZOE+Yl(8*eDYVRe+kNFHUF;Ath}cBrygP1l*vi-r$=`W|lz6DPsLrEk12 z>eFtNC7A1qxb6s`(Y*i~xl28;+U!b(zESIg;T10{)7D=jLaSPR|12KDni`IVC>wBZ`)k=o zPxmh9Xduhh4+v1Alx-9gxM748Fus|5o=oEz!P7AZl`J>rr*#d#bR}3RibC@ENTW+G zlGW!uIyR|#yR=+_M=+5sOn?wzghmelXo^44Zp0v3m8YvV)H}j8xMQBkt8X`O3=KQzp+~iL8E<9-= zvl|2iP>%L?`|oX=@XZfT%aH=z7G3>8A#IK)Z_LYz(z-D|mOJ3!mf>B!P)wdVsi${KAWe(`^iIBbUab za5+fSOvah19O)(gbp0Y2B?%;v`HLCCt&|;5)qam^b<^_Mv?)~ZB#R;^) zcR+v?Mc_SH{N~$80V8%P;z2XU?YbATS@+%vctrWwISX4ZyNX4JhY`Bo`>t3VB z6KVW!bloTIOQFY`BT8uWsxL&On5bj*yMew>Bs6*iKokFocE13koA!}tjk0`C0{?I> zBX|7=G-$V4B*KN8KZr9=dKU_)nP$IW7+bYypd(;BzVRc`ux`|u6k%NeM?;him{a|& zZ0_)vI{*J!AvJW6*^L4ML?{9(pun31q`;eJX&(Gb}I)49K92Y&^@ z|L{dbauL2|*quk`mS`EgGK1=LP{g=K} z?BN?*zct-!!l^d1Lp@s@uLs7FbgU0d>ePP7`H-~1hRCiCj)uq%n2-J~yC=-2dlwpv zklFnJ1n~Y8c)|<{4A>zB!k(ngD<16!g*o}AzwO*rO0&54AaH_{{Yh14>urJJwY!90 zGlG;^L_AAzvaYn;$VCWfL8B)D^m!Dt7Kk2SLZXGXP1iMNU_C4=(cw+%;(9x9EM2KIC&NxJ(J9+1RkeODo zx-C58n*J{FfGR%$v)A$l_J`e6512O0gmS}vedJJ#ohYVy>VcQTQv})`j)o{3Fqi*p z*&0soS&3(YEZa07a1KSF0Ti$bKnf^gRZgwO1_eGB#*2$$m&=~ufA;GAohK`{rVpEi zCO%zIcC4YN@sq!oQu}r!(DYdgLLdnmJp-U|P|&*|+FcWgUQ+w)vMIuTmzq!Y>GMR< zenb1`4butSpIGOp3~yLrHe7jQde?m^{)h=(4BL8uJ|BTDg`**|10Ey(mYoOp>D~n^ z3uJab0fDoB3V3jX0tXIAfi1p9t)7XEwJG5I%X~N>)+~m@eO85 zyN246*q(l8X&7ZJPGrAYm??7BJVW-wdFC!ec2aOOM0UV)&|kBQIo-P$gcg_s1h7y9 zVnBftE@XDs`Nh95JRNqQer;EAXH4dz^xS!h#~ggcjgav5iq5Fx7u*eQEHz8JP`?R0YuJ1ptllC)yJYMBma!q9=y2mxFLdrsS?!t`HSJ zedy1{GQ{>~>8?oou`8>U3^kU;cY1+>(Wubh1g-_ti^PbsHNw#lWdol6{#G_mq0@U- zWG+Eww+INFK@kuF1$xdQ1$d4GiVv1^r|YzCq91l%#^-r)m*miIgPZaL#(^|S9!DYx*%y? zHc375XzA@*c@iF@V-raWY`urpL8}ID3O%I}Xk9oOB0J#m^{?5bobFw`VTa6a84y52 z5l8_AssfP$o+OTPST&Dnxx0R!@B042=*Qu!{o+xB)M-zir5S-A!(2R1V_#Lcn6XK8 zdHw2D0-i*(pwTM`wD}1Nx(`Gzjw8{&{6)@+)7yBKoEKwo^LS*bKN=L?KtC(+JA!^b zK-kQhn1!b!nx5o9J=d9~GWIU8fxZTghRCiDf&N=|Ugu8tE>t)mvs(oOj{g+!ItL2S z(;x-*IL^}FVRsAZvz5+j@=I%4M>k|OY;!U*zWD)%Rx?|GA!QBUNBGEnj|g|ID5s_p zQG5kXNc0+jK0-lDfoOjVBzp7s8cp@TP)xy0>cS%}*!BdoNhyeRR4= ze<-vvX3;%~=hq=z2ynOXc zUaEVv^S~jup*)c2UjX_51w96$%V&_;8AWLLm`BFuCM>ELkfMbfQd8hId`Yv8EaC6! zSzSDVYekXyoJno|VNB*iD=aM?+)>v`zk&oj1wp-o=~CkOG^4!2X{C-Xx&F z!V9Fpj;VH7k|Np~ufRe$7v74TAcLwbdDTd)zPLp5ICVxJ+Xj&7%`dnGOW6J$dns@(U9SrR|FY^gMZ-g4p8PMe z=6tRXI$v5|bQTuQJugx_5Dj7c#qTKwuX|zylNrd4v=|JIp?& zleIHQAXHZ(=SJt6NgtxcRPe3syooW%f1zYuuaGVO84l*^kklF7)Z|KFsC{w;61@YU zcTmtpAo|cAiN0~JjZa@rLHga)&*$|sJGyt;dlh)tkIb05-$fqn-`wUfc(y@!51aB@ zuRvQH<3KPXJ1=PTE`Z)fLC=C{7YZag|8v75{{_tAs|$~qj`o26h=+f~|yN6nv`ZY?rAARiKYvWgIF|$eFvG3%lVt8oZnVlBmY!bPWJ`(?Sa@Oa= zGD5%#8odvoH&M{4Ao{xr5{OmHpNnk$e3r9m_2Q=FLnqA=O-UWvMWOfIDz%LYmKv1A92Px2+G4pfc zjrs``4(JsAHM_Oby^AtvfkQxG9YtUb6p-OT3T#A3VR2qjc>3BR^;U(# z{+ub+Ejq&h^{G!va;BJG-pAVaQ^U^BW1rhEdvlz87*UE42or=X+Yx|X`xEWU0;10i zBGKv?YbFjiEkwPR4-_P~NmlT}B`zf#IehBE;$US+dXW(t|DkCBP621#zBri zzko&`1L##0v^I#A1Uohp`@drsYG`7Og_v0tX^0$NwcL2;SX@?~A8$TO(QgqKYS=k{ z?LGg!Gbh<9Hzgu~qc*bPXo#`_UDm&q%{TIN?;>0XGP@H%UczU<-|`%%{cAbYP{K>HzT|~K8_bRwn57ysKBgczg6>Z!jWFs@V!dLj3Ynts`V9vxuJVL+(8hr*pFaC-4;{nlm z`AGCa@wzWfs^{DM!YFO>a5}D-m#xS1Hg845d~a4Vn?3cT#>`~px}oVjMf<42Jmxvj zyKsY}A+iHH)PKv)&-irjVhUOS0}xn15ikY?n2M1Cg-rdf%_>HZ9*;f{PdyA|xNJzj zFZn<*aNec!<`#3#uDD`n*#+BRTL6Y32LD%VZS%KTAtpFI^2znd_fuP+>Ee0*HD%|jwoSL3$kh~g^hC0DR%*@Ig}XBot5ad5 zCwt8bjKIMO({MCI*?_+M-^%8Xe!6#2CkB}vHXtzjr+_~?C~yMq5c4&2m5-TUoiP=p zJ{~2CzvkwjO@DbWDK@7QPd47yIk7K~bs=-<>hAA*nNPNaJp&NgHA17$0_dM8XkifT z-Hgo64gJ7FvUF-9w8&w_#Na}|=q&f2<$RAw&Fa?6 z5$Nx5G(>j5!opv(vpU_oxFZ3X9S$HcgCbxB3jDf)6bN9s-12p@lORE+@=Zt`P` zh&<9beY21JVQJmIpLwNktsf>Og~;=Syf7qX4+S=ks6wO90qAKIbSj8G=Z!> z{DcKt$%EjSSYN;DM|r&MRgaQueU5k|?h~!VWEMS{P0qdJ1_Apf&K;Y;j#x7|8X`Mj zP2;cG^`Gutv_K2s0s>Pg0{x)C=sZ$jhjl}aY+0p6#U5*}F|QaszvGge+t-=3zM9vc zOdMl6=saWCnnwv3W65?X z3!`h0*%1Q*BPas$pul7)GCPL4otU}`HcTTa-QC@-bf-CEeW}(g=ujceiwZuwL26-h6xWWBuh^=XK99JZqkNW`35mcpv73G&i@!x?GE~ z2=P~SWAa?^FkGc(H16|!7FHc&*7^|sm>nMfi)bVOdiojK?FkM0R5k;8*OFL8lc3IU z;uz>AxbqGs5!@=MX{5$?m*zgIdbiitl|ULt1|V%^TM($VXMm1a!k5v=0QA%|bomq7 zzy4{+m-R@W_y|-`zV}AA7_E*`8Vy4zT!0K5Z|?tLlQ)c4uefW_M~t~T5G?n*ga-@o z4~G2#{X*GRAJP9>wvE59UC;@mj0VDg#3#*+Xz(H{W`()8xtYn=+4^N!;5&+!2% z3w26ruKR2pO?Bqq&*1&4S>hSqe?Q9@v7@tV-&zM`$M`ZD6@Z@jC)yw92|WS*2Q8+e z%=)dM(ZQNH$=1j;SJo|1CRzxxcSn*b2Uw9U4Gj{F#89|2Etcx}!iF4pndy16uu_ah%{qVeMv zsTLiPB-RZPd0`h?2X*>sODLM$&Mt{IuFxNcyyMGgbO3tn8QT8|{cZdYdVH2oiG8%7 ztKwr=TF=35^i*n!y^R96{@W=a?-RB|f{#3iZNxb8)HapmYP<`4rH|;a2lNZs0p8*M zYjzEPU%L<&dNDf;fWYW8frcl6k(ECJZ>f;=**mXJe=#$9zy8H2|a7&ng0ZsI+bN`g$B;UInr%5ySQoee-~RAv?h9b((b_^j4O97{5w7!hS2B3$Zq1B(zdh&m=+cmmGx|bg9O^T#Ts4#D8 zvxW9==c;>Cq|!-?ITv9^_nQyad%y|%pUu)+)3}eC<)g`6XhNRtd zaaP@OKyAsXf1rF02NG6%EIy^^i)dT`dgvLt;|V?F^ap)p#)El@Mv6};%||8*9aLge zhu_`7-C2@}e9qqY!+(^8ew$b>-ok7i?~44LM-Jc`Hky~wcmVX^GxX&X`mZw^zCn~o zHkma!z0SEjLff`1*=&-zfa!o~*hZBi>W2TZ{mUhBF?jf(>qLZfb;b-1Z~~sd1Nw!s z0eT1it!#mGe_y*W6nil{e1O2fKLrBmo&+3F|77P|&lN2KWlG;3)!^YCb$DTd*Sw_t zy^nIq0f`ffeV!%LPC&^6O!kf}?aYp~%@fc~Z1OUi0D%7S46Xl!&M*6erX(-cJCi#I z*m2>E`!$q+9PDR?FZWAiYKeHi(eP^0mq6MEv;B+tFRj*bumY|2n#U32`G9^QyX{Bx zzh)Qr@FV!IJtK4CFJ?yw5a@p<5cecN{q%ZbYCj-m{i72YL#LW1>yO;i6XVgVuri+{ z<*!DsuCD3$WBpFp!kiJt@NCyVI}}R-dPA39MiT+heb3MXPw2^~he8C(((cj4lI@%E z3Sc2VP5v5L(eMI7)*8}b&w%-wWQpDrs<{NgU+QCxpbRaQN@9=Moj;&o$ZqGqvI_!v z$WHHRx-gS?F*{;_K<_^Vf|*^lldBS>wR$Fu>;#%S3^l6Qbk#a0PD8Eud=ek_z|%_uH+G& z@_>G!Y=CZ)e;e{aX@6h4D3f|IJ2HSk*E4~%Cjsl}KiQ?^fH&VbMpFjiLEhCSGaN#9 zgVa~**nAZR(uu>js&{^^Vqcpg#?&65iyZ(>?gtq1l`o^o0qD+W=16>bfI#~*0lO!G3#mT>wV;~Gz`8wpg_Jd`=WWIM1tj}|#p!)-9M**z zbtde@N`{h47+mQH#B*U|vrnu5eP*NYUMw3m0NwTso&SVhto?%~2rU2ciR1iBTW*`j zD#)=I(icr>jZ5zly*va=PN!~mBk@cBnl(D36K|$INA1q*$LuCwM$-V$tjKk|!@!K7rF9UWzjVN3)lB%Wn09n(dydbqCPvC7W{%*n6xS$(A_11z z4<67jly4f^D`>nRT~`^cgQ)1L zV75X`AK0Bl2|UPvPPb&h>!dS`3h)wbE;Z^mOVKIx7XeePz1)jvIsm%)8Cv`aP389| zyX7?DeaAAY9Vfp$s7x#b*81-b=b4?g)kF4W(P*8k?#CQC)%oAzYc~u1`-0k0upY}6 z@_>FJyTkv?&i&y>@Lw0?Cd{7L7QJA!cu7<#YS~ADZ!e=60O-bN=!z$_+S9s^)kV#Q zmkdc1-P^Y$U`DLk*I)!1;>_Bqt}Jc$${1zyz;p5r`$Ws{GqVj-=C7pWrr^GOSX4S z4`IGPqPZW?FO==~Bl_RU78>yI`}?m;W(bsC%#H;hQ2R_E;7K4G^G|j$PU8h%L<)!& zd&UL~k-_O~)ybLMEEz~dm_L9u#ovWW>vE$tgqpr;aVy(tV6Y^A6d-vS%?d!*JVQ4= zp*0Bpp!@7nf!V*~6yPuR{gD2mJ-QuU>~jv?FCUDgDA+W_@%l)z+FP%yPkX2N5{QzJ zH1HA4_keyOyW{`N?&u-Azb?ofQhqTzHh@6&Gl8Qg0Vb0_0u*P~hHf%h#2v#AfHqrO1NAj4PoqX3qPn)$Me~0+ZEjQU_k3sz>z1 z%V-V&y7C$N{S*2_%pbJj$YQ&lqmy%J+e)-&O`-_jTEL1~If`$WDE$=;8tWLfKCKt8AYm{=RHNrut&pH~|6`&jcc#1kj$|X67NtZPA)$ zZ29NLI(oF32rVdojB=0D-b+0#{E0=}%8)43!{1I5*ZPz;h({ z!@vd-t-BMz&ZW?nWzTwr6Y^am(q`}At#6LWouMiP2FT0+?+8j>M!yB1OaF-uqklp# z3H`~g0GR^9@O4<1IlfM;1%ei??kM@U*0FYYlwA%W#3Qd8U&ky`mx?XHJc$#PcA#3e z$Lz{pMsowuCC|_wp3oT0f6$JM8*&ujH7BPMK#b|0wPkbDIfPnj4?dyEr~YKudVhX=YkM#cr>?Ij_;C0uQrq+a9`!fBE_;rHobm4zPPA29Uem_* zKV^BOxEa>pJfg`T&@W^MXvY1w|B&IJe_u8U(ReXCK7c^sKLx@;p9Jb#{s@??B7KCl zx|%DiQcU?`sx%%_qD6iY>kC^EQ(K>f&s<79Z>%TeIJxA6S$b;|&H>ok81^!nAAl}+ zhUR!e+j;##OZNXflXy*%fW?HNXii~eMUtH3gw^Ap zlYrh?c}5={|23d}JMRJgLfI}J(f?Yu^uI5g+-tsAHbH6fS%bs>FF_y#1Lx7io zAX+b?g#hT>XXuG1be!HF^iZHW$Q(#G5SYE5AGx$ZrDW=0KWO7?()B~i-7(6vdQ$z0>S`+oPP>Lz&;6hTK*BRTx7&| zx)B9;c@I2`&A8od$O!4sxP^WIaf37z6%gdIdh7MdM+4K9o0Ty!`L_pP&&d4CXb}K9 z`x%=530>m)2mL#c94ZO#t_V-QUi|xk9XhW;yf>V|xL+RF`@Xj@$FJNyX=wY~A2xO7 z%?A!+?V~&n`IDEkyZX=U?Ek)OGNAop@kIdwSA(*{_&zHjzmw`c%SOhm+oTExbTb_g@XDqKcgF8g;OEO|F#tOA8M@#J{rUV4 z+P)D6x*Uttr8)Yle!O!DczxKJSj4-JC%=^!y+Dd|L!8E~N(n)X5rJa0`|TQ6+#`D9 z0sX?byZ+DY79Xuz2}ofoqc2MA<56Igr_ps@NQaFA_-aJ)lR8;ZJ(Q)D2@xC6I$ z10G<9%bR_B%8lm71TDdLM z#0)K<$kuY+W5X>heFoi_oo4hi?VTQX_#)bd=bb5y$z?HxXN_BWTgdX5z$2ReWway! zo%ReZ@q`9{h#he5-gt#PUS)5$BWy6Q@fPa+pbu3ckfl;4ZWC0{+7jH>_m?n z=6~Cy9?&mjcl)2&ZT)@O#6kbX>|_7}DbED9o&?%1{|GE8eS)3c>xbqnNxNVFt$Lz+ zdPd%SXU&0KmEvHT-nn_s)Rboumy_gtbloPuX}Iw??wlXcAwWQY&nqDEf8Leh2LBF# zcKav#3*HktkMnO>#+5&e=(TxFBTWxfZ(r^o@jMh>1}-dDeM25k8J`ta3W$oB5P zvi)N7@caDu>4n$r%h}2T1e2Z#{E-i2bTLsv)ddStpd^_Z@(lgguFI9P z|DpM8J&;^2<{DgpI${HK;CHNh;><%lB=FEF>YE4SwhA&U*&}?@BcH)hcjg_oSw3@I|T#U1_uIso(qA`!plGY z6}@LiuYK7A3>Jh_LG@UG5apqkA9brCA-wWeejLjjjBQXb`^s9r7UMOwHM^dDly5&s z{aZ4USkz#azQGS(>qxRjskpc2DHnDuX-Qfnzv>>T3LHld;?o@BFi``sYaUxOkooc! zS8i>735k!3@e4?jt5Cl(-2syTCURk3C5I@muSupB0_X2VB2LG5&dM%lYw5omdn3o# z%+ArZc}cHXbgV>o)2S{gl#mJR1Bn_se#i!#LOVehPT1x*Su|JT8gddLXzuW<9!sVh z?o9fX^&%!|iy8L(pz^5@>~k*pNfhVy(S!c1!);br$bO-I2|{LmBH#uZolS5d2^x76 zh5ed#E2%Es-bV@Z&<5sXoU|$$*{YYWUVuj8E2f{+s+TOe(3aAwts*1ukAX4Hy(4OQ z`VtG6?KVaWK4*d@b*R88-~M2TH**RR&hCt{yq)|`Mg@9)tWU*wH3;d__7(JFKLvGw zy>|GGMbeEH*)WoK4eiE=c6?@wSoAUyk5-<8s*=`E!HH@+tcZ@w1*>=7+(zGS?1$Dx zv$|Td$(zm@n3Il`1aDzSz1*{p(njusb1GdW#5H~K79ld&Ky}S4LT%^S2jC#MyU)H?^-Q*Nm$SNVCEP}tij0Ohky)I>y}l_Z{OSpm z3Ub+P;ZZvHdf0@}3t!uJs4Y&}$0GYR5F*w1Vw)$SenD*P=w7fLhkH-)4Uv1zdvR+# z<~^k(FeUU8d9jMm3OVpMU`L92Ebr<)({nN$vV*2lk(E?Kq5E9rEGqPOKICKzvVA=M zjfxj%Y)eVKp!fkrt;4Xr&0+QY6ZI+e`c@IJrwXM7dwygS9wVl;C%xF)JG+Uw2G=RJvU#OK9a30G+%sFc2hDW z(ll_64(z!UBv_?gD293k3q^kAT=siMi^2ya-~WSGY?2m^ojNW!y)EneW)nFh{&ku2 zXjKgPf`KrUv3}u|AzK33aMU{qbLEe1*Pp5tB)xu$`U4HjAr zM7CD6=^a`dC>7X;;Qd8x%vH(P4c|k1@wIm_@njotf$mS(R8-EYZB}W0Lc_@Fd@ymu zn6rb$w?ax9@H($O6Zpw+gJ!kr_PV`+4wQwpN!SY(LsF$~FebZGM>S z3LsMlrD8#$J3WLUgMi^(i%k><)$ZdJl3JVyV|~8yVk*WoYelzUkx9rE%BnAZ zI$2Ds>@~-9Jx*o+B{)f_H)?&^?{(do=hJM0uyzwbbnYL^)bV9{15t?60uCfe-?w&q z1tU0{&~X`hav#O^AfyHSSI1Kdec*+S%$d_D%U$`)EJRAZo zZq{7{i5bF;9;rL7&W*r#-^k@zx<0(6kdyy<_4xn8>E)SU0WkAFJF_zGfBgp!Gk@h8 z5YX+pDN!&)8Qd5*7zl}BPA6I^?Pwsmp~nwIXC;kdE^QR#MR~+V?ys`+O!a4!g0h+U zJ-)a?(|aK7gb611&k{8GD`5N8XmLv5u7<$)G`&g`Ut$4JY;?B;8}#}n7map9{nJAVQzB)7**ezTPHP4y>{ zpoN_YJ}_nIJS5ze8i<4C`1r5jorc|1#!?AhumbNI9IhAp;Q8eB5m7pHf@8D@#@&Btrh z#^<7+R{Ol=6sHuTsCV}UU9*y!GhYh}TRW(hXwv$da_oI$NQ-=3q8`YH_{~Q)oD?|O z{UaWoOUU>t8obI5`Kq2a5FWMGEPW)Zw+NA9q0dn~DOanv{3QYbCKhGKv3 zPy-J~ExeTyI+KPkAv=tV&yAJwGwA}YJl1CF=-5&|N!ALKf`sRMjbMz>5e+0&zC~dR zH<9WBh0w(|K##tzs?kcf;?UcPg+`i;yF&kJOv88;q55PUXslC*N(PpumrB?3w-ifc zxSRtM2-v2>_h3acKTw>r=8#+WH-q*5xALIDumRH-aUI5x#aHndJZ6H`0eeofFQ5{zs*AKpP#Orq#vd+`Ba0{sm`^kw(&9lxB zX)R?6p}!b!3{D5)1}7s$+R8z19KOjg|0E$;6HR?nMx8CKB}+`mp#b(<+dZer`|xWy zS$om%1PHRbgzk z!rh<-(C_MH!O7B)mT<3R?9(JMIha?)TZK;ndmuJ2w^O~>xeO;fSH&jMDXWOPpj@Ak z*_`I?QyE>4(8{LU24X*iEbM5TGCoTxKFZ6Qe}?Q`6r@Sk%ZQ8ULX48}B-Sg~iVRwII-yw{>r169(Ed06Wo|PXhaE zX$mo!vIe}NO2*GscGk`rytkTq_WE$Ox81vZRazueBK&*tG9;J?M79IS2|4X=2=H<3 zlK5%WH{WwpSwTqo2)e3{FvcdgjMi2LkFNrZ{~#FaKA}?tFP5 zX|u2)ffDwC-F0B+*S40WF&L+9P2`+?SKV<0*@%xml$kD8vSuVvss8ArF~DO~zUW(3oikw6_%k;Rptj-)xgBEcF3q@uoZlzp ziv^~N-R#{7z`k!;oRe-E*lbmv_z*QQ&(L)EU4?zX(vsuJ+RAJ<-Z{?+l9S5~9I`OX0oaqH23V%QHDd5=OaQ{muh z6}kF;8Ue;2nM7^30*PDm)RF6-Jvu3HTI8T}0&B@i=W0`gmUY~KD3l^vrks<(%a(pwlGD$8fGlc=@E+dbj0* z)1W6(+O{CsQvzvLWLQ01!dGdDJ-Ko1WWAad>fw^ec-j?1%_Jld%4fhS0#f%|St3DO zlF9ev{C;<$GDV~Wuh_j~74E%5sz^YO^ot`k?Y^N`B>?Lod`GwXRRbrH9oXsms6Z+L z6BI=%xUBIWY10SQMvZ@^q6BMIT}4LMr$zhSnfY6GxpEM$Ps4jV9!f=8A8Z;p^oHm#p+qIg z?muX3WWeiQqiRDs8ZXiSiQ)3JDK4-{8g~zq+H6m;RLiQ57mr~Z4oR@H;B9u@WgiU|9|}Xz_$JFgL^8QMYR`hKQW-%6Zt&{V zW1&(zw^o|_Ug=`=O^mxNMv%ES+mAdA_MDE?k$uB*>#|r&w_#9yAM#W^WkJQDogKW% zAW4IInMH=cDtzec7So1rJrQMIp6&;U;^<&Ixt%QbSTz1z-Uv>2bY|Pq+5H>)*3_Pr zU^dk-g!vDzZ1iiDi zF8O?D(%i2h_#Q0s^@5dY!ZRF!HHk<;Y`s0^y?ok&_d>DYGJc9(E#5#s;Qcdsf;r_M zpZPsrp81skGyk&_+cW=n*4x7~KT|IdQ1uUAMUXC_9I+pJZMVAY7gfNCop#mmg`lQM zSf8goTT~`Ka5@*L{SJlVDEjVZ(w~fZ8{ps;cokkqP@DQ{cmylMoV{Tq`CL2eJc*c; zR3z5!lg|c|>n-lbieHINg)`v=zz(5BI+9@?L+37MtlYXW9K0pnw7my;B|%e2UpGH* z;-*HVms_2VyIS7ylZIGRSzW+8_*Luv+F4Q%4#K@mofxF_Ue9%Th3|S8hZ#1lexL0o z2|gI_D^u(|rzrSAdKL=dNP*|JEEz#)hUJDqBK5rvGpJoAdD)QQg$Jn3S+dTKZs4_A zRjRc^7f!9@u_!7tClXS!)85H(hmDV+3~F`lY0>b|T~hKXlYDyr$||8@8lIc0vN;Z= zW*fx(Jm`SGuTc0-5^~a2`H18;zoW4ev(UO`+4nYM?gm%B8Pw=9MoMHG_&Ku;wqZXL?4pUMsEP9T72aPlxrwjvdu$^^GX`rG&$DZbs?SRfG zTnF&3ZRWMrgTR3iZP8C}>+@GsL)3|M9j)LOXm<9wS1yY(z&^JBk|6V8`}W)NlTbxaI_!5Yq=vGw4(J z>&&_)Zd{$V|F)P1l4@Dn>?Wl9c1*!~$7vw+H>G>=aj4bG}tHV`7_PH7Zg zG{B31p(~9=4IDe8%!e5G>oNslm!J1fhI0I&+w$vVDcb35?})oiAskm01*din9vHtlv@hvvVFdyLqtsxp^ozmMU2>oNQt{yD9pHLZ83(oa|f? zA<)IumsS*}e&nL_VF*YusTWZj)S$rnfDHZX*yWd%2A!>LQ2d zZAaMB3R3s>$DgHq=m%$V9pF3pM7+o=MZ~&It;&V@ih?1m@9`?jW{gOMT7+DLpdY~QF($6ttsgQRpDN33=%Hbb+8b*UF*UT*N$a+($nJmRdD zU8%?;R9VQ5O2C}AR4l=IOIWWG(2_I|Ej$nTOFz8?_;q=ms7&>0!a>bGT#2_{?dc}V zYw~!FC44<4KSNO-0=+07wt{9*AMQJqh&QVv9TU0t0^zSk-&MqQY2x!eMibOuNW(yjLjIa*?gW1l0;Fqdk@V@%l|CTQcp#{L%O>&b z07BLm2XS_*eb!&^q|&I&Mk$SU$JRe2q0QNG-QZUE{PeKi7F6NyfgA3iyoKSLCOwfJ zmelK0#As}M*w@qrG2pEvIyz?AQ3t1I7N?0gp+9+8Ol$52$+gyWREVy=s*ClIijbBbQ#Dk(Grv=Z1wJ)?g zsmWNn=#`K@kD|gc#4?A;i|W26@~mtANqn;9f!g84A(qMYje}w=v6CTk+O2p(t9d4ZjUM- zZUo|*TsyVv#T!h znx3BdBN4@L(FFsYTj{$L){yt)1 z4r(pCFB!artQv*rmRKNbE7d;4XE4rO)R5N5DzwgKWjy0E+{z~UaE(ne)+4N zsgzn}{6o#%j>2GX)!KPWRrfWVOH`fqO&`wFT?$>{{vce*r6)(QP(S$Iy4@wKphj=H$eQG& zTgmk!<2#SnImj_-i4Z92CXEgk>{Y2jKpXy~YcVp#D%e3l=*Xdd7T&qkB1VRKAFatX zC3X6EGY1Cx2+X;_bLa6Ksa?YJ9J99Tl&}%ppr>2Mk4!ULU5+^Ih<{6n()7!eO!1J` zE}!|5Le67FXuW$^QePN*5}j4NRzMOWS>EDDn18(_00zCtb<>LEy7)0u;PH~fLls8GMNcOj`C ze9dw(qPw&Z+~>)OE(3BuHfoSqYW{ErehUf8k@MEltqQUN17*-$sxoM^puyZCN>1%= zsjSG49@M^(;I?k9D-l=*0pDR>1&lBi9_a2t7l4*xhb7NjPI9wwo4#Jm1pZk&>?FFt z%MFx{XEJb*k9g+a-I zd1LR_dM8PomRza`I-Twc!-GKbsVYf=@sLF!GDP~5*|v!=Kl=*hchz@k?5Rbs*39RA zXI%|kB>!Atg=15R=O3-(s z&Svdts;Suy1J6;FRORXZ$rYySt{`gms~2(xm;xt*Qs2B!M&xhs^ZmWy9vbXCF-edw zTeA{hOn*<%NzHbKzuTHA25H1X>`ZPu+KN%jBi)LkJi|T+i3UR0jZ!E-KKE?iZ2Mws zl;nqu3+6?;=td05?FvWynj7ucxUG*nNqrG}QiRw^?UXaVtEb)lG*`3JZK{R<^1CA< zuMIS1tUYMRUv{r#5676jL(^5>0{6voBAiFiR=UwPPtAiuz50b)&$?W-gsV|n`HGlB zu%MnE)=L~tcPN}-On7ee7JBJ5**u@Hyxf8742?*~3Z~K*RNsILSzi8%Vb*mJw>5It zpNPjk+s6uTgJC6Q#av3Wa^?&!X{OnE?WWIu2Kc=%qOufBnB#1rX7lJo@g&P0u>U5y zIc-Fn*H=uWGlvk#YDYJ`=5|_bGR=c0l?%1f+5pN(zAOdZt({Gb$Lsa;Zfj;1HbU2L zJL@fEV}bBy?|!ee(syo@aIt!krHN*;xweRyy{|R!