From 21a560d56be39efa79ab2b446b51e70e7a45f270 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Wed, 8 Jun 2022 01:22:34 +0300 Subject: [PATCH] Remove the unnecessary changes --- agent/go.mod | 1 - agent/go.sum | 2 - tap/go.mod | 1 - tap/go.sum | 3 - tap/tlstapper/bpf/fd_tracepoints.c | 20 --- tap/tlstapper/bpf/golang_uprobes.c | 1 - tap/tlstapper/bpf/include/headers.h | 1 - tap/tlstapper/bpf/include/logger_messages.h | 11 +- tap/tlstapper/bpf/include/maps.h | 35 +---- tap/tlstapper/bpf/openssl_uprobes.c | 1 - tap/tlstapper/bpf_logger_messages.go | 11 +- tap/tlstapper/golang_connection.go | 53 ------- tap/tlstapper/golang_reader.go | 118 --------------- tap/tlstapper/syscall_hooks.go | 11 -- tap/tlstapper/tls_poller.go | 158 ++------------------ tap/tlstapper/tls_stream.go | 4 +- tap/tlstapper/tls_tapper.go | 4 +- tap/tlstapper/tlstapper_bpfeb.go | 42 ++---- tap/tlstapper/tlstapper_bpfeb.o | Bin 156480 -> 152792 bytes tap/tlstapper/tlstapper_bpfel.go | 42 ++---- tap/tlstapper/tlstapper_bpfel.o | Bin 157296 -> 153608 bytes 21 files changed, 40 insertions(+), 479 deletions(-) delete mode 100644 tap/tlstapper/golang_connection.go delete mode 100644 tap/tlstapper/golang_reader.go diff --git a/agent/go.mod b/agent/go.mod index 3f59df01f..061bd3502 100644 --- a/agent/go.mod +++ b/agent/go.mod @@ -117,7 +117,6 @@ require ( github.com/tklauser/numcpus v0.4.0 // indirect github.com/ugorji/go/codec v1.2.6 // indirect github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 // indirect - github.com/wk8/go-ordered-map v1.0.0 // indirect github.com/xlab/treeprint v1.1.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect go.starlark.net v0.0.0-20220203230714-bb14e151c28f // indirect diff --git a/agent/go.sum b/agent/go.sum index 6c0cd1018..aaeb2dffd 100644 --- a/agent/go.sum +++ b/agent/go.sum @@ -702,8 +702,6 @@ github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695AP github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/wI2L/jsondiff v0.1.1 h1:r2TkoEet7E4JMO5+s1RCY2R0LrNPNHY6hbDeow2hRHw= github.com/wI2L/jsondiff v0.1.1/go.mod h1:bAbJSAJXZtfOCZ5y3v7Mfb6UQa3DGdGFjQj1cNv8EcM= -github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8= -github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= diff --git a/tap/go.mod b/tap/go.mod index 810c4073b..519c4b8bf 100644 --- a/tap/go.mod +++ b/tap/go.mod @@ -14,7 +14,6 @@ require ( github.com/up9inc/mizu/tap/api v0.0.0 github.com/up9inc/mizu/tap/dbgctl v0.0.0 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 - github.com/wk8/go-ordered-map v1.0.0 k8s.io/api v0.23.3 ) diff --git a/tap/go.sum b/tap/go.sum index de38968c2..b73141db4 100644 --- a/tap/go.sum +++ b/tap/go.sum @@ -130,7 +130,6 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/struCoder/pidusage v0.2.1 h1:dFiEgUDkubeIj0XA1NpQ6+8LQmKrLi7NiIQl86E6BoY= @@ -141,8 +140,6 @@ github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq// github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg= github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= -github.com/wk8/go-ordered-map v1.0.0 h1:BV7z+2PaK8LTSd/mWgY12HyMAo5CEgkHqbkVq2thqr8= -github.com/wk8/go-ordered-map v1.0.0/go.mod h1:9ZIbRunKbuvfPKyBP1SIKLcXNlv74YCOZ3t3VTS6gRk= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= diff --git a/tap/tlstapper/bpf/fd_tracepoints.c b/tap/tlstapper/bpf/fd_tracepoints.c index 4f8c2871e..88add7f44 100644 --- a/tap/tlstapper/bpf/fd_tracepoints.c +++ b/tap/tlstapper/bpf/fd_tracepoints.c @@ -90,23 +90,3 @@ void sys_enter_write(struct sys_enter_write_ctx *ctx) { log_error(ctx, LOG_ERROR_PUTTING_FILE_DESCRIPTOR, id, err, ORIGIN_SYS_ENTER_WRITE_CODE); } } - -struct sys_enter_close_ctx { - __u64 __unused_syscall_header; - __u32 __unused_syscall_nr; - - __u64 fd; -}; - -SEC("tracepoint/syscalls/sys_enter_close") -void sys_enter_close(struct sys_enter_close_ctx *ctx) { - __u64 id = bpf_get_current_pid_tgid(); - - if (!should_tap(id >> 32)) { - return; - } - - struct sys_close event; - event.fd = ctx->fd; - bpf_perf_event_output(ctx, &sys_closes, BPF_F_CURRENT_CPU, &event, sizeof(event)); -} diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c index 05377f729..d5d481437 100644 --- a/tap/tlstapper/bpf/golang_uprobes.c +++ b/tap/tlstapper/bpf/golang_uprobes.c @@ -119,7 +119,6 @@ static __always_inline void golang_output_ssl_chunk(struct pt_regs *ctx, struct return; } - chunk->type = openssl_type; chunk->flags = flags; chunk->pid = id >> 32; chunk->tgid = id; diff --git a/tap/tlstapper/bpf/include/headers.h b/tap/tlstapper/bpf/include/headers.h index cea3dad96..8078051af 100644 --- a/tap/tlstapper/bpf/include/headers.h +++ b/tap/tlstapper/bpf/include/headers.h @@ -8,7 +8,6 @@ Copyright (C) UP9 Inc. #define __HEADERS__ #include -#include #include #include #include diff --git a/tap/tlstapper/bpf/include/logger_messages.h b/tap/tlstapper/bpf/include/logger_messages.h index ccb11c0a8..d581c25f7 100644 --- a/tap/tlstapper/bpf/include/logger_messages.h +++ b/tap/tlstapper/bpf/include/logger_messages.h @@ -26,16 +26,7 @@ Copyright (C) UP9 Inc. #define LOG_ERROR_PUTTING_CONNECT_INFO (14) #define LOG_ERROR_GETTING_CONNECT_INFO (15) #define LOG_ERROR_READING_CONNECT_INFO (16) -#define LOG_ERROR_GOLANG_WRITE_READING_KEY_DIAL (17) -#define LOG_ERROR_GOLANG_WRITE_GETTING_SOCKET (18) -#define LOG_ERROR_GOLANG_WRITE_READING_DATA (19) -#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (20) -#define LOG_ERROR_GOLANG_READ_READING_DATA (21) -#define LOG_ERROR_GOLANG_SOCKET_GETTING_SOCKET (22) -#define LOG_ERROR_GOLANG_SOCKET_PUTTING_FILE_DESCRIPTOR (23) -#define LOG_ERROR_GOLANG_DIAL_READING_KEY_DIAL (24) -#define LOG_ERROR_GOLANG_DIAL_PUTTING_SOCKET (25) -#define LOG_ERROR_GOLANG_ALLOCATING_EVENT (26) +#define LOG_ERROR_GOLANG_READ_READING_DATA_POINTER (17) // Sometimes we have the same error, happening from different locations. // in order to be able to distinct between them in the log, we add an diff --git a/tap/tlstapper/bpf/include/maps.h b/tap/tlstapper/bpf/include/maps.h index 351343bd4..b9fe5966b 100644 --- a/tap/tlstapper/bpf/include/maps.h +++ b/tap/tlstapper/bpf/include/maps.h @@ -19,12 +19,6 @@ Copyright (C) UP9 Inc. #define MAX_ENTRIES_HASH (1 << 12) // 4096 #define MAX_ENTRIES_PERF_OUTPUT (1 << 10) // 1024 #define MAX_ENTRIES_LRU_HASH (1 << 14) // 16384 -#define MAX_ENTRIES_RINGBUFF (1 << 24) // 16777216 - -enum chunk_type { - openssl_type=1, - golang_type=2, -}; // The same struct can be found in chunk.go // @@ -38,8 +32,6 @@ struct tls_chunk { __u32 recorded; __u32 fd; __u32 flags; - enum chunk_type type; - bool is_request; __u8 address[16]; __u8 data[CHUNK_SIZE]; // Must be N^2 }; @@ -61,21 +53,6 @@ struct fd_info { __u8 flags; }; -struct sys_close { - __u32 fd; -}; - -struct golang_socket { - __u32 pid; - __u32 fd; - __u64 key_dial; - __u64 conn_addr; -}; - -const struct golang_event *unused1 __attribute__((unused)); -const struct sys_close *unused2 __attribute__((unused)); - - // Heap-like area for eBPF programs - stack size limited to 512 bytes, we must use maps for bigger (chunk) objects. // struct { @@ -103,19 +80,11 @@ struct { #define BPF_LRU_HASH(_name, _key_type, _value_type) \ BPF_MAP(_name, BPF_MAP_TYPE_LRU_HASH, _key_type, _value_type, MAX_ENTRIES_LRU_HASH) -// Generic BPF_HASH(pids_map, __u32, __u32); -BPF_PERF_OUTPUT(log_buffer); -BPF_PERF_OUTPUT(sys_closes); -BPF_PERF_OUTPUT(chunks_buffer); - -// OpenSSL specific BPF_LRU_HASH(ssl_write_context, __u64, struct ssl_info); BPF_LRU_HASH(ssl_read_context, __u64, struct ssl_info); BPF_LRU_HASH(file_descriptor_to_ipv4, __u64, struct fd_info); - -// Golang specific -BPF_LRU_HASH(golang_dial_to_socket, __u64, struct golang_socket); -BPF_LRU_HASH(golang_socket_to_write, __u64, struct golang_socket); +BPF_PERF_OUTPUT(chunks_buffer); +BPF_PERF_OUTPUT(log_buffer); #endif /* __MAPS__ */ diff --git a/tap/tlstapper/bpf/openssl_uprobes.c b/tap/tlstapper/bpf/openssl_uprobes.c index 0fe820792..8a8dac88b 100644 --- a/tap/tlstapper/bpf/openssl_uprobes.c +++ b/tap/tlstapper/bpf/openssl_uprobes.c @@ -132,7 +132,6 @@ static __always_inline void output_ssl_chunk(struct pt_regs *ctx, struct ssl_inf return; } - chunk->type = openssl_type; chunk->flags = flags; chunk->pid = id >> 32; chunk->tgid = id; diff --git a/tap/tlstapper/bpf_logger_messages.go b/tap/tlstapper/bpf_logger_messages.go index 6bbc17688..6ab5ea509 100644 --- a/tap/tlstapper/bpf_logger_messages.go +++ b/tap/tlstapper/bpf_logger_messages.go @@ -20,14 +20,5 @@ var bpfLogMessages = []string{ /*0014*/ "[%d] Unable to put connect info [err: %d]", /*0015*/ "[%d] Unable to get connect info", /*0016*/ "[%d] Unable to read connect info [err: %d]", - /*0017*/ "[%d] Golang write unable to read key_dial [err: %d]", - /*0018*/ "[%d] Golang write unable to get socket [err: %d]", - /*0019*/ "[%d] Golang write unable to read data [err: %d]", - /*0020*/ "[%d] Golang read unable to read data pointer [err: %d]", - /*0021*/ "[%d] Golang read unable to read data [err: %d]", - /*0022*/ "[%d] Golang socket unable to get socket [err: %d]", - /*0023*/ "[%d] Golang socket unable to put file descriptor [err: %d]", - /*0024*/ "[%d] Golang dial unable to read key_dial [err: %d]", - /*0025*/ "[%d] Golang dial unable to put socket [err: %d]", - /*0026*/ "[%d] Unable to allocate Golang event in bpf heap", + /*0017*/ "[%d] Golang read unable to read data pointer [err: %d]", } diff --git a/tap/tlstapper/golang_connection.go b/tap/tlstapper/golang_connection.go deleted file mode 100644 index 86f6790c8..000000000 --- a/tap/tlstapper/golang_connection.go +++ /dev/null @@ -1,53 +0,0 @@ -package tlstapper - -import "github.com/up9inc/mizu/tap/api" - -type golangConnection struct { - pid uint32 - fd uint32 - connAddr uint32 - addressPair addressPair - addressIsSet bool - stream *tlsStream - clientReader *golangReader - serverReader *golangReader -} - -func NewGolangConnection(pid uint32, connAddr uint32, extension *api.Extension, emitter api.Emitter) *golangConnection { - stream := &tlsStream{} - counterPair := &api.CounterPair{} - reqResMatcher := extension.Dissector.NewResponseRequestMatcher() - clientReader := NewGolangReader(extension, true, emitter, counterPair, stream, reqResMatcher) - serverReader := NewGolangReader(extension, false, emitter, counterPair, stream, reqResMatcher) - stream.reader = clientReader - return &golangConnection{ - pid: pid, - connAddr: connAddr, - stream: stream, - clientReader: clientReader, - serverReader: serverReader, - } -} - -func (c *golangConnection) setAddressBySockfd(procfs string, pid uint32, fd uint32) error { - if c.addressIsSet { - return nil - } - - addrPair, err := getAddressBySockfd(procfs, pid, fd) - if err != nil { - return err - } - c.addressPair = addrPair - c.addressIsSet = true - return nil -} - -func (c *golangConnection) close() { - if c.clientReader != nil { - c.clientReader.close() - } - if c.serverReader != nil { - c.serverReader.close() - } -} diff --git a/tap/tlstapper/golang_reader.go b/tap/tlstapper/golang_reader.go deleted file mode 100644 index 2f749065e..000000000 --- a/tap/tlstapper/golang_reader.go +++ /dev/null @@ -1,118 +0,0 @@ -package tlstapper - -import ( - "io" - "sync" - "time" - - "github.com/up9inc/mizu/tap/api" -) - -type golangReader struct { - msgQueue chan []byte - data []byte - progress *api.ReadProgress - tcpID *api.TcpID - isClosed bool - isClient bool - captureTime time.Time - extension *api.Extension - emitter api.Emitter - counterPair *api.CounterPair - parent *tlsStream - reqResMatcher api.RequestResponseMatcher - sync.Mutex -} - -func NewGolangReader(extension *api.Extension, isClient bool, emitter api.Emitter, counterPair *api.CounterPair, stream *tlsStream, reqResMatcher api.RequestResponseMatcher) *golangReader { - return &golangReader{ - msgQueue: make(chan []byte, 1), - progress: &api.ReadProgress{}, - tcpID: &api.TcpID{}, - isClient: isClient, - captureTime: time.Now(), - extension: extension, - emitter: emitter, - counterPair: counterPair, - parent: stream, - reqResMatcher: reqResMatcher, - } -} - -func (r *golangReader) send(b []byte) { - r.Lock() - if !r.isClosed { - r.captureTime = time.Now() - r.msgQueue <- b - } - r.Unlock() -} - -func (r *golangReader) close() { - r.Lock() - if !r.isClosed { - r.isClosed = true - close(r.msgQueue) - } - r.Unlock() -} - -func (r *golangReader) Read(p []byte) (int, error) { - var b []byte - - for len(r.data) == 0 { - var ok bool - b, ok = <-r.msgQueue - if !ok { - return 0, io.EOF - } - - r.data = b - - if len(r.data) > 0 { - break - } - } - - l := copy(p, r.data) - r.data = r.data[l:] - r.progress.Feed(l) - - return l, nil -} - -func (r *golangReader) GetReqResMatcher() api.RequestResponseMatcher { - return r.reqResMatcher -} - -func (r *golangReader) GetIsClient() bool { - return r.isClient -} - -func (r *golangReader) GetReadProgress() *api.ReadProgress { - return r.progress -} - -func (r *golangReader) GetParent() api.TcpStream { - return r.parent -} - -func (r *golangReader) GetTcpID() *api.TcpID { - return r.tcpID -} - -func (r *golangReader) GetCounterPair() *api.CounterPair { - return r.counterPair -} - -func (r *golangReader) GetCaptureTime() time.Time { - return r.captureTime -} - -func (r *golangReader) GetEmitter() api.Emitter { - return r.emitter -} - -func (r *golangReader) GetIsClosed() bool { - return false -} diff --git a/tap/tlstapper/syscall_hooks.go b/tap/tlstapper/syscall_hooks.go index 294ef7ab1..0fa621496 100644 --- a/tap/tlstapper/syscall_hooks.go +++ b/tap/tlstapper/syscall_hooks.go @@ -8,7 +8,6 @@ import ( type syscallHooks struct { sysEnterRead link.Link sysEnterWrite link.Link - sysEnterClose link.Link sysEnterAccept4 link.Link sysExitAccept4 