=iRQvG}16_)%hO$!9wXRK5BIe zi4i@`&S@RZvIckX*#ppNNJY98nPiix8PKs``U2743A(9=h#C}wxZm|1AC^#wvoq-7 zSZxNI)wLL(-;^OVJJAS>kR*L3@|oGwOv;oC;4s7^TN(T$vm>luR@2H#w~JS8ScEw1 zS_Eq3=ioGe;V^4}G?C#uF-gT)F-vYMAIa$<_B{Z4oEr~kf>SUb`ZxwEJ4YwpTDAqNbTZVE+UMb)2-EV6VvQ}Q-U zN-ch;#=~_5CsDHJwjTG_VFT=j>Q3=7jzd4AzII*Z0nLOV!+r$IFPHDlB$aFnw#DnZ ze?_Mpy*W&>ZT$u{((OKuz9JzUJO6R!_kDThR{_lY&u$tj`SdjN>+k~sp~ainL8$u| zoF@ulo??mgd&uoqeQq*oWn7t+M!82uS>Va7h8;B`z1?fEbPVNb`jR>YrO!q&bsK#( zi)QP`rx<3)dDSo7E`QQP-F^+x4qG~F20R&Xeb40A-pf;wL%deMv0RWNfJ;Ah0-+YQ z%&9BQRO21x!?YE4{Jy`(p6PAdcGE_=UcHJYfiCZ|OWLRjZvp3d_ATM= z#QUiTO@0IC2JfukEO}9{hegOj6SqJ#c{}si`yU#+ORA_yA1$J76=f;XTBRzlk&0W= z+lVg6>^v_tYI2W%5Fr-a1Vf^tFwbN#=KL^C_{3PROrS}1)q-s+C>@X=5KunNSTkTe z!ED2@6;o$Wf`b-27tSI1I>Y@V0vk$9tdnYm)ta33tS(9zdDwcvh@B&nA(D({UoqmK zEv(punx6zMaVl@zFqW8c)+fn4FQ8Ury7v_jXoMIlar5hmL1frEHyH1&!+(nsFIAbn^h?i5hn5(N>6uJ z-_3+rSBM3)&!v0>OL|?ZiF<B=l_S>dapY7H$vJ4ye_?Bs9mU+^pLD zJJW2w*CHhID@PvW>Gn1@-e-l5CCl#o!t>q6CF8Ho-bBq2-O4Cw4^? znQr3(>4HJWTb`2C0iFE>1SV@u+4x zN;W6xA7CapX`(Q|Q7V2Y-1azGId%@}A2GQLj=1|{qg9g2I*#=i1qxu!JDg8sw$b-6 z<4V%~SX4How(z6d@s%;sUKRA08cc01@uJqSUe!uvmzX5s`kVkWrQd7uZR8E{4*sG} zJr)*G`WK<2*_>g4C7zqzU)T?i`ER5Q&aN4>ShmodLDQFpxxtnE_4RP7-wb9EmK1M! zldG~N@XF0qQboqKvG)sOFGktvkvbR93y#hWXE&N;GStO`%}8@td}bj6qS5X^K?eFx z`>xmy0w|Cd;p_>%*I${4Y{TGU#)Eg1;L7iRMD5+G#)hakB&5Zw z1v}6-Hd53=g&s_SP%ACK@am&%83sfRfbeygc)(0%rbaSF~0A?+liQ)gI`F=Ax>Sx?g0kGe~{ohLx(dB7=3rwjp>= zb@{8(->@eH=$34U5BHIj7Ow5KQsSzwn16f|bZvq_M9NayqfW*4F|{=1VObdEdUoA%Od<}Jiv5X*5 zGu}#8yz`W5%CD*V72!Eh+3}?SeW`y)WK)E4AUvFvI9n%*HznuLh80(;`lQgaFG@qx zc)7Hl8d`uv)Aao-i8|(SHt&1IWD|(=d*jQ(OGXx;7FYI=NcDOpZt)@D0fP`*i4-F= z3O>&*<4*`{9LI#oxdVcWqr!`CV92uHaGBsZUizQYAgo;}Mq>Lj#tk*uvKoFif4GuY zWHe77^bl-$2AQ|}PJh@2;We07^!vfr>B{ST*0Wg^fy(;!Ygtg^tT%&-jq);#@tOgtG#uI0fO@v=_a1BF3Ln?*?jWRlE{mP_hR&T*e|^zFU^!Rcr`;=giJj+gnp&8=HQ# z6smayZwg3GNxvrf*}R6vwFDRUac-XFwat$=c>EthhcZ&2eoPxLF(A47;lu|Xg{V>A z8YV#B7FrPZYndDqc@~=ZQx+8S`^LSybZ3%_uA%w?_m*F6{3w5z0T$Ejv-~n)^N{)| zhVDkMD9(D_FJ%MlV&<7b>maEV&2B5@c^!yk)guuO`XsVN%8H)~vFem_T?IF>W~v;K z%xIA|v;rRWDIJM+c$uRLx%obDBn5#D2in7i0(A8D_*Zym7hPmvOyiYCoQC?s7#8q6v;QgzH8Y-rBhwE9zldkcJVd4Fx*+*tZfRX%c(dLnu8J0$9w?Ov#TeVdrYO(Hmg0bV-Sl@C?m2B5U8(ev9-8fD3h z3e8Iu?D^T&dAJ zx&n_sjae{u=l9_&A77L|2Kn1#x+cCG$mp5H@};<~bh%3M4r<~?LGzh4239!-}c1NXCe|{P!~=VAmFrY2W*4&NM;zYtY91e36V)Ao)=&i6&%cu<)t+{RdEhbEtwJW`14} zAi(E&S0@M~yxQZ;Z}9A}fch!GGylU4nZox#Kr2@BL7(=s2WlzdqDuroIF46h-_z%PV|2Jq<_tiQ0B^pZIo2FM$#t?k0UioTVikt#42^R1?@C$hn@ z1(_y$Mb>iW)C-fM!0CJ$MGF(Lgsn;9?EO|ifwbdF2i_^>pfSD0M81^$qMrLp%7Rzv z=oRfCT|x@h$m$r*u*W-Y?6;p8-yx%MHk-M{g$P zhtrYM-j(8<_udf(0W%cy(|g6xC#=AT9o8Oepv(97n_P?GHef|_B_K7S(#=~d&KFH2&&whvADe` z!m-{e9SPT%35ze_%L4#_q6QI?YzO`P9Bbuaz!X*_HA#PUd3zXvf zVe~-n8?SE~3Y&>U0iK#WZ*lz3Q^8nRRn$RnC(W>mPE?jNiU?QZynA{o#bR(Zq3T~F zNbVgB9buBP#+;J^dEW9$JL0|#k_?o3i%0LEQ;c1}8?KocXbekJxn*g35l$ym+e7pQ zD7|@a)6e)d8uKl8uQD-9w?}4b5L@(w4~fBwO49W{zaW_rC(C;zR}NL=+u3;N;Mmpy z|KD)0SD7NZAQ-Qwu-R)EUt3^Yz+Y2pP7KmXWMCIlS_IqlbcrHl8HvtxyBd3GqVcDx zCqfC?|N0J^lB*yzr4hm2r!!zbRAY1wyMu6)sqBRK4Puk~%bJ;B{<)2rEerNq^}TY? zCKm9z>upHhwRrK}ijOP19^Ld{I>-jmJq;GaJ! z@h^x*qtvE%P7=ZdC~+otl8vPs-Faf@^Wgh;NlgsPfAeDzX&O(O+tK&^z*CX!Pj+S= z9u(mqW87OEUE-NaJv=+csO#!-9PLxiAO!wCYx?|6w>z{728KL%j4CgtbN6ksyH_0l zE3D{3l{5TZLj15dY%EqQvC`<|Msulg&tvaMFWIIzd1=H+1C`C!G6~O9q!P zHGYA(Hb*UAaQjWz$d|IMvWfDw8D*A;j_mYs3^VC=ot7G-f=SwLq7?4e9T22TAut1Z zXq|Ein7C*AD#GLdujY{AoN@3_Q)q$z(4HlCscw1C+7uK-_-cacAbEfOn4!tdUGMmo zhH1zo-xP}d7^s^p7WOS;oqP)xOS0Z;cWsHdJ4^gNf3+&tt^nmB3-xH*>(txrW+?QH=i|XFlOGNK#RkfqkQn+ieZ(j2*51F7tb-&I}DZxr9#%UQ|S?SW0KfA?r#3XuIW!24?=XvgmgU5A9jI zbndK)NyJ8IgP7NHLPdz>7TeU%(E&?yF(dId8B^jJKsL<=7)##3=?L$)VvT2c=yh4 zBI@%s6`>-re=vL0+bV}Ow=@bD^3?Xra*FwnbgNq7CP&HKy)?c#4L<4VZ@9ZGoJrZu zbqj8DBd5h?v?9}?&?2Fv2ybNF}|R~HVp z$b5|+7m`=vJ$J+;b?luoPzd+2J9dezBG^8Y!S#UUa@&3U-nYH~ITv&{ zHQ`&!yUvOatqxM1XEg&1KktssTk>A*Nr?Lt2UN<@=WKqWt23n-!Jp{d-@4w_W=LuP zi|g;omBWHks=U_oVb&1oH*bzcJ8L-KroVYzvifkgF``uF*6ZK|C`1J?wPGSPhxWZU zbGllN8huRTEH zmtJ=6yuqiPq5f-v>&bO%J5d|Nj= zt9odgy0y#u%`e}${3Jyvr@70S<`N{V3y>K;uQJ|mc z+Ua+Y;!^?(^{4n&7Tl`c3RCGGq6#@PZ09cS5~ubkMl*wNq6B<$-r9Q9_o;6 z(J~+q1BE1e`ZXb)L3en&VAq^Ky6_GS9}@4?LuRCZ`?7ZALMQC?b0fpQi5hYNTz+VR zhA2!VrSjOy+aPl$MyY6H+HZBXAE&nHOJzbf(@ort09Be^Jq|;Rv$jWgwg`5kIrss^ z$XWYb|4Q3V~+J>)JRh*Rzd`%jqD)#z}HFLxtQIpX4<12PQ1MJJMfp+;x8 zZO~nHT6t>S6SY>o0<>}Q-Q7G1p+OlYFB^3 z5kQ%+5KU=WRFTHRMh$5~iTcfgQ9>_^7S^vv#;><4E)*p#EE(?1Ye^*oi_f|;gDAw} zq=ReqISDkcH4`S2FEPSra1;)b?75h#xi2+{C*iXwFe*aN7ds3_*4*dZQE7SkjxHVt z$Gj(yVGU>b;v+I_7Oo%rk_$B-&+^>-shYoO&uJ;DYar~<{OG5YnETYCJ~Y}s`D$9f z^kH6wf^uxIx0yTgqF+GCMBz*wpRRs{;aCA2p!f6uhWaN!?}o<$0Kv;$i2DS1{uM{x zw3A#4>2RLDqeAy7KdP%^6uOtQ1F{If)N-0cc)w}}4|pE4G)Zqmll#QrVXWo0!Vr?RMi(_8FlWM^>Srm0OsCoVdQbm@6{fUn?D=Ap>&mnVxC|k% zbK2zugRSVkG%0bE7pL#*k#%;7YRty--PoqKBVrM-7K>Q+ zyY}eJgEAF06mw`r&50IOru) zOj4qkmxl}zNKm~phF7}3FfUPfTU?8CNa-^tR;MyUTTQr6@n@9tGt@ThF8Eqt0NTs- zP#nr;7_quBP#`Badw9T)JUzfjtP-4Bsg9L23Wv7iT)dsn8444u?TsT#iGz^eW`M{1 zxFsN6_mhecgJUwQ=1DBJ7Fbyv?0>8X4-{A2g0%J#>x2*%mBQ2926s__&J3lHIgzI9!vT)|_yle8hMfO2Q_Oq9koGSigM%`55$*zWn=C z1&VKVF(TI$UUD?`B;Ah7!=p5aJ{qdwz%`!Aq0AxRCP1kZw=GDM zM*slJbQMpC6dz-mJ#@7h)Kz&GhnI3DmkHpFT7dG{xu~I^s->~_^KHm!-!^x2AaRbp z4z8SP99Y|-tNqci%dyXb@m9G;adJgDv=lSE_DBmsla!H`HudrV^XC$1$G>jJnnX-UCbDQG;G}ed@k&C-$VQom5oL2*buRS>#vcrSJ0S&$St1$AS*i0}tx=g) z7`TO!57fK*ab1*eRB18Dh6gI*g<3zruYXYB6K(9O2dry+l!g7}ZIJjuJ*daJi4>?> z>bBwW_I9Vzv2lh9>X|j2QF9&D4oMw)7o|N7XnfkpRdxd&P#SfQk*-;Saxoj56~6(O z_-3K9iLl~mm5E!%tCpNMIwCJG5zbs+C;->k!TS+cv1@EGI(^1hi)+w8#Ynm|DR%f%z}$2gAfw#7HOKQGGYDu&l9Efx2XAw( zEJXlwpr*~S?-d_#<{8+2p6?o=hJo~KB_PzP_mm<%uJKXK1x$g{y7?c4(%~4L@&^NF z&q%Ls!LhMjgERQ+teEiuSE#pJHsAmx0 zYL>Oyxc!6!G+R7e=*7BVo{+@-dy*)1lYA8oF*L z>el!>fJ+RQ#c9|Gh^?)wE9leU(2lhk3TtF3rD=(*B zmu3zulCS4Cqs>iJR7J)e&J}GPz*Yr_A`LVeUta)z7!B8>{_ah#WvT+* zlUf`ewx0q-;^BBxsaB6=VSdJXAug26$?g!R%lX35ws$X+&q*xzz1r5!fH7LJdJwdo zbl9F|r!b0YpaUlChdjK8Ij^c#I!xvu1kgQ|`~)XQb8&};c!!ZnY?r+U50sGK4`t%x z-t`Nn0S+=dBRwh38ZRGuGa^khHZiKe)uZw8YI8DT9$GkI`W39hWuuB{%_ja)yL^Do zTl+`u297Hx=x74D5t>ew6e6E|ErU{79f}_F1ST?Hs*ViPn7sB`?aDNQ8mqzUvf0ln z^>WxoAB6pwi=+yU!35_4 zFHLqMdtO7tJTx@J)_;fGrz_!=7;-}`G;SAulZ$T0RUX>+vS?tC;0t9=>Q44HBPg> z&8%wlMUf(ADR#_c;Xe1QYGpQYeMZZi%CqUzyzi4tNE-S}l}idmWqG7zd2kCXF?gt-jS2l;ulFXTSgpm<9?i zkff(L2_%)~s0O#NK$iDQpq+^Ly>*z8R9kHtAR#wLg_J#kLZoLs*|J-zxoR%gsxSl? z5{HhYw5Qubnctu*XM~MY+F;n)2}$M=8_SrD@&%jeg%k*XZ;ofZ$F-<3s1P3vR2nb; zlt6zy!6$WLufY=)bTy9Qysg=X=ed!Q9d7-HqY9V>K;)y`wuv9X<%{Q)a2RA2Ak#-= z>xoo8E)rF%y1E$)FPp9Eu31~W`I-`BDjy!421D~6yA4lV#WAx#<*$`0KRmnVrq$nC zpzoCGpuI31FvGwzi}dI4Z?dr3de2j(o=3Kl9Ji{6)@;Kb59p2DeMg^a9_e^(Ol`~T zRd6(rrEqIp_8Xid3uqQReXu;XNNLsUussx<8t_0{7I3003D1b1Hl`Gg0n(FAU8otE0B;0&aNjMOV}gB_!I5o(*I!(1_0_06$z^(3PAdN`CErcpqHFXkgma zJ9Do0y2tCYNgZ|Sua9u94?VSa2YPV>uj(ZNx7cjy$1*pq^C>bCsa+ji%Yoyw(h!39 z0lDvxawH=2WNvHJ?FaJ>4edBL?gSdzxD@dFdlfecJos$~@6fryoKIYXH|WUCH$h}; z0NO%G-X8tlTE^eh#UHQ30pNvPW7s}5x1jD~9Y?eQBYw((+%Rw2UlPhIT3QSm;F0nq z0P#qou3+fK#$zLl%21LuB{iCrj8FV#iyL!wiXh#^am>1b^$pigcN7|wo0~W6tLbB$DhTR+2dRtmMR&$+GVhsVHg00m%d zZrwWkM0YkY1(0? zSz`K8E?b6Ooft#1JI1%g?w&EmSZx43$z7iCgIJ!OGB=fnGw8dLYXu*%CGkS0ai4|_ z$9|NL#Na7m2ZNu-l(1O8ilY|>2o>kv?N9mOgv1hggi`?DOZCwUI+sH(_A1Al)1wLa za>4G9w8f_LSkXeW=P1w6QkEsTc53YLB8v1*%>6n`GD86xR z*WsEmhCE~CcGq(1lNb5qZm75F42+~SNvV-B`_&O9`F;Fg%LCH|Hn1fo$Dw2`Yd+5o zF7OqyK5l0ek%80+RQb>;cy+@y*&ofaSbec4U34Ut^y33@W|zZFVblCcf>@>`;KIRZ zn#s2Ii%bKPnjhe6xd#~Aw1pLG>T-7`>8%hJj7JuzqH}5TYH~+&2S-s2+Orgs)dBA| zmrzh7w5I=)vYGi{il1-?b*v(Y!6+==z4#ND{Oo{`aR9Q}sFb{)dKmCHZF;H;ADGEas1a<^q!q5gs6l;UBVJNn^mg zu*rY!$O2LvLMReZqFd{+Z8FUdLtWk3%N&g;PLp*xS2B zwvo)f(JQQV?2B8O%1SF=mR^kQG!fi)c{Nq|99e!yVgGj7!z!qD4Ln2*>;THEtSf3c z1cQY``YT!3qPEI-^6+{qMO^CK9-i|zD;=*o0hG^Uw|s)d&oF&p-prJ%WURW!Kkw;t z6Cw{j`5@lAVhk|_o^F{g$FJ?(%xVp@^>Y$?^I{}1YmT6T7PF0~Pr0q8@PVKP5D9H);t5eV z%v7Wb66ZisiBG?(d-%9vdtK0!bD2P@1c&_R82tK*ZMg>gGQ3A2 z{tF&ksHvM8hU-UD~9TIqGP7KexA^M;P zCUFEuczn$m18QFmUYs_oF9IoG=~4@I167i=SSS3@Z3_pCH=rA$O#U;+i*V8oPlQtB z^oatupQE+~&btB|ggx6%R`KkOZ$^FkZgNyG4PU(SCyl(r@H2E#km@tPV}*#Ebkj_x zeZQQ`8Itk&2G4piOXq_0coGU7x5i!*zNPu=Dc|G2Gr!g^=7;%{`R5IOulWJrTIqxg zd-<|lxbG9GpZ@{;ocy3u~ zsNk^Qr$OF?vy03;OfWH)I}?qOd{bkt7QTpbAUW|SNA;|9E|ZG?Rx|iVB2ly!i*}ub zSrEqXCezimbtU!y3EJ~_wSggJ8-z$|T%$?-hf#rq+xod&=bVeab3k!~uh5#i%Pe=p z`}VMr;^>RnxtwIH-!r_GTl2d{?(DrCr(fzXn;s#JiATox&Cv4w>0Zd{UZ~;iJv^yO zrS<}I^Jv(KQ0C4l!WU$~Z`~}X*wmycR1>FSX*J8dgs2h5b%_BM;;tog;M~E+l(6O& zJt)N$YY(_79E4>9GUn>#9R_+3_M$t@T7*e1hOC8Y)#bqEAO zY0}1*Dsa}-@cM48)GzCz%G@#TI(?W!xM`M5ktP#Ty!#MWc~pX`q?{__vTrrzJHu+~ zSa;Ylm@nOC<2jo+F0z8Rf*uG1+sm5|kB?3=4vMvfpo(a&rvakjj=mP8I>5^dJaomon@80pw(Z?=LD=3dLC}0|! z**=3gg~B62kf3HVB?E_YN@awFx_Jeu&Ob-`%& z1~Tx8Ux=YSkT;8B%w$O>dXOEiHieW4!SdP4J^QoSM^ppF1on;gO%8nuWz~ga@@H{2 znnvu6wmE4u)t9b-{xMQV(W$A0*yLBn`OP7cC^YP>KMh;`e7ydsrt5~vS}uF^*1J^& z67M$gLO}bh$eBw-t#%S!52RBW9d3ClpFG@casE~b8}NKe!@tnUHDhea8~>= zt5*;zY8VtOSg-btdE?KSfHdYcxJHG;LA&#!NZ~fG>4v8PLI5f{9=MDoy#{j%JJngt z;y+8Rm$LU+FNQW-?vR!l9{PS@8S-*CgzX3(P$8Sy+Z|d$=_tCjbQEomS)BvbknAyoJ6ZxaL4HuWSZ67Wh8i&n<0u zx3!iC;NyE@S^+h4TMyMwS=dSGc*S0#4+m9Jkpu=3`3-&qRTTp8=V%97#18!2`O^8Q|IDzk5_rr?i6YocH%<{__L;6OC zt|kjSqak*&@Y4xX>X2o7)ja%#DW4CbIVK#52>~e)L%CE>15FLjv~b;BOXcfP+1v;7 z*UWSrn4@uxrLhx%vFrJ5?8SgMq)SyV=vz3gbY+(Mifz@orj{~~p2eK;K3USuR29Fg z9cH$3jb$`jgF<$ft>AD0^1;%qX;UrB>47PGeLH{;>C~p`!o26U$0B-^DE5WjfYtu? z6RP}%k+2-cQlcy@dNscB33YhglCsd!?q+d-lB$DKzjAjmrv`gQI_z97H+q30FFau~ zAwo<5UUhGxMQ~xKO6}Gn#K?|BPSuMG17pusiNrmMkHcLrFf**LXp#KG2g*~{md%Ih^EF@jPI#9M=!exePtu%<}BwbgcI*JcApy$GKV~ zw+xQVg)>_HSx3F`hm||CXw$14h4?;=2wDN3XV=-+g_^{rdO?A~}@)3^aQ*t&DGU%5&$;t=yyZ#i~B-gm=07Y9E7HmQca>yi` z7)85neRl)h40WS!1f{^oI};aC78TN`T~U%0dXs~;IgTK_F$3bw^H{N3;C;K%S?=kR zZ>=q0%S^7KvjEf;k8PuowX+Y^TA;Jfn}5bk$0}0W-4c;QlPuliXJ;mO=dWnu=`E>m zN`H?{X<1*CyjQ3TGKax+4l!hjiXd`7?kx$$5|NQ@YglohUareAxZ+H#?=C$W)I^{A zDfPjlxSnGVE7m!R)-)1oU(IsyHW$UF1P^jT?=DS>lm3cFQKRJP&^@un+9}&YAv!pn zM89^g)t);vysKg!?I(EPD4ZJTH4cTp`ZpHx|5#iWKqz(;8aV8 zkrI4UTd%uFwpMvy$>8|CmkcNVh#QloMx)1;wluj(2&aTE?3EGBj0v@vH6};|G<9zI zo#Nn6##h*+>0%xCTzLF7CUhKENdboH>Fzy`F5vpxwl)!jzBTahJ8p6fmi} z%u1!r^KCd9+|e5-yf7coM|feLZi2Rlnn9&quPBXW4$Y492gRz%)`wBq+LDy1Cs4t+ zfOLA}+&WQa#U*I?ESx0}iqYKc&9TD_VQcq0GEf*lJ8yMunMGd3#+;?zS0qvU=E(4+ zm6XE}5%d)T*n>$GN8eOqIvj@g80X$l79}XgLqk4lOzm#d!{dt@XffTB<8~uJ?5MDH zW6Q-r-lp4^LKQ6be15^gpN_-p=+a0#7JOU?GzIS#8`CIHl86V zOM8q;om8C!nohnd%mQ=_1+iN?p3oa` zwsT=1x*^uQdB7x!poe9#Eo=GW!9g9tNeGLMz*5dCq|b*{(Ox_YV#A|_=K74YUC~f# z5hoYQaH{P1ky85$n}TY%)$)~8DHL^ss2)ZL2dWKFwn;{3;pUQD&@l@ci;%*x4Z7uu z`G-<$_ef|t8V$e|!d=}-s`yj^9UGMo=O^rYUjT-3jXCpn+m++8_*bSL>*A?60ynUl z$Us&!xj)V`DY0#_>la%UB?+v6KqE9HR6y9eu|tx7vlR>p|no^ z1C!?mWnZ}S|2ybUAo&^?*)zch;i&K0*lFeFO##Sk|lbhVn;xMVL@ zKc%+_R6<{KQA+zktuUjrk?Yqw**{#3(>kIsy=W|brgJ)Q6!ew{-dzZ7RcGAjc6D|R z;0herlCis6tcI3_0w#~h545WYDk?C!Ld4J(qiv-thb&aA%g?0>dsJT_-EXN)uXb^N z+a-2AIp#0CCdCG6f&W(fu_OU+&DXoG$I3QC&(+Wp@e-aC$CEQ;L(l~l zu!K#D{uRw}B`l^I{LOlE)twKa5R;xR#tyJ8ZOkn0-C6nHGS(|`>%hmuklUUq@ti?6 z3krXXpyruELA%qrrlZWHA8}(Yl^I9(HgAq&$=W4;ybPtUm`9DP1jz}4;r0n*6s{tt zyilu&GWK!ckd$N(Av6F#BEck$GI?s^`D(wMXo%<2 zOBD+mxvXGBrwv?hR8t&*>R3D|dRK0Cb+{FwM=`X_LlIyNq-VK*!g_ex@!cS4R2X)7 zW)>cDw{duPux>Ri)1?kwZqcGuM`1Wpxm#R`cSYL(uLN^+K$b+Bc}YTH^Tq;>9$4fH zg^w{t+{}EM-KHIpE0quqr|y`pwGIgK)Km_VsdmlGe%@P)z-I4JW48o%6CXYP&BF2a ziE5^9i!gM4BT+mF9fypG(lAB~GztkR<|m;b&n4CpgPf`&@sA=9d?kGO%_?P;{=o^g zNf0Mm-dGQwyHS#e)oKf3d==UHxxwTV)aI3rSE)%g@6#ba(r1PZH4<6QP}>$3rei=5f=*evUb5l*f{~+y(garCt6AF9V-oXz4Ijtl$@Q zCC;`dzq7jyh}=5&v5GYfp4rrdXdE{DuIBU)&-Mb2plhcEBmQAE>uZsUUS3U%YYlqD z<_vc|5qNtuqq87g_ZKnRc8K(VMtZoStX3jmxge{aEJl^MjLWr}MgTdacX~fceXGCj z_XVAerFaryIA!dg98y-9G0mSm4aA>u9*n4yub6m5uYEY@^<@aE+HDNciC5t%htttk z&E?cxwOw9rftW^85pvoBu9uSGeP8omzcIhs+a;6t@xLyaNW$p8Gym7bKbil)>(`q9 z?UG4r2mnCdYs=*i+rxm`uNPQR7OA}h<_0s#>#1y&#KnT!px)`n?X=N^udJDq`4X8; z3<5s;v90bn$T@DeXc!L39OUD;ZIE0M+UT0JglI`EhujcAXJTQL*C(E>t@qaWgP?#9 z=RW~Ko~$}+<))RiPURh(lAc?2&7GIW=Rcv`U3a0!o>Q3Y)x6|BG^A-PtSK6|^1GWz zOBQE`^{$&7UJGs(obANzj?5VG=LLiN?vEM?zQkOrc_+Af#-E6pT+;C(bz6rhI)dO@ z9s& znm^|M2{u?^sYCNH9aILa@Y(se0`1v037WKzj$l2N=EJb@oro%UGni07RL|FT+sLra z@*xh@2ch*wFv#mj&b$Nib*4-T;4Ue|Fdo2K97f*iuS}Lv&fsG>I3-ioQ;!^d1;@xPcHTOxLj`$OTY=GiNR!><` z_~;SxSKxYnv!yh@irL4Y0|SXT(!2uL9AU?=N@}7WyWrz&(NFK8hH&@S3n+l^q4wV{ zpd97Nz;#;uzJQXe0Q$Gb`}N+X7&`qKut#~n0~Ut%Kacl+%}pu1D7AE)lEvb%8ieDL zZPr8nsR1#607ma8MZ)dGn>)FCV6MA`%ol|YDMG|MX?!{_A&RI{iV{%z71{^s-JnEe zPyo}n9s=*<-?;;z0i*v5ivPc$9Q}qOzWxssS}piXg_|Ksefyj|Oy6oMm)LNVCQA>Y z`Rho@b;joMXQsL#)7qh-+oE+vu*NF*k$2T~Z>s-tnFr|q^5rp}3|zzS&cPWd5 zpa4*BiT^(SZ2;gi%-44*Uw8jB;27_>0Vh?z3;-Nk=qtw?!K>3VR<3Ez8A=WtfgR4- z$5Sz9sV>JaRU7Erqg+D+$h;NMgUArOn!SkZgIRk? zwN|!eL7^&Kr4!mQ!OlHDcBlIV_G&w7W{EzIO1E5GF(D=Qcoc1(5h_(SqjwGTyKVM0 zo=12(5o^LSzer0kJJFgy(W}1(dAJ;mTAlg~X=ugK-B?v#L+Nm=`6v8+rTpkIE|PLU zE(WJPn~=1X%?GWH7!Ju7++z8@gCRb>19mgvu&Vo}dUipoc9YNLE~G%xvh}?vb`6B) ziS9^An^^$!>pm48?VElX1~Y0si4t19T+-1>Kro>Fh`BxwUFDb}ESn&p$f+~&@R2kM z(+zM6mLikI)*W^rSj~?B+5+3FwPyMwIBf2do5-+zUJUw}$Xpvo5Bd5QnVEIoJPMCX zeFjM)xaIagFD=!a(LdwK1h5Kr<Q80GkpZ9yne?Y!tgf{}YO$FQ4UN~gR&7cdxRjT0ONtR=Y^Oj2Ke6s4EX;Fu#=m&ocVI~LwV2%y)7b&O@XFp*6ldOiZ+oR5qsE4=4{?A~HKVXynp#tgkR+NHS z$?8p6y6n51_tY@DfKPkHa9%XO7EeR=ZpUhq3E;zbt?>n`spfOcBG#5=YN&?x@6d|kzyXrp zQt*Ae`R5O4Kq1&*{}tNuZ)kqhzn}qW>j3YQ4@o;t7OhrwvD8RrqjFfP69)ebHNF%x zMsI~C%v1uw)p{kcZyaCQuT~juNaf4Isc^?_i`dhHyj33@q7tVfWJjKt&T8s9|EkNg z1+Cl#mjKO6b}V8Ig$Gh-R$PL%-#OH%2Fa|C0C3$f<#v%j=X=_pa@ly=v!b%11J_+C zk0mzjZbhl)pY1x6(8R^0Mp~iDWkP3GFpgIUWOj%%xt$4d_ZbR+nSDFF?FXY83bY%*>#7+SkuXdGy_lQOUwb9Mxf8Rch3l_E+31E>?u}g zt5(xA$N7ao60iA;;`6mqianjKiCF`?yW}%)rFCMtYp1bJ9J8}}YD_($F>&pyZk+YgeS-S(^J zF$}SC3b`Y$b)O=SCTsN)@d=^)QwTG%RXQ9OPPB(Aa<~fT8#6&Q$t0Xrh5Kd|rz_b5 zWtlxuPl2l2FMKLxkF~;S+LboD{*d(A4^6oY!~XV`3=B~^`KdKeAkLQ)&v9D8=d~Nt zq4GguPoLK<)5_mN)i(aG2@U?