link.Link sysEnterConnect link.Link @@ -30,12 +29,6 @@ func (s *syscallHooks) installSyscallHooks(bpfObjects *tlsTapperObjects) error { return errors.Wrap(err, 0) } - s.sysEnterClose, err = link.Tracepoint("syscalls", "sys_enter_close", bpfObjects.SysEnterClose) - - if err != nil { - return errors.Wrap(err, 0) - } - s.sysEnterAccept4, err = link.Tracepoint("syscalls", "sys_enter_accept4", bpfObjects.SysEnterAccept4) if err != nil { @@ -74,10 +67,6 @@ func (s *syscallHooks) close() []error { errors = append(errors, err) } - if err := s.sysEnterClose.Close(); err != nil { - errors = append(errors, err) - } - if err := s.sysEnterAccept4.Close(); err != nil { errors = append(errors, err) } diff --git a/tap/tlstapper/tls_poller.go b/tap/tlstapper/tls_poller.go index 544e71613..79eb31d71 100644 --- a/tap/tlstapper/tls_poller.go +++ b/tap/tlstapper/tls_poller.go @@ -6,7 +6,6 @@ import ( "fmt" "sync" "time" - "unsafe" "encoding/binary" "encoding/hex" @@ -19,7 +18,6 @@ import ( "github.com/hashicorp/golang-lru/simplelru" "github.com/up9inc/mizu/logger" "github.com/up9inc/mizu/tap/api" - orderedmap "github.com/wk8/go-ordered-map" ) const ( @@ -29,18 +27,16 @@ const ( ) type tlsPoller struct { - tls *TlsTapper - readers map[string]*tlsReader - closedReaders chan string - reqResMatcher api.RequestResponseMatcher - chunksReader *perf.Reader - golangConnectionMap *orderedmap.OrderedMap - sysCloses *perf.Reader - extension *api.Extension - procfs string - pidToNamespace sync.Map - fdCache *simplelru.LRU // Actual typs is map[string]addressPair - evictedCounter int + tls *TlsTapper + readers map[string]*tlsReader + closedReaders chan string + reqResMatcher api.RequestResponseMatcher + chunksReader *perf.Reader + extension *api.Extension + procfs string + pidToNamespace sync.Map + fdCache *simplelru.LRU // Actual typs is map[string]addressPair + evictedCounter int } func newTlsPoller(tls *TlsTapper, extension *api.Extension, procfs string) (*tlsPoller, error) { @@ -73,14 +69,6 @@ func (p *tlsPoller) init(bpfObjects *tlsTapperObjects, bufferSize int) error { return errors.Wrap(err, 0) } - p.sysCloses, err = perf.NewReader(bpfObjects.SysCloses, os.Getpagesize()) - - if err != nil { - return errors.Wrap(err, 0) - } - - p.golangConnectionMap = orderedmap.New() - return nil } @@ -88,12 +76,11 @@ func (p *tlsPoller) close() error { return p.chunksReader.Close() } -func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { +func (p *tlsPoller) poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { // tlsTapperTlsChunk is generated by bpf2go. chunks := make(chan *tlsTapperTlsChunk) go p.pollChunksPerfBuffer(chunks) - go p.pollSysClosesPerfBuffer(p.sysCloses) for { select { @@ -102,15 +89,8 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin return } - switch chunk.Type { - case tlsTapperChunkTypeOpensslType: - if err := p.handleOpensslTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil { - LogError(err) - } - case tlsTapperChunkTypeGolangType: - if err := p.handleGolangTlsChunk(chunk, emitter, options, streamsMap); err != nil { - LogError(err) - } + if err := p.handleTlsChunk(chunk, p.extension, emitter, options, streamsMap); err != nil { + LogError(err) } case key := <-p.closedReaders: delete(p.readers, key) @@ -118,100 +98,6 @@ func (p *tlsPoller) pollSsllib(emitter api.Emitter, options *api.TrafficFilterin } } -func (p *tlsPoller) handleGolangTlsChunk(chunk *tlsTapperTlsChunk, emitter api.Emitter, options *api.TrafficFilteringOptions, - streamsMap api.TcpStreamMap) error { - if p.golangConnectionMap.Len()+1 > golangMapLimit { - pair := p.golangConnectionMap.Oldest() - pair.Value.(*golangConnection).close() - p.golangConnectionMap.Delete(pair.Key) - } - - pid := uint64(chunk.Pid) - identifier := pid<<32 + uint64(chunk.Flags) - - var connection *golangConnection - var _connection interface{} - var ok bool - if _connection, ok = p.golangConnectionMap.Get(identifier); !ok { - tlsEmitter := &tlsEmitter{ - delegate: emitter, - namespace: p.getNamespace(chunk.Pid), - } - - connection = NewGolangConnection(chunk.Pid, chunk.Flags, p.extension, tlsEmitter) - p.golangConnectionMap.Set(identifier, connection) - streamsMap.Store(streamsMap.NextId(), connection.stream) - } else { - connection = _connection.(*golangConnection) - } - - if chunk.IsRequest { - connection.fd = chunk.Fd - - err := connection.setAddressBySockfd(p.procfs, chunk.Pid, chunk.Fd) - if err != nil { - return fmt.Errorf("Error resolving address pair from fd: %s", err) - } - - tcpid := p.buildTcpId(&connection.addressPair) - connection.clientReader.tcpID = &tcpid - connection.serverReader.tcpID = &api.TcpID{ - SrcIP: tcpid.DstIP, - DstIP: tcpid.SrcIP, - SrcPort: tcpid.DstPort, - DstPort: tcpid.SrcPort, - } - - go dissect(p.extension, connection.clientReader, options) - go dissect(p.extension, connection.serverReader, options) - - request := make([]byte, len(chunk.Data[:chunk.Len])) - copy(request, chunk.Data[:chunk.Len]) - connection.clientReader.send(request) - } else { - response := make([]byte, len(chunk.Data[:chunk.Len])) - copy(response, chunk.Data[:chunk.Len]) - connection.serverReader.send(response) - } - - return nil -} - -func (p *tlsPoller) pollSysClosesPerfBuffer(rd *perf.Reader) { - nativeEndian := p.getByteOrder() - // tlsTapperSysClose is generated by bpf2go. - var b tlsTapperSysClose - for { - record, err := rd.Read() - if err != nil { - if errors.Is(err, perf.ErrClosed) { - return - } - logger.Log.Errorf("reading from sys_close tls reader: %s", err) - continue - } - - if record.LostSamples != 0 { - logger.Log.Info("sys_close perf event ring buffer full, dropped %d samples", record.LostSamples) - continue - } - - if err := binary.Read(bytes.NewBuffer(record.RawSample), nativeEndian, &b); err != nil { - logger.Log.Errorf("parsing sys_close perf event: %s", err) - continue - } - - // Close and remove the connection from map if its socket file descriptor is closed. - for pair := p.golangConnectionMap.Oldest(); pair != nil; pair = pair.Next() { - connection := pair.Value.