=LRF9Ncc}jVgboP{7-09LJni=!vy z{9Q%`$3H9JI}5&A<432frIEhUL=(anJV`}rbt)Oty?t8lHN-dD!504VWE-{#y-z_=^{Ca_j)Z5c z#NFxUSz!Y(Qt!SM8Tu;}$o~pu=$Ao%KoM>TusX3c)u!gq%4D9AjE$LbiRBq9h260E za7QvFJ29SCb0o%x3@lWOKhk`AZ@}|JTV@Dm6TVeCtNH^gEHl$Dse`=f)q)1ON@} zkAIPZ`X=S&AA@KiR;r%{qmY=+c#~b67O-m5q8(&j3}7{|!d~JoMFFwyL?Z%k_sOdq zs2iFgXRG?&4cMQC22gvO=lAiyxKXaBJBPb$`cG5@8?<6o-YI!XVdYWU-S ztjw)?iCH@T5eUVsor1inhytOdK{MoD!yNV+Re6Ze$(HfifJa``Cn4Qj0h^IeanI@S3>foTaY0`h2Ca>SqWHR?xUs?PzAoO1by!E60$AG{$7r%Fm#C5I!Ir#Bu z&Buw#FcBkfO*`F0nXja~#nU=qmtCJB!uQ=*O7qYFMIZpb#=oZpBn8IuU6mf^zf=YM zRu%b{sBfx3tmL^UKp(u^A&5MM^q!glso%aZGkFLj8#EvFb9I46(jK=5_T@MxQRnO` zSI$>W5@s^BPDORSZ(ZTs!>JY>`7<{bw_Ai$BE1%v?zlhgThz%==wXk|z*cvZxv3if zvJXmLY0FfIaGPwsZkliJ_kZn1&Qd0CSUcDq3-( zI*FLj9yg{;Eft@Q2*QzjXB71WNEe|~xU#}fC^tx~gjpI&wbl!8rc9jMg^?qvpEN`pi%8@&N4$`K$y(!6?@# zIxiS<4_b3+$A$fe2_Xy}XW+RLq<=hh$5tf<==w^>7&kS5OB)h11adO&zzSLw_Yzax zpUU#03>)*~gxHoORtMa+i#-XcE;_};fkQgrRB=q?N%Z-8^qrar82-o7wR@*!8 z{0(Vz?WKQ2RvR;*cd?CghOVui)z*wc{)-mnQNtEZWy(_90gkjsTV3YlM?Kdkc0q~Z zHH9&=q!I^ObGm32!cIhwoCu9FqtbraukMKg=-i7t6RyJGy))Y%fQXaUhN@ayP@0l^ z7x6_bggBksXga0a{j?qz+fo^%st&0(=yo+h?q&sHjD!iP%7Y6ZBK2MJr z;3CQ=&N`n?(G8VzYps7NAP@$Zt$4eje~E zp`AIereWJ#idRNM(6i`hqu>Se&Q2Tk!b;pVbe3x>TdJ1`|@4ePt1jjLg01AJM02U(@=MlajnIxh> z#Ww;A*PSYJVbI6jtq zOczss?47#4yiwQtzS;ZuH+8-3omu^2N!LHA>+0=h(LXFn{7=hD0NVb5U4*nelf9uF zY+GbpfQ)Me2@U#-0){XOiiJ-xIepVVLqQZ^+t>=$u#nSfbj03OTfeFP3(dp+Uo?Ns z@ISXU&fcW_r6gMaGT>iLM6Vfs8=xlqADX{h`yQJ3Xkg+j+1Ze)l{EY%r~RkbdVzbz zvXC2mljE<3s|D-O08MXu1MlPCz5*(Nv3XbZmHba%U90?7HOT)<6_DrWD|lh$@wOmP zXy+jiMo|^Ksj*U$tWJo+f=uF@4^T|7e8=aSRaRQ~Rc(62QcYzGk-;EJ5xsIU9&!lE zar@}Z-n)5gT)dkQQ~Xlhj`Po%XPfGT&U(UMW^4+a7mW6@lw3?aK2cR7Z*+FPz&$m~ zjg*Ko+7tv`k=CU`GHRq=VqgY7$F-gDPdk-)%rg<;^H?W=pcS)wP6)bzGuRZ0-amAx z01YOAF9S{9F%8Hh;3NZLc$2g84$_ixX(P&@SV11ToR`_z))d>1cZStpW2pPHwKM-n z!HyR(Rtlo!d^#!_peqrC`H7er@RKMYX5_Uq$H_CmG&7oiG3XIlo5bRBE+UL+s__pK~Hg|qG)Yo4q^zqbJkl<+bms?SKRvXK1cNsO+RJtgS1(RNXW%V>Lb3r{#D z3iuQ2qL^4qb_*y8riT^=y~q#z z!z&ZX4BLbgO!|T)I@k}vX!&x1g`+*y zA_qRgmm7{Qz*FNW#}m&*^A>0ACuKFB!OQA}(#Rf`oUj9qMLBek8qqO^b)vTJ;-9y5 z8z3^?@=1J66z{oL@)pXAZ(;mC{#Pgu!`S``Wr#mR`F8ntC_LYxH7?Cblp}|qK&=b-y7aWlk;Gz?oqtbA(z!S2Fj~>ypfa#o>Gz;VMLYVKG=A{* z%&}o@(?If`7-gHPDsT)mXbSNba-dMzz(#LL`<+2z#t9hQetWz5kG`9Yh@(=4JkKeo zrvJ2PD(^cEmTm8D#BxG-Bk^1w<63F^KThPHw; zLtKWj0w5=Ig8MMmHDF(cB*9>d*Cbm{Z9!dr^`Ap6qR&B&iMvgVeA1lv{pdVVYdzL4X=bzPmM2ZfqTN$GRLG)rEYBgfp7j)Dc z$UPUuVP`*tQ=Kgso&;p&(LRLT8dcg)f)ROu#bz`}alA(A%|nEFkpPOs6P(=iz+Gqj{+bAQlk&Ds|26)dFaYK-cE8Gu(Vq$P@b>%cKXr02@t-ooql@BVai4Lr zBjIb9K&=X%GE)^waQSR+#IXnxKL>3RxFyZHpm0N<*1MZGop7)f1Sh4yXo*F9IdTew z;(r2(`)&{}@W;QE>~FuIIQ$Dr?{6qR!~Z~`WwnjKo4MX%TqwcN6TL) zN0iYh(X`J~-}-XqQ){Cq?Ey3TqmUs;zNBXB$56MaArz@$H0lF<6gmDl*#;yn%TexB z7D%A#+a=0p(l+Ggh7E+_a_gt)alMAL3;$ zCwII#-+i*jSbw{#s%KZPJy*|eoi%h_rm|y|y%E7TCh~h8)sFELG9T=V)}LIdqA! z-`HSsZP3V}x6iUT-l2YdgZh`3PUl}x|CL*Pd`t8GXB2)m{u9AB1_r|4Z3YI9>eb7rFPcPh`t`?G*tWRwhB30fYI!-#F^RjjwXcb)at^lqqeI%6a6+~aOU>F}#NAx)ZV!r?N_1>Nb_HRb?^;g$=|LXel@2+LB{?j#|Das~) zx2QCmSybsm;%R*^r1ZIor$;D}o_Ybx9yf-aHe{0FX_XnXr-M|tL^)Ibp+>8D1hthCMfB58YVTLyaiY6{k=4JSkMwYUJhPG2wh`B2FWI zXz#lD0{TvfRPe7;$n}@D{QuH6j|$xoR2Ji=@4MeWQwU^s>QmKy6gXhK*jIlPXho%O z9W(S<1l|=;g390TP)+tz-j!0tj(p`C-}z;V5UL7#btO7#ZyFYA%pFQ}jYg!=rJ3H%RKxQTzl zz;4N!i3Cm}j%f~B`=@EsKml{j(Y61Nw`2&^am`?}^V=?oXMssj4I&wa>?mL;L5$@7|hrz&GE1_@J_5Qrs*PmhF zj)(r2Rxs|;|NC8-?t>&&W=tOWz;kTLSG=whRfP(x{DKe~o6=98l6NccU09_OW=wZ> zT?jmCQ$rNVgoHQ%I(EC}?F;+_;P_%SXda#f8Raa%A1KFa&xonRAP=wQCVAMtr@r3y#72dqXXI@D?OnCFH>m$l zg#HQD5)bo#LT&pmRJeas(>pl&7`E^G7~~WCI6ASh_Vv>2=8-jMcc7d>(BKRTeAJ+F zC6h5ig>SlE8@C*xqy~wK!ROk#x9sCNI|#SHuUEirQP{tIS@HNafI0sfz__;oY?DQ} zfukIK3&~%Kf3<$kUu{|b&$cjb;DA2-hZenN=Ot>Qweu08$;c`$1AT0ZlLNpx za&-bHu*ld2~XL8Y|OUKzc2Xe4jY{^9{x|7);~ zK+23?@ZP>%jr{h21<5}M{uwgvc-Vhw1><()zaD_}1u#E|=8AGGF+~4WgjJ4qx9?l* zN?T{#4!+^7C1p7W{Mm;DnV!#b;(YQf4>=COB>T;4ONz9Yv1 ziD~CzPz6Wt1chY&h~_`Fw}kWlrMnMSBiMq;c2qBOTZeCmtZV4(Dn`CaK#` zSB;+UgfxQxs9?Qhxpk-i}>iy?MHYAKXJOanPqFHcJf3UR=6yU z(mS+-H)wy+8u$Ow`c?kT)KY$HeNg-d!GBLVyuY-9ag*}jDQAN%1t+S$GJ0o?hUiel z40%==0Rd2#D69+1#D7X4eEv06`NR0exztA~rjXqNDQyZ~Zyx+CIB=l10|Za0O0EhL zbdK-8^RcxDRZ=8Lb^ppym6ZJPU+qt5t$6tV6IxlB@f*Q+XxjhLKB}wcfRyo=z0Qlj z$Cyxs@{?&_F=a563hyh6!H|_!0)da-JnaXDJvP-jUlw_)q-#)ljiSfcLQi-QO8Eqc z2v|`tgM^@s71ED`SZCaPJFTV>#buq|eE?J1cRpx~2sW2qT!Tk&k|s387wtg)B-cgc zBbEUp8k$`f^ge*0-$t7r*L){d9rH1!USjjVl ze~;U05HRM|#hA1SW*7MKVV)l>cX27!P1cZ@XjP7c4$IT)4t}!lUHVo0NqNB?Hv3L+4In z$dGj!eT6dWhgz(;XS{r|d68H;> z(!Zc2{-X5;h5Mgi;@j?Eb%LI(qhB42vg16&gD63Gi1Jl@RoI@ESoEm#;uU~%ARS`MY-Kt$rzbQqlTFFfrsj-ZZyc>Z2WIG~k&@K3oy zCZBfv@^LYw3633e>2?ml$_dUl8T3^+9;<$Z%mxD7-`@0y{trSX0EBOA6(LP=3bl-ZE5b>u{Tu{}&$^qCn4d#1p&Ik~i(5IJCH`fv< zJdWOi0J>*<{Iyjo0r?Lof3A&|aKXP+QTRiZHyCfKEX!itcgQULql&q&68k-xa$;ct zmj5Olu~`mX>;PHtpq3ZeKECm4OEwdtNOZhvLkY7;b{{`jk{Eq)X(MOcH}gb89kUj(1ISP*0j69rP{%0S z+vSWr&VUrUR+t+efLT`)$}xy9X^(~F%jpSy<1z?rR-YCG(cYo-yg~WPQt>uv|NlGw zjhD+z0E*vIp!~lhjsW$q+J^ojB=;{u#lH#VR{le1il55HxK{OoyUD4ppaPxb;{g?i zK;DpO890;M%80s<^ITV*V&H5?P3}!g{t*=nIOcwERjWar&!-2F4W+rmcS7d&aQ|(8Yj9FOGxBy{#`6Y=lALHp)|KTdcf3eT2t@Zfh!Y4bZsza%%V+VzN%fGw~KrXbVq z%Bn!9o8`OC<*tIJhl}e-8vl4{iIF|DNlPem+k*Z2f$mOCh-hW*-30+BX0kh+ z-97#zJ509UOPJMr$050v+RcR)uQ-Jhsu>s?$$Y)hj!eUKosC>9Kz`fpJV9&zV;^9w zJ{{pCyusPUEas>9GF@7B53Q_{0tO>%PnxQ1>hE)TdHib6&s4!RwI+~;4=RQDj7Ljf z!i8rp!s&T+H(n~j0_MGouhljs&}p;?J_unEIM>; zzJZy1Efq#;oe73=$^pIIvG+f<-#^yrSdwyk9+E&!CoT`Bj_()zGMJ>EJ{x8khq3lO zcB%vgWU|<=aValEM39zKBN?);!yQrvmUOB~x~E17Vmej6o^!0j(%CE@T1YGh+C4v9 zpCgNaXn-A(0&h)&%~nOGAR(Gs>{TiIZW>~Kvpg^;9GA}l;!Ni=$C|cUo>Ol;PmzcK zhHbd@kHec?>u=gh$bIF9a+L8b23hM)=_^XI#(Z2Wp=9^wZ>J}Ee+UNRMn7K*o#Ui- zE0Ff)zB-y^M)P5;OfKSaU#(1J8>^+npBk7LJU(lg= zz;vpoZ>g+otRVM-Ly@mSPOjyY;OP!skF*UwvUwZYyC=?^$3en~i--tYFJGN4vfPHB zqqi?^mVq@8d?R6$3R9;^ytr~VM1tdUDW3PqWAt7Q=`Of(GhP*5^HRz8Nj{oVMn9FW zFB86f-*U?V2@5inTZ%$2QkYX#oN`Os*%4q`<6?zs_Y_?x*s`&wo<;%As@4}^a-_60 zYhcfPm#qm8@NwMZ6Ny`p}BdcTF>}Il$@0wogaI$cug|T!XZiDxc&E^A>@|t1* zFq6J}Ike6yDMpTdhJwF=USE?TOD(x-geyhbP!$t8fXMf8Q+KvhmVp1>QWzx+E`%aZ z7e62YF-WZ9W#i(ei~l-u(6tceAhJjK_4ANoKoNW;90lLQGGyU^ggCD(vWt>)df0+i zYkvs}tEH6%lOQf37Rf zsqI3g%U%qY!Y~Lcu=zsLLe;cGHq58`_Pt4^)V!AhZ{`CVQ8B2zttsQSxDvOBbH?H5 zEFMM>@O#URI(p;J&1ly;#He790xm(=i*;FgT1$m2=vd_s3wkOdj5W?>{gbtew8l42|}4R@S6b<4|T^`bR@ zd+n*%g85b{UbmokbHqr523L*(Z-H&J{gm`IM9a@rv*etBi;xSXd2nX!89HvBmXyez zcJWHrjgii&ykKipfj)^5x?3C!%qf6{(Ej@|wyNEgohs=o>lBmIx@VoC9^H2FZk*ac zO((!?QbC<58OB+-QyKY`1RZY4DZuMX66bZoGjaS9wcR>a^ekhj4kkXC-mL_RYKH@? zAkx^!C>;+Qa-RlI+R5`52y`jjfnx`xCUaS80_ks(bJ4TJ88Z&<+07jH=)_fr$-&>a zp>(QaakRSFLy8Ge8me@gv{Nu_s&hGyv&L5YRx-|w&Ks^F%kTl^Ttde&rhS5gs2n_UqtB2B za`5G}yNtJ+N)Vw}QcM>J4adv6f-$yM0$p+o$}EA|hzFk*;!P1SjU`xvWqQ&;g)IZuP&jzv z@?Ph<%u0od(FVMG2>8B7jJ9uT@>6AB*X84QN@=ggAG8|CL`przpl%OG4OT-A+KW2c z&>~QElf86yfE&vT$quK65i@+&q3>;K#c!GC3RI$GwZG9#gT^MngFS0^*fUYqvC z7y^JDZM?6Z@P$Ac3<*ZT>7X$=h1i#1Yp>%;Om(gyO2JG8AX7{KLN*;@X{gvmsRJ_- z$^$gZ6z1JUShDpvRb_*Sl5S0}-xAYL{7mTbSJEl%3qg1@ToZBox zpZI(yDJQMJcs!ACuAYn|RL=U)u)r?7-=29PUaSp#Xj|6qq6K|fFmPYuL zlp6gf#3~cealo#P%z^vW-ixnG7rfr7-5gN*ys0V32BU}%MtD|L-l~dMB_QV#tRHpN zbydsC$Zdm$18x|q6486|bfhJ%c{xeS^o8AT{0_vvvC@#z$}7_V$$*{NDJ~q@&}N|6 zxt5WxCfVGry5I`0LXqR&hxUO-$AIEeE#N_wRQtu`7pM=*6y8zMBG@{tD>!}N(HSNC zg0XW@1u+&qsV4Iqqn8S z=7`*b@+0V8Z(7~3FKs5dK{2((7?#E>W*370}AE3 zZ2|jcuuv>ACxR~#B&Q~eO-W%KLnEjHaBNB=4-BqVBXhn_ZT)t&z*qGKV7q%=zJS3} z+%o&!2qw|Cz;OeE2?5p%ZTn2>d^6))Z27$E(6Ou418f0c^TI2=tW`rdGL!-y3-L9Z z<=s~E5E(mhijFLOk)>_2+vkoW58*;>&)HPL_IYVio$I}eA3>iYuA_tzAbIwTmm%(D z1oU-}>N+U9ufJFX?Pi_8%6A7FnTh6)xXQ`1wXOEn%nmzf2i&F?ivr%paPBE&U&TH( z7v>~B@O?VVjmDi=v$>=yp9RefnK|s+n)=R!vfP4;qDonHEZ3KB{?R42#|}oC0<!Zk0ssaf|?Qo_6Qzx>_#BYrvm>YvUJ^R`j& zKkxhyo&W%!yd91zeT*p$r%`UuhnD3Ytygm4n8^UN$pgf`F%8oiO6m=s1U~r{eazHV zMClz04Ta4R)7%Eb*dd?t$z#Ud;7`5F2Pz*;Rq-pB|1gKpfCmOa}OH8W`GvO$w_tMn~4%uHg4!r2WI#xA@8M` zJOGqAnVLO}(r3R|d;%>stITg#99+Fv1abPBkpya9HJhIfI_5i{W+XBsVA|z&w$p{s zPaV0XZw)#Vp{`<#+V!Z7qkhtyLrH>}qZ-~9OpwqfR045>%jKe7!9jS>o(t-H0l$yc z>(dD%vPh)*0CS9Fu?$x7Y57r0S?B{a3@euf!Y6w=BSS#Cz3VH$L~Tw&7{`Y!*IO3K zBZ7|C^4E_k6Chu)fO3I8PiUvIq}SvSx9Eb9!lj9zGS5M+`@v6 z-ojYMpdmE5GkGpS(f_=-qSRkr;@!salcXVc$A|G`QS6H{pr$B_sexC4vT@+~Aq|NO z)P13<7o@f998?c^hPoi|gE;tAr^?On6zbzEZ|4QTh-vVOg^KGrG!_S(BNF<(TTJa4 zp%-^IJ)tYE)SM0)lDKJa7Wbe%9IL>g0Z?H*GhFNzIN01o`PB3XQ$cOY0EYtm3*O2aUn0rOE03NvbUB?w?4w>Y2{CP=h?&U<{o zsvUutavZ$FR%A={W50{X2I2xoJRZdUXm_NPY&+a!u2>lY-L=zL007!OVPnjRW+_WP zh(yK~=cnk^+5TaCwx*}EVm~(eo+jWXQGHj0!2g=x@^v?5u`4%l*?>xgEd59J6yYM3 zTAq3lpM0QYi&k9s1VH`x1Fv}!vS(h=4q^^a>!59o&2>VJk>f;QLMJS=*k|>J5mI}N zX5k5~(Yyl$MTp}S(4k-|`dWx(Gy!q@W}gL@Kn{{Axd5g5*mcBOcJ2C&ao(us$JOn( zS6694h>}fdm$SYUnacJbdLP%%qlwZGoC%QmvJhcXkUu=c(koebRq=BVZrUl7XQQfk z;aGkL>L{XVcPz6&GNTbFP6wJ+F%YaYJ)dJg7;`b!m+F04uT79)#t@#8krnl%^_SH@ zIc$TkMHejBAz4ntQ&eKhIv>z#W^o*=V1DXlNR=BR*BU2V4fFb%rHy$Lo}oDeT%20l6o>GqGkZvHbX%t=;nMetU?GTY#fhVuG$b#cW&kN+L!@`hus*vPm0(T zg=Pm|RaxEC&X4BZYol8U=XY9U>?vzCw9?xrtZ(pC)lVsXd0RX3t7<}>!o0XZY^a9p zV&_E@eeO-rVW#g#5oZjY>7{*~pIoU9C=f6_cpdt3V)&q+ZG0^S`|B|g#OT2R*9eS zm-K+3?r^mAs{Y)Q_cQ} zSml3?aQN(KZ5$gz7B! zOf8CtWks&8jYLzFYdoW#oz~Ckc5uw9?@+O!bu3$u$Rb?C>-RuX9&d%yCx2kP6M>mI z_Z|3K3YKhDHniPiuyjLNQf;k&i+_-}e)&hmG*nEZ+5o1$(mKcCGoxy249J^BE*ZS1Sh~GA&cGTsK=lf%l2kg|0@S=$_#Sp4te8y#=AbzeC zmp^nlSps8EH(*1kpmhgqQF=$?8>y^kO`)_XQLa{YQ%ih->s`#99(8lKG&2Nc7QyeVf<^QAuN1%L~Q@X-47cQ;b~ zw^WC^etGWayu_kA6bTU}OFhD4HU`;SIionNxY6iUbsEHzHkpRwGz^VcTy18}aY?f1 zxA7S@aeTxPC1|$hW*lbd%5RJC1RS1ms>EfYW0h;}Ca693gyX#&)nEkVfx5BD*T(G( z|L8uotheURs=I_-BWmAiXIX$L((t8d&3T$IlB5xChut4IfCLf3-tm_8H7}@docWbJ zh&(r*X@V*M!P%GqGnjch)gWr#fs59#{5qU8xSCDihMCm|r6l>hzB{l`=NZ-}RtT&x zW2}`^Z201(5)2%h!i})*q~!|k8-~5*Q6mI#5WacfK%KTF(_2Vx-&(y?xca>$%o~EN z#n+I~5ZtOVSJ(#Ls)TwD%DY$<6=3e6C-8RgAncaiS7DVi~Z0$WD03%=gOoI9)_ePQhi&DuZd*L(`sA`E|l(O%G&{|GU?PsK7x1v5sqOIGpL4%+#;Xz>YT(e#*DrZ`hU;@h+3GR~+2kMQxCZC;0A?pR6K*(ZNSK_*;E?s?#V zp(vj3V^s)83k+OnG0x;8u$8TX1bk|6;uo@1tmm_sBPg><9hYJROo^m%fPI> zou@nnI2rx0uz+Z_ie#Bn0Hg!kbBrPe-WhI*1AfvyMc^a#S1Ux#SlW#Meu!S3@6HeM zcju4#<^0QkIzM{*Z|Aq12LO;l(;>AuH`?D{!PG(Sbd~DX7|>HCYu;z4liWC*set_s z*AZpqB$SaN;kBTi9l5)kucTaU&sdmwT`lDNs0~C(FQz9kQ|bk@F7&9?s@}Oj*ej7k zGw4+`*ZO)yh#9$3ZGCOkGF*{tS_sFwN=AO7Pk#l~4M{Q&$~$$D<-9*EBB;lL_v8Q* z%=U1K%l#bUn|Y-g=dXBa5#<5+M06`wQ7CdiBII7BLnxWq60?NC!d`44$iE$JSDbrY#I!`F>Ec8l*O1~1Y8)GP z41NU;tmO$A+ZiPKjd==m|0qP4A65g!{TtM4>%pwQP%4l+@emBMTMld9swspYqSlw*($43tx%pJTrx2Mf)5|wszbg#1zkUX zDJ9U>nhorIiLyNy*Hj*5D93=1X3vGgu4W83{ru&~T_pnh7O4N$%xjFz)KeyHF(C9K z3vTO0L%$<-;s=EaCP>NUZ@%PoY3V zklIdYrcak!(wcE*kER$yqyd#Wm6DgJY-b*KUEBY3vkJK2GupU)j?hideN_!qmA zW{+ikhvM@<5L9@{mz%`hXFu9xVj`Sfm0g|ACDQ0l zv5o$WeMfraLtea;z*vuMO1KI>F~Ftf&Er^~Ef>G}BDq*^U&i9~Q!lY#?dS7}>gO=m z+}QFRuE5rg+A;fFl>0@O?p)kkby%1EQNzLkg?1Pnp0ldD^`77exzHdhF}%@1&%W7B zBtWvur%ItF1SVfFvXh7W0pvIUZ*gj!MPoORuzRQ7qZOEvPM%kyII~Yfg*An>l&Uo& zdeR}d9iDS1IJ=r)4i1RkI<^V-&sp_->-Vj-<2Oh9hM$K8S~YzZRvcmKBHhA}tgW$u zGNJ&7>E=|ADmQ;C2ZTtF)O4{B-XnoBNM3{8|Dk;t}wF1Yp}0@DkY#WCykMN=?yzwbzug!Xeq-%n-GtZDNse8 zG*ly-9`&Pp{w2-vrW-$U->fNezeg*O+w*1DLSLNh3g;V9|1E{Ms(9S%&mJ}|HGnyz zG5O@`@;JoPkcWhvWLrK<6RU193jSu+)%>aQfF@;y=#q0tgRs_1qr3BN>uca6StrQG zMo^wwlTlFs#PP6CH(HBU+hR_hdl6b1mcCeLs5HBJbjsA$pRWzstxG{;?3{g5x+J`F z-S>ymf`Nx8?XuDB3iF8D=D}`}n=~%dzgxL3a_mf+&8QphNm(HrkW!I--@!r(L>-`# zCKu0)O;TxeDI^FRYD%?Z&W;AP4tUl4=`^?29zNx%H+ER8X4nK8kI0Ew!MgpGe7f}s z*DT#@fJ05j-)h7LU!1SiugEM>D3pf*)}JTgE_kON@y3$X2Uoi}Po9J&E|)+#I-Vsl z^f78&@hNyP#pzJkZ*OF1w7}%VTB%HBh2skA-TA@)?)=feoPX(0=f`#U?fhfe0036n zt`q>8>6N0V&9QZw1@4}v5LICk^lbxtF398kO~##;2I4bc@tA~`2^ljhlE09n3B&E~ zfO2|pHMe(mT)_>-mB=pX5@f%^QC0@Y-U+kat|jMkk!aO_=k5V=IK;F$b$HA^85l0n zR#fBwR}p7`DM=pfm4s65h&j?}8Tyg02=k3ry}e?+hxqk#=fQWm3~2d-v`4;$KsArE ziDiFPe17b#obcY4j~$=f%`ch7^XiLW+)spBJVq@pH!^gye3=pY6zP+1)Jv1jrTBz# z2UVP25Cz&<@N!%yh08&O2>AkJFGFL4(m3)Vo|9NV1a#llIZz|qI6us*w00K@^HP?y zFMna$zidV55ZZRl=KJPxe|D!fkb~-zSDAqaGa5x8rgaW_bazuTA6qs*WLxgwrs$XT z;kNb*k%3vmTe0I50rpd;KVIp9W5VR1^_{0b%PWhot0#J) zJDojIb4F)axUiLW3|E1NBUZXEIRo5C$q5D)&S5?$p&g~!ORXXpNFy{W>L(C9i;R1@ z4ownvas(`&43kC8SDy&q!+q=S@K1i6I<`fV)aM&Ojp zFih1wo)nrCT?~0mN-->j4cL(0i5_Qx3Ua#GSm1!_$qOcD-h=h|#`kCADx3KuEFz@O zywT~nv$bfuz&NYL=gL5<6dq^U(TnPA-SX@^ycDo32?%NGa&cpDLLlz9JRkUI!A3FN zTgd=U1|C00URm&bQ2~$8SDMjVWBA;EAm=hdz2ZI8?&sPCKnbr$0;i7H{#CL)8c`rg zytKMd3Z+QvTD0r2z8h+TMb6PNkmz+ul5ewvL>#*ZwI0XCc9v(fPx333V~{_It3mAf zMMRf-VNsp%EF6aLigYc~0kU)a+L6A|go_3AR(V^m4HQQKg}P0UU_;vKIUSOOm0kHO z72m*k{>#2n`rMArfvUEv0a4L1^bo6wIgL5*@nD7Jv~_~Bv_%9Jm6C!3WS<_EZE$kvky#R`jaKHo{RJ=GPB z60tRLv)^ZDQi1|i-BBnRe1xK&`~Ld%SI? z<$-W2Gp(eTNOr&41Dm2|W{e|_HzaY1c2h=K$cT0fw|OYztMu;RcgUnNIk}l=E#58P zCsUARv&QLcbUdq zSGudVpqoxs;p}`oru9r1QIbC2f=tpi<#kTl^O2Cf3Gn%9tOk~+*H z(a_qTE?#rLDqo=f?))*ooPY68=O-rr?fjuiZ&x(k;lwPg5&^_-DsiGCQk;^7HhWED zoSJ|MTC1fe0wb75pWCLIovwb`24Spcu#iMWD%Wb>@Hy{{ew7AdE!y0nD?0pI-_>a* zC)@+I{4KYRTErZJHGBo^G%riasR`J*8deeu|0MNcH&~_H$?8P)I1kUk*zK#{(?S1B z;>8Nuql+)}A>-A$ij0+)?y1r^l?~TK@eZ>pgQ4^f=*ZUc`e3&}NjsQq$}zW64(63w zm#lL(#4?M06q*c&iL56@c=#>e-3*<&`#9N@YGlEgoABAe>dx7ds%!a783s!<;8rGk zdm$UE!9#e;(cnmK_kD^Cl)#Nd8K72LKkY0tMXzM+omb?wr?Ymq6A|9Vi%f$mZ#NTa z+_Jjr8b637`k>eXk%&M)pDMQ3lKF4s5lS`yhf;-xe8PksQ2Yde!;#f4a7;F@Jbfot z<$_}PE)o*%@#HXITsmM@=zS7ab{VOhmzEN6=Ld zvQJ6X%fOqn%Vb%vl_`J>%{+$dQ2@4CC~?V-)PquM&7Gm($pUN-PYAF=aX4oN-q~cK z*`sQz+3uz$tHU00ih`@Ih*|ICvduU2MM8s+1}EGqcb(H&yW}JrwSDSB!&A|NdhOHZ z;c2V>F^C_5*Q~QMrLD!62QI4{gRBc)I&CU&1wgfGnEX_e@Hzaf1l?sM{fr$^Y&DY$ zn{3Ror~-qXx)7Tt4-~X0t13|@K1cM!A*#ILV1Fkp6KK4?06~tgB3BNhd^{1QsPQnzghV34EjPVu^y?|XQVvfqR7TUE1{6U`tf#;lEvI%> zO4uDsz+&K(inLVAe^&U9RY5!zYG>+4FpmXbaA`ip_8`CPjeOhh$o=U!xJF^&Xn>uj zGjG_6poa~c>b##=m?P$#9~DW%8%MKkzs05b;72~N7ydX)pDT08+E7t@hgRYA;$>({ zXQ9kPK^g=uW!f>^TOoNOBAx{EWwQtibr>d{dkP;NyV_hFGs#}bNt$N!!S0I1!$}a? zwHOaHt&W^mhqOfJ*~!drZi)QSQ<`g?lwZ)7mIZNbzreB%8v0EjSf5TbN)K-lbp$|c(gi#@Bczrf7TNRlG@IZ_2mV`=W6Zr@MO$ za;!wu<8~xDl@=A@zI<3nd4gF~oJ0apR3^%8u|AvRHxHe4MTri2tZk;J1-dBFpfiHs zV4%K1f)`G-%39H>1KOxUK}UmIwaynDSI$Z(l7rZ@m}NO?F*JXF=ZE>b^T+;j{)IoC zpZsn2^?$zb8Y=(*bRBL%c|E{W@hiPTaTSSk2}BZ(KEcZ^v53K9OwM zTPaycFN+p03MLRvsv({|ER_PuC!dl|myMaqpe5MuR)i@c>BMI;E?fqs-z|2Tn>h$_ zCO=x8_78@9s*IJfMyOF$S{z2_^3=};H)GF(w_3}6)*w4ZURd@)zu#>l?vy^&jg2DQ z>$j=+saS)vVea0~WgX?O7bHwinQfkes%FV}_=!vwqw5=G@+0{V_R?xS+pHP5p1!1{ zpdn*Xgk;9uuiOaAQw8S>u#P=8Ga;f{bIj+ba88@5V<*KMs)l}tCCn1i} zLa!8NCggR_x!*4h@nBS;R~8j_&&-k)AuNdWho$4K4QHhR+bW8et0_qZUJi-8FmzZt zZGRMM03QPk3h^qWh%B+MEb`Vqvt{woq<}1knxzxKo`*-N8j8qxCjt!ZrvR0q6)SqO zm<%ab3ym&lFp$tGEIVN8;UQ~tiuAZ+%9;y$~;S!P|TMc;(G*6dLE;Pl#XSikaQBSqVZ2Grf!8!IHY8 zL*eG|a^(G4B1{DUsF?;SaDdYJX2PHG$8*4a0+5`E5)Gub_I7NnLl|p&}A%)}e2@oeckcOXKpX=puC1gIk3gZ|LUcGQsIH~TXh%DCL_JDxm~R>dEV z!FLNM1QKgCq9-$iVZw5#(R>RXEuXt5ul(kmjAj;NOHaNFK~#;^$2G6nPsHM=EmeL* zQ??#r8o3|VW8Ac@bdsRBx~Gtl`P7Ne(j;%a&x@0{1x=&Pk`#kX@a>4+z1p(}G{lIb zUZl={@Yb#*dUn^ChnpA#Ri)Pxc_ugkv=cO(&~k-vr|+TUJ{a}LfF))10rFXoC?ffC z){9aE%Hamvi9U$l3KA0n#>d({pr(38VKE5) zskO1dEW(dCGMuWS)9@|KMO1_8zHuIUbF#wx2Ljq`$a$vIcT#HT5%CzEWO3^lZYD|O z-wVNv*bO@CF;n7xGFVz^jFzfOuZVfjgL0hXXvc)H0-Ea{-;O|5HlF8Mbj9Ac>q9r$ zj^gkbkvsDM+{_P7oj>i1j2)uvrSEBiILJ`N9Q(5k|3K(c4=ffcUph8ODx|VA>&3D> ziTwIWc0r|3BL{}z`*}0bN>XtcNx&KQQpej7zFSrxY#KChnA%W}9cv6dUGYs%3of0G zO_rVa74^unDk?@U@iRieg{U%HS`$MH+`X+=Hk}ca2M{`<01(}3! zw-YCy4ZSA#OhrIRubi4Kz%q&1JaChYqDlRRIPuLdeH(iX+x=z{(~AX@CgnCD*CAse z*Cu%LF@|8hkDIgZiGM=az~)6(*50E7lr_PAcNE1^WxUgdapz`1)Ww&W6AA$O7;=BB zEUU6-O=?Xp&3eL{dC+A=hjPjw9hnmt`q%}1RQW8k5e=3)sdPG9T?AJ7N%GdS%T$Y4 zzuFLLrw(YFPs!jb?}C$rnM9qDhNYrKa~`tPk7Sn;K+Ek_EarWpUUXac;CR;;LH{V7 z+e4pdFbV+gh~+aj=}0ZjVWXBhV(@q8hktW^jkmKN-=BZ)=LeC3i+gu|{XY+aF`ZofdpqyF3gE-EeRoi9r+ za`Q6qeTF+`^tG`Y;rOhke$e;QI)ks&ckoJ_I zq@*#U^!qKrpOF^pg0>1jZ%`2}f>jp=7i8XcOfdm20G-~(JvK+geRzGAbYEnCxSla# z*O;qgpOy2zfQujFb-g;#Dn}UM$f1un}{exgH{e!xQPtWT`pcHx1c+_ zBs?gal3!-WYc&?`w?W%42C*vFBzxD%<`?jbBRU4OQT&6P5qfhiYMNLH*&kM&@zC~~2Ir}j ztzKS_;_Q)I3EILGCwZ7&9d`yNYk>Bu3)ny#4E8NaIPyX8m%MgJ|DZ!NHu2pFra}3y_P|tlu9h)L9IJ>2Ly_Y+i{(#(;Ii) z0cY3b=yN=rRLam3^5rUv^~=M@`dw$0Xf|xMY{&?c2HY#f3!6d$g=MdOFF&-Zu?H2$e1qrhI^qoONlgh+&!5SXX8OiZpxrXKWEom<+5N z^7S?kC6A7C(Ce;My>P#-K4rP^9FznJ6&?wf_6b=Vfuki{1L#qf!O9cLm2PX2IGNiw z)@ZF1CxnUm3yS_oVbPPR_-1w5glgAKrl0UAf(K-E~l<;~WmJO#z_dD|j5i9;k zh;Zb@{sF=mND|Su#uLL`Fs26*MkW8Rg5XbYL;aTuy$|n0{qH+@Oa#hInAK$w_J91Y z(93*Zo8Ag=-=BX641g3|!h0*mMt}Y*VOIYgFo!Vzsn8?X2lRk3L=hVJ{F9*wPR?Dx znSw=5sXeKD8~~B#J4?>5)21L={tB4%{{-y$|DFVvxD5wz_y+dmj+`S@ihkn(F0D5d#haQ4vC>#O$CSx4O8wQJa;h!c3-Mp8q6U0my zw37#0OAlN?0Xw@R3u8u3^ljE`#jpHJz198r`{eF8_-i#~;;*s#^SCY(X3w{=x_vvz zrC@F3Kh*gqFiFFa`)_P&7~TqGWlxTH*ec}n_yiUi;^xkz-4FClEPpE0j}#6bbH`#s zLK|vffH=#+c)!$!dtxVkj18xFhoW)yS13uppa}gdY`T9#sr-Gu&1Trc*CBcyq#^@Q z3bO|TcbZhc@3X)+@oWT3(?|h_|6gC{8IIS|^>LjbdW+~nlqk`A?=1*|=)IR9y6By# z(QEYHqt|HB1wqshqL(N^@a|i3yytd2T-SW?W$yp_tu?b}ubI8ZTqj^`D9G}`A&l-* z_QiS#nqoP~hWEb%D&r+Ft+5w%A=dR9=Ju*-q)mlZlPIaO==ey{w4LsV0L3gNBU_(d%2Z zDZ+Y1VttEc%%=}6&f_PY+;jq#{i378CT6l`h(7>>R2TkKWJ|g&!o!HD|EEE6z?Z6| z*9Cjfg@c!7G7q;X>I*Km>B>1A5SISrSa=gi0#$%VQp89^Q58siBO8 znJe56i!DG>@#3NGD(I7V<=}uD4wj?EHEjdxjLdEUm3aUBf%>YGfw{|U+FQ+T`;Xb{ z9y;-CW-i}kf=V7^Ro#0pdSMeu9T!*+;n0d=siSMkW#U8*h!uVrF zU!0w)kdE!1mIF<5yO}wL>*<%W&K2bCeI!-7sD3A@i7Eo!qPbsdBFf>!AgMnWVehJu z_2f3GW|Y@b|0x?0pwH1l^&pJS_j_VaZu(U4vGvZ&U774j+zb3%x_LRrhH1VkaXRkj z&(ZJIVxuhK;20NRl8!xCoRP?|H!3j5kJ82t*MIFo7Sfx7Q%WZA03>a98TKxZBwcyL z|GyqFa|Jv?4(^fSTHqcgz(N0G%+TFxrt7tt^nZr0j)L-l!+5nx=aWO!6!Yz8-zq<# z`AzN)n+(J4Zv|2m<@K=d$!fF136WcmBArrWV_~jdsExnJK=M;vubU1LMj-zkk*FW~ z845)#KA#@0VT!HjFs-ZYH%38&0SVI(w-(53>=Af~20$vP{pX2WjFNn1HpDGvF90=4 znqU3;Bh_|}O&pi8$Q%coQ)^8=jZztwPyObKJk7>YbWt;3)i*kpp5z>rpv6ziWSiyVj@J4+K(VC= zSAua5PqfMNrYz@>H1e~ZI)Mor7WQe4E3rI~OUh-`Ol}a_q+G_>_^G>?gml)`P4rW1 z;k$Fep@z<>Wlr6${O`<|FiQrZkPHO^0#7ORPDyQ$w2ZhrZ$?SEqU?Kv@@HCHb5@{Y zhUsSWpTQ0R0qV=40j%IT_>x1Dh~YLf%~}63^Sb!xX+c!*O0J#!7AH4sEhXrqgx!FHvT-V&F`x(7f_WB#Yu=9feCz2g6Qn`8KsWPKD zp)PDO1~G%2DCF}Y0-T465bacm!e-BE&}!LNbBJM|J~_B}Dx{Y61SADE7EH>`r)}Dm zS>U%{06_zIrxYmvv6DRh_h~!LCP0fdO7t@G*|#TAZWE2>lPauhv)z>|9N$c!0_AZN z`GO9ZB~CiAr$70&_|#aQK-v#F4Fyhyq6W1?=cdYmq%3B^-L-spdMlOE5)(E&pxD9- z&@vj-i!d9)zuDe2DE-PH9&kUg;r(NfBk=jwRoNQ1`AgXq)v6Uo>>Y{i-Fa0E`k>F5 z>xBd(()ac5rCZdiu2ZTb5+Ep5aofG8DpX~5%tJYPA>L8{ep>+=B;}L`Ov+6v8CO)eZ&1+$s2l)pF2JbyOC=-W zqtSzmKFsQj>~}N?4Nd}2(a^X?TTI|~xuhN?ExrEsxsE)-zp;^b3r?Oab?Nm8%u^$n z3!)FUDpnHbk0!-IQo7W@q}-&!d@Gd$z|EP!+IirbiikGZ=)+2+!TSO+Mmt?*V-rhKjrBl>GPa$>pZ!ap zdPHih9D^)R_`oy&2k$R3r>K_Do}?r z@Sotvfdeb80&Y+k%KIyW9^5c!^&f-!`2QHBvvygoNo6LO<2S(;J^IXeO-a6pX4DO3 zN~fr{-uu0RzZLdmeSh&`#fbP)T~&JgD>93HUlPrguOabt_hE5<&(E(WclS^68=04W zn2+r=PYuVE)mYK+`p{Ur*t!GxY8_ z{Gh&uFJnFk%T{DZT{4YQIi#iZecQ}f+(_PtvHZj$D$Q2zsr_Sf!OY#x+WU`C^Ol|r zamc$Er5p3R5E{LbR&=X$C?)e=g%Rua-W#GTn~)f3z~Z4!i*a5IAq@#m5tSl75#4%z z(F;T9BFFdq*bse@s|sV85l(-Ker-BwsbV1;bMDkZy^$0RHYJ^r?-9HFzIzYJ>7<;RkDkMxSr%||OvfpOb-Ys#5r5tk)J?B-s|EL<{Cv|v}KK6KgKW(&(Jju5) zTEa9Q8h^A7T|L?loaVuCl}fV2M`$TLXKBO+6l^;ba|Y-SS7W>gqF<@c#?F_myrHg$ zzf^uF9ZbWpw1M6h;HHL*$kpMbBc?}Rj%)Fz`$g`wSy2Y(Q6&olZND8w$QuN?Bretk z`iQpSw-QqF5^AuF`)?qSy6wt>HV|p_`Cb^Dt0OX-gn1KL*%@Tonw#*r<|eqcY!pY248*4+#{_3*?k1N!i1qA$uI02uo=VvAo^Jm=Zy2fRU8qoz(p0Bq@Mg@c;H(ta>8$zZpejCNNr&4^3o<{YtXZ2D*EH$_c_ zMC*tLnov&oIp!;mkKh;j*NIvTI?TCr?K-|he)Ebdl>PcV9h=JvG_*;@fs_Q0_5`(? zLmSePi0!taZ9Q0G@@HuKqg)MbNPz-ODYes=kC4CZ#H7{0z)P7>{}e~r+=#->;uOgC z@qD+G&*!Xuu!d`h*!4XBUA*2aE`-Zrma|Yk4!oR2T-e5;kzEBvai1{%DK?cU4c`&= zr*3QK@m#OCwKR?>1Z`QK|LP>9vM3yUTz_CNm4h7*kx$bLZ*O2!#v?=Un2W2Kz+i$y zrE_A|MxM6W?a}gg)k;f6VuOv4FIhY-k@bqtWrT`E`d?jI#KFRTO;jw8#3gJ}LjGW6{ z47Su{ zqByFyIx+EL$+HgEd0{%V>dC6aeY7jQg8pLt`&lS7eJRKl(SR#n0&W1c|F}Yyi2XKK z*kb^ILWN({7uEGFu@>IcC=8^x@%FDghjtFa9n4xali7rTwtr&)B+KI z9`lEk_OscapWEeB_LFK=@rXJ|LL#x*SWbRqB+2`rLKZP+0(zc7ueUL?~-`)manIGSk+-Qyo~j&=Mj-7vhL%$UeJEb9G%40G2e z4Vk>PI6;!SI%Zienj!*W;iLLb;TA$nuQiZ-zRxO_!Pnztk_B1SHj2*&oRI4vtcNKy zRxhbP<`B02aY9%4ou?+0!)WV0vFPt=WF*lI#_&Fu-lyDwp>pc9IR@oAQ8nTFjX#(i zN!erV4?->1Wy<_ugM1N8CG^fLcRuwTzHH^b6jv~hI#)29{rrXdTMY;`y95e^G=Le@ z{)3vAh~qZYuQ;wz&;3D-CMe>0q}l_oi54$!UdeZF_G7a+L84sI%xp_JX6(BtMpHf@ zifhDQoE0VzEIV%t#T+R)s#RZ0DU5S!$Z@^BK;a zLOynUxz4HFGPsRL7IR-+~08Z3WPR-n;(CyH^$nt+6}!vW8uT z7S|RNSR7F;<^A&t3F?agxQ&Gta1p5e$4!JpoVU5jPWIYO!0RaJ{a|;t;-KE~8CRaM z87C0Xmd%Gsl4eB=#uf5y&oFZ+DC^VI!mMG|+y;{RgY+0RtW{IEMA|Bcf3BJw%QRvq z@Ar{)Nb8xpRs@zU?xgD`dljL@`wuGBv+0R4*&c_te&TQqAgQ+VMHx~Y! zmudAKtw2}8LPzuy^`l6Jm?$qK9;QzgBJ{S+zD_QLl}CR z7%}?xv25XZDw*qdn7N13dc$tg*~C5<$rd8aDcIPw?_ShS%!U)}H3U)CxTYUL*y)UK zv2}>dI7=E^TEipYs+@6Bs8AS0TE?*Tfzb5>=s?MSP`il^VwQ;OHgxvDKF6PV{W{@a zh@mRkQ*pU1b^1|%O{16$!V9}*SZB|&#GJVKVkm5Bx>jNa4P$IZaj1ZEhBHd(yaL1U z>9cl|7!Am7nZn;jV#^GrpV)h{+oC26(7osPs1_r(0vwU(-)>45AP;auaKw z&dX?7Z`&f%O*iwNZeCV`#}2@^&>9i3s_L(=YV|KG@Te#VTjTw_L(|Vp{f2PUvt}!d zXnKlSF-mcJfA_Va2zGFsz9mlB7m(>Ifa!NcVD?o6g5R_Tm`#goCkqr|+y;+8QK>sI za^H#(NR!{d*k^C6@Y53E!Y!8o8(pD@8_jj>)RBwvvC;!JoBoP0;xRii$x<~zjIcC9 z>~|L*KO^?FeJO<5)K#909)aPlkehx7@Bezq&~^X)@HUFSGd3}CY-7%X zvL13A3zrvD$^CWTI2e5|3d0NUtxr+7TI2$Xc|q_XjE#WlcVNu9!sz0TC>0-k<9@Ot^&xYuX$*=_*yO|ZUIg35=8I7v=D?P#y{B}*% z7LP@@-{};ux$Q8_4nOI}6yZ71uGPs?z-(PYA`|WKG&2cl9j3N93<@R*vkP|$ru*d^ zBR(BBbtpT|ryREL55NBM!8k8) zNM)X{*uZGaL3Buw{@Iu z1mRGR2QTayoRDHGs?fOJAMzbkqr6dCzhoZ|5oW1F+lHfXzZ!U~vUg(1yTao9Uo4Jn zK!*P}IF<@|lz-=%!IKQ`DEU`?k>Ao+1L%5c zZZ_qdP4t3j=@5}HOupq;t3T`m3K;F0iB=|x6N%~<8_SgLii+njK778(E`24UPl9$Y z-l;W;v`yWkET;u|UtIxA8o0;YiTH2zSOeg(3_#ld-$7s*@=|PVQ-8uMt}HhWKmRMM zD$NO*uV>MlR#J(y98?M+Q5#XFpn=}hRM;yR%L(#TXW|5D3^SY^3qq)tqW_Sp-b zThxMXh&0FSe*7;Rq$&q*F9hr`+vt=|5 z%nY-b5G6Elp=773vEQ$ryIU?`(r!{KyrM>WgBozzl#?N_MKe$hlw`TOHDg;G$K&3b zS3C#B_{AHXpPqB46dsW^N~rFKU5d=A26kT0iP>C6J9D;sjUFK~EV#KKeF`y+k1(<# zZ-$R#o|O|36O(aq?%R&QJkRjAU(yFrLjdZ8g#gbUQ2WpG$DK&jE3DyK#SBR$x3=ff7Jr1v8&SIebbW3k*qjB%hLe}9B;>zXPM_A)It)@o?LYvjm$ z9m(w|2w9(L2NTVn8}{bQv6e&Xv9OGnPU}4$7?8Am;3&zzq}`-ebVZE>oEnETK&>92 z<}^wFm)h|;^=i;^sOm1M&@SY|hE@2g1nCqjhq#z0`^F(h)%`yZHVn7eR3zUf%jV*w zE<>;GC~U~n(ux)Zq_^{7s?Qnt-1|!9n?LSdMK;RfJ+%gs_QM-Y+Ra!Kx|LczKrJ1R zHgrvG#MZ-H=ZS=zmDen0_lFdv6=d|2nWp)QaI_jewzRt4&P|(lyobYu549D{M+Do% ziJwj!jT*;##OpdG{NA@vX~0COABQ&LH=&(+E2`fb0FvhG3nuL*wc;yk#5bs=)8aa# z0@BD8{@z?6uM_{Xy<&uL)~i=RFcq3DIn(VEF41cN0#oc6GEHc0s0s5m&B`7!L|Aru z8fIG;&n-T8t4^jWg7A+N^dp}tmx*&@shd`X4f*Fq8R}l8e+5bN4o86~1YTG`?Pjb& zrVt6=M$H)&pmqpIbMfc9aww$DkJmOYVh*Gn+ePi{6r;AGJav^q%F9_i8k9s(-xd$@ zTB^K!^C=Fs>nZbBf7Ia3;7a!&S}X!(%5I9Q0j_&cVWojAJ3r@}3(m;NgQO;?ett!* zRQf9Np#|y_hGct~D&eCe!+R}4eppenxNDJhrt0XIsG}1jEz;OYamh_6Po*_|d?}zx zrJ<$~?#~V8-qRwiDO9$R(m=<_?k#Q~%Vn#UF7u8#U`#TBG)nsMQ8aQ(!~vo~^TEXc zJhu4*p$*-Vl%a#w;{&(qV4I`q*B12QGpNJFaHOljf^9g9gtDQ-Btm54pZbWN7d?2- zcMs+Jc$8YDlc|vPH{sH))&YO_`=T@kl)KTN?tLBjIDfp_x$2I(gNHJ`+PKv53f4xS z`2c&;!uy$l5sNFO!BcY4K18cEJJ)-Okp{)l_XWxDer6ySk^F)T3?=$JZD2tyslJlW zci=X*K8A2U6RbgRp*5psjd8xl_S`Hue?Tu!>I2Ai(R6nnXDPXgD*78ybx4cr;tQ&F zju!D}EDDfL1umj&&=G8}nja0Q6P$X`e;~2L<|aL&*xM|9$+XL7WJjK%%Bw%<>gCv7 zFMCvqzZ%iE2%VRZ%H@Mr)0eakNXgp!a|NdBpBW20z%5ZqucXj{OX1}DM~dZ>zfz3$ zpT>xmmPyZgIYMJpj0IQf>u%o{%~f59e%l65e`uYw`qsJ{CuY`Ju6Ie;WG^xL9SQXy znWE=Z?VC_qUvt)wzxc^^8beo#H*HOsO~L=t+aj1R z%EnE@j=*3IB&A&q^50T!QW3kAN-x0nBe1Jgcuj@V>Kw}h}ESPFao^QSY4 z_mr}8o-p(&pWjwVz%AxD^!Hj+^zKlFMLLNb5na+@Pdu(pgtGHgrKOR&a*zg?l$#M( zeno}$1{L6Nnkx!G#VE1tFO?tF_y?vg26HZPnFXqXLM5O0RNB#Yq0dIwvJbkSv93Fd z^4EW#EJ*T%9K+!|iPjEq9~yf4xW6(c%PA-&Q~nc3O7kw{zwiGBqXJb-Bz_weSCkSH zu6qC#qkun)c_>ew^G@%GHO{OyxBl)1!s63=@;~6RiQDJSSi4~b=o^SZ(Nd2LGl2?$W-2^(9 zFuj||@um&eyu9HMJoYzt@;b5kEWCA#-xN=%huGH74xLZZXyK@@Zs55UwDTpJ!c5Kj zPkosCswK_4vCqf!#^e{xM=3Qu%(}*o7nq~wZI~$A)%Wm+zhse05<;qec;%+zk+7=aWYM2kOn)C5_{h@>$)Wv~U_=@QyNpH+_ zpi?5vGJs1|egPAqKI#Gfcj41}X)nK3K3*!%M^AVL`zm?1!UjRM{DlCSkRXQH@}iwS z6-$lhj~&s@0qhveO);}Y3^(%RflBC{-%A7+Lc%J3X;X&~QT&`@Rj%toJVM<|iIz4n zI(uBpY_OC8^!W+{*JkBs~+ClFdJ?;AJE7MSl z5vQj}=IBM_))MQQbVTxcfr7p3RrwgMkl^z7wT()K#L#93x(+I)?y};>37(YcY)BaV zkDZq9*d^rkBP-C1_sH|_4`a+M*7hz7I@%Ii_3TwY)T#~-C3No+Db#lL7YT+;&g8!@ zSQk6&ORJliUQWM9@r3{Rp_!GXOu^dkbG@Mgnn2Dfj6hH*%k4qlm4}nKEtK7({|V*m zJX~@S?5r3T{<{EGhPp7+z>S`$k1))1Us)d21{uNI(zJ?irAM;Gt2UmF**^9{)Tu^z zv;RsU_Upnj@~#2OOp~<>YQ7uhE@z5WgAlh%>(tiaZyMGl4;^%^acfA7+8su_6_Ieb zlPUr`gz(kvg-^8oMNIb&weDAyXZDh+kvkFjt*qFj)B3FPy^ivKuHqI%lY;5jqhHfx zGF#fxHeR6e&8DqZ(^p33vrC2up`L*m->f3mk1=N9wa-G?!* zeq`pOVUYphv4vTJ+PD>KQ$PKNFXt^;n6in!r7O!MArQW`6T;2^EOWo?vW(l)LdVr( zoS46&0_qf2xYK;la%WzoWMK*x51R@1l$pIyoE+Oa;ZT&rkle3v@IG}cD{a&GP(Rvp z#~&5yok=tq`Q;XM%wDpqP_s3HhBP%851`h1wz#$D@F_%c^i&?y1fu8>M#GW%%3|zU zKw{I*R1eSTKPl&Io|)3_?R4*T_t<6Uzc4P;U|g$|2xHM)5;d9_aa8K3aNJEzDD0mC8>%(011-jBHg zBpl=|wgJSKni;TZo_v;TCMC~`rE8G(w)0p>Pii^x8frSabXB*ts%iPGCf?X-cp(bp zdezTQ7LyUzILaVe29xr>DI`;%{cs{cwu-))O{IJPnT%pdrwFxv{Wp!Y4=czSW^nWJ zv^5{^&30f+%K*ANl1ddIbjH@;k1;ObNV10nkUe=aRspOF zuKqxM5&VRNKmwNWpmuX94{=T;eVZFRnXcWC`sa~2Y?*M6wfBO{DtjE$V}Qj;xw|lD z3|~L4xOy~ghS8et-wJJ+q&sEF7D{xyLi()z5Ez!rP#KZaLC#g=Oji4|{qLXZFQ-@34H5Gb==B9gfcvlsj|X01P%Bh=i>*R$L)^iHZrlvk?mGm+Y)suWtF zx(FyI*LajVtCS$ZvE;N0{^WeS!@LQX>4yKE;H{EUyzii|+MWcfu)2J-L1Cq-I^Lx`GBKdD0F-G==V~A4qD<;hi3>y7DOaeXGEN zix$@l9?16#56=7uXF)@ z;hjkC#{P*8dDKw60X^h)8g;_B4jM@U;=R#vOS5;qAyRQ?pP6KRFRO!^a8R>;hhq*T zu-KHCVFmBWeH~!;CWdi-l1ZLBC*kh)bX-7#r$zPP$$KA%VSW&@9dK#jf$L5rcbj*; zAp!4df!-Id6C^%Q9{$FfcrB)MKr(o;Rn3~x@*>A%h$w4r6j+ST^AU^*M6iVTvwq3{ zYIxKcHOeN={)&uz(d}hFLV#7JcCQ5tRF?OCzsLaQ(bzExp92&~TFvh}seQPjhJC{W zTC}*{D!`Gg13RL>)Kq*iygxcsFDZ{kwh9=aBZ_-@bO#zruuFy?75i^|BBdEtdWTfJ zC#Yq~SXqm;esZ=?U#a=9MYC?70Io5{dso^0q<$_tJ4@#!-iVq$CM`%>!8w?;o7A4& zN=*fzRtZo`x~9gL@ES3n9QHhJ{KW86^xi}9HV2cr%_)p3JtT!XG51YsTs@7}9`Zz+ zMq5hf!afI_jnWgMLiKU0i-Pv;t!7=7441;!XXZWm(xcL*-^!vu(n>DDq=CN!xueux zQNy}HtrDPC2vAF_a{EgyWX^7T?jWOphDCC9C<|d7cZ?$s*`hl~T~)Y&aYP%YA7-Al z!NlYJ;V;=IA)KmwHctpm-|vOw&i3FuK`?s7yEwtOHbS=07Fx4s`5aOGJxH1h1k}HW z!A)xNw^A!CG2uo4sEJ)ud&Dx~^7JUt`ef`i3NyRRD{bz_n$R@#*%$}Pwj`Zl5I*x^ zc+TI$ux6Ylsp1lBGk9tkZTLzaebvM!7%yN)WbLjnDtZ5*L-=WYQf;^i2MI`;2NamJ zo7C#As9}Or<3^yx^??AWNhPNLLyd0V+*_NaQ|co$>XtF3gE5iv<5vg7Nv;BBWqu?@ z{I3|^w(Iw(QlgB|ZEN+$O)j8IlKt9y;?{zk$ckf78H@Q&+Bxs3;`?6}4;W0K@?}8M zSfIhA-K3^)8#NyYfEwsn@7^`F-ZY1zOO5$AmYioUWhF{AYj3ChUiS}JFDt)Q7v$=P zH3(jLQ#eQ-N{^=(o!o0`sXD#>s^r&Hac}p2A#_wCq9m@W_7=CN?2_}2H3rV_6_7Lv zSTJcfsnuUm!?-~WIOgl44CJH_Wt0C>7u!#H*8X z3Lt4rNKg=kz{z8Usr7jg>YS!qOa;zx!)^4h2VJzON(^l-n0s@_7AmG_$Xe~Js#`#}%E zg=Q@g&)Ck-Qy!~W){qbpZL=qm%AJEd)$;5!v--y@e4VlF(AJlb>8v2>S`Y7}+Hge` z{RY(vfa)iJswaNcKU70B@f5>oLw@p1>wNhpiZh6>ir&Hhy~+IgG_b?>0sDo@b+B2|#IDk3mxH)FB! ziW(X?H6D0cTwh{<8f{O)UurVg^k-)pW{#ACWS&Yx%HWi+o;s0tb}%*8}~zt4HGj+nmsX? zw42nFZlmT)3{cYmCYSwdY9ACTzB+9(C^T(l5bZK#N<;+29Q!V;cgPPzk4>eKPmZl{ zmk5`^Sm#4V3kbtHa+#Enm+EoGef=4#(tgMU%ubvd3?ph7W|Oe4U1g zQA02=MaW_O4a1Z!fm7u{B7oj9E2923%A7>7$J}Ay{e}-UG_Ycw@kf7L%H4#&cbN1A zK0*9Tv!u{zQG~oF2V;0eYP`^A(N-5UHT00)gU`P@$w1P>9z)%gcT~QWsy#q;1fc4E zop*F|L|A}lv*l{9tqNA7q88S6@pJVtn~2njewlQ6f1;^nG$7V>=pL)MZw|4xKH3-J z3l`Iu`oe(mhfdEol}E19%Skj~4hE;_j?#P;dnh+3jsO(v0E&?(9e-nwuf4+)`lx}h z$wQ|9+;iH4?#yHPk#_DFI4U*Rhw}z773RCtbS$ z1?Gq>#zLh8sO&YoX!We+a0%bar-s#>-MVLHU45{?Kzk{MnK~g)SB{J?etziN&(#>b zJd+Eu(XP>CL%|fJ43*qp?(||HX|{A=(r!{~xuSL-oEk4BEv_Gstv%wI8vRR+?F19z z_{#-SPQnW{V~qUA4&@%Djx7~+(qc+VE^V$trV* z+5Ww&x2zNzT#%F+(yDq<@JcLfp)Vq31|&_G9!%OzYA2hyMaz^PnyJW4h8%SC;1DLd%)LO5oA>W|p3Q*Gr63eT7bAPER ztBA)4LA};{EZ3gFA$|yZs+KThCN0(Ej5jz!LZ>xPk6D0wO1vnR(MXAwv*kF?V7l@> zBmEitRCe2hih7iJuqzxJ2PO)FLM@}@PfK0_kTgoxJ4dAIt<>}ZYQq3EkLwZXcd|-_ zJ{qnipEt+1^+l^zsUs~fx*%(JOHWc^SfM3gc&MR(w|IK|tLFlG_gJ!0iW}#jS}&W6@^>M4 zB6|7+W@r1TfTXc;fJwUjZgbD}JD(14~$(-5T zs;n8$SNC7oAZh$uU=9S2ElZU4D{A=Q)c7a>YUcno*~!K~)CAhHpa}DE$a)kU?34Kn znb%Y_+}2*xqwdR1S)4hMc>ZD-ZdOOCKmWZRNY2G`DfQV(>zBcfIjNLdTm!G%FMEHG zlmQ_yDd3bWiPUeUbPiB5115*%>sUhLMk!|u$!>njRz-5@uM!S*NbDLs0O7{Iin%+3 zli*D8OR*ZM^#o02uTuam)%|tH+5^hNr;wW*Q926tnGbV8Ql!P8Ah?0_8K?nENiZsq zbSNDlDMo5HsF=~>`U`BKjPn zBHb2?aV%Q?#W9NVDgK(^=qDp4f^OXg2Gq*(###U!7MRb z-_^F6Gbl`7(gx);e&>au|3!jlSCAM1lcuE@VE(vH^gYrzAKi8ioqN`y8*dj?foZgi zG&&Wt(uTZaQbi}1Mv3f!K-zs+%!j{0DDhRH?