(*golangConnection) - if connection.fd == b.Fd { - connection.close() - p.golangConnectionMap.Delete(pair.Key) - } - } - } -} - func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { logger.Log.Infof("Start polling for tls events") @@ -247,7 +133,7 @@ func (p *tlsPoller) pollChunksPerfBuffer(chunks chan<- *tlsTapperTlsChunk) { } } -func (p *tlsPoller) handleOpensslTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter, +func (p *tlsPoller) handleTlsChunk(chunk *tlsTapperTlsChunk, extension *api.Extension, emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) error { address, err := p.getSockfdAddressPair(chunk) @@ -437,19 +323,3 @@ func (p *tlsPoller) fdCacheEvictCallback(key interface{}, value interface{}) { logger.Log.Infof("Tls fdCache evicted %d items", p.evictedCounter) } } - -func (p *tlsPoller) getByteOrder() (byteOrder binary.ByteOrder) { - buf := [2]byte{} - *(*uint16)(unsafe.Pointer(&buf[0])) = uint16(0xABCD) - - switch buf { - case [2]byte{0xCD, 0xAB}: - byteOrder = binary.LittleEndian - case [2]byte{0xAB, 0xCD}: - byteOrder = binary.BigEndian - default: - panic("Could not determine native endianness.") - } - - return -} diff --git a/tap/tlstapper/tls_stream.go b/tap/tlstapper/tls_stream.go index ff966f763..d0077ba59 100644 --- a/tap/tlstapper/tls_stream.go +++ b/tap/tlstapper/tls_stream.go @@ -3,7 +3,7 @@ package tlstapper import "github.com/up9inc/mizu/tap/api" type tlsStream struct { - reader api.TcpReader + reader *tlsReader protocol *api.Protocol } @@ -16,7 +16,7 @@ func (t *tlsStream) SetProtocol(protocol *api.Protocol) { } func (t *tlsStream) GetReqResMatchers() []api.RequestResponseMatcher { - return []api.RequestResponseMatcher{t.reader.GetReqResMatcher()} + return []api.RequestResponseMatcher{t.reader.reqResMatcher} } func (t *tlsStream) GetIsTapTarget() bool { diff --git a/tap/tlstapper/tls_tapper.go b/tap/tlstapper/tls_tapper.go index a4c89ada5..7d984ea6b 100644 --- a/tap/tlstapper/tls_tapper.go +++ b/tap/tlstapper/tls_tapper.go @@ -12,7 +12,7 @@ import ( const GLOABL_TAP_PID = 0 -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type chunk_type -type tls_chunk -type sys_close tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 +//go:generate go run github.com/cilium/ebpf/cmd/bpf2go@0d0727ef53e2f53b1731c73f4c61e0f58693083a -type tls_chunk tlsTapper bpf/tls_tapper.c -- -O2 -g -D__TARGET_ARCH_x86 type TlsTapper struct { bpfObjects tlsTapperObjects @@ -59,7 +59,7 @@ func (t *TlsTapper) Init(chunksBufferSize int, logBufferSize int, procfs string, } func (t *TlsTapper) Poll(emitter api.Emitter, options *api.TrafficFilteringOptions, streamsMap api.TcpStreamMap) { - t.poller.pollSsllib(emitter, options, streamsMap) + t.poller.poll(emitter, options, streamsMap) } func (t *TlsTapper) PollForLogging() { diff --git a/tap/tlstapper/tlstapper_bpfeb.go b/tap/tlstapper/tlstapper_bpfeb.go index 5e3da3ccf..4abbc728f 100644 --- a/tap/tlstapper/tlstapper_bpfeb.go +++ b/tap/tlstapper/tlstapper_bpfeb.go @@ -13,28 +13,16 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperChunkType int32 - -const ( - tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1 - tlsTapperChunkTypeGolangType tlsTapperChunkType = 2 -) - -type tlsTapperSysClose struct{ Fd uint32 } - type tlsTapperTlsChunk struct { - Pid uint32 - Tgid uint32 - Len uint32 - Start uint32 - Recorded uint32 - Fd uint32 - Flags uint32 - Type tlsTapperChunkType - IsRequest bool - Address [16]uint8 - Data [4096]uint8 - _ [3]byte + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 } // loadTlsTapper returns the embedded CollectionSpec for tlsTapper. @@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct { SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` @@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct { ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` PidsMap *ebpf.MapSpec `ebpf:"pids_map"` SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"` SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"` - SysCloses *ebpf.MapSpec `ebpf:"sys_closes"` } // tlsTapperObjects contains all objects after they have been loaded into the kernel. @@ -138,14 +122,11 @@ type tlsTapperMaps struct { ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` PidsMap *ebpf.Map `ebpf:"pids_map"` SslReadContext *ebpf.Map `ebpf:"ssl_read_context"` SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"` - SysCloses *ebpf.Map `ebpf:"sys_closes"` } func (m *tlsTapperMaps) Close() error { @@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error { m.ChunksBuffer, m.ConnectSyscallInfo, m.FileDescriptorToIpv4, - m.GolangDialToSocket, - m.GolangSocketToWrite, m.Heap, m.LogBuffer, m.PidsMap, m.SslReadContext, m.SslWriteContext, - m.SysCloses, ) } @@ -180,7 +158,6 @@ type tlsTapperPrograms struct { SslWrite *ebpf.Program `ebpf:"ssl_write"` SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` @@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error { p.SslWrite, p.SslWriteEx, p.SysEnterAccept4, - p.SysEnterClose, p.SysEnterConnect, p.SysEnterRead, p.SysEnterWrite, diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o index 1a632d8373c76047b4fd2b6bbfda338a1659635a..115858fde627195a64551e09670240ab281ac59a 100644 GIT binary patch literal 152792 zcmeFa51d@bRp)!Vd;awNZ~Ym~j2tId#xY~#KW#?|lf*GC+p#AK3fYBgteUXl;q$Z*lAi zS|LG@+&5|{r~ls*+P7Nn^mO@oO7qbf1bvdu^Qt%O*AS+38yltjl$H(B zc}~vr(mxAKP&$hnrQ@#u+(*w>BpvJ*bYIr}yzIT}?G`?_Q~nQvZsZ^3JpX)XFg%wv zduP86l=HYq&hE5!e71!zVi5C*nLG<>@#yJyi1Ose)h-_T)!U4 zkA!l3=44oeeA&rQojhgaN5h#@kk_32Xn6dj93MM#>;&XXPJSwU*C{#Pd+O9l$g6Tp zcC4x$?;<;PsUDrMqbZ+PXw8&-uRS{D>gm8;nE)YKUoel5K+VW<9dOl~vHT@))JJMZ~7#oy#7wplH@J%f5QAyAF_vw$` znC1RqQ39K5pVYq6E}8Os3Aan|lvulTH;~(<1@Rp1VkUz1_FF#!Ec+v5VH<>(E}u$~$oNw=+2ZuO)xtH-7te z@Q(BE7x~+F1zTmmf#0NGJioE`59D{rq>*}Hb}&?nA+T$t|XAHPVuYcwZ4I-DM8UroL@zn!)DM*iPx@@sMt1c%0g zwD6&kz}(Nz{kRbHF@%1(jTatL`Jsit_WyU<_5gCzp85SnX*Zx>(WEnBk_)Eqv-`*I zwfpCOQT-zRJaa)m`kYCn)vrpNE7|jhOXu@)bk5v8Y(E+JGWDm-IlZo{$KN{|7){<{ z{tprdZ@2nBzRRX}=qD^6wHThW@ml)h`DR^zL_1iNQ&4`sUnX36epb_S?Z+niV^)$z zd76?sxX+g3aPGY6W1oH9`8f$!dj!x=p8EpZZ_fnhZWRiGyAGJ=HjS4Fx{Wr$orrHN z;Nra{l-NV(IX?V!Rzh4koI5SlDlch2zeV`mkIMhJe%bC@?WR7TY+%Qvv*YI3O`lV4 z(029Qg0&yoS5t2<_j&EyK6{>)|D9Sd#tv%zw|%^Y9ZbpMLATUlwh_DjLrcB_8H?H2Aw1vww>m*;2Mjs48r9pPuX zcYb#9b}TE;P27%|9#H$f7zEcceuw7_Q+~KF_DDHi?tRgncX{{6ocLKn(zkwAyJA0! z`&Vw0{VUh@FVx5DF+S}46n(bkJY4{1N_L46Ji zCDzb+?uT7oJBD;GY{$%a;!B_%Gn(DN<0eaMxDEWVD0+H?Lzt^63=zTN~|K1Je;eXLS zw`|({d)Z!pxO|EE_t)BZYWI%s9i#d8ahiYs!HdtoyZM9Rm)<=5J)$Y*;mt|}HxGaI z1J>@Ck2mw*U$6Oitg|Rc{#-enJ1c~F4qgAZ(RdxzkL&Q9dxOuz|FpFu+Sw}_PuXyu zAvRx{Nx1PZ%$xqXT&X)J_eadf>$;6Am^b}4Ip2-zUhcdp&y&J`3zCkTk9YnAKf37r zRojnDzh=XA=dPU3MgDX}^H&@BlS|jNN8UXA&zN$|UG+RX&UF5C<@4|t_p8|ad)u$B z;e7^I{x6PSVgCJAoqsoeh57d@Z>K!Jy2!k{iFM)nj*I(MwsrrzRC@)x72)15!Z`0g znET(AwO88CZPaeX*Q1&FcJqGMOJ%-2ejjYlx63-`>oMPc)$P_5`Inh*e_ral^{;E6 zZ$I~_q=xm>*EruE_p|nV`}Oj(EAGE*`SLuQTmQVyeEU1ZA2w^g{rdPU&`&OTmOOfb#vz1 zWABe<?-?0Am;=GsKe((Jowf%Z={L9S4|Aw@Dn>7#b-Xp!% zdHDEuh}!e;FO_*xSH3*|hV@$o@uPL-;oI-MU)y~$6uY*+tFWGbnR)p3d+*oeU)TM; z_x3zI>M!QQ7o;Ay=i$FWzCYidhkr?rYqsW5b-j>|tF_;MZ@>R8&9puboo~;>x4%Dc z*Auw+mdnOH+TWiKjU6udJr~Rqwddijiti`u=6+-P`ZKUsL<_!gYQB-OXp6E1LQt@57n-XIGx? z_mlAZ*;R=_?+IVc@4nmLIn3DWUBmCb|FNXt{qFl80TXB6ZS#M@d&;524jy#t#Z>Pu z(r3fpV}4%q%k%Q!k|d1%oa~>{aczumulJq$i@kq2F6ZO<#n|7yZ|&YsbiZ?e>#RyV z&Cm6FU;YOD-n5phye~g5cDjn+iGRPG=hA`QO*&_H1XCi1zm{YVHs$5Yo&AX3pPzH( zd4XT%B(>J{{P*XLA6%mRyKw!6oWF_R8y}VQoWHx@ofZyXdHgW+Uy<;a`uj)+UuS>+ zR_*)`cbM&WhHrHL zGY@UBUu*pc>W^$U@O!OalKi`Vfvf|^_Koy=&c81T<2%wnDSJ1*=zT}}cSVlxD$U7W z+nE>bcb$12ZCJni>%J%5{*H7I>^*hrB<`10DIfa%pbgjWc;h^2bDsGM7w&(dP_*%Q z>PF+!