%GOtd7D@Lfg`>A)yzo3)=S@ZLI95Ch13}W{;=$iu*}0 zYgZcxM^_c&lAic*lEAYzy@wU=sL|t5TO$0f&`(FB8Opq)BLkNxMm{^NJe$4QjxSZUFGv-pNYA zyoZ8s1EOC1SzRNiQ)$!O^Dy>k@7SZ77^+K$kR$^zqNyrGM<@+MSj`yssWDSC1 zA7tTBGrR9=I0q9U^gXP0w&y}?@Bp9& zoJ%~3bbIu79@l-%&$|O$A%*U`|L_upt$$(Ew)?$0;h^P#Dov!C*u*kIe>CZ5h-@7C z4zW&YqMXCL>42ENgk}Ete%zyb)72m;3;JMEz$sZ0Y28XG1E2)TFaH1O0F(~*?%33F zh6g&?g{pnOxVzrgPn`+U?nEx22rUwsn{)V9$9TN3FWP8VR*!9w#bKM)pPujL+t4kI zmHS*;@)0DZni~ef97qR%+J904nnc>SN?G|w%JtX$W~izIxykTSn>FpPGXxfT-xY@R z44j`CPv>_z=sT^A|BOM5#dd;TNn2}NEQ?0FqJYQ;bJtcw_mxA`!NXVpNM!~-1d_?P z?P-AGt3Qw#l`j$hUAPIHs4S7rZDs^Myf$O|k8??Wv;9tad5~IMbcO(B<6J67FQ`xa zu3BX5(kzY8{mC=|=%++A5bruRqkHR530(aY`f1@m$7aa15brX+=gRmS&(AC41%c0L e_S;kcZG8CMef3`TrFsiUL3u2o@ Date: Sun, 15 Feb 2015 23:10:05 -0800 Subject: [PATCH 026/121] Delete RDP-004.pcap --- testing/btest/Traces/rdp/RDP-004.pcap | Bin 142910 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 testing/btest/Traces/rdp/RDP-004.pcap diff --git a/testing/btest/Traces/rdp/RDP-004.pcap b/testing/btest/Traces/rdp/RDP-004.pcap deleted file mode 100644 index a26dd5637f82d2d4ad3d74b79c84814644c6ea53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 142910 zcmbTe1ymf{wguX_yF+ky4esu4A-E^F1cJM}2X_hX?!gHVT!Xt?fS|wOyxjMadw$0F zzX!W1s;lRkYwcNUR##Os^`$x+6aWtR^>}&$06>6$bn6pK*u6yr2m_a&2LO)|^41Ul zk;3~C01XfW0N4h21ObAOq;jPg-pH`)*lZAl2z(03P!Z1?dxJhbH4p&+py1$#AYfpi zARyqNUx0|Jum3@NL43jb2lpSuJ6!<41M-6U8SNPrfe(U^Tkj+oh#KjQDhQA@ct(V% z1tJ1|A?5%P*?|$C$A5988VG*j2>%DiNFZv6BJ$Je2oC`8%nOzi05AapJdgiE(HIDM zMj=`HR}}20Q*J{501NKj(_-PXC1->mT&efb`md zmHjq?{SV6F-%$)+P+0yI1swqRx&;9A0!!rq3jG%)PUt*mghTtEjEE5Uk|?mNpX>Up zL|v=jmH3PZxBh<+|ICi<&iF-%r2mH(5$@S32N1R9S&67Gi2tj^XGC=%;{Ur6C(@od zV&DA1u?C3B`K-h^iGMOx-Gu&&5+~AMPzL@L1*k-T&HpDQJ{RbjI#dtL-;`+bGD&!U z6oV63jP++FTHpVsL{Oj-e*s7I!2s5QdVd~&?pGjF6ARDTU?KjI%{s6qGC<%1hoEO* zkW$c7Z!Z&HkSuWEP7eZnJTc*bf{=iMfP#VmfUV_!o`Dk$T=o1CaLs>yUN!&)CwhMA z73lLep!ZlWzyEk6xG#tR00MyS4gm3C2d01w0O+F}6!;s9lU0zd*l4^RaDmIsKwU@?GYym7F2uSsL{Mpn%T<%PtrBt=_hm>TJC~zYcu^-8-lU`3POY zeL=*4{Sr94Ot>%84YZM$+5G1j4DfUVoK)bn5&qA#(V#oQf`B|vo1BrTwGT81Jp9YF zJ#z+wM+O{#fddY~j=+w=PQXCn4*}2Z64+W=Y_>XCQ%>*FXSq%J6%=EZRO01v=I8D}fTT zfs=1W7LO}6Ba&CYJs~@}F)Xu0jFfFFu~g!P(_!1Shrq?VyP(6A4P3E0|8%T+hI@WM z10(_B%^)}lt~-T?kl?EtSxRal=rD8mKdpbz)w`}d38yDCOWpOoMTdW<5a2gaJRb`? z&8GtX>09xcZn|N8zd0NH_VgJ%VC$V1Iirw!!B5ow^*;yKJM@)j2d#MyW za9Y5D1%5%aDS`#?1JR$ypSw1IX%hPd(eV$&lwXLjoDpO2ni#(z=dxO?|+ zt@f-Cm}oh0{{SZg`VLUCNI;6fx&tBq0ZmSZ{~OJeXPQ{Yf6y!k(yRy4jE1=Ujpo5K z&1r9hztMdELKF9oO4b8uHY;L3+%V|=PV)fl1vJYS;cqnOUuahRL9-c1vlmD+9AfD= znupIcZH*ECM$_VjCe9x;dx13jfHV*36n>|92=)TXW%{?n-YLu%n)ZLt>;uxA0@4hD z`0^Xgqdp)_GoTRuGU=8tG_n7nIR&IS0i?M~BltVbBd`}xCZNp<1C{hV{%Z$hn^JnA z$?*rx2_Vf4Ak6@XlHX_^Khq>w{wqzZ7n)dq(A)shTn5sdqGJA?<}ug{=;g{^X@)-2 z#C-gN<}#4xIgq9gMBHyQPo8NSw1WJtn$|BgG5?@>4y3scq&YxA@;l8Fuouu?K2ShB zu#nH=zp5EHwemt!;}4qqxM$}eK$;#7F)yIH!2Qw~xLY3BDuMt_K@tcRW}c?jFo3K1 zLC;Vh@GhbJV{?N#sq~0RmBF#S!1Oh56fy^1bfzPhzZs*wM%1Vv0q}i*9UX zKL-1bT|=uEugRoCDKGmOTm8IYRi`{P1Rg5gXUWn(^atJDz*j%awZJ%7!Ec^1oAT&0 z+7^wCX>ZG?)IVtwi4bg#R9E?8XbP*1SeevWIz)C1-d&yS8+*+@Da{O*4Pv_|UuBT$ zjLk<~iNH&{5B^Ny@5#EQON1bD%yY6ub5mPvJ7n2mK9nLAw_a6e%J}|$u=0~)=>7Vt zPhqH6TLq1g`3-rlp zj6bG`W93$QxC%~Ays`A8);|R(3%yH5W!hG(_<%NcDTvaEx5gPdKD*(S>E;H&h0vQ1 zZ0lvY;|?)X0IR>IRxszG1ns5k?n;5BTkeU2HCA*E@Rq~;c1U(5U-zO~Zm_>OoXv}B z$$nSuIY<)4s}4ovyNej$f&DW|0zVi)A2@5zJ-xG1&wi#0C58ah13ix>a{Gy>)JJpPOaQhaCk z9IqTU^3_Ca~c@fNZs$wwfdLRKE9!(`%>cE_1@-m zfgRG&_MI;)rO3|wCJQ%9-(z?}-z%Z7uJ9M6#Q8{WL9blY?W4P=aMLq4$VXO|;55Ku zxm*r?go1ty1~QO)|Cna~xZ#8+28P#PRAA1jvq!D+Q?bIY`pqI`2)gtsBB+3J(UOjG z1^K>Lyo9}4mPV+_#j1ErpiYc60-OSNf&^W}+yWvSc8GYChX%grLnTc?mkguFIAN}i zm49@GLAds1!=T$PNiVv0A}fNJ=2%E}ZWRzs>z>qV>sZuIu3lQ2MI`y3pF7Uoq8n6=fw4xL8G z$7+d2Zu|rZQx(`d0h=EP7jt>nAEIn9=v!UJZcb$xF|||*6W<91h9VIR(O8Jcjq$_( z6yHs%12D;W>YxzqDJj{}4MM}2>u%AuMjcxi7=zqgK8 z9k^!~Wxx-osNs44sIO}W44?>XY|rD*1_UZRP56w0{`Ox{u%A$quAbEZiu<1i&tvAkY00e#h~7jqQ^Jzh=Bo@R7YYCX)HA!35sj(ROsZ6g>+4_57p+_IC`_Mv%**X&ei^ zgHG#6m7>ok5Za*O>YoCcVlIT$;bYlLkw&b+`eVs_XlV^N+jlQervuy zr6>rz0IyF17YDbTzUHNE~bwG;_e29W+tO72cGyD^Y zx!gl!$Ogwpqz~T_Qf^mdF#}Vr`&Tw5UrTtYYCXY{a?XXR(F5tOxi z_oalNfoz6@57*&;?-WwQ~>36oGa$Q%ZR92c)ft&mAOSP8ZZ7_8@e9k;pPEpDJ&&?P<4>YFI zc||49D&^P%1DFCO@jU+27eI5G=tZTXzw3)&{zaugeenT5X9Ew8nf{|M5-K1}Ie~B% z9u)@cBHvKetVlDAnP(bI(#8SGnImqKz~pn(IbhWHz%8H0e?`@vCVq)3@OxB3m|sx= zUN2GE{u7k~8VHkEymsFpap_87vwkp!C5-IP7vT?54qeZ!d?&r_Fyt&|_#9bo|F4lr zULy1V5t;8-!{b*0=Wc{eCG7NGtR>eJ8#{co;T+rD#GGgal<&Mp4H2b7Tw@ z@V`}>^d+*;ACc{TMYh8Kv(nEw5Ae?F=T<$ru?Cna==&@HdPDfq2U|-Y)sztk$fKU4 z_ELfaNFV?&5PFUZ5%Hf&2Y5mQhv7E)nV@tCkVgQYGzu1Y69WNrFPKvVdnx_O4p4E@()wqZQ(N8_FQKLdHdPhYDj+ znm_E&XA`0x^WAED96oFM{Ra%*lnGTxIp9LhC0>sWY-X=J=mUP>Dc&03ljj zu3l)>qLMt@VXeSq0=i!0C;t2;Qe!j4Eb8*Nr=ONIklrYnQT8zSUoVmm($w6|nt1g2 z%@U8u%1`gf@hnh}tGNhAPU^jQ;9Y0DDU_Yw=N>J*J?6b$r4P4cOW#oS(8xJf$R=Uo zLYC-a5fzL`Xd72GUCmY@a{#HtHM!$%%h^3HY^$Q1AxsOvm-R#HDWZe%$;R32-2*HO z`g@|#6Mt2Mr!Q&D%iNhbg^P2A-~!qCC|Wy2LNHl9st&`{W^KqL5A7@+aC=s43;rsE z1Odu8a9%{&=3~<=Et^6Uf>ewUZlL0%>s#mUVDJ4T7%PIA_;A>hM^wAFmO^b~k5$#*+9o3DJy{&Ab^;=d%DpKs}lL|>pdlya5=PrbZ9)PYrY`{R*5M8qN?pfkRTqYPh8 z7|a+!JO3d}qz{tH_F$1{Qy;I_LPFmqI0}0(JZI3>{;FyfY{P{TiCsKT=2Og2>q$pQ z=X(sO{>o6zDmp-g!5J*CH@)mgO6O(ck-B^+aFi?i>u z53wJ9;NnWWv4!2nUATbifzG5i+4<^@T4xECOiLacA!T+HZ{PkI#paZ;bO+O=yuf&_ z=r}$*l<1YlEdr^!h=@=dx)G0XtiVIN1d$QrH)Ls{mZo4T12IN)l09(Mer#P->{6%n zIeQq()v$s#tTGTYX#~?i)@k(~D4xlt1HynzdkfLdMr5VNLv{^1G8^cjry#M4@XOk8 z*A1_rj#O0F$q&LxUZ~oRC*kju?nqnQ9rNrvhC-IDuPIbOMG#?-T{Qa{-p!R`O|*L@m^^>%;k_&$<3ik`TIHzY#B;|?rUC~5+x*M; zvtt4Vr^%l?CdTOR9g{5LSDzNh0(MO5XxYrrC5r97{T1#$swVP>P_eLF{>7EhYxD4j zVxMAEq6-vGO}K-)&u_;;enLC3!eS1kG+NR_&ARnV8BiBX>hvfZH~RLx-cimBWZF&% z?!ntQd^`S~$`BUEa!&Nfty1)G!;7`+Rei_zEt&Rkxvg)RU*?+gH72;w@HKtkcgenU zS)evLq`*_%qP0)#&}R7zUDA}2WYPSH!NTqG^*K!{>c1KT#fvfc{+=c|!!Kjt!v0rd zFgIQd^!JV+#J3E@qct06sj7CzhYGftRrbff$d;?%)6!-Apx8sg=K$twb+Ap!l^&UJ z1lthtMvQas#$qVxyh*BfiBhFc_^vfy|D!?~vZp=x6P+l|+?OEbQS_6pdXZZjxFcxB z*&|xNJo!zZtCq>dp&eqOgV=et56&vp_|3gf47IKtL;-^xw|I5? ztAgNDhNCR?PG&qE*>!CCJYMv!&Lb2vTr;lZPB=~K=9wCXL4VUu4jWDJPH^-+CGqHv zg@7UfKE|$tI+Uc_vcvDNKXoQ|B)^-9QJeJ3LodKCtlDAQtw6k~)@1jR{rH(~S(Z<& zfrhEph}NS3p}%t3jrTZWX}``x1d%y^A(gg-Q3wZn8oVejpDeao^xiBuV5!}&#Mrqqb@n^8F*=Tzuy%C$l1DUlG47aNW|Fzs;MR}yDIg*kV}AP zaAR}v6-r_757E6smDP|sH7?DV9d1Zhuz-mK^gBZkK^8|t778;QW@`Jng*Bh^@F_P~ zPVhSpL{BP(iHmADaP-D`X6qV0Ww7MyM`R5&M$NA~fcHmF73itC_*y}81P_B?*sE?I z{UWjOv_}}SV2p>F!ccO?cFiV1F7|hk9-?UqOK0FZsWe6qXd+5H((MV_6R$NNdk$dd zQA=A~CyKsr1}II~a>RZ$eHZbmHCZ$z)Ty6Y~pl z=lCgIt-@FCcd0v+`&D8aGU7&nDT=8Tqun6HB6h0~SXDAwi^9*k3O}y=b>V|#%LBx% zK6ni+4oPqF4>VbFl|Qo1zl~@S^o2tq;Im#IW_E^ z*n{F79mDVwL5S&cB^$i(R zPtP559@sJeVhofo#_;v`j!A?2%NVSt007L!y3W&gF=wdN90l(>`Ddsz@r_0H@mJks z@C6o*S|LGhC^Jd;`;RixyJy-%j0U6C+G0{PY=g`wbQ%t<<8p5S~US5V}Lvc0B*<49Z1{;M{_nBIPnX;lfvzmw` zIu1WQ4sCR!aAo2nZ1pc^9NxWNiJBMdY8O|eBvea&PE(KOuf{<2VhrAYq}lSz7$#Z% z)fnnb?pKKJ#QfQr20!tjS`>bGht`akAne19@)X|1VDGKVE_8M}FGbJ%ahNo>8K1}c zX!&XqW$)Vjpn+33AFXSJ;_?PGC2N9nVu5CF3K0tm+iKEQRAGO|5}yx@ed5D*U65)Y zi3wX@N=b4hi5cSNH>?{=7pfP!^jgip->IBii7(2ygM;?gm>R ziimo;@UU1iC7)4?BLLpJzNYh1AENQ_{wQUGinxI(+@nL+i)mfF1{*{I^=gldE})T{ zFnDpVppN%sV(>#-fT7GcZJnq)scedfFEmGh7UR|h@Nay3Qp(c3>DJJz^V%m+6z&!k zq4TI$tuQP(q|wW4+i?a|Zgy%~Jyt{?oQ_jMsLC9TH<7;TthPodpuH^ zN&Cddxd=N1fflM z@UnEFj~Caz((*aWvJJl~$j-|X9tbKqe!XkmM;kUXL$_(sImnX6+B_S-?4tX)?l{O^ zT?Pv({{0qZf+^7wSAhJs$o{R+HnK)&R?}=$m-`H)4evF0F%dhcos4SejXjbf#k}9` zsT=mBW^4~^u=jXWg0n7nhkTCl8b;b1|Avb08B9P$PlMQ!S_TH%wjaCi?dYAeYygIS z_Cfkex1A~Y;_SYX>pO$R{f*D86r#wm)}Gz^oRheIf{uJ3W-WDqs?o^XvA*rEG1t{& z0@NJ_X`9LrTbK+452upYkGTCtDKf>^-MJjv9-rT!&{1KEZcFnP{y4RG> zbK34_^|@$&fvk*;SxYyiweexgOj-VPXry0{f zdP9H@p`P7Jh&q&qmw9DT++CK|5U)KJiog=wMr*H5y9UMeZ>*)H-B&;KCd`F>X(zF8 zR#PbO2y4mAZN+mJl5@ox+Fg=Y*)w!YB`x6=D5UQsXMUqCcN4CoY5v-ZXRvk(;E>OX zH@SMHO>c5fhN8Kw0V1-seB4BEz5hnO#d@?WF3vWHE4 zcWh{{v(giK|1YbAmeHXEm#;iNy=vO0b?(Jq_PL6DN7`V1eSN_npkeAaYE%i1k^+{05|7R^_%HRjj*~u@c2k-+14` zzMppK8;7{e@Qa2pS_Su+x^)p_7>yrnzN2_VY!x!g+Mw_o6c8peOk2N^#b3pbO!lPg zkk)_hm;lxF&6$ZhIh#TfNQQQeNH2^Xk7)m53lCJEVq)ggcQ3^ zT#Nmdr<=sU%{OpflpK=9vKV2iT6fs$J(j3%lf6q&OINv1c^Rk9-`so4z*`h$w#al) zCj;&#O59(kT5Vm*-!dEra`46vX9dmQ8^k>^A|&cbY5C5P1^?JF;OM*HA@Xm!%< ze?}pxiuX>;W^**NE{}5}+E0Vmu z;I*)SPH1a9{i`tyhG1gO$bwsH>cmWtFGmk33Ris(_!c%^K)6E>!6bzqKA}{0(-X@L zxO6;z8#B*@kEh0s_$k3TwX8Q7pvu^^lcIG^rC!*X&$y)_Ph)1=GJL79^b}*>Th=w- z7pN5#(>9DyI1~FIAD0SY+;k)u$V84kCwuS$J9{E*NkH)9$5l@j+fwFiFmoRn^<%k|>ZrZHJdbs=}u05a&^waBGFdVm5 ztncMnS8v3rF2uu3m(1^f#*Mb^I>*O~7!c0xPpjZkQ1fk89&1fKMU16sdyuG=N_m$) zZ6r*M%5x{7P<}Ng^eJ1#R$KCdoN*y|BMu@7dPI1hrdbQ!ZyAa^bzS~#QtdlzhNu(X z?N4|U?OQWccyk$uHh(_l_Y~nY41zd6ypL zuNBbs3HNx zg|K2Rl&R8^z0pJ?=B^Y4NO*)*?$Y{0^$ItZbxW^;DFWqGxCN9)$P_>sMtre!zc+F` zu66p`X|4Ap-BiSB-DZ)6Zep#RG|x=nwndGQr4G9U@y*fgB%sw(RC>oK)AGrmgc-7av{8Ru4OvO(Sz7MU zR?OOtWO>P~RQBPxu|fchlCjR{@h*7;x(&(>0F~mnX(PwHWfDi^xp?r|SrT(&tW+4m zqTe$%ah6WubMY{L$(i?EKCzzhgr7_w>d$phswxcQYsOs$iLK5R#AXk1>ZX9!M*W)h z!@Fse zQ@Hhh6ogR!cn#i}3GwFI6t$ISBI4DmyJk$dwTPt9W-7dH@*WtzS-ST8o-}jCWBZ(% z_xJ1jZEVMy!nv>kNC|D1DpM)hf5A=`qpjxX| z5W!98Qc%Z{=p{Z*wW#RmFFblqjar3GRH-~XDj2=Fs$H;iM-;#&Gha+MEOAEjX|6TZ zha(u&h2ngte&|FT;QzF+yLlZ2sZ$##z`pYFbcgXuo>^n+^aeM95~ofpsTXgr6jAoN ztl9p!QH9dztNtFL0EK*wcE+M(Rac&1z8>72P+HC5@OV4D;`=xGU-Tp?CK(Ggz{klP-??`P)P36>X(;XF#Hy-IAbucSlPjeZTYumam`UB$G+*Z~d7A=CF`g~W zg;5`MO}+nZIaxns)F{nZ#~UyR|8J4;`){W6AH;HjiSCdv+h@Ndd|?>P9f9k6K? zK#8@Rki5Cm0dIBIBzVBQJiosQCa|y)V^fZ{jT>-YX)N$?9L=yG26v3hG4s#cCJ9$q zP!7$FVZlh+k6?t)C4CIv6xqzjG+#5E0koni@5r$2PYm+ZQjWn{?hdG~`+1maVTwY& zW#LBK-DJs}q-E;opO@j7AlVx`f|k>& zk{le*D)MDom);6I1aBjmL#rsYjNBH!GtSCRqUBja0%&@@>(a3R;ABBj2=GlYpAQ&G zCfFNJpT2g#Pk@04>we4c8$9b_s^PN8J{D3UW4?rrr$9Ue;?G>L=Me)z7hV2RAeA0UZ4}Rz6j`q*M6n z`pJ&ckvV5JN;kP;W+bsSm;E?!yG;T2IVHDk&J^2-YMRgthZsLC-JC`pSL#FBzYjH; zWFS<-F#endNyW`_?&pC8k8bTPpYrGzLx`&#m6SJa$!JgdBJTVNZoP4Htx?n3T(XKZ zFnFS^X81|943zZA_6(qbx7sgQ&Sp*XjxKdbpN{K$B z*OuG;{9y3M`Zv3nBQbbVsqLnrFf1z~FLKo0C5|2l9ni9&K&^g?FrT%2vQ5HkRu~2v z2H&|?t@DPPdQ9|R3MT4WS%!9S8M6JoU&}LiPH?tbDSD;+l+0iae5j2Hs5S@Qo*_9i zL2+^SRHoBq^E!{UDdtP$LV8}huM#xapH4_Aw0sU{Lr4*;@Qd)-Os$rYOSmN%A|#bk7=Y} zC%QX9uMS2NrK0VH$)LgLWW>)+B6X)ffM7VA*|(UHSXl=YmQtUMQ^|uWvg+r3SC@Oh zXIqM^JB@{kiMD}Wo-R@MiT}d#Hk%%9y;m`e$J){7+BqVB&)Bt9QaEO|&bV0UN-Cg( zx41Pa>}x{{YdkHivW8Lm-uXo~Sexvp?rW~4U>cg0MC-3>ZK5CE&NvtKD=NF-rbqXM z$u;FNC+?aE5IdjRd?kfG$MSw~c94AwxO_s0GfqyqMN_kIhI9!x3(vN0oNqUw#4z8H zPiTv8BL3V!%(e|FE{QoP)76P~6PM^}yTW(QB^~4?MS;RMg3vr`dlqRZPa^on~rnD^i3uor`6W*#!9Q+Gz4d zfxMs*uTs?M!|O)$Fc|X9E$^S_)1L%s?4)I1^Z046_-*y2M#u5=^BM>do*LXNbH9N~ zI%j5dNZA!RmZ5inGV)<|G(is*9@(yWvLx{x-*Zu$IxiuNJ;RVA$5SVCAb<3dfkIZH zuK$LW&;5{*+pt#JeqJox#%<6CLJZ6M4MGa?^8uuo(oAGFRf3Vac_%`R)8Ko6Hm)M5 zYNWtufE{ZqecOZg{)UklLW#ajPV*g1V*IOPY~n{^SK-(mJ-eehJcJ}CNs_*r(VY9# zW(|Z-3*Nb_qnr=n-b^^=S`qmEOpc?v7`<>l+aYB3b7GIBS3=)ZMVOvWD`%3q_TpBv zw>C7qlN7R6awG6- z{v~yHKt5YLG%-U3xE^*;-){jD7vQUgc1rbKsn)J?vzh;*y=#?5k)ne zx2LbZEsOak{PJy9Q~y`5_eAP|S`tvKt_+`OoCOY_)=5>kF6PoD2>r;6RLd=-p`YqJ z142EQu8PJ^cu1W5Fbu6*vgr-MID8n!gNpkhr4Y&69G`f5R>WF;wsGL$uhEI99_{8 zL!Xul$-TLrRw#)MNPt-hNCH^Y1?RIThEPeZ=_uUoak>ecjK27B4xggLe!Eip`pIKz zv(i|~%U<{_yom{n3i4GTObTj>6s;)Xa^{b`*zq^ zVmJ;3eViqKh8kEN(IRh7#cMjgV||rr7W5I9zCsndHg3x?M5}F^CSiM#p&6DPE1{AH zQfSUz7)gahh;dltR3W7T9@(Pd-Pg0*NTMHeE}x~|WBKR8^N0GPJwfof8WnYg@c3cn zd8o|vzSX@uDzgr*%D#UMt>5GytP`AvbqeOq z{J467DIqItCz&~r!EI*A$&Py$0>cmd1E;IGB!xTH);Mw=uX3^md1pDUkoggV zs2KlxybD!KkvQd17qz)7i3wRq7(K|<*2T61nkN|I2Rws|#@TUgTKk1Hp0JUASe^b( zRT#e_DB2XV3)6P9;!5YY=tVMrOv3%xhGLad{b`tUuP7=V-!}qnm24{HF&2!IC1%=1QB83%yl}6Zk+HQBVp8WKXwg3VyE@Qiw z%0rh^gKBQU7?eoLsGB&>dmxIP{ccdVO^ z3_e3!HQ`~%$=|7#gSv6!Gm82waqM{1&qmTQvJ{ZwVU*Tnchb=y6t0U;Xl@pIJBD3N zyE4s3DmQZQW?9?Ltln&>M|%Jt4XsCcV>Q)%OSDi-sc&kATB8$+c@|XQ8RrA-W!j^n zPsO!n>$Ga*ATvB8%<&bKqna$j^;a0*wM;>ibQ7RHQe*c`O)apAdRyK@WkBj};84r< zeBAi~+FkS%S6fb!d9Yn15rYhw2oaoACR=^?uGit3a0`@)12m z*BoSMYw7qnd&mewdWM6AQz8FK#?;TT6{+BWE3jzQd$iyUUWCY@9 z@7r!Eox81>f2yBxGHJ+9(a4WR4+Ol?DoSSfvTZ^$!>hN?4&nLM>)PZg9SD@xug%<+)*Ee49xgt+HFp!&6h)M9OdzMCqOcxfuQ2Y08ZhD6u^WqW>+}eI z@QF@L(o6N02JQDT=&4Smml153k$k_f5j$8lt{0jbgc)Ks8^MEm*;kNm7(imDJz{o+ zPZxU$hkKiR=}LynIP9n?M8Y_Az0i><8;2@i{px*q_1F&vtn7gyG=e6p@yHv8n_%P` z@DG_|>|7}`PByiTl}ZV)beFrO*tk_Z$%NdiKDtgp?2hlP`_M;@hl%F0$^x?OQZ<`aCf2n~_7E{ML=P6kCnoJAxg?I@C}Aa&~bt{YOv1sJ?c5w*CF#oGsVN`WK`lI z&q`d9V|jGh{0ZSjUltn!(=C6Q_aHQ(GK0*3Aggw^j85+%(kg@5As-qWHx0V)dp&r~ z$aYp=zDWVj`j%`=^J>cGYxkhi%4UU~w5!N;aW;nB`^wTt(2hlcfp-}UTljJQJsaWPypm+c$n5VcdAdrE=>L=IC=0tc6;^yQzhCyMjZ|kEU|!k7Sj1 zCKEH-0jj}eaBEZY!y(SGJiN~C3ts&CyogV>VNh9#nB4^s^H{D$Bu0>ZRau8!k0Wbw zs{1v)p>st_`Me%k3DKi11H0RO(*=4=8-Y-0Sxlp`XM-U71cGCxO%$%m)SdW0spkPH zMcKr94{}0}QtqUy9d`&-5rQ02tMd6#5nBr!ecUjwH|n$ssBtrFpp1q4zmB3ulh(e~O=1x3(A;?u6Ia3%MbVOwo@ou_+kk5kd! z1)6zl+jks8@v8rPB85ko{p)O6_YTOZVrh)d{ko4o{J;@3!Uy+x$~2VOa{X_{m~1J0 zA+Ofnm|tt%l@wBhlE5}s+p)FZ&K*(0PraYz{EHf|q;IMuR))1VMDRID z9=_7&OxBibADAe+A=G?q)n3O$M0p$EW2|w3Wca3At`B)WGdnMylNwx8Oeo*@N$*;F zAqqoLrRbh$=Sj=(yg?YGBsT~?mjy1}HYOj862Eaefuy6x_sN1OZ2Sj(tt%sD3x*r| z$UsMhLvkm{*=<`e#pfu<;$kB%1P7JiWvKoyj;oBXjrR6sJ=DhUZr?$SVY77Eg71C0 z*Vui>Cm=#v9g@+1n|EIb2@-ttVa=`n+N#V9u0-WTp#1TYXeVGk@GD*T&v~&#O?4%+h@TI!X1>~bsTL~2D?$xt}v!C902z=`euWX5> zW8M-7!Ip!GK?pqI_x^5ECEGvT!OwuPK_%c$kz4PHP5z!_T~8k@A46a2LzTT*Ti5s% zS5pL{RhwocQfcbulvr7iFu8kGVN+>?^2K-U(Y1rKK1g1*eA|-W34?x&53yy=(m+%i zl|tDG`W%J##qEuy2Bv4qiPd?hug);z@)k+^s0SOiIe$ZtxISV>wiqEUb2l?kcDaVZ zfm1n6E#imhwp7W#>>4zmb7T<^Cn;XH*zAh$NtF!|OsqLWwVZ)XWw+BOz1;2=Px1f4 zIPAZP`5roMAd`R`CLpP9DJH&MAszfXmdJ5@hX$kj!n6oRP^|4w8`9w%vh~+tDP*7A zPOD; z{dV%spyCMU84n)5$A-00r;RGE-(l>G(k$aVt=rHui1D+vo|f%?5uYwW5QsXH4^xZlL6w|=>jpK`L6zw_^xBckE@@3T;GevY* z^#bbF*kx$LA`X(DO|g3FLBj@XouwTZbO2vqG@3UjX?u$}Pi_xL9(Hp$di(-kMXq-i5D6`Oa#b4rT6Vn3vAwyAdrGg(q-bg0$I& zZRDz+)BM2vS7Ts%F@`_B`!4&>H%5TpV_+!!S7V?a*6|*v?