&Tp)L_}`H}e^yfK&Rz9)q;V$vE-U|MHvZkpoPnNK@^x5%wu zHLm8nzkB3->sQzHd(!rI=-d8vZNIatzsvaI_?MYi`?JWuuIjteo_}4}?@G7*3k4<5 zL)Y{>&M&HeVSeq_ul-cyU$tv&zjBv-Uv&4;i{Bq}?fWANXET3?{>8mNVt(z`ue~wy zFMMD6%D;>6wO{#7_OE=~ziw#%D!{+K`nAZvDp%uQX6(wgM}=$lFZVnc|Nd{m_p|oz zdTj3Rdh|;9U+y{y*KgbC`O&qH@qRw$*>3&nuSR}`?@V8DJNDI2%K6sMiY-4o_gax+ z-0D94eXvjnze}H!ee@i8dH2hr?`JQO-*f)z2Skz1;Hy)zzwC0_;5iKGluSAY<^R^W z{*Caym>Jji=F|QJ*-xB(O<=~o?e9tjD>QCWw&NH<`iG3RK?m9u6JN*Ozu$`CSD`t| zX}qhMcQf-a7{4h=N^af-`=anA=G}^V{qS5?VzUENkKrBif4n_6jQ*{(>n0HYUF3PZAaPuKWZRuhnRm-c zy4IgIW!}y6tFYBhp?zwP_gvd}PeID*#qldM-{$?^^i|EbuQp}A&GW0v{~cHA z-?rBY(DO8&qYF|_FOFZCdA0?)p1uFou44Q!$jSNEuQp|#&GV~VyS>_^=kpiWugv_~ zo5U}yUtQJwT29Wlezhs{Yo1@l=GWTy!5ij2DD!GxONw7uzp7kKd*#jBUi-Wno;y9i zDzw|H>(^dw_Iz4F{3zakH}h%#hsdpeUDbTrKb7-syA{o+;rDzpB7aLL|6kEOn&)3v zG>^94c+GX_Z+*2a8e#tHyJdgb^Jp9VUNh49VUx~<^Jt4Af0z7+ai&9+O?xk`PZD(R z9bChEX$K@7ZyxOlV1ni;7I{A6hvX#0!}HicCjYIy!ct7RC*1W+wzc1RZUyU`yMBeHB3yBYf<}wPS3bK`kg&CQE&Tx*5dgu$o0kUH`06KuHDA-d`0q4 z<@F&guMV|)$HASpfBRI%*g4~#AMoD1c^-m&=OrENOR{(C5@_%Y4+?J8VCHdY3)l^|Oz{&e+0t>HcxkYcbcIlK}FgIX_(!{;l#q$}4AfZu|oM z?(<(1iK|ae|4a0L1~%WX&VNqw;n~;t7uEy(n#ga!e(dWd-(EW>D>)KgyHt^IzV9B? z`!1fVT(~K5*t;z8shk(-IjhX&eqnjH)caN={J)p;>HggLb+|t-OFq`QKYv=}*b?~buzy;3K_F{z()bGlJAI79i^{fm@iZ+- zQx46xo=mPQ*T6+v*L5;H(^}cvj-EVz@Wj#SL#NIb&zzh-bNux5yG|WDGc)~c@zlwu zXWky3K7Cvzhfbb2Gc$K4Jbv=zJDx3u@0dCJy6}~UgG;7xYUbdf*_p%P$!E_LpFI;E zJ8|UX-A4{@bS`2aj$PacF8|uG^DlB~Yq#kC#G`pL03AuzJ(6!}$a}={?&ndM;%GQy zBxg>B#hFt_!l$1-azuWwUi$vQU;cvF+uqnwzD4_Y%O8l)%;E(>3Wo_33#EyDC}ASh zO`=KRcHytn#lvxkKbMAtt#^)zuGcX;Jr?I1L!#Jc?!@so;m=GiVgJo~9AYnFBG2J3 ztH%ZGU!%t*>}Bzv#Hrx#K|QWvKZ(CV{59~G$KMdtEMWhXcqBHtX}^v1nboiXggv8S zvNK}OCjF3!O^gR$C^uqPJ3_>J4u6_lP{MI1{&M*HApW}XSHfQze{!7~{(ed_j!hCW z=OII~PvXzn>gSLNk(uUJ0Kz_Q4{K|6lBPNC1xiJN}d79FG55k4rfIpL$%w z@!#8HNjC8{Jl042$lyEF%Eypz+i`{W7!AY^19Ov*S`Ih4n{$$a%9M|xNN-xJ^ zv7}5^$Z-zGp&plTe5)SUaD10NhDJeBKC*@Q9XTBD*5eY6r86(`8ji&ma4hCcJ}6pX z6PxDbKy8Slq)ZecU&$%8p?Pq=Fud!%8a}rE`Tf7A;Ww=xKCn~6%@1H+nEt?bYWOQQ zIRB3{eAoKngEwoq_{2K;4gREtztRgwVLAN=zkqPrq|UkXz3{DX)NnHagaFy@gz0_{ zB_c*1$MK(FFXe=7yZD%^uTmBwFTow<)O+w(!?E}eLh=9I=H#tq4|mP`f?#AouPOfLu8GI@(cikVYmU}&y4qt@ zIuR32J=H^O=*j~}M(5YyI{#U(FAuEl`u7LH&IfUQsZ^+68TwSHk{%ZzKd#4+?RuxS%a1|^rFQ)Q@sAUKjQF>Rm*d>J2|kXr z{}>mLP43O6nn(fbwjX<_B=@^rE1E{$1+EhhKC)Ow>TSpCuC6dmVYwj93}|R=`>pi`L9AQI?MJQ zc4zMQPvRJM2%ux|6#l*+e>wb#zyA*YB(J~erTI3zIe6+!aBAkz$y0}C4hKi@@A$!^r-Ors51*PjeL6UN z@XSG^_w1|g3!Xi3`q@XIGp7S|n}c^A zJpSxVFgtUw7@VFx`Rwt-(`RsaxAd-qyYG3rc;udACk`Ed_VCO-$kyq*XC?n(6m#5M zIz-s*;d4Qcp*uAEz`qBSe z5TMUSfqh!KClc6VJXxGMAu=0$`tC!)J5R!N59S}4{`UM6k3YC~ymiK%p#-5APak)O z_F3Xiajo#gv(LCvc+Kw6m|qI{=**evL(iT%1@D?hp-zhnkGrDX<+%*bc;JEXRrlR) zQaOF*)U$`+QplP-j)ix~|M@egHYhc5r6Y&oH`ZtV@>0|GnIeBE962D#4H+d7SjK@kM@QSQW7YQGoHqT(=D3UwF z#~y!ldhZiYJpRP=6MOeOyl?-b(@#G6*z`k>??142>Hrdh8i;*o`1lk19^JR!1U_Yo z0&yPRi;Ki7AW}#D>yg@f_U?nHj=l={mmM-5AQN1eD@(Z!M$Ri%;CG&)R72%tJS_W5kC}J}b4scysIcLOY97KU+joK4aTQ z&&kEpjZcc5_w0YG$^M3ZmVfHNfsOqvdmLv=MMDc`2U3D(acKPCYcJMo7g}ey8nl6< zKe~5=3}n%inCoBQV=}gL<+X1^6I^~(dt&c_SZy;k+7#On+)~~U-eqq#8`tVL?R)Y` zvGybT9@{(p@ZKjMdSYMxz~fKYnjI-@tIo6--rV4|64_#vM!+=hrb?i7wRfL4%WWC8 zAb$XD$D>b9Kk<;9W#ZsQDW~4`K+B;dvvRw%?uc+d4Kzjx>aAK z37kHIDl=~G1-F}u;ayX*VlNX$XN%k8@{u6C-!+aTe;^!xX!5E3-)_1<;T@sWDkFGu zI=}ac>BsTko&)? zc6?^~@XYB$r;cHy_0%**TaOjrxf^QZGEQrkgzsChqcqtzS?|87X3<*oPOxBeR7j|aNhwrZ)2};ZNMWBPw#p7 z;V1S!`J{KZwXKkKROxTq(uAYNJ@S}!J%-i(oZ+HJx$O%(;XsNQ%h{7oKz~e_DA$oo0N37rEq1acfEVGiG2EEw`mijl~47c z)?-NP9^J}_tIPHda`3R<)0E!Rx*bXhaGgk;=nh@)!Rt@D8eAUhXdXV~ zd^=w-Gv{ZmC0p;l<^o;5*2$t4HF~|)R?}y~JLI%8Gbf};aM^Y#t#?bEMvm6Idh4!= z2vJ&?bckyp8g86~3A@7lONviRdmmlZ8q!=D*^2rE7r%JxEJ^6%^Ea+cHi)I2T@8(% zQc#=D96J%QyrSa^rrK#|K3n{89wQ;N1{ z8$H0pPC(q&Y33>B^(H~7xc)N^;+XbB&Na2v_DFBJ0ef;BccVuwTE-ck1gPG`G(k@a4`PHi() z)z+MiE1N`;QKieTR9>pHpB@bX=JgY?(&@XPSd zn0Ww~IP7s^kZ3gE+macv2G z&2BrMW$JcpP%D0wz&zL&PomksN3U^O4!n%$4Fp}_C~j+*D<0Lkaa<~zwC)l;SJSLg z(byrXD{M|L7!`W!lhf$*;vq+RwQgj{wwLBn!8DTQAt36SuiG|Wkh^tU<|3VHH@2|u z(=IL@jbp8wKnZ|k3O7tyH>^rcx zRiu|Fz6$CsQ)=%? zbNj$Z;l(Smo_Jx|d)bRh-!#20v$*Y;TI1ODKSU9)XQGJEOLaZ$C0nhZ-d>EuTwNjU zdFY|N82gbCM}BlQ}^+_aW@um zLB>s!X$K>0A0`?HRmW@P*mRjRlXq*NOqbC- zx#(Azao0Fqm~pRll2%5t;aVP<@w~99v28%CvYV4k&vfG+Q>#~bIknSeQ>RCxhWd!C zWtf&nM!TTF9!ecBW5@xTCbQnajMl|EQaXNzK{S}qta{j>@d;uBs(5N~Q=kaI;);up zMcqA(?Z`7{E;HKQ_pTGsdsMqfa_hvp`@UfPyB8kAY@_CTO)!1@*dZ(xm@dJ{VFr7Y5p<7b@7tC5}JJ4W2{i?`Z14p20{Pl zJjSZf0a=ac&c~~p14lg$!GGrQEm-6$s}o)PTfx8R@onJ$-(##;+&b&=9au>?;W1X3 zj>u|Fm)@(fsP6ys_;pw*Co95S_ybtQCMzHvKZp;o%j!MHkKkBV!-`F?0M2Zm!vDXk zU%!_yVYk6PhQEk~ma>XBYdL`xs=FmD=kZNAp7gj2$5YA=2f@R#vPpFH(=Tc`R$EPq zp7Y8d!y@T#!g1MS*e*85;lh&7Q2DQeIZ{l84KqU(9gtQ4w4Jq;DYjh2$CPcO4LLV3)t?$-ySR?hdmQ>%1@z4g-goEP&b94 zuZjPCLGT_)ze4FPYWU9w!G|P%!*XX&5PU@Px2lZ#T1n&Fd1b6{`#2T|CN;gz_Xo*E z317778@>g{u&3x_80C{(_89slaXkrlTXIdq|0qa)4*5+UgT4`l|g>v&w3}R8d*&mntc%{ZeJUo=a~*!_|JN zx@Bj-R6|+q*P-cks{J}}zUXJ_5ArK*WCFIAP2^p_7^JEKYKJ81%~znOU$4G`uvWc7 zJ$gavQP!T1BfCvt=hvgWQ&57-T6{J$WL<8hIc1|)SW1wNX;U@Nu=l3 zV^^;_)DM$o4Oe}np856I)vIoo-jarE{*$nm#CQ2eRgL986>5HdE=bK`C3I@sW8^oL zRsPi=^`2LQp|5Y>6!i7;BlXO%t5;56cmAA)YyQNkWBIG;_5M0YeGqR&q?RqG(J#oM zuOanH?4Qoz{?!j&@mTWPp!iMY0&WQi?+7eoXSR;ChM%?VWXGswvDXJBeyI7?^5}ql zeEmBnlvUr3oU-~`N8Yl%8jhzlT=nlLTXy9m?SQd|wiBJ2zH28salX<2577=IkDUeO zKMfL}LA%&l@)-H=MEWNF-v)`#3s>~|n%~YvW%aMlC1uTjXU(49vpYzvWO067!_^+0 z4a9VF8dzo_YJ ze!EJ_n%}N@W!0~%V!4(6qK3QtH7vLC*QETc>GgjnNRFdE<5p$!zk(N-uz0*Xqx@HR zi3#`h?$Be2KW@3V8!tBDKGvO8-WeqCggCm#+vw`cSp|9T_q@k~0f6{qnEx)wt-}lBK_>0{*zo6mjZ|S1t zK)3XqhHH7ItCn4PrfZtt9|;l*uzyKffzrKQotG)VWmDOH-$dCAo+xn`OoxS>&ZGN4-`s&JRuf7#!wO3zLS?z^# zGWKxk%L``4-_&0HIm^yJ`X`muUj3`eYOjHe=3nhKkhkpYHBj&v{xmSFto9nH==o}| zfvSe9y#`!)sJ#Yi8ei=-pydugsKXr%z_iva?raUiDLZWy;EGugrq7+AD+n`}WEp|H5v|ApgF-a0@o< z?6n2@NO-5(Ys;dt+G|T)^RM>W>hx86Z5_Aau0C$fDyzL@EJNy3zuIf7>f5LG+FH_Z zwb#~pWwqDVCCg5qtt*zDy|%8Zerm6+O=Y#$)-`3d*S3tZ`q#G5vP*v(^zrSrtzg;N zYa8_O?X^9vtoGWj`uD57wmW^*Ufbtw{++$HmzC9C+m|gndu?xMxY}#`s)nn*wl|g4 zUc=DGZ@-3fmYuzZ^QxcPYj{do?KQ0WcBs9Ek$+JWKzS`UL$#B zwbw|=veRdzV%gbiq^kOy|d%WJsWYpks2tG&ilUsoT;7ByV$HC9ztdyPRKxt`mQ zO~cM!J2R@E+H2>ivf68BsI2zdIialf+KK%8_S%X3`}W#7Z`swyoeP>j^&c}<`)Zpz zW2Y|!sm}IAH54|6yiq@~Y+v9z>3Bop0@%w9gywCcFF%JIwx{vp*#q)z(lj(2u zxbZ&px1^ubhlP?qsMboOqz@jlgG`io|~ z5Bi$^q_zh#PH$NIqcXl{So@+?)+P4&_Kdmj=u_SWa+zEO|i z{C%Oa+QW_Sx#wj!p68xt`c!{suf93Gp4zLgVi}h;Ti=ppXRj+B?_0I{b*R1i)-1d9 zk&oE(O#g)11O6%Fqpk5jwO4;b!_{6FjQ35cJ=9*U@jdmY0oC96&%mPUug`yOe9zfy zpr+ya{5Pc}Zv4-szim{*)n40BUJ~EgYa8@2toGWrrmXhb9;!a-U)!C&YOmP%AMCZg zWaGQ~xP3{_S9@)*Yq%TlThVZ}*Y<|8`qyyAveRccYuVXL#{YbK4Noeoy;|deYOi7B z-?x_=|7)dR(r~rcF!Jx)Yq+MY_S#WUR(tKh`KCUpy>@8%w#NHZUpIcWqhaGadyS0h z`D(8b)z|sg$b^Qgy+(4%YOj%^s=Y>#f8Sni{I8XM zL&McxqsYH+uhCFh?KN6cR(p-&eBWMUf*ziENv8H8bFJwDrubpXSwO4CAQ0=u7`SdSN=Y`J~FjH z=~Xmb?I-JwjJm-5&2lgNCg=-e=pn_WHi|`aXH@Af4CtLhq|G{wM84dwrknXSCP% zsefp{w!Oa3)(`jm*Bak*<9*q-(&IZ0`i)iFj@?&t1Acxiy}r z_S)Kv`&WB?U))};@jSIxdwpNrzuN2jtUcU(#f`SU&%8_RjrR@SA9Ua~h}O7-VHpn_ zwR*P4`}BR@achs(`o5fUd%RD)$NV^rx$k^~jrY0wBHtwN$NL6-*Fmx<018zE9g* zT|c@tRBo^DGv6a7x%vSj)HP~eV_R*S$ln-_CIt!^;*~W$+r;`33Q6F4Pouq z(7l+q7Dy{&{A%|OFvj~#xUjrL5Gwy#kerZ3iaEVY$$Gwdl)b#4EBQ5i3wYIItnZWcd#!NjC*R`}cAI=R%;@{~_!Qt6 z!Y4e2{Zcv0TSkK9r(Oo0^ceP&?})|DpVRPf4U)f}LHL4Y=$HI$*gsX#@DBvZ8s4Q! zEvh}VpPnN7rj|5Z?VDOw)_NuD`{eptTzU-+SNqC$!u<7rGMMMvw?orwt^dRMCcS@! z?-|11I@6Z7-WDX@5BqfDdhz)2a4J2{^)!F-9WcY1zpk9J>en@8*|k&C&X!?(m+M0kKIt*8pH_RwcfJ-ReAb2=-UTjtEaL+6biV2@_80$5Ltj&# zT7K@mJolZGbX~)>ywj?`tONS^Zk*rHaP{YO({i9&dQHQ%{Cl#NUHSLqG{5Lq7hwOM zyvJytdYpcr#&^Y_k37eVeem8xu#EEQS+ES#1P$1vr=ol_J~0XXdX_CC*laxw%ea0* zzC+pL@~8Tv3RrunKD}vW_5a>cWwl4|xMiC<{7Ch4@BQ^6|6*UKZ*NfT4>iz51b_*w=0SSxVeS3f2=HGqyvVTfh?bWaPyZ8S3p^xb6w*HdFSO4f= zvh3{DUsG0l4HT5sUIS&#zuIeH#j>;4fa+@)_8L%qo&U%>9nlx>u^D^Gx*X$QYOleZ zh6mPOgOkc?uR-YJ+e_ZV6L$6*TvYwkzXq$y>R*GZud8o^%Nnl!H3)rtdkr=;TGs9>+F?L{hYnzJw0O&^)FecBkb&zSSxY}#W zoMmUPEhS~Omps?|^>M4}@9ed8!RFW5OWwgVhw@9Bv?u0G0pct(G@_l_`f7VWqWU>|$$NUn9_nB69-h%(?KQHb;cBmu znua5v;$QM!o^P*F$bEasbGopzm-`NvvzPl0m$TRCgw@B{Yjjds?KL`O8J98JXhFl( zzeX1)G1cGMYpiDT>-=l1?lIbXc~4LDasDOm-5LGWUOPh#S9|Tu zYItDnCC}+5{>`>Ou~V;)V6*Kk*>GpCon_Te>!W;!%lL=Z$DI{ry+7_;QdWEIMEUss zwX?3_YOkBpmYuzB8rA%1d%krRePukS$R_#T`olr;%K|u0cnHtAUlFIxcr4=rn$8f$ z1=bKR$l7om*=+*5PvP&2`kr6ja_c?6DUZ=F4GJEk9}>(dyZ8L&E#rT?m9azmt@r#E zl|QEM`7L>T8;)z5e~b&f&;wq!y!B6lROVK2UHNN4>Sd3D8x+3kg`*!CtXbanrXaN& z_DhV%<0sS}+kP33#390=zt|Jw3aR^1uUg{>_`dnW&^Ix!;XfFp4xryA;|3=Fa*+Bi z_@#^+2xD9!Rk#ma({fh7X^k7G-z1=q@gwz{L_=BqCeftyppS{Kev`~vc7BtbP(~i4 zADUcI)_Nx2AD8@L93gdF!qq;8Z-L%{7mo5yjd~3I+&BWFnazz8Wd0uC2OmRtUh^vq z`?+z0Z7&3=GQMG-D%fztuwSa^#h3HTmbdT3kU|DrwG91I@?0b11d@M@1EfBVXR%aG z?VA@bpeLJ$2oqaoU%4**ZO|Lbsp!VE;99f6Ib%r+m z*0=)Bm;ATJ6{eKkxWb%XU-juMDXTu6@IPOl*0_P{)2aR#=++7Q`TDr;fjfOVReu-1 zHE!U>6-I6TTH&GP*0{oivKv>(#q-ydSJwQwaRhhY=_=arR{BnV_3tjtzsqk|&Bkwy zE7arpbK?f6N2$*w@Z4Ue@CD7U8&^L6O zu%h9@{fNJ&EaL`J?od?HGvf#$7=jk#I6Z0^(ae?(HT=ywt}v9tYRWh3 zxWcMs1e;C92_!vS-;67?#tBsa-Y~9@8#i$Mrrrq+SO4#ww5-Voy{ez zW#mEH^S-RIw&(IaAjzNWH}x%8cKxQls>iTTpX%@WO|5Z)U$M{0Vi(_j{i?sSSARyY zr}pZHeiGkpGH&48tG{6L>*{-J+(65}zo_AQ|LZR)tG)WmmRspVKi@z4>z18=^sgwZ zy$0r#)m{UOntwO0(6sFAgK^-{ad$zTYG4>@`?WR(rW| z1gDRTBlz}ejT@+c4c1g&wO4B#LG9(n5nO#6T($9A=|ex?UPI$*4^%|?{?brZS?x7c zS5|vvkdV>GjVnxAcJ|7szJ_71OhLo7zPWLP*0{o=hHL$l@A>%l$}B0Xy)w{8!rit7 z2fn>p;|OZ6);NONYfGs5tG%{lmDRu8I6^CZ=;zyOOG)ja_S!P9toGVEuB`Tw?*aMt z+FG&f?A01aQ2*Mh`a1uT_kGOy>R)ag!Hx5^#u1QVGp>-)_-e0hIm-w(+cwRQYrop# z3UPZ~a$KRN{-FNV8fQ@dYK=3fe+@S@zWUcN%2WKwZEl>wwf8&JA6@&^8fQ@d+OZP% zuaUIoU+d#Y-m>$rk%GslkF9YAt&bxWJzxDxzV9Rc=KRZzGr0C^q^9xJzeb>s#CO}M z=EwP$TMyvc`_WMCq4sKxJE*-{;|yvqH_p&XANu+Aan#j6t&gK+wU63Mz7H<(U4MM6 zp!rvO$@@P>U+q7{#u;F*v1JWcdx@%keRSgt&R+7pZxfDqQXk#8gZws@%v0>t`sei7 zIcwuPd%5rZID5&sgV9&*<-Y&z`V*~j2DR5t=;QlWYuw@I?f1}jHq{<#FL{JF`Bi%i zPeAZ3Hh05s!*4I1vXA)EQ5D8}5W(RAgl9ZPn2al!@V^d%j}*KT>>Iu{Ek?#0DB}t%TjNpUz`}%^Zy6t z&+Y|7e^ZXyZX|N?a!pJsYduIzDQmeVW+}a*hHJUH^$M=tNG#d-J08V%OSjl@2g$GD zUa;!h3SZUui1XWNlr#P$zN9DLi%(`W{1?z~el-~S`uZftmDNw(IE3@lq|;aRN#-d% zr?2XhEZg*)KFNxWALu6I2$H`<14V~2Fuw`v`R&M_K#B+tFg70iHqjCH+e8P#Jikr! z-&lT|=)Z{Hj+_k=FS{A~HLd>e+r+Knmk_DnCMM#3o5)Ex%2C2celJKoyor9>O0TGX za%sO!9EkgE;y~PQZTPCq?k7h!2{<@Z9Ry=^hV#BU9wy)CQX3b(ci9KFQa+g5(XZx#_E*9ULswbyM=UmH0b5 zf)()-wuBe^= zFi3v|lEFPuY4e z?U%1l>%Ob{$bHsa-=#O9@iqU+qGgwV@iU{3^TT<2KC)r9l%@wiOw?dZSr;hjzid0& z&wIdmkCFLQK^gtWBJ@km661R2{AaL^ZVST8%JV_uL-6lZg~AuTa7n+e{P`g95t$!Y zv5fK3#3FQ%@q3g0Ut%4e@T%oNx73;!KZNd(OMG*F8l2JdHGdtWmTyLReM-V}mZkiD z9r|@lYWQ2Q&Mpg{!XNy@_18NJ%36LMv&!m^9dpWBejW3a9_(Y%)AH+Bw(QEUV?|lZ z&-}LetxyV^=ymf8=9cHT6UpuHOYi=X+@1!jp7OoVm)%(RkL1fx4z8Ve`2^NO%l!d% z5&d!hNbZ*VNyB55aj>fV(?N1V;x|2(`^lPR^oNu8!%w9hk@O5pzXNFqyX#3m$?#N= zd|2xJq-B&-@-gI3?jI)nmx5&eKJb*5>mI$|6qMCZ60^##-I`NYKaqLHSbAj*S3hy{ zh|W(Eut%((YkIBw4bGSJ5{)1^1!Z3W9fKVHu!;N?_XNq3K-x0yFG=}cnD0mLN0{$N zAH2c*NPa)q`4Nun2D=&kj|Iu4T@W=b%R2I!#9!0!-wKkSk#dE|)K^z-87j9>*_HbQ zouAWiSB|cndhB>?qGZF}{Fb}lykZSgx#D+qn_jplNH)-3diR^;D)Q^@H{t0Z`DNr6 zQDW`Y)!uJf=|LaAy}E|`P3kci)7@{ve}?&ftXD|EK2jcrp^wZj3%~4{AeE8(NmY41 zNQDoAYZSihg+qCn-!8` zo?*n5`C&hQ9a`SFpQI)vykNsoPg6PQBlic1AN~#26X4v|{XzYuqXgMq_;dG@d1ZG$ zSy0w?qGOTLgMIw+=~%Vw+KCS6FX7I=f{Sk{>+uw+|7i$NcxKD%9=r5e{O9DzNVFjx z@kH8sC61HNMS)#2p1dB()8FICYmpouJ8h-Y0Ry>B1|wYh@_^vBfgg+HNiY4uPkQo- zi;cn2KlkJ?V6;Im{Nt_nqmVdxF$(R%ByLN-9Ldvo0B^~cB6;V(jpWIRNIryzBo{xK zi{u?rE_z*QNZgis500E14&}DKe-p`587IYJ+V79#Nl)Kyv5%%B70+!0cj8FpodqYw zFU?I0ZrmG@0X@#UWCc0-L;>mlfn&|jP&JYdp%HQN0WbeOjYvLJjN(QM$$*BYBMac%*7>GLzJ1O~G3olVkz6L$+}8E` zk$ijBNzq-`A`oZPd2*Q1`?vrqalPhP{ZZr$Qnnog|UmiAEPv3C2Nkv!IJd+8)Ah@)HI zzr=y2zx#th*H+b@;D1N8dU(<=T+j8G=@>~?Z<3J=& zlp=X*#*=&H*!O=%@>sj=#rO5?E_?B7IM!|8Rvc)4V(qq+sgqB+*qHoyOC*oA+pqBC zo*(wTHTNi)PNl}0QpGY2Sx21h^@x63< zRwDV(Y?O|?Y~KudGDV_@?kHXt`A1?9i=G#(BDV$k^yvHo`2lNWHTTgQ*%K(Cu|LhQTb zc~IrC{&r_1kM*~IH|^${Gn^k$NFHmqACBa)c3b>YuN!N(e>sw0&~Eo2jJDplK;Y!XD6p&FlY9A3Z}H?y zQT$G^zorvww|~Hs=c4#BNay0m+U-X@`Fs?=?_-fX)^6V)$z%QPqmew;Zf}p|v37gb zlTYDTw{9;#v36Vf1FCOV)5XR()%Qm7SbzKFkv!Jl7C+Q1^@rpZZWFkM*}-9m!+;?H`QfTRr=9{YoT{^|$9exu=+XtjOhO`x1_I z>m0^`=5t5QNik^tuOoS^zx|#_9_w$fM)FvH`#(kUu@J|)_3y@kUN_d?{x6Yyw4sr) z8~W8q?)SI*ymE>4x8=E8)4!m)`NZujO1)5IZL?rM0F;6}o$y4V&`CKIL|AHs4 zNAe+QuQdGuPv0K6kCU6RJ3S@!uOhj8D8p?X@_gaa@vhrPb zkz786;kF@ZPc(h`;Dp;!|H6~|`L9Lt%)E<@@tl7W$>qZfZtIkOj;1dklyKX?-$e4Q zc_&5vz15RXMDn!MYfVQ!)ZjKVhOct@fPvdO-isrZZ}ZaWe|IF84Bx%+ZtMMQBp=B*DeQJElJ8iHy>cJa{KyOWZtMRRPwwTvL)uA=FAL+{HYoiuC!cjvi0+8w@`8J` zp||LF95f(VLIoiCO|Wb4IYe-BFP~j!Jo$2zdb;Gvmm+!Zt0H;#TqF;^=CxPfuksv* zlI2=@UBBNrP>JNJ5XZU=iXUqHWYb9@`bs3132wJ_%Y9$tcdR)n+R0z@^7A_?e?8j6 z`6#~JI^5QA4~{e)Gd86GLoyDj@-ELly7dp`+nS$ zHzIkb^jkE(ys+rD?gu=%XNQiz^yCXJHmde^WP$Q#!F}D&PeX}4^zMH$#Xc?t><|hsC~A2_U!*yB=_6T&Zi>z zwj7Ri8~8E~G#$VF9Flg)$vwT&QWh%r+t1#=isU1C9P1{FCtC5nbo#$Hl8>ZaY}BLw z7|C~ddUbsyl8;oP_`Q!ra(QvcZK?M~a(N-jZT(Y`e5~N4xUN^eW0R4*OYZNg@6JdZ z4E%*&!@CYPVVRPNl)(OGbQ&ajV}vyqYd^MipU-HegH>K?qB!YJh^|} zhdsG>-OgW)W26efEnlFI_FXhZ%p5xJw@=WyiYe*Uwb z+|R%CGhKWy|0(eYl_$$MZf&^kmKL-QdPOfMFSf)%m((LC_pf`KC-<(~xfsb~c9V8b z(}~&b2O@dQZU-Xy1$N`-HAGGP6dv$!>yK?Uh(3yo%Cn!pZO8NGeh8&a@wSc%;OD*g zh-WtJ6aUDQANJ(`2I;`0{yZ~{8J z@HD00vlNftTLa7eLDTEc#KQ+h8HO# z*vp?h_xa(Y!d|$%xa^1Tti;2E9M~^EN#ExN_~#;ftm_|M_*MCbcmCJiKg3@=|L>{A zxpx`t*|$F(55K@a3h{86H}ucXQ2JXa{cU0V{O#lM^M~i-;X8!A{Ee)}!$*a^@ST(K zaQQ%-T#8;e}t7e|YD& z+Yk7YSHEBK?MDOoMVsU9w~0|4`t6CdFMfM67Y~;g2mSC4VK2Q-X|KHVyV794zc3pQ zPfPehlppC%`sepf#JMjA_Uzq19}gcuT7LN8YCL>sEgrsQG9E7DJpTFH7USXDm*U|& z((!PaZ}ZO|osEafe3>7rQy34wRC_JmCg1*vEZD1`@>t{BGbQ&MFI>8{ez-g? z_~~_uzJ7UzV81*|@$j^SFGwQz!`2hV!+WRV+*bhmQ^OIQ|ijKZ4_b?(wH^{27mb z8^>!Ne-7Epdi(`2bZn*nW$;OlUjWPekzPO14}Q+$mx15s@txp#k8?N{Uv%fg-Z3r^ z7l}*6W#S5PmAFP+CvFfo<7|f2y!P+1{l$N8!$vE_{K) z7m1gMmx))1SBcl+oJtdq5|0y45Kj_M5zi9O5ziAZ5HAuh5ib+35U&!i#aUhq_RCY+ z=NOL@PY_QMPZ7@&&k@fPFAy&hFA*;juMn>iufEmsR`&AKm7(yEI7^%(&J!1ii^L`3GI52tN?aqZ6E}#Paqb5C z<hBze766c8X#0BCaaf!H0 zTp_L!*NE%H4dP~;<@wduUp~|wB5{eh zOk5$Z64!|9#0}zRoYB3FmA}mA`2Nrz5@(5X#ChTZagn%0Tqdp%SBY!Hb>aqbGtN@f zzP@JNy;uGNA%$m&bHsV#0&$VJL|i7W5Lbz7#C75ZaWl?l8rRczFhk)Xah5nooF^_2 z7l}*6W#S5PmAFP+CvFfo<7}p-J^hC=6dn?1iF3qx;sSAzxI|ngt`Jv=Ys7Wp25~da z8KCd~84-B)$b`gM;v8|FxIkPaE)kcBE5ude8gZStLEMb9Sx(^TD<9hT_1_W_XNhyf zdEx?bk+?)