#vh`P>L8VIR64^ncnz4 z&h?#tL%v&^s^}ecpOT`(3W{;d2)xEp=Z2XK@sFQ=Z}V%UN~LDIc%iaX#6yb9dR|pu z>FKXM-Ye=ZbS*C+bc9Bh8aIN|pEhtyNrZ%?uV&$t7T*6L29q*|hL*s3{-CTjd`$O0aOU&FZetnRcoSWAuF>?;XheqC%)ArajqR+}&qZxEuh2q#(# zPEpp+Wj5z`eFu-`3t|Dj1&F5XD{pC2`~qbcR_mm(9cU|6H9Xf*F(DZfm!P~qOCODbHhpsL$XKdotL^7FRQQliwxhs~ zrSCS1mr+l!smOz9dRv}(MQADe%U21?K10*fjflDtW!Z?-2`R_7A`bz_ud|s_}Swl`x)LO zF6regAmu9uP^Nj5uPMawm_|p7YRuuI_4(qkN2#AgR?v~zXMWPz9dwxyg)FWoR((Y0 zJ-dP{?fRt3MJrcNoc;#80Fw24Q`eQ(w7E?695;v0Tap0Tie)}`I^yd_!G+I9+%R~V z;VE_c>F;>4b@^x=uhlvw(K)p?@l+y281M}%z*N1ihHG+Lm$Rwf)hCsha4OT2TZxTN zHjj!-s?aH>HMJ9av2KlmoAO5%S!*o&Tg3^5!%#0a2Xrk4AtpW;9VXX%%MLWScQmDk zlZ=tiS!^+kq)N!Im3H#b@e5UaV8^co-g04gm2V}wi|fx}@@ed3u|}IZ$pVKbx_$Nu zsU(D7;|_#H0Ax|cW;8t{Je`NRwur*rS9k?%l3vG_WMzgR14!8`zS_>xDQ=oV)QM2)4}h#V`8xU)fisC7(@H-#-RA)mocdC z007Ea_Kvtt9%{v7^GU&7(UbRD-Yfjf4yLZKI?TXMp5q2v&E~+yDv-!uynH&eXfA=@ zv2nHw6CQ4<{>V3_b>v8)RV^~#i-P8bh=(gdkY3pAj_X3U5>eQp2D@8ARTdF~E@yE6 zN%=IW{lWY8L0v2y0kq)0mPRJu3!xCHTTNik8nhN2fu?Q#UV~$DO-LeB*iV+lzj=`H zOu!UBcL(h`%_Lx&f4TU~{$dP&{Obs%#9yBnlnwsX7-pm;)2E&_erGmG8&>Zp_Jmz$0V}EY)lC3Cp9-1ozl(NP0@7G4DGIT-aS?o{2EIsq5SG50uTbN%v8N$_ba4+2^(d(w7hqd{B>!=Zzb&LZOMo{ z#atUSYBpA|t1irDdN!nX>Xa=HWhlSAiodS$l&0uScZ~Cu;&{dUpx3*>_w_P>`$>XJ z*=aRz$C6iw{5~kZ5`w*X_TDifGOD{)n4D}`u`jrpw5{^4--NEAigdHsBxM}EdHvM& z@z`@w+*u4Y&Jd-IMd^(7>vDg$j^>6Kv!XlPktNf?2{rD}e7(c4*E=YPPwtaR~+*-RzJcH^b6&8jX@)3={$aOWp%Rn5L;Yo zQX1bdUxv@*GB9kDWR5;uzQZkJuXqut!6XHK1{7r)5Dv}9UL_5N^UZJYma&~*?SaRT zT67|88AqmPEIapw+b~A_KYX2KSX@i6u5ot{9w4~81^3_(B)GdvkPw2qy9OsfaCdii zcXxNY13CMivy=VgNB@1RR!z@WH9ftmXr48L@r=7GT(7=)ii{h!Gm=K8k<;3|;X4?H z#n}~b;FvEy*ppDaGrLRs7$j@W0rr7=t&ONrxH|AIz;Gea^F7Q`yRVHdUjrvZH|4`= z_H%?)w@{0I2%~qHiCa_iCz`x@P0!|X!HygYO^5DYl{u||W}__Jk04!LQr#CzlUpIT zKGbDaqm$Ia6dB1Rjul*IRo897Znn9~;c%_V*rqd<(-|>loYY#9L4_xJ$u{h6ih@_Y zZ{+73{hng(Z-b;{`y-qWSc7H+M7Ans=^Pf{YBNlpt3Vxm6ugW_XF^+nJ8UtpD2!dW z#x@Ffp6UnfS^Y*oU;4;X!<+jBzkI@UbyXKy=_wTLe&qusF3`yHhpuQX_)6FtCgRz^ zQ1ct4A#IPS3Kic3YDV_cj3f5ZME+WN;Ul6P-@JhqQ2)4fAgV(vKJq7;V3Y16Kr)cYSif{e?lmTMh!uL$owjWseR@xge?MXB zhhR<#ol&{K0MlmLPpF^QRoQ35I)_#gd7RHiXUF2V*nOA2jK<6L5jN5J?v`mWs1E4B zH+^=pc@K$A2Tltuc+k50hDZTRY9rAwtC?(@lNb>**4_AKH^|fG3oAvV%tb#W7csXp zPkcX$#L#s?u4kO5XXO$}kWHZ+UtMR;TVm|~g+rPWJuQZ%_(8;K2_S}HH_FJX zeux{+GBHqF{X0r=VF4F7vM(W*x~REOVVZ~k?*LU%Y@OGBr?VC`@8s~*^r1-Od{tM3mDZlzJ zTmmS6NiXcL>Bair!BQsvC%t5x{%3lrNPMGZu6k8nzw6Q&WVOLw7-RL&epP!1Wl~oiHdU zjU}|{)5RAN?<4>->~9A4{B6Twe(4;_H4p=F{p>u@Q7Mm`Cd^Me;99%Ro3dnj{yC!-u!I7EvQ-E830$_Su`tlLF8Q2pH#)5Q+Tb0?ZF zED+TXgiX?e+(b@Y2X+Zxd~?N;8dh5WOjnp?gX9kZwO@*{7i5^xf$v}Uc@lxNYsFU^ zOy+ClxBAP$YC;mTVFzBJ*Ox?NhCJN)Z7m#4MScmhzR(Sru!4;ji78! z{1D#<``K;wqjE{^hMJeDx>B%x8}*y4B7=WL>euBk>cIg>AzMaOHtgH)scLJb1#g=^ ztyt=|MUSF0is&56_+-bb!gmSBPb!nu3^*yP#3N|&mHr3uU3&OIpXt-OvW zB4)uX9nCuYTdA_pWicj}y|}NT@NT4F2)r;?25A%c?YXy;Ud2gYopS}()LP&TwpA0b z7O#NU`~xIA@FVQ0Vr-=_b*6`RQf|&zvA_bEt!3Wv!W%;iuc=Tb%$a#WWO(TzOyzIl zZtkskG)Iuy)RJ+4#pFGA?I3V&-_JJ8N_>fD>k=05yWwpE{9w*aTu8hZ4+WYLW@f<~ zH;mBUS30^HL#jL|pMk0$=nwhm=_*+$Ty(1H@GvMkv()Akd4>c})o(h2EY1TK@8>2B z^S$qTlml!@ORO)8D8ybAKE9-LB;BRRh}n8lMibKb7^K-8^$RaG`#5 z0fk6APB;Xw`CtSly3jGXXTms5!0bnb9Z*=azWGywOj8MTFNw$_e7NbpPVTWY;a1Wq zxUKx!YAmF%!x|!Lf>&wf^r?Z$3D^J|9x^A;5Vq^_tLun*FhAiD>zYaDl4jyL9gXvo z#2feiy3Z`<7kdF5O*j)#7pxOL~@cnv*&0-(K zNcao?85w1*#~)gt0`FS<)N_<#Cb{N7hk<=*bKU((5c>MqvvGdawQ zV!n11`PDCp2nq@WR0>m6#={Q`Lv^6$l9_nu+ZB|k&SQ_l5WfMaj;h~_)x;sN|LrL9 zyH)jj`&X;`zgb;;ReOL{{@qurFC9gGStWh3`usf%UP_mp8%x{9ngoOseZ=!4lm&im zv}VZZ!7yI%u2lYuVJ{TQ zmH$Ke-GB0Xhu3U{|8M^16y;(X0kmjBLH|KkhR(=8GM z5Kv!6&e*XF?gQ}A`;ED9$+UY3M9b)ad35V#ga}5Bt^kX=cR$GT4Ht@wG+Yl`@Xf7; z1CY--V-py71|u^I^7v06L2&K^nc{!MG_y0tH6=(BijU5Q>qW|>sF^$u{mmrd?MQ7h?m zrW#bYM|!&ak9H*81J-wD$Tl@z9q4)b-%n;~Mfx;0gZ6h>f&)6A(islYVX$muD;<*% z+}vV1WWl#DOEWgN3daQ=eUSDXt~gzCYYAxna_D`nqm8H+3Bfa5 zLv}Pa;S`q6vde1n0Y4MHoFa0Mct;VwA6=Ce=&3JPi{wRSp-bZxYC$qnNhaUmvB!QH zKvAzG9CTQ#V#s!funRV(#L(~5-C(K?vg@=Hck`l?IbD=F)`r*0} zG`Ddz^Q&kp|HicR7h6gm-C6+xTZg2;b$SS+i?wX%#EP)|u4^HLZ2a4{Eu2c=vwpsb zILBayk0j&w5oIp#C_}mWdadiR!@sV*>x3?xb@?>T5aW0x9qwOdgKXc42qU7u%!Wj8 zH-B6W&g&8WDGXg(n7sb-)=ElWbSG^5zK# zuB*=ww5oc#>b}|D^M;50uz{bd0k3 zawpE4P*$#FT`(-&$oJ8UFxPYo+|(jv-ovSua7NNTEAqHi?z5lIhg z`!KrPCEqqBXzn+wBbuZmi)r|adX!X3EatmU@P~qCA zsJn8P&Dl04OAA`Al1AUL7g9xP3H-naf!o@j$V_Q7SwO^wip`+&9HK&V-hPUD-Sjzl z1@rD8Y_`Y9J!?IfDEfIvOWQovT#glf3ieS=YGTUO8&k2z8O zv6d_U0?PM$-KB7#tQX7JYk$@1*H-_?7XQ|2?R!Ap5C*iRJrDu(z{-Osbktt1n0lTO z;I)0+8fam|<+#Pae`mQPFya!7$Z6x^oX1hVp%^MvSz^-|-^<|5((MU{ zRMY@^ca&plBvl8D1!Xq1m+FkYzrik8bQFua&_^?sdrSy0Qn$IMpUTlVpzlnd{6vNqd|@#rSEsqHGIHBY38tP^V}kyyPw zw@Y?FJ6aJ~xw9k=%^137*yQA;@Ovp)8D92bVfgg-9h;)G_ue{MPiMAW2APp458QI= z#~Q764W-mkot4TKKZEVooMOuqEbD`)9;!!_3BW<|yM%_Csz3INX`K~+Za`1c1-hRj zTio*;^K*f z@Gq~0D1IqG#ASajBU|duX|zJYVLcEzU4Y{^T#Bv6B0}b@AT5#_s~4qBB2dnJ{{s?H z>8_9J(#FS(yD(4DOu(*_gtN(=mabdOfIdsl`pAq8mO;pwd30#Ip<*noGA*f6q*)wQ zU3tiX$=g6NpCYAJxq0Jg0c4;CZ`o%u;;pn^${9zsY`uR^uxT@=aaK`H^`4J*(7>@1VH1E;a4VB^R6vS-sK) z$;Hqt?}p?RzToL77~(oPJU%~?9<#zO7Ud-q)wSzwt0!!Ed%~(8-cWVQi%=dKt&`7$ z(ZYR|B4hGU#MaGae(sZP)bpakHlP>hMnH#KHG{xO?hA5=A{@e6tFgf1y2+mGN#GVM zGlLwLY*(DpJD8hF5$fi??E6e;6hepa5q}&x_U$s0Xk=#45Xx9tl38Ja(T{%TdV#)7 zkaxpSY~cvLcX>$rw)aRgmhUDDR~A-Iw1OwSPVGyt6Mo>j6(EMrc&$&p5B7@_<^PZY z(dw=BhMhl#`w5;8$jIsaNS;U8mbf*>08F0%Y?Fm6`r3OGn+a#}CsTw`%P7zrMZv5C zgXR%D%H_0{qf=h=_s~s#B)jI><3I7;yg~gAdj$=SKdsmQ;8$<3ZH>GQaeM$XnB1HF zVgGKTwc0-xWDn1Q`6%|Htr8jaxI5>B0g>MDl7^c^iNIBn`y$6kMax}gn(Cb=qgGXZ zbpy&7ZDPB&W+Ixv`)aeFQv!0GWAuo3=!v6KFi64nt2Es@2+Jl2f(oL6}4<`bT{Qn3kNPTAyw%;IdLU!%hy=)-Ee^=+^bxqGaxZyiEmFJ3Mxi!0LQ231X(nA+|W!FU!a}_Op4Ql>9B<)Jiv`=m2h< zuVlnSvYsO=ua2h8C<#6t{e){`fsbEKEuRI}{Vi!nSt%Tw&fpW1xNeG}uX7hgYKQ%Hh_}^+|?$;XG{NK83u>Ftj)&tIkWS-`& zw7NdpC^(sU8H%PofSmDP8SM$flVEx3bd@Qc&h*RVCPO5JBk#bQV9AQlDuuo#?I zaFVb4iS8uWiLf&HCH(L+VQ3K)WO5X&`d|=32-%~K@kp}=NYU2D`!blmKE{R)Qo~0Z z!|CjDh)wdr&}2bFSu|jTI%G7(U{V8{x>tkGk9O?>IDM$WHsOM%(WExUoU^w3k z9@52uHt_}o<~t|H*!-7Gjow6p(`cKD)u!CD5jIJS@iQc*cE_gM(KwIv-iEw*slu3U z4tE;n6q-1XI*!c}_y0%?c%$r$gQ#0k=g${?d2scU#MqwV<_gwhvWYZ7Y~~DFwN9}5 z%Mx&gq?%P$r;=ULu%q$HLoVA0??*RfN#XiigYWx|O1@edB)~)tDwPXRx|8{m1m>7o zHiodNMQ8>Jd=+)pUD(&(0q+yyWhT?rye!kssR8z!50j_UdY`%LgJfcoi7$L`l1iCO zb>z^@*|je;5)x5rFs^kh;iNG``aZW2Ur-R#eA}i&159EpD1AAE)GlE6D+X0g&d;** zXBznMK$9F_84dMxcJ)cMf#RMx8AUq0-qji_<<7EYj0=i1b+DEI4`g8J;}lIrwaQaM zr46isr4@6YXW{z%x~S@R_(TbJ{9M=!WtQx%zDw3i{_Pg5K6v-MNz9j&Za9_817F5k;O{Rwn zGPF=oJ4`*IR#6OL@K+?5u4H0=NTo{&*;0IO;M?=NTTg6m#mzj(3Zju+h5oqR5rp@A zo&|?ONt*d{O+wCvkyf{T&LE>-w%jsf3dS1K15pEb;%rbh1K}?gWyd6B03!qLA0X|K zG`h{1ri7FqlK2ZS@>oD5&4nq(Mb36913fjz113&BL@dhm=J7ND%qwwNxOl=SafM_@GALBR7l9!sVh3N*kC_yGE>m*k9QDz!o!%; z>0J_k9NdV4TqV$8RFMnI>m3_x!=2>Io+&gpB|?>;)1EXaMP!D+^gPSB$u+$kBj#0Tc}iG&4N|4e(dy-ZicX+1+ERw2IWo~019uHN0tZ7a8A2K#W~Sm9+H^IR zPp^)bY6is{n_`&HeUtTPVzDP3H104LTJR3AH31*J*lFi3NCb_KRQA+a%vyn6fJ)oF zp1#C{AgMslFG6dFguzt4IFl~|W{g-;pdX*W`6{<{qb8Y9sOz&7>Yl4ub%4T{CrC0& z=GHO@gDbrP-HGYs9A`O)MJ;$RWHlZ!-1zWy{SB0R+qu(mbr{Mh5J%fQqO%y31mje# zZ!UE5t<^_chp2%YS>HDf@hxU1bqX!_5PH12m9WX4v(U_5Rt@GLxgt}h$5?x<`f0Ek zXcWGHi$JuY1sfskHdeb|c01dn3*Xk-m#eSewOV`JYUdRV4Sk1-w75cU>!3iBq69H2alfd zNh5|Rzffp<@|ZH*!OcSOb@b4TUYr;)?8}x5)nubCQZ~!(qC_jfiE%=!KUasOeOuHe zpUUca5i9;tQ^00OSSqsR{Au%3{jRuJ2hJM%DRMmm{RWBdkngdnCNb<5?thYve`9;sx@`#Z zFt+xp7Xpy&3ZAF(T#p{ZbEZeQx9!s~Nerrk2Zca}XOUb2v3gdne1>UL|3Yr&WE37D zpWYoF=7Lnvxc+B!Gq)c?G^7EEIOUp1T%4S#pPrlGhW8{dN~=>2^=RAAeOAyv0h28k zHypz^ON3^FT=E_0f#eS=HHzDELCmik&3|>~6mR;5z;YFwGemTV6D_417aRwyybsw7 zMk0JigN}b{@g2EcozL*dGKau=%*H3?nzqm%_UVdOPmw4N9h2-GX;?rnLIZ$(B zcEROzl9SbknH#Ml*Ic%br=MXXjh!jF3jwbWEEfv*YxP+-Dh=pm!{TYviRA3@qMQtP zVpVRY1+Wc{D>RkprZZ`3&ni)hpS)g5!QlUErTY1`QpNr4RN;Rr)w>S?fPT#{x{GY` zSBmp1<+q72FZC`Zwk*zv{G z3lLD;yPuoy^YZpR-sMr~;OGS)WT|egf^exE$P?v91X0lGG%iCzVqt;aL81MSmb`ls z?fb%t6Wh~ZsLFp+(np;Vb>+uS8g^qSvk;@iR;`swmEGsqp`0Foi{Wc*9v~NiEZKc3 zuMl^_kL|=;-7_^&2q8I_t#&RkLAXqyYFEOgaKdeyqgPd0kJf&)8TyeuqS{b@ETXX# z;V2?HC0O-2ElRC}Y}kMQOV#dj-SE+rzZ=qrqS<|j$1Y~NT<5iF^~9%E&536bK_Y%A zt)Gt%%o-?|3*{6e4)V3~t|2cFfy#dPfLsc}qPkKkwO(eEOq-I*8PxDN`spQ9i=|J^#*Biv>Qc&W@Vyn+5Qro9^K>z|EkY2y zcb14**SBdbN_lJ`P6+b^B7DFlUtb3PBuD1&yiVR+=a0>$*S2YhgJ?t*p22tG@;!a! zIay^7mbcyyWLNftqM|lrXt^%)@+7Ol(y*JXLv;uz-Xs|sPI z8ouY-$7e#OX}HLDs?S{;1edgp`1l$}87{PQK_8~us6gINeOB79qfgO@yOD?{l{Cs2 z9n60R`LO4zu;P4-`UsQMBLNxDoH5w)c7cBh{!4AQh(WW!X3CpcFb7$#F8R5hq)qS` zi5NRalEjVZ=UzTQ2}cTgnnYuGHIks zP>!Bah5w1nTbH5`O>}~Gl~UA9Bj{4O;;F_2Gx+=^QVZ~>)#U$glm4yirA<1r70h?M zNoIV<>4xsro5#K7tjlLZew-krASK3f1XkzOHp~x*2rR+c%%LkdQl{y|A%(_9{@wDt zeqzm68kwgbfHFpezBrB{FmhPEa^OS}gte)@a(xub})v8?V$eHa|18p3}$dq20r@ z1at5LFR}SunZ~<>xPkCJodt_Mn&j-~9CZ;jSTGMs5-Pw${ogM8fM?p131w`KK;z^k zO8#=ezQ_5l6QiJaZt+1?rFc4gb^h!cD+TSpDYyCm_@amp@wej{&sPfapAO@K=h*D+T4hDYyCmJW;jm zUnyR%l-C)$FNqH@^%gK|^yM=Wo`3m_{_zD&{;w48R|?{vzPwPL*>wAVJ(0=hzfyc& zDF}a3J{Z6F@((4|<*yXqR|@=pQ=Zv0cz*ekUi?>z-zx>~Pm1j2i!c9B@=E?n@qeYj z{x{{BO}X@!FNTYMr3AcEVE&{idA|7a52bJEuav-73iN+dp4sF{e)$3m0r|JR8}v$n z`jeuL_~Oey6bs0|Qi5M8kpE42W|NHj<;(TEzfwY8DG+~BwC`VbooK-?iX$f^kR{+o z!pr)->;uxC~8)k`=AkC|JY*x{~3+)C80qy=Mqt6*+tB;Hrw8_@<|IG zdT$=jDMQn$eM3f4xjk)**b9uHcv1bgT#&D`*u?(JI_D(ct95~Y7oGO>|5$GWywKEx zvO^|iKry(6FG9o}mlex*{=%IT{%dSPUt^IBKaijqM0hSBBUoF%A&&8XA6T+8^H)0vnK>D}y z(x5eWs<{w2mL^h`<(JhxofPlhzP|GYT>O7x_UC9V{@2~5@Z0VZ0PHS6HSjdSZ15{) zqkyqN=YR_5W&Q3s=;nR&i|54xzj+Rr3;N6Ri*mqNUav-SKzCxorCgOr>5xDi*ZV&0 zaj>mbBJdUT?9g;X=S+g?30(cBy=&Q9RZaLe0ezaifwA5XG2fcni$eJKlnWvaK`Pfh?)6!~@0P8#~W-cX;oiZ1Ide4*3)}ChO&ZZN?7Unw`P2HCY zQ9DR!k(unjpI31ohdTJcmCNJUhB$Zag3{Toy!piI$HMw_3DZVmh2)5%kXPg&=RHnY zuQg{Ex}@E_wj0j_o`+Ydk0A^hx>Q73X@s@VOQgk`OP37E-|I&UEuv;-WqwRo?^4C* zI!zD<&(u#VU|ux8CvvSHF8n;ZTf(B@FJpc#AsHZAX)-E2w!7a^DXy4TcWHnftxn$Zen`|{2G%n z*>DHf!jz_%O8VdzuZ#8L;@AVhZ9U}Afriv3JmCth#uKtFzV%q2}ZAQlmT8?KC9t=Sa* zAU9>P{uyUOU*cRU>3Vc~LF52w-V&4IkpAGr%Qb=0OF&Z7jE;k+5)YUOwlgNbdBG+7 zdmt%Sy)<^$jnV2BjOy$jb6z=DByEl=ZKQA1SGv-WFXwBt?xwN;CCC0z-! ze4=(P8XG-DwwYq@GnPQoGyB8scMb8DETPT!Udr*svUx*~yk>#J9h#Y@6zLg0?!@Io@*G40%Q9}W*^+;nDM7%y2UYJxLKbzWFRAYp7)KjoqZn7?@+2?X{2q~Kfd_5 z$5kGv^&-B?lu$siV1U_Sfc3isfcf9YyhuP%>c1u6M*klP=+g#BfVVb(U6K_ux++mP z-&qe46qhB6c$qvbo0R-dp7nd>!5J1HD-CLNrKJIhg8A~wM;vu3&ojh|kA6(7MpYK?~k%k|{)RTFb`wIT9T9IuM|c`u7p@g2z!VD{HM)*&3Qwd@JN>UYcswcl79%Zj=6s}O(OC8(#+1vVz`Spz&IqID*8T;r6T zOPmJHP7;W^hJXkk-;6`rPf4m7C8DWgQU!fQx(%tLB;)JPMr znmxpjIq^97P|FRlQ#Ww%zH0ZyFeoVa_F>r&ZqGStZhno@6BGex%djxU=krS*9$3AJ z^>Y5Zc}S_ZsWxCZ@M_(`Q2AD&NQ+2oXd+peEulm{@Cp!3%LL83R&(@M_`dZI*0g!T z)FsTA4*Q|+u-oL&C{k1&Q|VitL$ddmvd^9c^YPv0S4B_Y1mT*Fhz=X4Q?(*ie4GwY zHcrs!^hXG?-{_%XJ#8;QT4KpXv5}m)jfCjD$>H*@mhXJbtgH9veyp|{wZf0sh^@)jZp5lHw-f}j zpze~Hi{%T;we;r${<}g-F5rT8=f5 z_aISbmB%Mm$Omv+Ukt+JWCYr%MRKr*= z8}OTWCK!D< zLWQl4*)J<9ts%L@$BYh_k(*Y-w9#b81-)(4w5>ObN$Dbl(xS%A1SI4+6jcD2N-w8g zyx&{d6ry8eIddY&5{AF6(K%YnE4pN_n=`V;JXF;n0d(kJK#nxK&pS`&Xn7s zBSEH1oirB8&zszQE^{`g^)EuNH>!&OD)pBe#saV9j{KkH&O-;FL_DFQ{#EXPDE%MG zpSLGsUkkOze{0=CM;xiW0DzK41vm$OQOuQ8C?Hi}px5=gVgi4-k9(n%&i*F_>p9Iq z0HBy2#5~c_@ZoQ5pN3s2cu&k}B?Y z?aFfXVfB;;>*V|K6oY!Iv$TXqL9$uR=egniJ_;F^_2ZvyKbOAxxAuxtp1Lbi1z5i7ReH#Luy z6T9ykezL#l0*Zm71&>f4v9UDs#Xt9rAdEZ7*PU1vX-$3!^rs9cAVNT(U)CRiM!AoF z{kVQRO?ljY{kQ;uHj4rT`rF=2(e}xlSgtTS1gCLGc9h<-OH&i}OJg)_l2ouE9OF)Kg&}w>XJQ!AHtn zf$GdNt5vC7i6m+`t-_%PQ51mA1YKa`pO!tnh?k+2p^^Vc!n{_mnB)2NTfDyoLT{jy zR1JMx@v)5OJtm09ARZXnAe@*vsvk9DGIjKQ<3L_^;W!+PG(ws3PZ7y?<}-r_q0+-oXfnIuhB> zY9=G-vVPo3&SAy57vDNyp@EbEz?bz0Rs25jl{)hqb@d@@_Ee}>>01P}skim$&y;7|+mzdz`H z|8b=>`Qep<^Pd!~XKmu0|Nn#TWi0!FHQ)yw5YW4kq=D+&z0>A9#4}9xDZneKDuW~9 z*NCPl`!Fw_Gt|KV0R-lC{c%`fIVt&S6XZ9W*4U>2&jB{kXJ2iK{Lf*-GD53Jv(zwQCHf9-)Y(4&9$K!G_B(3IL}2}<-d#W-lWIA9v%XV+q}un$B>(kwow zTI8%K3Oq;JTBOWd!1~>CJC0tiq9TCC{kGVZ{y`C-FTZLXFvI8jsr$AngF$5 zb6m>PvSab7+p1|~dyuWpL2BiW_pPuWhE}^TVLl%7R5Wr^oZIM(@H;XxH3-3oThZjt zW`D#g(NbVlSR~5mp_jf%A4}NaIa?3+)*(18Ji!-5El!1*!5)Ric=}Oxo$0yiHSi|) zR^6K*=OqA_fB*pG|8@NlSLR9S*SK>27T4~VxPAld&I&_72Qy%B7;HdLu+PBqUWi6Z zF#mg#@3)Kwj&`5+64IjIj@zC=UPB7VXcbm~ua!@(%U5&*agaE^t>ZASa^`QJroI`y zzp{SAxi}6qQfmo<7c!E8?p6)-d4EB?n^saxys#nwBkp3 zeDTl=(*)t7J38jLbxON@ldXz<2go(bx=Y zm(TcFG-&PBwC0oU4OIu&^vIhat3!<8%3ar(#ZiGFrA9oofjkBjrnFMcJVp5~b&2oj zIE`t;y1cUcRwhTQ_|v1TXHQ%3II#9LBct@#X{d;TN9K|$ZSV~g3QJ%PoqTjP_LmX{ zh}^`n#HDGo7Cjwo>NR^L$Qaa8R8LC+*%ww(HQu1o*q_Titbcq2c6N*2l5d)-mMj06 zC6f+>uf`>3kQF6Yv0LLUJ^TiajylL6?ngWy`(>+^)IAWI;K*YXk>jEti}Tdwhbu4< zSaCi!5f9Z{OB3w{w!$J#S!?HSKaC(j_0Hz(4`9(3Kf9r;)OUTGe3%tlHaxXk_&!~u z-frO6yuu6T!)R%~;cuFn^g~TaMUQBl3H)o$=L%4W&$FfTv*K7|zwENxGIbnZln?ra+k9rh}qC^NEdz?lQ9R=Fr z`EKK?!{exlBL1{$H}=DYR86aMhl_pF?nJ*eJ}E!wa&#l)=ORJiG=sA#3z<=6#^(9_ep0+mc#?uy(s4< z)EU5ph%$NhNo$|qWf@E^qm0d~@qt>zPuM^yKv(i0l%p~ z9F`#BRz0r)2VC6Xiq+!pW*E^aGAMvhX@0N`UUBK$wC5_V@^?#Rh2)gDTQ-BH;yYuO zOq7)uLXS4F(xmud^c96sTmVc6up$Cx2Y zx!e|33Jg=D#{+lGJ$Y+}D6oI6Mw06srPE~EQtP_7V!akdW;X1#HaDiyi7V^$qL_p$ zFn_BMWL`B`_zw*R=JCg{Jx0e^nFf4! z%3-QcMFnG3kux)fy)1Q`yppr>1frnDklf*-G!HaOBBmI8kOjL@htIk@4o&@8c^u*x zR@+T9ssIaH3D0|2_EIOQ715r^0%Yfk$#3!)=8q|=(J&GuQB9p1 z?=zwrM>3K$?co*#A-G)hWfC1 zVWz{;@({E&M9AJM$tXVmxgm@voglmsfjehYUxOWfbnH*l3Q5g6nIgymIF%-9qZ1SW7eW7?n{V?sI?uiW!=MYZr8zr8p zMl3C3u^k;6!>GwZ;OXvl-b&tx;QzLu93STJ8gA{Q4|UTVpZSSPFEj}JkF#kJ@06;z z(#;Im1k#f!iSAE(XDOje0w_p(R;_u;4aLs%`1C)D6Xm>8tjHDKLT~Ae7q{-Nl|)H( zBIpZSg@R9?dJld-mkK_Fv7|J~oauzdNDr_l9 z?P~ZlG&kvBrVMpcDSph`Y;p765c2e!n2a4oIV;5a!_OOzhuF;O;GAIIcK0a@PqKQ> z1w3rP& zoBdIyUH0m1`IZmUrT!}4t(`|O zdmA^`Ytuw0Hcbw)pnwCEKCSgICG?(^Vs=dOXBkwUd zVHM58*0i4L30!z{$_evzZd_Y`}dhIidjta@8Tai=AYtUtQv3!uj&g<{;(Gq zudw)L>JO;r3X#mUDxiX$YAzUVjFmqAzW7UxBPHJka-B_v9E5jSv{yhKwK3bJ?zZnW zZ(4g54p`zl<3hr+vzlr+o*CKd)XieYdyp?a)5SGbF2(&Ia1ek9svljh-my+O%sadp zahTmU&i}#XZCKu|5D(eLqSf2Q5)Nu&sHbTbmXSn8hq`e&X%twd(7HM-hw!eEZo@DcqeklVM51lUTttfY z@5}Kos%A8ySE}uqHnJrKQGu<8gfpk&N7FQiC?o@7CS(Ydsts^FEssMtpe7Ttx|b>8 zfHW~zO!F(Id||o^MCiZ7F(&A|LC~V?Otq#yM5+_o*7kkhuiHm*K}H@Zd|6jm=25r% zkhrkwD5kZ$wlqIt=Xb53$m)JsD`dWxt5PmvOrXx2+nS;zRB?x zB%5%~X%;vhF2d_VYQ~Xv!uk^r-z|?U{?YIvLFB3Vq-JAje0;1#h z&gL6st-+SaM-hykQ@ltl8)@|HKs?D#6L0kfth@SsUB;cjW12YXdHK5lXniLRM z!wN$p_o)v(sd@ctl9#Egw?y>x-KfiuZEbm(2Iik&FY1zG$n_HJ^OZ2pTxH_hp^(fF zbL0H_I-=B|XlUZs76M=p5xs>ebND9u5>5hc;~Pq<2|4u5P)7VK%5pKN*GLnn6-D=U zw_uq4m`*1yy+?20Wx*i>}`CU8d()1vnA*4XVXS@?6zGy2<+hcALh-(swAU9{vdyW7%!9GYW$lIbqB1_@^1dQkS>rzx zmtdRrNjx)o+!noghnFoN?jwv9MD4I-yKwEnR7s=Aw@qOY)%qhZ4Z~7?r5R}m(kaAo zC6T7)3BqN1ZjWlKXSrJ{#NqL+VCO>D$rfvroBz(2Q+!zdA+xKt=+L#5BrPuaPx)oN zc`H6=tqj=AD!dapS+eao6DhdTP-HJcumli-znoIZz7}9Ye->cyfbj*-C)lXJ3b5j% zzZPIwuLan@Zyub%tNc@d0ZvnZS^`A_7mt-g6)$T|c`S7O_qw5LW^hG1Mzc!yss$w3kS+re#fodP9)D7pDM9|&vlgSL%06DEIEb&{^Ild8+iurZWnDI}UQ)e^J zH-sh$%Q&6!24|W}T^;^;F|JEY@AQ>2fGAYIuj+aB(U=HkDSC+?U=TG~_p;g-YYL6Z zJY6sY83-R=c)6dvJJ7|-q%yV(IxhK?Ce}4P4?p6f{tar!dWt(g355E3yy})ITt?Vi zh-BgPJy&_s7c~Fa=o1Y}`7@>lwaie&vW8=BzuMhML5IeYb ze_!C`rIac0rBq5+^6%r9>nX!Gctg2lW*`q z=j^-X1E9j%3x=K5|Hs!i$A`HD?Z#2!UW9ue4_k8!B zbG~2yn16R?_MLs6*?nhbDf6@&JQ;1%y?Zziz>*Ds_RVjK(TAmzS~c3WA;qhW(Z^xo z=R7vS9Ubt*;F0Q#Qdc5pJ(>{HP8DxsISsh$CoG2pi{MWbvXm1GF|R~%MJ9&>NTEeq z8L3nXw{AD7su00WPj*d=E}DRSLnVWbnD?z#D?({!e_bBrUc-=Dz#>36EQ**SLO9T_ z*x_f$2ZQa`4IA9yZ?@V@?Qf_ohVHrNM>n%3hGR(-(Iy2E2i|Rd+szO1lOfBr`U_}`mw}L60AxY3{8gtDfd3zfKFFhl*#wG;PA6CYs$hl5^3~!(eNw52Sgr%cxH-Dbk4% zcD~ALBJ?1H;O!M?&I0Yc-oR+t3DD=rr2Rg}l^u*V-6$WRd=2JUy69qG^=O(uVXi4k zQFSZeCSg^2TwrV;2qZ7|=`t6tg`o7{npveta}oa6K0M<~u}BpIwnEQAhvdngQhR&G zYOuE;n51@AMYFa$YO%p7;sdWx;IyVLgPAC-!OVhF2@=B1{N`RjN5Q$0f|s5b>n!c! zD0d^zT66-eX#v;cKwlXdsgU&eQh=+bd>gt%O59p;ec*_JW4o+qvZ)yS40}g!sk*xl zd^B|GRsR5q0_DS0R=0fWrT5~YTRK@Sn>h=xSmeefLlaGRj@BoQ23S!e(tMD}z7Txw zoUrtjGS%AvS7N)(m^6>(0*kL`NIS?oRM}YogOWKBvQ?J^PYA&uJ@10f{)m`GABg$S zEUODd;lB~H^exLOkoS<+e-v_v1Pa6pCLU3;N(aT_*hp6J9GQJ~g>8!8_=v|mzw9tA z(9$)=ad>cp=o_D9IXx>-!Q_wt0kV#Gp|Ie+c^VNf)k?bY#xL+s<=VFG^iuv=#06$(A`(5acyuA?o5ZCX`vFzRv9_o6d45(v^C-5Mg z7rei(4uO?Kar#=@gz_Z`I_4H^Xz}+HwsbeVTh7wwkh}OzY-7j~MAqr&$-}tm!bE6m ztO#;7y`rG%_O4?G1NbD|XSWnXO({HWi%Q4}@S7Lo?sR_+Sb^^@t2qRxu2XgvSvvH0 zsihjuytX<~&kTftYR0;4WDWdQdje{g}BA$@MvmGdUWQ%&v|Xr1MJ#`=@Bixx?w zP`r-0w|_}Cb}Y8unygrP{t0}jS|L>L^eviAQYaJR*E}x>mV?7Kkv>?}_6_?-Cxe!8 z>^}Lq(Go+eXyUMYu7mt56b1LSelOr@Mq#Um*&V)Tpg83AEeU}a(5G8H(B5|KwU<~< zQSqR+ujOw==oJeuWqkp)7QaHhKa5c`iz?(WYr0yX<@9*GZlEu+i>Di(G+@k%P(=IQuN+(0mH^OrTP|LxGI%5Wi^Js#zYu?kn!}ZS^>_0 z^yx@ATzJI{pTYM~`Oh;nD;MTV-JsBjsRi-wDMn|`i*ZC=n z$=skMf;NOj)41|5<42=uvV}20w+o(TkENo>FRF`ChVZDcjx{fb(t2+m!j^m#HVz?wdWBrb@dTdfn3-_(sVZ$AA_{uZB=7NcBx;pnYWIz$;IGQ*kZ`Dbats-t76DC>F2suW9)nwlXY#UoOViT$*s;V9l8}E_w-L6wYpWrpA zH#vnE;TK!nHW3IMzL2dFjo_n1Q51P=I-!kq>jL?eyo&XEiN_EbyW94~3K`m3;K{;D zR-=7Jbf%zh!uxKVmaWwsivb9eF(caqGCs1@`*n?Yp_Y7ty5sTlUE{;Dsd$oKhP^_~ zQN>_ixZF#k5QSc{g&OdcLsJ~ADW^MPTapz5?zKC7<=sqZ=^PABX2Hr6jDT%FSH8ER ztQ09AIM0J0;=C&{%+sC$Czzm0^JYKorrT21d!*XQ+nM)W{(bNTNPR4R$K5)ge;$0%=>I;WvBgAEy?`{-;5*vmnPkHCK92)aoBRbUQl5s*; zn5AOn#p5c>RP9ryf?-EvL7nz@XQ6oWsXCXok|0?ns^m`>oQ*Yq`svbb+lZ&P4Z5RJ zwMUa2@-%4{#m+1hXUtw(%+=ozVFRuZkM~f?P(!w)5*~dRz1O+F70IG}hJDG-R=%Of z4ygT2VT+B6cDuxRm#V_}7WR84?HIuO&EKpR$i|cV8u^FgZ6)wJh~Ek})cRznVK=nXhzWV`|C1BhuF&#*Iw8k)5q z_AAS`yGxp$lN4N8r0ARU!#phJKFPEx4*LRg`exCl0L;%S%gy$QOC2`i631XT2=#YP zwO^6@Z+Acy%hwO%PnVlWmMo<0_a;bt27vwCSOcuIv0w!VfHBhI6j`j7A2Xchpkri` zqAG-X>N}v95?PQlHMlpVvb>(?5@383%z=?>*>R%oO%uqFlI73g6xQ|H6rO(0KoM(- zip?#`{qnd1BbmMnFFZ5Fm=2pHF^$nrRZXlq&uJUp-bQO6YI{B-9}G49p-X!YZrZNAFUBfDvLR0L${oU-0ZMU>Y2clqC`p?V$8Ti>}OZh zXKpY!4jkKrkJI9aJZ2yt zW8^mWrAPa;>1E)7-|Fxh*;o029?l3Q_!ny}?wT7`D>w(e>aLrq&OJEtqqz^UvO( zda*-KelaPLcD=j@R48>B(CJ)`+sirVfcrV>yud+K#ySkK-E}~ls(3v3qxA}d)5T8} z`b4#2Plje{WKJDj71ugTQrbyI=wVXi)QzI2d2$X#S#ZM!FZ`WkY{dA5{6C4aDuIz) zhh1JJt|xmOSP!5JRKE;OXI`3Low?=<{#FO7+>ceT1Twi@I3vr!OMnUfafeNVLE1*A zmg^l?FjHOzJVC)eYb{8K>|S_*kJ~qZ(2yZ2G=wm< z=Ab44I}G1fz3$)0a}8x-4_rrQvkCC&2Ta4?>{o;6i~1=R-duIUeWK&zpDN%y`0dJ2 zWwoJzsU^$&1xCR_4U{aqjVbcg;Cvd|uoDu2GR5j_=L9eS&efOjGfo)(vhFp0$>&}f zgz&x8gK1l$hUOx8^F4om>TS-lg*Xi5RT8*4lxpeF&^#m&Z|tOUlrKI%lPs~&XBf7} zSeC|d=c@tPNmiW=S5euq@;Dg#ty~%*9tEdKc3iZv$~7-qS0SbR`(ZZYwb97i^75CG zblv&!>WZm~6gAWE5^@{EW{Do%0b^CjA?j_zQx;^YcQnCz$)2GH z(~$z{X({(kq-H#8v9rcc-esB%YlxcB6~VH6M@+-3Kaz#Q2U+~P++zUq0z2}ZEFd@j zB8#K9Q9Ryw;$8kj7FLgCA7oMdPuwMN{hKU^-fl@xF1t|lno9%vCGeg zC`Z#Ci$$50tnLJUte1l7%gac%14Vy^S1V_VBpa&xv!R>Gg-TGhSmylQxuaSzznFCp~6W8sJ zwvqxCe%@eMz+~znQt!}C!$cE)(u0fTR{xyG;;vKXJk2k`%SM^sGcGcCba(vOnE+dW z{~P!M3|~w{lUI836VB*Y#5N_KE0`D-by04qZ=Vl}9mTP*SCi^f3$|K!N;WY|{?^SMtKRa0oktGx-v#2T$Dd>KR* z8jY6G!E6Vj7~`12iPub^WPT0g8u1qwEz3hZyQw|QC-~UWxQb3#;4l8|0U%Uq=w%hF z%<_#Pm#gz-lxiGgF#{N8G8w8~r!MsxNo^P5FL<-3gX+3*aCiH2%gMH_;7SE8iA1tq zd_>rorQ8KvUqN+=n;OHPtrb^Fr6{d6BOFK;{3kNACXq~=Uw3oXi402=3~x|;VSk`X z!oT(3gfmQOyZMD{W8T!t&Jb;o)KGwkeVj>=><)hovR@|c6G|Qm7%jv2DNhCok7yz4 zhy|cE{X|<(sp5EAYW(pWcArW3zU!u$a%d*WuH&H}GJ5H|qJhtG5nv9EDg~UJ(bU!6V43JXjfSn7tr1 zcawFQ6#9Y!l_BOE1g5fiwgn8{g6%OGbr$V(d3k+Ap@p+^K}?tRLX)bonPxqr7VZZ1(_%=j1k^)JT7s@Y-DY23YJ7OE}tCpxzfP)Is zyUz`l0f7lA3WM;MxWbBMkWGO`!s#8DbJB6r0aun{OdQEl-XUtzkQ3ZtPJkx(q|p)w zauqG6fyKni+oZ^YGpFGbIye5NCh@0>G41p^;;Za(I9W6dGseJ=r>{Rd>4n(bfaXKL z6-`GvGas3o@sB+p!prV0^2g#wn1&ExK8x0e!>hUBL|mr{T_W;^EL~72^nRV`mHyPO zK<3VuP`xV>n5xT*bxDnNnbehFv_yLuitO7!o1TuBA~j-%%)AAwNUN}qmIz`y!vjiEde|* zhg6MC-d4#zcuUY!FeEpA=p8W`-w^W;2N0zX4CenY1{1Wsa|&q9Uz}2U_eb0<|G?dU zW<9?l_TRYs$^9*skG1A4UPzS-c_0vbvI{CkPSU?)9_zqhhI$P6MV4I_o>QoD%@5f5 zEbf%1PfF~j)_OQ~hgJnU*u3NcQnwycpU`~LZtGmgs7mpwIB9}E=qPFyE3-}?kOVNx`bcb*gA0w{b0%3E7dkTH8%e7zO*}&;TBiv%kUPO zZJ!=negzG!+un_aZVxO@4FD+dF!>A4&;?dZ+H=m+sW?Q&lVXjhuHdf=ofw^43%$%! zuiXlJ!p5|OCGn&Dbo#8EU`-l0xY(yGcPp*Bnl1(vjkwOk!&^^$!7mwO%kbx?``dsb zGS3T-Z?7+}_ZUL?qJk|?JWN(&7iNq;)}>b+Qn#QUq;4hGq6&Me7e;0mMVV{2AmTa| zs^cJVz}K{#;GUL)t5W#65NAuJ3fjVt;C};QTbslq!@e@bPMHQmY17PQ05tlHqrD$# zuUJ5j7Xy6OJ&Vp_pV(G6I))nBmtKYix)C=%_DOGSWRy3=9M6jVJ!1F758CwW6a zfGRQ;>hay#dq*91u9~V^{#Vh-OH~K_G>KtB(t6nuLEpeY89b>@2PgmMief&j2y=~z zq;=OYt~Ha-EV%w;tnKsZ6G`+rmmveufkWjpWQn^%2|u2ts93$!Wkjbskw_eIsr1WL z5+=;zo@|J73*Lg&_I1zVNsct_NjQfL@{ z!B4yS3h!FT0v-2Seiwv8-esWEI%{`LLQM*SXhLX3?>xQ0JS8_NDQM$#aF%pDv~#Md z?sNC^5Z?QgNH!rE*D1oLlZ%g*Ak3s~2o30@w7XBUqe$7P6Yo-e@czIy!@G$n3gv;6 zs52H=wXw47^@!&JfxXv&Q7>0w3zmZ#_4Mi^t5)+9)St3yD?SkO>7S7*>04RsUv(nN zg8%^IC~8{U5#1V$@jb^Dw$Er5Kq z3=@v^T5&o;iBp-*tAt(jiX#-E6%t(2$K969w#Rtimd>IjQp?W4^zE7FX%OP`9Eh$@ zxish6A|SnH1Y_37Xq*UayI`U(xS%el%uiwb*Hq>| zGUr<%SF5*9zm-?RHi|z6AdNvfC5|nnFjycvt2y^c$1OApp7ARtxj|IQq9T1mL4mZqh2|esa+0pCPntux@SH_ZI5e=is}&fA@(yYR zVfPq$YCdmBZ0O&FQ8SUZ*9Nw%T+Jr_%ELEN;h(@|^jy3C2K+;?|c>yw5~jKg(|`MMfm`d3q|gI;kU9&~nt zm2jxxBKDvfY9aXF=NQ`TAy9@TF2eDGqp4@Ps3J?7`x@AC9Th4r5girWzb{CAYVp>j zX0t_?6Hr<83=Wo#|QdUFDUIbz3@}!fpmfG=$BvhSo_^;{tL1Y_wzQQ{Z&Y??S}I~&Z`S9(0*u|4pl zhxpjld9bkjs*-&pSe#KEK?3wXa_%V#9cv&$YjkBfmT+s!RtZ0@M0f@)7f5Ud+vJ<@ zaMbydXCKnr0b$$tx zL!O#>JUOf??L&FfTas$|EH|++emqq!m|%!s1_Dx)bYf7n8_oblL^_z^eBo3fB9*W* zS`oWKtl))H|du}Ywo1o90W6`UXkYEw3YSmk!t=MV*VjgRsM)n`TiTJQYFg4KYP4L{}riL1%YSY^CLgOlZa;YbiM#Z^f8T!KvO7aHuzZacWzuO+&P zqvUIYo`sg~l@t*95@ftH?{@Hb*;ec_&F*Me^)DvBEus0pb$gV0i@qBk+>>9i0kp63rLmtH*uMc003|x2^2?y zk+h$dqV*Z}gHDVLQ@8KuWDW`v#AtpOGvERDl+{6b%g7xcLhUuV4e6zyg22igs)gCI z&``@6A$%e##TeY&XgqOc!won~SYLUJd*aP3zpNJ*^W{C$kRY14qodbX+L#Y2FT7_L zkyyDjL4v&@hG8U5_+e~EAR4S_cl%{eLvmnd*qL*vh0oaeyH6+yodoT-SoZdGPTKIC zq2|id6UoQDDudkUWm6G728<2X$&|s&*rm}KUZ|+=@X;}VT$8rL0s@Ns=OG{{_{A+e zKa8FATl7lu0ua)e+J@(SZ;imt)W0~7DwvT)PFvLMf)p_z@T|?=SHykVpx3XY$#nv4 zptex(lA?IVQ^);52_pC7aAO4c_a#!yfYP({j$YRrCrVs~xvGs*Uo?!_dv@x|c|_c- zvd#8O%w^MI4NiCfULKp`!zOQ&BRHd^KvNHKme!SX>AQ6)lyl8zl&xSBNRd`-{eBoT z9v%hMSC>v&x?Oy6R4vcnJhQmd+2D0En?M{YS~drzK<1ED6c)T8_>m8P$ibAUED%p-pJwd<1Wp=jgFbHq=ax?VPP`HmbJH^bbEyA@_Ubz}D~ zrec3%IDXPrEUW3wB>pVVm0vHxu6&=nxsn*_N;~sZI0M;!*YTnrzIKuOy;^?dCM1dM zH&dY2Kz^C&nY^0h22xSQxP$h(vIOhEJ4a%G23sQmh8W?df8aje?GGpp5Zy3!bCl?N zeVh%hu6(aUK@s~5dyP7(6@6|%hglD5FB@KvMxJa zdzf&tI#7{LXs6`N*b`q8)SgW7tI+Rt#{GJqJkS_!2lEMUR4Eu)a@U1Y?ApM~&e=n4 zB}+uwXA^P@Z4oZ}*)_hVjrO}$;q%$VMEA2IgYs9)Ilv?u8w7$yJlnSbX0lM3G?>ci z5HhHqcj$&gIxnE1Z?SpSeSio0d?f<$pvOQ;cfd2y34!m-Q#lqptzyuz#_s@=HhugM~ z47f$wWjf-;f`caIgZ0~fmK~MleU;Tvp1Ho6xp}cA+5mBbK0pazy^`f zttBq=2!Fs1mXkOR3j@ipWi!CB;0VEkHU6`n4zD}lg!YO5UPrWsOx#xF&>`bTnRg0{ zn5P@$YoRK)B8ureJ-<$D1x=i-%GI-Gv(Ejlbo$JE?7ab2nIVwKI1WGhROPi1FbiAa z1=qM+y;l0|c`s)Bz@Y-7#CJ3}J)BwkH{+oB*`XEdJ52i5A3 zrM{jD$Zve>I`RYtGM%g`u0?2=B!|^WvrazFR$JX~zs;&Q*Q3l>hK(RJS-!5u` ztj-UZ4~B=6a0JY9S@ouG*bM^x7_ON+xG(i64^GEMkFCfD z>a5H-jJ-XiXTCny;gZ!&1}dn^TI!JDZs-R;M+ke9h9XVyYR z-LG7c(lM4p7KfbY(9@rk+aC91Vy*rWQP;vM67Yu}AB?PAnt>ggKyHW?)sg&vDq37@@nt@7Pm<0Za;Hc0@dSqIa)?$Zxar^1^rb`4ml!_u4YqD8b_Q>@oG0%RbO~^0w*DwZU?hc@ zXNZo|s=Ayn0$*!T(bFMlmN|zMpA|`W1QqB#X<wF zA>Cq2ra5E_$zS*Il`{D&Jd8_|?e~;lc@dtB8zVa=2karuP~DEc>fG545V(b_10_Z1 zdrkroI+{W}Y9m)b6Xr9U^(}(*CC^4l8O{PDnVbnf(_TMvVL^zlyueOq#aEqn z+50;uoWb_HCrt=h)I{Cl6_l0Y+`+}I07AQx31VGABJKF1BDdf1yYX1}*#io0=FuK4 zRHanuV$vJ%8&yc0#c!|1%6qJ9UFH)7Ozdy-7D0m!Vhm;+ur=(PUp-iGx;o0x3Z0G^ z7i<0+kh@y4D>QC1Sl}fn{0UjtG#2;+nO2R@Za-Pq)w$NxewUXLWV$_>IgGQyvT%Yw zwIey(f92Thkv?|hj);ob*g(XziGR-m?^`{x0IN7vzR%mN1fk}XLhzI(X4 z5iH4z<}A*8cjU-1-99bc^H(e`uQLJKG@Q+DM6;^KSQ%9UzA{6YWo#ruzWr9!MG2{t z^2z<6{dns$(;FQ>T5-;A+vS?%_c}Rv2X}5M!@r9Ic_sYbel!h}gz6}_?ubS9K@Pj! zhP0Ys?iwN)c*Hzhz1(faDn;7;-t%H;B%elT2d>jT#;H-9cQ?{AZws8cp4*-%e#jeM z$OFJk`{OfafwkC=qD4jURzqkzoU6Om&u zF`TnnT#yqa&e&K$SS2xTzNlFkLpdd5V9}Ftiwjgq6-`&;B%eBI@Il06SF8mDtQkX_ z?+Rm+!XUUMx~X(!(?u2mu5<+_^a1JpzDXrv=nUL&49J~ifLDU$ehT@{`E6}Uf*-?B z7TmbUzYB4a+Cbok%@?@)`QdGy4uMtJX`v&t80k)69zeO&IyiI|WTGI6Ba-&q)~7Yp zh*z!1qjbhS+|QjMfdlBwGZqa;+=SVUWl0P6@^ehg`QuW^|)#~whcF zCK)uB1MA`rvv~GgRxkeQ4_aq_d(xv3pEOy8^Mg+mDdQRV$MbJ-`C=shT%K+E8@-f< zs|FAwn=gZdZ1BHSk#iDpxgzZRP+Op!;-EuEPfin3-H3ETlKT2PFX6QzN)NvtNd}wd z^jA1#sG{AdY|)_1?09-a-hN|>x&NJedKEsA0PdCnK9_pyP7K1j^9W@kPPGppyhJ*a zy+?i=VEC7D0fangv)Jnc3|rRSFUBh0V^;V#{?80>@C z;+z)UM#IeG7BKcWYm4?nL5XDJ+eE#i1H|J3HthDvoM1!NVu%AWiD?gf^ZIxdXG6iz zRN5F4@5X?OH8hnT8GqEf@8&c}?KjIwebO=qn?E%K4Y3)TXOq$_NVf_UUu zp8ee~DZDQn0^heN>E-_yn*6($1^KM{M}Wii-vEdGTn_$$@anAv#QP|}Z~u6(Z2ve| z{_}0o3-Xy8w#|D+*MY z3|f#0b=e3CjiQIZ$bmV#2T=l5S=5#j9)I-4<2t|>q#8W0bO=PoRf!-8?bJ^D;;rSe zl*H}HvF9h!-V*_tCsU_0bb`j}9}I*n9+KXH_%K>K!J_)mZL911Oo^u`rR7WCLAKOE zssg!uZpj!KvDUHMTQ20A)i1AqrU#0P&?|c}Q#Qu13YZZAz$*+w!Zpcs;t3g#B&ExS zSa+P+J6skLPRY`PjwSl(Q`hDXzl^>8106V&_1mVo)>kSn=`O_fyF{}B*YSrxN#jE% zh~WN&8%*eHVX~B}a3#Z&8Rmx)bxr}`>|;+Cg{vb_GtX)-zS8X!`%_oLF-*N*vv(lLG4Hv@dkxS1+Ckc z&bcB2uq;jMb-8g#uxx7M9^zLD2~n9fnMcMh|rMYU6X*^gdVls5-* zSnVD?Q|2a!DMM%>Xa343Jn))K&OdXU)>e3&608-1lQBsb>Vlok(d4P;{JObbcpu_M z$4y*)v9H7AV0YyZRy1{5zv}2f39V3Skf>?Xd>$A!x67oW$k#PaSCL9o@oC^>3tZU} zQ5Ut>&7aBix3OSEi^JKn+Y9E+uV8D}A7FKN-V^tQ`}*3OaI2UiJ`!xiRzSs~y|W>8 z#+<+FF}vn60}QDWmIfVy=dVKI)Bz%x2VEwEt#YNAY$9XK{bTOZ7NEhuDc=s)bY>8Trvn6;^=*kUAWf(;grQm3k_fx8x{mR%ksu>g7Bu;!i7Puya zIk>QezT8Oe^fCa}WWxiBwJwy=yNb{Zl~?W^+eSMjkU_Og@TJ&%g5=9qEoHK%WWx9% zxELkA$o=r}FpG}gY}6-1Pke3H(8lc0y=++HjyqAJp^BLnPhWOo?}Q|-=TBIZO(DD( ze{3Yah$RxQjz2h>L^JKt)}@Lfr%j`MqVph0??pW{%)(*b?A*oe>*r1G*`$N}>6)|mJiTQsZ>XdL4AVlN=Wj!#Z5E!&sabTV1=R^u0~ z!zeht9_sDx5zsc)1PXN#xVdNw>l$uYR=t*i^CKh~ga_mMGPIl)4Y1(%)zmIEfTNT| zBlr9TSMwK^&#-hsCol7<37LJGT_`1k5MmyCNyq zcvM?DnlxJ<6sA6h}3ov#hN`pFpiB85S4HEtF(hp8^*uFni<`I!f>SF5Y2AnR2(*&E-^>x2fx1Hr#fhghfeqBrLlE;t|!KbNF|aOZneDf5JUp*Ij0IxnoT)1S^*J1xhZo`FVD7OH224WI_J&qKOCqvKKSOp zJ#H>|W98uQ+Rotr;+ystD1eu@WAMBDd-Xuh9y>pd!Z80_J>J;ASI;`){U|*6geLG} zWwOi|RMe`f2yq|zgSowR%?MyCgQFo;95XHj+DiuK)`9aBJjL>P9!N8cVE6I$ zqHRYTG1wQO12Re z?eXp(6JMF@Dfb6s=ZH4u?=WY<=uhs{;D6qjhhw+7Z0h9D?yd&9l3fjES{-sVV?be; zA~*V#Q|zl$5szZ{sZ*6@KD@H<;^o5U zJ7lw#o)01*_3C(Q6lKyOB$|T`Co=rB9^i})9JR*LWGWjHIUtp?3N|nbyyw-W4yIyP zY|mHXXNvCgducO$?533XJQyr|qj{}a7e>Y|JMc!#{;v|h{eR#L)Kd#%M@Z9%rRPps zHEEEUwy*nnkTB9Xs=!iLZ#(bO2>`KfinYbx_4b?OtlMW7F@BcxU%at|kbo=0&kR1a zHM{55Y16HL={kdG&FSV3@ZVCurTIk2zB#R#P5&xY0}G8dgqwL(y1R;(L=0^l)vYYa zr)0@7p(;RRF~(aVoyyiOwdZEJoEm~B)hxvE`LmxQ6boFOEmx@Ct6V;Zqtd*JSad7q zxLUU%wZ#miUOQ?do=Do~v(kILaVg}c5T4xvLn2eBVx)$rzKPEcmbQ1UvB|$G;R3v8 zk2ddrVSp5&m;1{M-SYF(#Y~j`XfYM{vb$v8vh|i-imXA_fhMHyRJ+$5u_qJo3fE!F zt0cT=a9Si4{J~xy7~FZ0Jai$r9y{mtvp+J_IKFV$VT}_>iuPcY%4sYf>{7{*kjZ2I zp)|zrPi@w`Kpl4sc zMBW*k3=<2}D=VR1Pnz+h4z zC$0U>IiJLv68lY?jpD&KPDajV zeujaJgA|%f^y6YeM&9=e+ssroT1Gn+T)cA$Z5Z^QFjeydQ#t+{!wadt=Yehi-;(Lv zWoUqBK!6YVH>LufK6brhYVE%;RY>)3OjUWyE$;RoK(m4WxoSGIjHP7}mN1Q5NXBH+ zyJoU9b){WGKlSr+r=bXzfE*;H@Z$GnawTko5wBH@&;(Ye2uE*Vvsm+trNAeKnCev; z+)!C%vSbD-btlnA1<59tS z0OkmWJm$_!yn=e=hM#wZi^$7**N4RznU*BBO6CB;vw-wSDf8DOn~DrCODk<05!23b zK!tnUCpkg_Xqtk`g3D|=d7d?-ltz794ns0aOETRPONLc8qB>DXO*!}NS#Z@ee69_5 zdV7a!8Tk}`**zZ>naI}+(mk7y;h{ynzj9c)3hrv|E%)uvAJb`P)QxklEkx zLAC$sSugS4v)+(xXIK0LHGfrr)!^v|O|PddNnX!Fde+8}8e#lTIFaL>tsiU5wrkjP zuV1=wr{(N@Q7uLTFYx6X^P7k(S##{|xzP;l-?ejj)9w#Jgz<;N)BV@sMO@w--fZ)& zkK+3%CF{`tuZ`osZ{<}Udp>L|{AUm$;_|nRA(8*n#?cG_5cs1ne+)p2;;k>P&$o@! zl21LbCaSYJoQW{|ExgqEdFH+EbNc;)1_*y!(s%h!i$Bjr4jQNEO6w=K<1c6a@-B{Rs8Qa-1STJCJh$&ugIH z6KdTLiYEwu3tKH3U161fFQzn#Z2D!Kh7I?w7~2*!fYX~!@A4nTOlD0#6g&N=V$PVD z7a|{urFecQ#``~t(Z4GOzbeKEI2#nvAHpHKv6KP>_lOAfiy>m87XG0N?{wTc2inVJfNfTkD6Hh|P?@K5N4y%%48%^T#M= z|LZ8|FA+#-|J!Hv-8W5^a;YzrZ)V27$8W~l-yath^mBzG5QBDq*PLh?=1+AQFCTNt z|7*^v56$1^G*tbVQ}}PBG1t1%b14s2LzhjIy-{Ym> z-g9Ln?8$K)_xx(2$Nq8wHuG_=aC+0^4_o7{DejwtJ^kxDs$pJyMt$2F{J$LkTEiGY zSb!2BfDifi_6JIPqI$RI>+L`7`HcFvJvx@}_5j)cUwe-10u0^_dPdRLWYz2f&th($ z3)>-2qbm-!p%vQFbt9uKe^3;V=AkaK)znF66;Ij74Bw*b+LfJVP;mh@OC4Qy#}Z`A zhJNXQ-HyGK(dyURNzvj>zoqyUFisgU6gm?kwOYI%)PK;~5(NhBZtxtHp2fY@RLDoi zpMXaS#g`k#l&?