$Caw@yiEG4l;s$Xu&Rc=LzFRZIA#s*CN1P`v5EqF{#AV_Nah146TqkZ2 zH{)!UBYEY&EkofUah5nooF^_27l}*6W#S5PmAFP+CvFfoiufO$4wdHkT^@6BhC{Sh>OG};xciCxJq0jt`j$in{meURZRbvWr#!KEOCxFPh21_ z5|@a}#1-NyagDf6+#qho`DUPB{x@fcL*guPjyO+TATAP@h|9zk;wo{CxK7+4ZpQiL zKwtltXNW`MEOCxFPh21_5|@a}#1-NyagDf6+#qho`4vE4|5s#)L*guPjyO+TATAP@ zh|9zk;wo{CxK7+4ZpJwT`uc|%Vu|40AHpngjyO+TATAP@h|9zk;wo{CxK7+4ZpL{R z(ARHQhBze766c8X#0BCaaf!H0Tp_L!*NE%H4dP~;Zvp!H-;yB?iL=Bx;yiJIxJX!~GCE{h`72;LmwK(6ICLSdoC!QdlB%UIkC7vUmCte_4Bwiw3CSD<4C0>j3 zU1{P`;&I{$;yl<}k9=2wxJXXNhyfdEx?bk+?)$Caw@yiEG4l;s$Xu&aVRc z`oAhe91>@VbHsV#0&$VJL|i7W5Lbz7#C75ZaWl@lfxiB`GsGcrmN-Y8CoT{diA%&~ z;tFwEnyUw!>2GQ=TqmN-Y8CoT{diA%&~;tFwOG};xciCxJq0jt`j$in{j>!=BiL=Bx;yiJIxJXB5{eh zOk5$Z64!|9#0}zRoF4`H`ahZ>4vDkGIpREVfw)LqA}$kGh^xdk;yQ7IxEbe3ps)XA zhBze766c8X#0BCaaf!H0Tp_L!*NE%H4dP~;_W^zV_hpDf;w*8FI8R(4E)tiB%fuDp zDshdtPTU}F##xqb`ue{yLmU!kiF3qx;sSAzxI|ngt`Jv=Ys7Wp25~da-wyQk|Mm=V zNSr0k5$A~u#6{u~ahbS6TqUj%*NGd%%{V^>^!0x%LmU!kiF3qx;sSAzxI|ngt`Jv= zYs7Wp25~daZvy)IzbQi;5@(5X#ChTZagn%0Tqdp%SBY!Hb>aqbGtT>gzW)0$B( zI7gf(E)W-qOT=a33UQUVMqDRu5I5ueIMCPs@eFZDoF&c?=ZOo%MdA{1nYcn+C9VFcR z#IwY6#Ph@p#EZmB#LL7h#H++>aegvQJW4!HJV883JViW9JV!iFygie3dEy1)MdBsmW#Sd$RpPZcKb0mPB_1c9Af6q5Azme3i}Rb)#G}OH#1q7m#8bqx#B;>+#0$iW#7o4>#4E(B#A|VW zOPY9;c$|2Gc#?REc$RpMc%FEHc#(LCc$s*Gc$Ii9&QodPQQ~pp3F1lODdJh;IpTTZ z1>!~GCE{h`72;LmwK%^uO*~3GPCP+8Njyb7OFTzBPrN|9NW4V6OuRz8O1u{5?@SYq z5|0y45Kj_M5zi9O5ziAZ5HAuh5ib+35U&!i#rbV%;!)yp;tAqO;wj=;;yL1Z;sxSG z;w9o`;uYdm;j}ng) zPY_QMPZ7@&&k@fPFAy&hFA*;juMn>iuf_Sh)5N31|?ah5no zoF^_27l}*6W#S5PmAFP+CvFfo<9s+E&Jc&hS>haVp143+CxIx^E z^GraTAr6VN#5v+Tae=rz!ciMUK$ zA+8eFi0i}+;%1zW2E-ZSkT^@6BhC{Sh>OG};xciCxJq0jt`j$in{k%gk>8%rW{5-L zEOCxFPh21_5|@a}#1-NyagDf6+#qho`B*@lAr6VN#5v+Tae=r_)<8uTfGkm=5irQ? zvh;$*ELeEKBCsj%`M&RZ&V4&~io})d_j|r`-h1x(jWe1V4~U1vBjPdfgm{|eCj;Ul zafvu0t`j$i6XF(ekGM}fARZErh{wbe;%S!m0^%ZZi8vyz6E}zx;udj_xKBJF9ukj; z$HWujX_l`9#6{u~aYS4vZV)HLE#e+=pLjq#Bpwlui6_L0r8M{L_8**5Kpt* z3W$ruCE|#5%-Au z!~^0X@rZa#JRzQDxg8J}iA%&0@jBRjh_pXXXm1dsEK`0+d_;Uqd_sIme1rIm_!jYb zmOB@T=ZP1HYsBls8^k-rhr~z3$HXVZr^Gji&xmgkpJ%yyk$9eXfw)GzPP{?9Lwrbl zM0`wqLVQYmgZPa2R+g{2_3jRRTd!B$diU9_cc0yQ_qk5oAWn!|#699Z@ql)mI!-hFoK-RJWxA6_J$Cte_~5w8<(5bqEl5+4yC6Q2;D z65k*`Bfdp^p5<#7iRXzIh-<{_#2dsr#D~O3#K*)Z#HYk#@Uy|}{JJ(Fo@V(ORQ2mW zQzR}CN5pmF25~~%BJL6Qi3h|(;t}zfctSkQvKuPD|IZeQOT-azowz}q5VweX#C_rc z@sM~#JSLtHPqX}ufVfCpB94gb#0}zvxJBF}?h_A)hr}b|G4X_Wn&syL;v#X0I3lhS zH;5DB7IBZbPdp$V5|4<-#1rCku=oAq&tD{-Cte_~5w8<(5bqEl5+4yC6Q2;D65k*` zBfdp^p5<>|B%UW;Ag&Rw6K@dj5FZjB5g!wu5T6p?AU-3$MSPy+-bLbh;sxS5_$ZkD zeCaia6XF(ekGM}fARZErh{wbe;%Sz@6%ZGROT-azowz}q5VweX#C_rc@sM~#JSLtH zPqX~(fVfCpB94gb#0}zvxJBF}?h_A)hr}b|G4X_Wnq_zN`Rn(EB5{d0BCZoRh!f%# zagVr9JRlwtkBG;_6XI!>Ukr$g#3kY=<(I-AhCc~^7XCbZIeaDjMfjh>^|_Pqm*K17 z>*24$H^c9R-w%Hp{x}?jKM3C`d}r>rbHAT^Eqo&!hCd2}PG>J}H@orE?cHuOZXO1U z?dIOqR{P+I<|D2wn@7z%6s7lQH#fKMaEnYjbBDBKb8D;F>c*XGovqEiy?E$`FMn~-IWHgVZSG%=x7ycQ-GjKh*Rg(R#};E;m#*BYn%taf zxjT2;n|Q>7-Tm$(_LLnLptrkS_q_Yft*#7RZbfvdeY@tB%~mJa+PS*_WG8;&>ZMD~ zcCdGFISo5I2UqvDl0hKRmU}fq$#n!q8-9PPKBpx4YHc?=;_IChkz|&A_ZLF6X!Z?yk&g+iTGgs;KLOC6+{M zvFeIx)wE&?gH}LLF=silVAUp56tgLcX%xl0iDJU6yk_O9=&+TmqJdROti>y4ST=)d zHCC;dy1tlUNz^^7CCZvui7lvFP>ai&L5T(^(V&tBs1u1Dbu>U74Nyk|G-VN{K<89s zMG0$JaM{ol)8p!vO_vN!F=(>=ym_;$nq8MgT46`VnOap8TNz_cS+{~bg zC1&NTqS!cAu8NH#j2o^Y>6%{uG@V zLJ~Do%(WR*G1peUB8uf}<*Hbc!kD^c32DdiOS^l`c)QuzYVYFHL_5YO zirv;zRrw*1`{TxaF3^uP?@>`c7o;_@CGg{xM5Wi_=zBjM8y*2R5d_Jd6tUO%4LmU*XI{mRl%ND;-6B8nqL6i13Eo?QbRDU!griDKMDF>az5 zH&GZg!1j5pFi z)4tB3Cw^fWHF*Cv#4pDcgOMod7#qelB8epy@ zf#K4ES&$|$S6YH`oCQ(k?jM=cUu_ms$68s3z9#BM(h{qpI73Bo%825W5ydGZ3WEkX zWh8--6var2VkAW|lAEX)SjKrRAKn-7nZ69vj~|g!oE4%tD@1Wth`QmD01GcoXn^661P%{T z93G-LJVbGLh~f?!;P8+HMk6iIz-=Xc235C_9J_tw)NNu7uplIGdsYIsXC;6~1Ju<3 z?ONpaY--cM?b+0(folSPobdl&Z{rpPyUo3HySnj+^7wPk^qPAFQI0=NUl^pdO@04k z`TlzbTK~a`>g?V3?ed$k*|FL7Oez*PyU(NT&hw8s;`>lNcc1itr>wn=N`Tpmv{|_a4pV_ zW=;)!e;uiu_Wy9E)i2yqoxOYhg8NT&a{PZBsbkK@;g0@=eE*;9`S0=ClY4kvIQ0DC ztOW`Fk{Az6Q@M}^K@j@q$K36_i~ed@cwaU@>o3xC{`#l(Z>B!4J-JglUVwu9B^A3r z`-_$@nWp0P|ABuZnch#nz$dK~1UDm#KX*GPQCc4wejb^WsoKr2Y2vf;ABA~^e*M4Y z`~Ur#dS0x1UKe`)@L@2GyVWi{XZ!bIr#Pny-?fso|MTDxUiVu*D}|RQmMB3#j#t`l z>c{xbeFpg)|0^hxE5W<-r_bs8>&WN%6O`d9jPU0C>HPZse<7daKPjQiT?t;!pROa% zAG$ct-$NO$S^M`W2cAFp2y!|8SL;?kfx7nZHTM0VMlR1k(E79X@4JKlEBXG{6RYpk zwV$?|D&{Y6|EM9S{ntk*!!>I^t>^g*6I4j^uJY}x@J3IeFowGJ)BWuE=iD04@edp1 zf4}mqA8!5K%=cd}S^Wg++IOE7+~v3L)>KaW*L$uqt^_aV{~%uO^8EL^e-xSLpSa4n z>UcT-19-X1_q#8R$npQWSRHLGVH!Z_e+|D|dPR v!rKS$JTB)#Pl~*^x!TxBzL>)+NzXB)!cVw2uk3a>w`S|5n68_&Z07$j21Id~ literal 156480 zcmeFa4}4r#dFOp+Mt?^C$FgKePJrvg2}+2aabiFuA)WkjB7=#ii36h0Y7|+v430g> zGLcEP9a^9&OJUkVt7X|TZP_APK4rEG8?~i)*s_bZ<@4#hY2U5d(ocsj-MUNn?d;o@ z6@3%@{+@H5=iYN4OSb$E;?10oMsvT*x`je{-pA~hcY4AeoO-u6O-G#0 z?x#y<7m1&uf1c-0md=*xK&7XAp7fY}N_rmWbToTj2gUO&=NtN~5vzD>>&5#xmkr{1 zn$C0LKLw1bcox@-N3Q?$FP$w>JosMV?;?NC)3u-_jJZzj^cI8Opl`qB z{~)f5bet7_HfxT2F2^CHV}K+l7SDd2zUeytO-Bzx?<>TlpQ#yt2OU3g^3Wk%zZ%L9 z`E)#c+|NV4Eb^J-Ge&;cpPGTZBJ#uj(c^S{WcJ80$d^Pu<3BY+$9raGjzeCiW2MJ3 z>v4zDV+-e_8G1D3^9rt+lbwg@BXxxrtiasJpU>Fe!OV< znV9My7P&l%9ZDTmA}RQpWJr#=gGrzA@<}pZ?oY%{SVt6jBDI>Dk1i!%NONRr}M5{J9YNQ zDL&ZSJLp^5#mP^f{S>k4&p&mZcGu)w<)caRf%es;`^vYoHr+`7drf*xDm-s;z%%{$ z>35Md=+9%5@A9rEo;>9x>HD+^g>kw)&xgNplXITEAJ}T!2gptP=8hk!9YKEcCY}*{ z-uNB%d;c!`{q(P}okZ_%&KXyqF4*wWkDV@B?k}EwgpMSgG;W65#`cvu{W`-kK5Kf{ zkY_@?#fFPbywd7n|27+La>nvui~eaFF33Obch^~gJCWz@IAHGMI9$qWEg11G zgf|+HaBuNR-g8!mM>$WEkCX$-HAgJ%spv<>ug@0A7y6QRbnW|C5x!y4P^~ zYU`ybZS>bBHp<>X|4~4eRID5 zRsMc9O`P&}+!3{xQy;YU-|u^`rw|fu@`SZFu_Lh`=?|n`*|AH-cbByvx-X*Z!G4T= zi9KD=j-vfV!;Xv|gZkLg>~Z^kxpu_ujkO~`wqyHuKS3qdnxS!IEofghYDci2AE5KC z{rKLx_JjE0{HOR^>`m-M>~Y8L^VyXjv`-Ct^1RELN4aA56ls^z)Gj?r1#R1<>P5Fp z7*CDS`LL_|=-b*!dVRY}Q7G6Ie~Vq6zkN!t)jpXK&3gTu^oMG^a5dT~d!K!c-cOu* zk1apgR~r?~M&~Kzyp8pL8L~56LhP(^(RLQKugn#;uS~?x{IA%_)wQoI?CXW! z3hk?WDfX42^KE;S^-jIP){Dspczks~-`DsQs^_d8Uu~=%L%ipXv&?+qi=Z7dIeV#$ z+ogQ2m?)W`N_Vpx{yzM7TmuX+Qt7Kn@w_#sbr5(H2@z=%KSDx(4+!0#) zDqggG$@TjE7Y4~rZF`jWu5A02U(3GCytT~R$^4qk!+h_?Vb6bu^4;t`{|)-y@HmFs zdEE{mp1(KoOwfPK^EB4i7f25nPZ#-np1vOs*YkH1t9k#%`g&u1oyDSYPLg$X|MWz>X_CpX(>~b2Zl2 zU(EZ}FwT!rQ8w1stwFQh(!M4$WBYwyUmvmQlJ)9mO{%>3+M`F zdcFPhDO;XM?0M(!RDEfzKcubRxLs*E{R@`S?q1xw`(AsVzHb-1k#%>O55v0YH|UJk z46U1D{hjw^T-v&6%A5Q-o)>0&3fA2bKU}bGdj9p%l-w85ez^0lXEp4|?3-M7pShH? zV^3{V5F4EbI=zlPNxV_JGVAcha;-hpF2$ZQls-F8hjsW3+EcL3u<>>GhFx98^9xe` z-y6Hadi?h9?jyUfc7^r$i*KhgbiTC{tixYXyGn1ky@K9MkK0&(KYzP*$#%v4=6dbc z#E`pwW!B%#eT`jTs9f~=!a3{j>)BO`tnXs?cVyODS2%CG)vzz4XL*io-G1?VV_#&tHvw9v3}+UuWO!X};fDWBvU|XkVpEX}>abzU>!t z-qo?M#`^oUXAvu`7!IY;x=c+Nd*^}zRG^nN#^nU}mBHJ)=fhS8ca>xH$A&YzvT zzqDabP^5bQ2G-RZ&$-ik$1caN%*xEQ+D?6MoQu~aGigAW!Bjn&$(Y- zJLW^pFPU+>JQu9(3j1fwdfFQ6?2YH#8}_x~_1lZHFSE{W?g$&txl=22;rGj(JHEf_ z&$&0&*-%C|@IHaY^X`r3 z-Hkoi@x8tTR`8OD|;pc2FYhG-KV!Br6#hM$>yIVux|GX~Kc;3D7 zynBsI;;Ys!e0iVQm3x28*~atk(Cwga6)gWRybtBt-Y4ulkJWhI9fiK$druqByPyBL z(eLeZ$&KgTUn=d>_tvhkF5h_GT};b-zl8d~i+evu<9T$`i0?W2ew^pI zG2gw`d+N{kyyY;RkNYB%etEuHo=22^=?O%q>50^3WlqqZ-P;|NA#4?y|pU%lf{b(nij{uhYAS z%eQ6XMx#~VBkdIihvPKy5o*ITqd*Ae5oCPmK{h+w~q7yWz3=KW}>PbMDK{)E4Kym+=w z@nb%9mA(Koj{;qNx5Ntz1YyQ$yb%lcgZcbnCFSy3;iDaO+y^grlN=zYJp5U;oX zu}-~i+$Wjx3G{fCerGoogZ@pq?bv?yX)34I49z>?dDe@6AM3qzzPz`0qrbPS?N01R zey^G9eZ!8f(0hEEFZTW8>&)kf-AKD*+ZS3tJ9`J&fwiOBrP$GB{ciL5?a7yMb;F*n z341c@W@g-K?Wua1_JsFDpIGO20HxE~Q~5IODSL(O zDci6ol+CqcPdT!u_RyY6muXMAD{N1>hCN+V_JsAX?Jrb9dn#UnJ-uMsVLKked!8?I z{M1^Y)a2KiCwP(kzVZtnrxZ4OFC3!pjlSn$z4t~To}!88+IyaBh0^V;Z~a$b?9^+# z1(MtQb8kic4swy_nUe3PK%Uox`9l+)`f<1)HUIIC!