+4SD|Lu_jQ-dv)k(+28!vv3VEe1ngf|8Djz-aw4lPv*zM7ovvNR? zw%1{6z0rnI$Z`-chLS+lJ`$HW4d*jm7FaTIC1WGc2d?4a3LALU2AL&Ggu{Bz zQf}|lje5mxKHnr*7V4&L$X6V7i}-9%4TvP^nQdo_w!!c~)j>2UK4h=1nRZX^Ucp)Pm%Rs(uH; z^~q4KwzNDeKDVIh>nY_O0u_Cjj=jf5b@K_!0gnK?55^pulGz!JQS-DmjHVg_{kr4O zJ<`K2>mVEYM9|%A{5?AA4T1_!osXqpCWQ8g`P_8P?A!(b>dS?ZV)c4J8xnx>RsA=K$E3VL_8JxzQO zL85i>ZiyAuwji77&N!g^#+fkvTgE0r@nIcDsfZ~>Vq}mCiiN3`D8-0b`bA}Z>9G6W z<*yDn(XS!4rK(z^vQ7KxL$(Nf^u9=;Dc!j&2C^B}wvaAgKHpF(iMh1Rz+=$?*kcv% z*QbBw8IOskm2nCmdkvzPJ<^v+M;rU_A{*8%`|q2(Ou2xyMzqL$Oef>0 zY_HhJI8cf`?zXd2U@<^^egiZE^h<>6I?Mcwlk3f*{}~mM2U903pnd|S5Wk$=czS_l za0Vhs)Io(F`{1?gfm`wUA_Z|2YXnRPBac5}bSHITC*~-GkDh)N$J1!e4da0kSNAtK zbd4K&lv2&FfFs?}2iK$XD=Di|LZ+@A3U| z&tI6n@ivOq+rD_0e{T)|nJ1bLj^h94=8#1HdvoaSd~g)$|8Nxg``-ACr*`kpw7HRt z_ifslJ$Wh!+mY{GW4TsX0Kd0s-sL}YIXuyQ%!T>Sx#TGSo=fPhKHOXRQG+EgjE_ss zwHK&w`4|-}u>OvEtLeFXWuw zN4)5Q{X-7;6YaZ&Rqp?^P?GnEM#K|Gq@V;@$V`F`y7i@86D zm*GpX7CO2bBc7}K{R3BS;r-+(e1RXMXy_O}qXa*D7FOt#qkWbs+`!KXS?kE`w-+Xe zXghp2<|S}puBBa52Y2Z!h9^?=Z%`lIZ3;{0Gp<)9X^Mkwb;K_<_V0UV(q8sdvwvy2 zEO(%i44=Er)fPQ%NG2i_s+r%JY9^<(5 ziQ=UCS+dZx^5ZJw<$BhP&aa&mIrxKqkI)KxYcd|ABT6o|)7@897o?PYnqPt^fzDT~ zajSJi?d$rIh)<~nZLrWY#3%a?UqYj`G&iZT>Zub5U0y0ug(YR*QFyL{pv1NPSlWt@ z+OA6|jpkOEwQt`$pDmwlsqfa*1Qn<13t=`#n(8~HW0 zck9(OYNZ$&JVcZpAt0jpk7c=Eyk@R7lDsjLht}+Ia8$uRF zc5k?!zO*aA-~5hT@>nv3@)FrM+_d@YNYA?B$YfL_0{vvDfQ65-9a%u>Q_k!gx?ZI; z+blWM>ZdTCg|}2gvz0q7arWWrH2gK25T&?Cmu<9QKyIpx;px z|7wwAuI6qO5xkEj_dsW2UgXU%fmK$n!l3!!Rv4n99ts`VLaI)fI0PDtcQfVLY>0~n zausdwj_j^sU%FaQS~fa!Mw&by+huyNH`{PP0*|XV0-~0o@Pl@&Osrpxw&k7MKkFr% z57!fR9Dgnn9J`455XaoF^C=LCDJRe4kmXL_c|5(4vZK9Z>ZL z+x3+N*#OD|#@!O`|HfT4x2u(f3Mfppgzz7>cyZjX;AhFf`4VL96R6=6Tb##NYe@G% z){ZroMS`sNvQJp^1@*SO_Ah#rQHSZH!`J{+W7p(H!6yEPwp8f#cKhb9i@8|BINH7V zPR?pfK79G81kDlo+>A$2;YUds(=1J2T&WrKkflYZ8h_#Z)J9SiM{eOV=+y2wL)~&) zd@e-z{-?Io+_JjJ0+T0--2=k54$sv$ZYdxQ_f@7TU%FV~80A%za~SjDyo#!s9o1BKLYaN7GcW?A1%p zB^iW@vWH%Ft2B?-P{|4L|DD%C^3WGaK@W7HgFHzo!4qT6@<*7-d*4$4_t>N{aTS!8hO|hAP2; z%AD08H`!hLVV}4k;+fmw2h33vgwE-4GX=ytY$wJ~XwHP5F!=|T=UFqz<-WJ&?B%_z zWZ$A*;Tp~cUToV4T*dkuc@6jX-<){!oOtuo zDe*m-7iGAJ?GwU;>JPgxOb+}hrvjC%+M)3WlP9!R{6rm`x|Tf&v6&1+cnjG9BT4BH z*}DQ^O$fj@@RiP)t?`9RE2i&q=lpC=0~?SY#Hpk!c?s*@KPnM8_!&c4lvUuzK2^lm zA`kJM(HDJmp5*9YNjc`JfB*P{;tRr|V%?lJ;fb%1v2LHbTba)0p?1{1UuCUZ@VE5| zJLKf6@1Ko5#Bw)Q%+jxoNI@~`M|`!w^1knT2NR+`w%;O?Lmr}{s>dB^tM##!%e)-& z$H?uk3fH0fx3L9@#nGBNf1MgZdMjc*=*Sc#k9vp}vNt?}5Sd)x)yYA5q}#i+snJY3 zX~Sl2Xm?7MQXxdohnLRKv?LTVFob9$`v)H%lVJVM?zFF9yZXBdv{lV786B458 zs`QcO66ZCfG}qx`mW`@&y%-7l>uaDjH~Rj1zVYFv!o=(*@+K~=Vr{{X-6nNg=D=?` zZ-J|*oc$cpf`v#ziXukq(g=Fq))CbFh{!a@?9kZt@|+iw%_;LH8a1bMhrTapbl1sH z-db@^m~1?f(EWAeQ{x;3m7j6`tR!TF%I89b0q#*0SBj6>C#p zzqAlpQW=gTzWW7#$Ac?Z^VLu<+F&w6k9FCnhK3ZijHIvI{jUZjrY6j!ytHr`8HS*p ztOK;u`GcLpu*jR$?dgMWT1my)IPZ{5TBaddmRpgNz z10qil_frD*rC+&;TMPb<#$vT^4B2j*bl{t9yN7bv&p3&=`C$%*D?YD3Uro%r<;Z+D zGzKjci*+$Q49nn`cTKfDoACWd>ovW$zMnOHNKZ?=n#QXtMi)9OWc_zXN2qW7;5k7b z*?&qwjhu;lJnAQIStB-HR>mmGXy76X;n#g*rKeY}CS~_R6{&PfeYhU8J>%D`i}18) zbENa5l}=}RQYKfEht#^B`!}I!Nf)@tYlDMDL(KLF_`JTl$-8?-W}1gp%ZkFO#>q}= zHBX<>H-E;qy-58+g<4tbAS~|5Si*qyeeTP-rE8_YO!peaAOXStq?O4q>(CQ*qlP27 zDY^5fI1JPIwwyY6vZ6Jn3>i4BeB)`yUAMT!jJ#ar6VEl3(wgpYFd$52Q@oGYpI=)k zuFB6Qri>eQJw!y(TWk3d{NAJI>38-Tvz+~A-7(%ZN7=qaw-9LkMD~=uO&%d6i<$Ru z{Y{{4$(e+M^1Wz>s(QYcygzF{rpM$`cg1(Dy=fAy{>5#u^r_yBGx?+#Pw_#pPn7Q| zVT=Te1mj1>l3SeL{R>V6%o@DHEWL(Qa2-Pkr1KE*%w6+ZzDL*ZxN>C?^b?vwCd%m6 zVxjlq*FDfEbw9}680S;?O|P55L!)q>-bAcaE;?a%U~H(nM|IASORZ+V_>}c&?lCj< z&5Y>gY&_a|8HL?s6pI%%17zZ)x|yt#knX19ZzS_Uif<~iX>0Dj4=zvTpp+p3ovwog z7v9z{6Sim`{k>>ve*+iIA;49^UYyx+;cZrK!!|4K|8-sMZ&#ZY!Fzz~h7koOO{G!l zV1z#oofvr4eo&adW$zN%XXit8W}BGwa9+0Q!2+i6z**nEABmmF@7~9q7=~*WKTYX| z`-a9P@!vcl1;Wu~n@^Uo;{Hv`FhzWO*!iNv`;toF<;)EU7=2Fp>b#T*I3EM zIrNK_8oTdP!btyPeLm@tG0P5tpPz5{=M*thkHs9Bz~^iItriagmZ%I(Ilg=fE`GG~ z>wGXH2O2ot+}?dkK*aD7xYZk5@f&mlC;DEZwB^0 z)N%PnN=z+FjPlSuUiyU{|fI;juSy6K_qi){tk%YFD|9 zIBDZfU6x+aN!C;QH3q|)jG(UYl}<@^<^tW_gH2o$WCL4o=7=;Fo6x?7oD7dPn)ysu7ZS?vD!Xfr~n+OS%o0 z4P)bt_lCo7iFIjCI)Wo| zNdk>hGmPv|L~V{NyAMO6ukdfR$d|~uD3l&MzpWbMP%GZ~=vkV;%WjPtIsf4>v)aqF@ZfS3FEoM?rSmP!UN?v6@Aq_2M4?^*BF%mhg+Iz>@ zScpA?q_Z*z9fe> zizo5Fq_m`oamnLKpg$MggImu%Tj z)Dn7G6e$$Fd=|oUwJc2)SEFK44(F0+w}QSp24OsV?r3iooP|sHwfS48fzZpC#1>L| z7Y+_+tbu!wkO@}!jomh%53lG9F3h-x*nU~5(1qf2n&#_DbiY$C=79)4KyNN4bKMO8 z>NN}lX_pA2Bi-q;Lw@SodkP{ciAZ9K6h=|y zTl9iiKm7Di!p!;SIUNcV9J;L1=kceNIPul@_NZRnE%#Iw>&y*QEzbnkrvpH3IEPkQ zuvPBx?^VuV6I|tbc7TdM&`YKruq^~uJg{B28KMD{AC{o8|JP;)n^!i&^#l_%{uWi< zE|2|p+wHMDm`yI4rChe%*>+^O+QHU(Zw?1B^mfs{JSXm?!_)SZZE6HQ`bm^&lR zDCr0-5xt(y!hSh~_1XQ)Qsfq~9?2pSz5(Zp@jS2ibIN{18ZA4^8o_D|zVq}AmUb7f zbsaXRIHZD;vXTqcJ+af1*TZG#T-%oEq1c(NNq`DCjz{iV@JY1DIBhSOURC^ zUXc9I5EA4)T&=*=WCWs@-6Z->ax`juP{(=bO*shmivvC{)VY*mh#O0{9e-x>JH3e& zrKPfH+_ZI-V%`1bx2zYxP3@v3&=dL&CmcV_oItyNTLbL(jgdh(c26d7$?jEQ zs_QKaSYwd~ythJKsV71B?SU<CTm?vV>Mr6x=@rX~xIDf(a0eZiyF?wcVp ze4pESSK3J=>bo$XX1$T7HI-vE)U(jM9e=K#zujVq`tF^b6JAji|AS>0){v0yU4sTI za&F;da6nvM2oNX``oMO5Dk1DZ1z}U^+DW`I?bTGu2dC1ru7d7S#A)F;6%#4s^z^Lf zl6_=&N*qW&6oUB2zQ*pda+Gfm7Sa0F$VB&&IZru7E%HoECK-p_!>G8a{5^z)V$4fV z>Qi`|rAh-)Kj_J_E>MJb{OWK%eDr00)9;cn(`+cXTT-yeJ^A=Y&j&J;cFCKX1=^x{ zcVaXiwq5v)Ip8=B2y4rfJ$*1UZbI{_$v{s$({hsj6U4RFL9ZMX@-^lo+A$JQ;DympGBMIdpF| z-@7k<%+0?Lj9C#$`xs0yvn-~YDMBb-GgA^($TIOsZWt|Q!d)ImoX#@t9j!ASa~@O=Z@8u>}0;~qb$J{G6=^K4=YmeN3H zQif7d8Kq&4aKpE0UVLezq#;>aRgp_&2-u)6M0q1XfNKG;cHI{smQW$k7ba#lS97LX*dS^-l*k@GZfC?7KJC%1o` zqcSdkA7!~~Sz!Bv1PetjNMR130B3!egw3z|Yx8TFV&9Y=xEQk3CGux|P>Mu=b1?*Z z2R0DS{|>~I9vH~78rk`!nGkH2a{bQ%80@#LvZRL?p)6u<8+mse@6J|DmMkc1l6Xv1 zD2Tt=1(}OQ!^ISaVRBri|qRYE8k^s{4mp0f1UxI*?#n0I0TX2%mlow(&1 zY$feYB952l1aeEfj|4dcoC$1yIn#Hj3D|4-wVkMG^i{9e-9WE_O_p+LqSIjtlF!_9 z=pGkz=_}A3OJls^^(Pv~l^SD3RGlun&tmw*b)|$!c^vM~EGnN2X(e@hxL1LHU+8c5X zc+a9x+`c^aJ7PR>?BypctjoQT8MqE=@J$*Cj(x^uVD?e{+dgJWV7Ai%WH(?hOtMH2 zRv_UM zq_UL72C3qpXZrQ-2NTPok4b!P(H&2JFHptj7n-0Tu8fjM{H8|Pgj(DF_IoeOEJ~TI z;|-KlZLC;MqT6r7TYDdIA^lvUp%q!2dlG(YsDQu}O0K}I{~o_>+lzeDUBfQn=94vZ zBf9Bxe3JN38)BZpxO=)^t)tq%7$4k`M-)SCJEwq135*}4yl&=Fxv6{ul0!bZI%2k}&M`R0cJPG?{$16tF>H9P2b6QB0WM;0!L$3bG`TH@O zx@_LqUu|r9ltJC%H<2OF0m;C2T{nm~)DouK?0@~*96Y#%MFHj^KsWVLf#;8EY)P9% z66SekS2K*BOy^wIEt>Q%0#=9?=SKn6NWwaQ+JY4F?Ml*4&uF(m&5|9(nMu(Kp7#~3BXlRzgj33(8XK>P+g1#Mso9$j+} z;3w4XhrlASa~l{%i{QFltp)A7z}2!=x$ms`Jdqj!ls0nG0^4Kv&wzqEj~szTWE*8$ zmJROtD@&$s!!L3ISgs(p-aUAKC;xU2rl8g}1rI6qEf@hG@M(+r;{!CGZU8T_0ox!@ zudxhgQmn8nXJJp#<6g74gNM6(>h9DfGgR>feERY64+9HmL99xC zcqgM1FJME!xHbe~U1M-jPPI2weSWQ3j^vG zatZ*9S=xQH*=Zg+t3K}D#^x5_p*p%#QM;Chvf06kT$~o{=tX6#iTxS`TN*-uCy&EF z!LqKvjsY)eVP+EkP}#)Td&dTER;7biduSY||MFD#{(}kos5T-A>x9wCh7u49V+3A4 zGpP#7LvZbvydI!DU4T65t;2uhDGWk_$Ji0Z_}VWkEV`~37kmR5H)_iBA~5s3OuFB? zBrqOh_2lb%c+=D;lug_wXgBpxly8LVZIE%%ED}Tuumafrnu4;E10ZAkcmFWx7T}X| zO&SnLAFXloo8h(r16%59Rq=s_w|f6E!Rat6#0XFXY=3#E8q^ua_}aUfmIPOfaZLcm ztP-|*^@zb4C}k%O9kCnvXsLVx9V< z!_#LC)CaHlANrU8`mnc(|Iz0I7Y4i;{20dgTKu#$xng`73ovFOGV$%QIJzHC8IK~F zT>sN+$6_s|xDIB1qY76ce62PyPu8+?D;~J{f+XJd#=7HjmzY zuX=DM!k>yyy4FNg2f_3%@=*%P>7VyNQmtGM)Bv$weTDbY=kym)9^9UP$Wsi+L)wb+ zN1oSV*zg#;!WjR$X3*j*#u`f?V`JU;<%C5=lFN1lJ=TWsmA%JW5i4UWbUIr$y4cE2 z4rWKZfgodEpdtxpa=F2<&aPpNUSW-vfLQPE-IC^iVAo5Fv7PEhE=!{NJ3_LX?7?WK zC+hjelB*?>-%J{a<;n@K`Z@CwrVjc))HwsxL2l`TKze{)a^n%;ExztB#=F-TpItHj z=?gICwuyF?KO3}XqE?aSkYb4<`w-oE*Rci5809CANsOp3U%IT;rdJd-VT80V*>@0> zUjhl9$9lj(kN*p51w3r^$B90IPQ>EO9*WTymS&dDOMx0k+k;6XGU{*ALt{sea{4ss zu5+>I?LfX*5KLDR-o9xTh~N^aI4pnbWTgu1Yj;~B|LCN;iwuvlCyes71kXzKit<+) zkTMqUuzFKhc=Gl;oRs~i#x|V6R&Se>MV|4_h4>gSMvc6Xu(i|C7~7M-n}#;Kf7br@uDA|u?pkaQ)5-BITy!dst65Y6iq zyeK`V1PX*L_YZ+G0D-1k)cy#>2_)Qb@(AyLa?ZHo`~q|&mVnRHjIU{Kc6hkE9ohDK zZH@+Tj1}G`7MLB_PSL@zayp)s)#?W+?;PHM2j&9<+rK6dklp_gi1P*rmL(#ZifB+q zJ9R77Foj2~_)RKJszAn~-C1yqbM4$z}$6nY@6y+be7y0;6uX>Nn1n{R_D6eOu%bac>R> zKs0Alml_@GipZ(LSQ&*g&k^s(3+N4j~4}n`;-+!#mY793* zGzNjUss@vTl~XZ`)T7?In=sx239F-`!>bAh!Jw9}8RPN_D%=Zz0&Z7e&oJ`ZBZ~+j z?kh{x1M4V^;Ps;YE?#vjH*l(BP$uOQA54aQ_y`h7%B} zvT^;7NDWmt;2Aa;#{9>BncHw)F;_tc4SUBUNHg<6uS#)yS7gya>t$(|`rC@His7Wm zemRU@B8Ev12$gX2LCz6IaKm26KhdVyMsW=(_;lFG|XQT zo#mXU-9;)Caxc#6*s3xRZmwQ($=~^0L!ptR=?{VpbRoh63x|QNTmu812>Y|rqbq=5 zu>|)*2?U}J?h`>I8B18?;-NNfYC(=EvMlO@4!tS_dJoL< zG1Ta8Zu{Xp;b_F4aU2&7DkiwdWXwb}zxM!9xs;{j~3ZSR3~tPB;fj&)n| z0r`-R^RNtkcFu`F2iWZiHQWpos4W3=VDZ1Q+upkx!@J+W7+8JA9X01H?iJT;{`SMY zVH(-el)T?hM>Tqr`VGSQE2Pk~%50M)KM)Og3kzOIiiDvpTtl-4&}@O4g!d62h~~e6 z*`RALpIOZv|?Kr}=gG&olNjs=q}{F;?* z0m;Ccxn9HIA1iMi!7VVqgmIp`#u=!Y|KTir0dQs$Yx;gmga3UZfd}Py5oU~EwcO2$ z_bLTQgAT7)Xpep7a-&?gM6#Me(n~oQ@Fa@*CtU3n+>#S0k$cbgo;2FZc(<>F?%$m^ z^s-}9*xJ5TA~n!1LAQ~iL`;2{QAH9U8de^>Uqr1Tff6Cd{X?P!K%xf?@qZ+GsDcG= zIgb9PSr@K269c`pF#XESbyISgBzE3@G0N-=J#yvUEx@uyicE2s#>VL|kyf`f1PQAy z{I5;^_3E|C+6+h-DgJN5b|}C!xGR4SfebOx}l&fJK^8mx*at|I4xH~>3i_$*N?J82< zN}g|1O5ocR6|vdPnqL^c6ev%1;{D=lLX99R0*EQU2{${Ag<($r*W2v)0L&O*hG<~+ zgXUkh9R3wk%o9SHe)>`?)rs1SI(RAu0$c5^R8AMA2a`FE=4z69o z)J(djW(>u?ojzcGmIgea5DD}moCG(=j)QTYy2e@migQ6B$XUGeMKdp9BB~b;)o*30 zd6tL+9qC{rBg)hK?XV5%dF28~Y@JR&hz7X}H#?4pp-o;x3%)|L_zt4A7^fL(OZIpi93BQ6UHpn60l?S0$LO95Ob^~s9p8!*9;+k4TfLiT~bHZID zUcoqz{a0suhAYmb)F5X=+ro`oUXP@!@GhdazP5%qZrK}~km&w0WL9cVlyOd;QY5VG z^8qoqjRE3}Wm^_mve$BhlccKO?!4fQU%YdHO)er(T5QF11=YJ3_6 ze*Z2oZwOI9TjB=M-U5Z^|2rma;=&XP{f9!XfI^G)7=IL^55$JY`8AC5=rzu+SDZU{ zK+fbf;|2E4MQtTL=HfJ4;sQ9Se534I*t~0IBP3Cudi_nc>tjj8LC#KWz;$3?D+;#1 z_M>XhH!!r3YiOxgX!NkHRz5-`qqWBS236a~^`_gO+n=KHx~9r}6;~X=&Zq-!I9BoL z|IWz+(PD4GD+q7?1Qoi>`G-R7fI|Is0}x0*&I?ejG>;PUMsG%4`Bl(!G{K9RW!jxJ_K39i^>rDI|co5A;%x~=fJR@zPn!fc75 zyi5Y(?{zp&9qjMtJAtsc_uz%^tx-^_i z2}|KEh_?}k3U4oz4#OL~hWFqK&m6pDz_NevI$=sW6?ewZ2MMn%?|_@BN*5hzNx_>F zg>^kMN7HgV4yO(TBS?T3MYpR!iO%Q$A(11n!u|XNTrUE9u>`8ZaArWpKP7U!qWl}S zDktfqQ~7E#A`w?6#zb}aW0vWN<;!^aMz5W2qq6I8VzBHf2Q*B=&^B+tyY!I>L;G?~ zprk9bNf$sMwsZyc7h^%Gu2kQGoLMD!Z?mcehL2f$7!WJ!hh1)ZBiJ!6rU>4%1>q95 z;1z~rc`-enLfJD=^oqr_yoB%hBX8n_N(-r9$F@Q8H&M~L73sP)Re!2RGYKFwi zaC+Ab!Mus0Ox-xaal_Gj$r!pv#K$1#H@xtQwY#tq3H17@IIuW6drhGh+x{JqaeG_)-&1x+oqC5;}oS6Wo?pB zKM{~~)&|_<_bm*q=f7xz0mBogI4`L^tV+V1p$Q`YwaPB0ic&y4Y2-i%FcM`j8P>EM>akD)l%QecUFW(DKyUT27PchkeWTcqAljK0yx_TK0aJ+k zA3ih=D3tW^;EzHt5#R>TcQDQ!*Eo+~apr9WInOEZAgb-r+k*;yorf%%@4S%X>C;6C|vKhz-#L z7J0D!wbCm=-~SUz?n)bi+W-_}%)@W*l>54pex{|f4I*%&%8A_-gvLcP{SIKK@uK!{ zZa4ywf`Q`m{~dh}SV3t{?f)T-10apdN1(V0_JUi61CMXfzdXmu;fgPm9prnEU~<6D zQT=UfS~+xJ6VY*ir~oaLVVnHBw>aUFpP#n%BM`}c2L}=ihyu31lyQgF!jPi>>!VJw zS4c5Hp%4iIQU0IX@%O+N|9*7e8u={Vn?h1d@@ziLUN8D%E+P4|JxJI}`sPUe+?{+T zn=L7!4hY)Y1c@8Q_%}zkr3g|j)p%_S?tzqMci{!_gXb^_vHl_9EFhugN6tSITI}Qe z|8Fy1uP8YjgoC}DeEw%IWS5#jMX-T^Z!`Y+I0tx}5dvuh9#~K?t>q?tI+fP-lpqJ= zH%4lxSS68!{lODR>yajRuLiYxKgQ=z)bWSru`lh#YzBexl#nApP5^bm_Ls!#&`&Ul z$*)Nay!q~lrbY&xcC81D8Q2=3U`nYNIqS}gc;~hr^f>sAYSEa8UW@x>wAos?U9taq z^qEqZ5T2(@I#j#gGtI|HTjYZ4h2!>DX|-ZS`s0VU7(&{@930T-vLCoIKE$kQS&F4> z;H=RW++F@XuFBEF6tNq)7b0iC#m+`@ti?6qmX2SkvGYuo+cMz|&Nt*U`B={L=e75t z4-JifyqlidSwPFEL zE0|t)tR3*iKKl5#E>0R*LL$yBGoz~ua$wDdxAGmz!<^z; z!NwDfV&8cNa4n*mTfi@zfnJ7yUVthCto>zBZD<2*B!$;TGIKQ&YM}T6%$ch%N_Kz3 zz9&6G`^nX+Z?+^NH!rBMsjFs=+Noka%_0lEcHA>Q z{$h;&Mt~LKN&s?r4R8Pg6s-MqztQbb5#(@u?U7MWnJW%{0x%9r|8Gj|x`=~Qs{E+$ zz>Cgb5jq?(T&&yiV=B^Q3`_*xIWydi})M@mD3sKL3p&+QDf zptDerkt%Sy^Z;N4w!bWK2igd;#I+p61>?#R1#f_s+>~$gX zf9)>+dXN^{1nc!$8ODVI=rs=b`=5F((;qLP?L&g+CC#v2^8f24|F0J^sJd;=zr5se z9kNBd4e+i*!I|s9D|^AG$^9(!5$;e+Xx1ReoU{LbF~9C5tcS2N)bZIhFNp&zBnRw^ z&#G1bFqd&ghG+wVg6%I=<)ED~<|Wsd1FI!4et?h5deXu5J~=F6Gc8{!k| zmCwO$d&uFXZimA#CvE$O1i-E8i|y+FH^p;C(BM6tF$I$QaIG}p0^F+p;{q!00df&v zRZULgk4{wLSat{x5ucLR97FRE)Vm+d*XtU9$S?u01pe^_nujGNt50T8HP?}%UDw*i~dgMxc`mN;#ZBD%Te~U+Wjs89F@zb z;^b|zN3LzWS~21&x7+hrHQJ4%G4Q?o-%9o@c671t-|l?k%X5lYc1XdrXnxbKmF^HV zQJMUk>o>zg{ED0)F7-ENbJPo=>N5y7LB$1l2C0<47-N2@5l*jCB*osjPB{kjm=j zOTXxVonevjd9mK-Pt!HpH{D+8pT7MBIUxV=mf#Nmo<_LT#F(NrL9VBdea5A>2$Ahm z46j5fW_pLc#0$A*@`Z7#a2o-lATF0kig(0xq(=@h#z}Vix98r-xAY{JY}L4WwQ?^) z*@)_DS9d}VRH6%UQd*}3XHNL5iBiXK9TAv8i9xE{9xaymW_oG(a4SHvJw~SpC!IGeyaY$B{ za3%Ig)LuhhUk}zI)3K*k`ETYNTa=h@MD)9_s-&j+Dqhh$mDnv+X{o2D`U)SP8~i?VOsb90q_c=hRv-^N(zDmcG|+7z?nnMyV5lb#rr|TM1;2PS)?F^%jQnMo>+bIBQ>UvJD{uhP1PGk z8purxFQM^LKSl27%ysl0p)~dSM-F74Kzm@> zlSrExUlzkAuy*vKcH)RR~H2Z4b&oAso_9hX+=bGM5v7` zJ(-G~JT@e7W>8NF?I=lC4?e_=3b7(T4Sy~mh9YIzn1rhHrXfZ7{?Ce-vx$^CixjRS zb*qeCWAcyY;#dl8>EY3d>S^>u2@i$~sD+04Z5PK04OoBu3RmIs%U$>WCN>e72jSn2 ziN5>w*&wo0d57DwqJjxZ@$83+fHD>-&)Y|~OQBrZdKr9$najl75j)@9i8b|tYF_TvQC3&!0QgBz;L|MTHj+JTbXH^jt44H+x^1k*# z6S>P#^a|%DH)STaC!tycGQhhY~tq#qV<&1$|or+!WhQ{RG zurLNfm#D9?cJ$;M7d5vd9PKX#yD9J8(1~6{yh-~78#iQu{hR*Jm%4FzZ@(pkaEex; zE2KJNDsQ4lgb$pEx5w$7%8}cK@LOr^b((G0DErxde;H}OWpg1iwWItQlPy2L;#=Fe zB=-w)!!60PPkmDu#w*X0IS((MvWFoe?=<@H3s*q-lwUo}ruR=rl<3f5Nq?C6Zr?k{ zeWyCjji5XuEV;EJa~RQp;V~mOx)uA*R(zD@i&I3~ts~bpV&UKQnyifX+BIS|*gCcJ zpq$cm-Qt9UXX8vbB>`31taF<|$w~2JPfquDMpu|b-CnFPCKlq-**vnUiA$aK+xXxx z9`bDbyMATymN2%yXdKV`!E%(WXNx`8M8nS z!;cTMRxdBNMDAy8KP_5$()_l~+yNi$b=s@Z(RhVmqNM5lBH>+r#iX`d8;H#HjY%N} zIF{;=2<}G%he|fec0UQ~eFGo!S|fBucd!+&=JANpVh-g;IylgvayWp!C8n2-0nB&3apFP-y?G!Fx0A_aG@ zzP-97TX=+EjPrX_I6fkoj@uTY$QR6P)QX?IStWzF-+ry4R=-&pA&#Gwow=4mrsJ4@;wyJ@7)*kF$7_4#-;u=xle`(k(HvpDJxtfD!6mzZND=3-fm85#2*aJRT(x9;k=h> z?3N%`peu4{H&jmz;{J5MQ(q>#+*#$QPaiu$`+Fowe%XQwQowSizI}?FfnNKoK_mh6 zL}dK8l&9<=L;|`HRGshYr}$+z{8TXHAH?s?$*%)d;I?$pPf{<}71`>->UE%gOK6T{ zT@w|^@zW>6uRkovMU^G31SY@yvU=v%9|y5+@gtY~M7jB~Jbkqc#rPtK*Sy)O)Qjy# z^8y|@h5+i*ZY4_0X@U-eUrDPxzb}8ScvsGORLi!nGDJrixFXiJsC$rBQJ@N} zV5M}Cx~FqyYtT^4r|fzT&U2$J7vlFhOm7JdX@k)+6o{7pcbVuANPdB>RO{bas*f_T z5&ijI<4>ZV=yC({2*}aFc0J}oQt%4FcqQ^>7zyd?$3S}XWx=G?O6QnEND1>=mxPl z9U=x2xoaWcSwcViyqY|^EKAFgm>p4|CqxxwT|=;a?>qw4mGlr-`tfsNp_){j_XiH5f`8h7)51!nHl<>5@~ zzB!-}A=}~+Nr+*qX3J~E`<`Rw?lOXPWbYU+_@GEs#JN5c2ic^Ru`PzOM8-2Y^~9`D zD9OzB0%0FTTUJraE8fVW)zvyYO~`}9WG1HYNi}HTn>6r_yN@_w2DbX!z`h26fj<<6 z|1t3U9xQm(xn-Dv&Hrm)UxO>*{JEU5-Do=s`X~g8gusN7V-?M9O44$T6=iYU_)f>v?ToY*FK}Qy zt~d|^L