(}+!rL2R^Q(PD)6!?3Nzw`8c zfpxGvU*A8SrqIDW3*8qE6Jz{n(k<&I7gz^rtb;}M*uv#X>tF@a=OwIzJwxY7JXi-S z5IgH&ro0hs!gQ|=d72g^%&vOUtN#yy*{-+aBsI@lE&e`6iYlq2i=OIFK4{l8o4 zKi0uadCGd$8tY&W(YctSqC%E&57Mje)^)#ck7dR~0;U6FjAv;HOPDNh-D^L&Ii4(n!3bTF~i+Bf9p_b}Z3 zfp`zuS(KZZUzd69tFR9C-zXiD&hO(on8_#F;WLyT)^7}4Bfg5ym;D~af1Y)))8sGf znB4D&>tI>(O$FoP9S6J^No=^3+4l-ucO4Avk;%6{5BbhfJor7;G5Y3qE*M{|w;rbI zd1DY}mwK zr2nw9&)9tr!9J~MKi9CMt7JzQf96R4YpjErD_T3M1?|g4ydT)KE3hMHUDdzr`|qed z`Hgnz3XOA{uiU!o8unz?!TvkhnYE|t6|$$xUk{7gQ)E4?(LPa^4G(n_LOO~PuE2IWY)nR4ehCX(e{LX&e`{I@#|nR?mGYYDY72cXrErR?UPvt zONRDTx=eez{B^KsyOeX=r3>x*FylCNU)&gve^1BbW*yATJ=*b8@e=Imh5tbIc%|0C zqV|+`?dd}6VBaHqdcn-IUcq&+50m~*t93BhhmQ4?MdLp}|2;35Z@Y5OeRWX0JTG-Q z&wc#}#pA4ty&V|i`R(tJA32_9+I4~Fy%zO4#QW{(^jo>!j!#&-Z+k zzSTO;Ilup@^|r?PjcJ!JGM{ZSU)gwmgi0Ztcl(&d|HJEV?5&(lsb_ayq5AtF6>s_q z*WbiTr2bwgpN;zK8%x`v_BFJuSAUPwq;-=R z+H>8{ntnyaySiSyk0TC>7x8q_w-Z0b8*}=JI{B-1y1voeS>}a2AAktm51(M z7i7I!U;o(*ogMTG?mh{lrwiateMtvKupVxr>?WY_$_V*@WOxu^XBWXuq$L7gW z8K=QM&QN?jPVW$V5qpGvnR+jFrt1IY{O%Xk8+YHv%Zb&vdV$BwDb>C<$$iWQ^PT9= z+vg%B-|~F4Jii>|GpdhH(Z?0cx4Gjwv3U0DlwZ>Owe+0*$0*ToxSuZ3w<@oXa(PKR z--P`d=KkXGl)2wY$^9Un>n_sy(C<8d7w8-Dn)dVbdx)_9k~i&rLEcXy_Q3YsoD{T=Rd{Y`^{aMx&9n^C_9>S<2C-TrT-|ejQNuJ1GL9y|AHie zUHQhp=>p@!t}Aa>XTL^QcJyoP3;Q(wJ<0Vvz%|g$-A(Cs+PT*OV@|tNB7fcQPH?}A z`&#igB@TTTDZDCY-47Raxu09!!G6_^^uOI#zMLcbr>@z3V$zOWgLZi}``;e17st-) zWVhd^{#W*w4}PEe-<0U1(f^Vac)@)o`qdH%(67FLub^M$elGd2?dSCGWT*CXzj&Ja zKj{~p{;)vtLhq(u-5iam)t+|esW328vS#g(xck#yl$su-ss%+`s|<5 z`Ko_z{yy~2%ao2a`sdG)9FFe8X^$&DTzCPK%xr(9a2)1>vNnWG;^TW>24BXVPqt}| zaDx|+QJU!*NN|v5k>Ok`d)wjTM<fAskAcb?4q@0>bymw(ei?}9PROifHqPaX7+pPbE~ob`_!J9K>K zp@Zw4i_ixn7dL{9UpsRC`7V9p)QRyai({t(cEa+hr=V5=!Na#1-==a{}9b!{6{tmkL z@xJv*vKc$D!F(15vh=y>?@1V^e|GXKWr`e9j?*lyuU= zPvAq|MSMv12@V^BCq?ng98V99KP`SZHexf=2!QLxhvG9e`CPdXQveF%<1>m6N9TP3 z$IbX;@cA-6t@sr1`A_)Jbt?G$0bKx&x+8NQD}d5`BR-_FDilP1efUUO;wCyifQ$A+ zw20$Z;2RANxj3Ci#~B<`Ini+e$FJh!3XX5L#}sY+PCm}ym~QhBK32dn-GI<>1;6(+mWG5y9`LfLrkW)2zdxwf$TE1N&dMwtv?k`nfV*q_Q<&PQQM{(E-8pWH3< zFSIf7@BJkElZ}Xt?Sy#^qC`l^!#E~CvKzSm2k?(+v;w>u~hhkdo@4SfB|q%F_~#ZLBuwr-%#*Q7Q~ zu8AA)tvhi|GHTfEM)Yw`+#`tNevbPtCvI%szwTuhm!IpX-mHC zvc{3g8^T@pAYY%#P4ad>*2Vwrh4Xg(Z{rj$>vQ714{>~n<0ku%xF7O7f74~=4SBJ7 zQ}(e3alewU`LJ`%H{jiT4_{_}_9BkAbKGx4bNo5Z1GU4W_;k?qApafwqhlY(U*Y2n zzN!5uc@FYF-S}6E|EJ>BC~t33JgE2<#rG+GOO$OzMq0)^Z~HN; zWsk-hrpl7Bv!l8V6;S`Z{RGEBZMbo3goCYZ|2T)EwqU(*8HD>i4)?gN?9B$$~;b6x%4Rg53^Mpe^yGe97b)Il&+irR*$9LF?>NFOwvxcOo4&y3JPCBqnIUgJ=LF9A zU0i_tsVu1tV6U6L%ICieGWg&0hdn_R#v2r@Bb%VUmmH37`eTGK*8*=gQqS`t|1-#q z{Xq6ZEQj5AZ^wteslB3&O+SiH2A>>0U&04v>^*_cckrRM?I5DR72mhxgK>e`FhT9! zG>$)nZ_@c+IcYcw89CD7|A3t9sP~8!n=#aW=Q!&e|DbdHsB`?7b9}%#rm+k;Y7gFQ zj_mOf=lC7L@sVS*-uU=^k3M?eTgM;U`$K!i54<(IXMEhF+ri1{lgHla<&PZnW)I`v z(WztJiP?#nS#M@)^7zcbse|4j{2iS*e8QVOm7nsCoWKp$yG~A>nDr(O9-Nsval$(| zF*||yPu_WlckMA9nVi4qgzb_d{1hQ$L~LW{3x9~5}rFbJu%}w zIWb4~Z!<@xPI$N%_1-;k^yHK`JvEW{PD~#^dGz4;EDm?lEvvWl_9ya(Za;Et^61Hf zQ@0~8Cw5MINP!=Q95(6m;dhJwwAW_nR`x$Ik@sKkBZ~1SC-UR={&#%p=+u+LH&a|B zz0Ie?TkiJSjvVrbZM1aSw%7ZQJic$AfAh`$t)cYwulIL_m+=oDJ^sYR(d?0fxJnvP z=!-vW{Ewd6Kq7*uC@C{jvnOYcg_#KASu<6EFQx8o?_YTNS(GG-b!OMA@!5^fo%r10 z%{-CEXAZ}^@JV|!uk&U`yqO6|Ch<9l&xs@WKH?ppIdXX1cpNdWOPR8EGIIiDbizA& z9JilQgP5Iz2TwS7b_(M5P+*HuOvQSi*g5IF`#4m0fA*pAH)bE*fB&B0;EdaR@XsUjNQJ zZZWZ(n4LK}36nzlX^z9cmHuaEXVxh-GNnTYVK>%n^w}ng*ZWWZ3pS}BGHX!gifu-N zxOwMGm?;}GoiThfg}==|apXNy#}5sw$Zw(So3v4`jKxwUu!^*e7ZD#GHXU0@)o_c84q5Wo0l<4tI3w-BU*)r1b6E z^X5JKY%1ZeHG_GLaRf$*+G!}8ubU~KVi9CO4~;+Y_@j^RdE~(O1KGz>HYPb*jdaqJ zXxAnVPu(JB5!D|xQ2vuA4!`Y(k+>W7T*Q3K4M=+%8R6{A#N^a?eg<~>&S69qBm&1M zKU^;;yI~6d&eI)KiN@dF3ex3lz7oJ|!CEu5X5^iJZ?*uT?Wtko_AXGjfN$Iu_% zvrYoiXiCiW&#^I@FunNNx2_5{UezAmb0AXNOpP|hb_iX{>-`uP(SH&eHaT97?} zw&UT)#vgrv&N5-pQPQb9?hOoz5=-5sHAncnaiDp!`OtOS(YuN1{!_D4CxZGyP2l(} zs?4zI3vMwL!?`9U#a_k_&nC0S0L!06+TywQxC{9AphRYvgGcy`aD z4HQf%;CRiU z2@Qo%=_t6Udz(4IXxAL=xYv{zVldx#dp;cd(C7;u(%TZs6?fc=Q6T)n^o2g?FySLT zV<@Li)Ods(4 z2xqLRgF{D-PK_U&Ix#tO1j`#U<5=Q2l7IJZs0Ei1twXs! z!SVYZeDKjdk3Ht}#-6BWmoGFKh*3=@KD3Ma-=kW@kYNMjzI2A6fO{~?2o4_Z|*NvMH zK|0xjf_s~w4-XO|b=~$b69?UqC@sgVIp8D@8D!!_Ih4_bGv1Vr%S09Jx6Ttg4aO(T z%?X`v7wM+v+@uAvwfa5rlyt3;L@sKKimk53XZ>60wAra+)MQAqC8o8y+;OC6t*ZyU zE&_ycVWlsc1Ipq0Q5e6AOh3i=1oa2uRjne;m65D)%y9mT2WL@4=U+6HGFc}S4~E${ zyo*6?nmsb4T#@x24au>tx z*?KoPkrNO$IL+MU*xrFEu6qxJFsA*Wb4@L^Bi0)(xGWr6@!E^KH{2FnA8jB-ukKV@0Y$Zd|Cd!d^hJ7TsKf1G>D*|{C};_jGQJ{p$?qii0Opv2(+ z1pFzZYJj5$)#uIF6&Pl#e41{Al66tVi`ul#sy_KIqO$83Pe*?8?RJOwCAf+W*kYK-{d<@*N#L-it$9=7NeQQp>VS&PjJn1MiMtu z?>3GR8uxh?F?4VuewCk|J2=ATe*yJ7iND}xhAUII%oVxvs;af7k=q<@+{D+3e+>)Y zfOSUH1K5ahhWjyWQZPG(GCg+k1n#KeH#u?i=r~5%2d8Gvl^>h&V8fmULz(D|!{r-1z5@quIZmuW^D7oV_aCfnW$6h7G2{qCv%sqtbCSH<4Zhlqj<^=7x<8nj?+-IdfQVeQX>;tBz>U~OddUcVu~6Q$D)kv0v2V%nEM13*|`=KTq9ypW-1rE2+^$u^)P5N z*11olOPSa(H?-zlFHH{z-Lbg>-5Q1|oS2-P%Fph$89qMwPP(l(Yg}ecENG%R*adVT zq3p~!wdKdnU;^{X=Wo{e#B(*}BrnjFZLdynVntiRG8(0fIO9}C_+DrrYA+e|h2dD> zQf>0S2OijinL?VM))N_~9OjP9jyw6p8sw}kAje~U#k+w*>vNyp^tB z)6BkVK35MNSRAQqZum7To20|kHuI0yMwRuSGXj$nktH);w^ibjJ58*4KCRkIGwAMOKzPcB~(lsXr3haMJ8Mt zr*jkTv`*B@P%@H$yE)0+8LU6S6pZROQadG?yqF#~)Q4#2%Q#IS*zGU& zkm`V0QSi_-ncXS4^^|pP(_PwOkllYHGv{W0H!`;58DC7hLd|9$%{mQ~%+MS>GJzdD z$H%FSM90jtmX=6vV#ignd*}Q!nmfng4m}w}vCh*e5^U$LHR3ZvcRNQU;Wid(=N-cyvgDkCq(2scYAC1tC%jZ&8=(C-uTfYlh_?KCCN8KQ|yMKd5B$M zd9vgVZ|4)(T(c8afd4bcY1YM)7>tk~>G19Luh@2MSHtIhpU0alR(MMoZIAnNd}RAv zKX%*wg2P+!G{;vQz8)KHw>kWB@G}nk;4eCS1D;-Zt;4u}H*L3*>)i}qb$HnGdT2YG z_+#5$@9#Q%8@4?Ew8PkjHwX;E<62v3+nk(_t$f$fwm9Jowg>;A!w-6%k1f@K|0uTG z23r>)--k~MAJS15KIFcE&$sy}bI6Za93=)E>%|i(&?RjRG>mw5lV8T+>u`+g1^z8K z9%DY`c@I+AOk2i(>+<-b_&>sLbt z7hlAu;w4H1xOTvlt`zfGFP1Ensx_*IK^uqas)Vc+Hxq9Jz#zZd__9rI2EIa9?_*YbVYwW+ri_byNP?gDV;wQZL zGbr1b&-_U*{yv-^&UF>QLc z=Y0tJjLk8B5JgH{VE#qaS7PMXg#S&?dxqjKsrYa$+ z0?lq%uTXDRkx#c?twKjquTYN?=CP`@jh9X}ZUq0`dX#0BdIUWgf2l_~hmkICj#=u_ zyk-2i4tj~yBc$E1)T1SbZ^m)Orq868;)mW`JCJ&n*yANq)Lzv&{3l@o6n@om%XhrQ z^(a@WXU2}j?o-TS_dc`Kn-O(>hW(`;Aior!lq1zEH+^wApUMa6iH}}qeyQY@tO2;dZb=8u^q;X?9ch3dS=3NexzQtN_7BfW_<^MCge1+?=CIL%aribd8VX0S=Upaq{{W*P! zvSrb4qGGR?g#8v@f$J?Z{~)?PY*D9rMfy*kME}(ZUU8VxTT|id%pXIS0RJYH|E47S z|AuWRn+7dYdOk$qp&yeUE{~>RX3l@p2s7umDZ|X=)0DN0%No}-#{QiDrlMuZKeYpN zy=HDFnmK-HCz^3S<-ZNFmGG}Q$K2<|zOo5ia2V-tM*JrHZC>n;iA#KaPH!{fGWp~D zG%qo8`kO0!{t+*>lE(Q}_Gf)G*DQPNn$NI5=dZ=LEct6eeoT5k1i3YEa$gm z*?-B4(<2=%)6C!W;z->rkpw|ep0P~Tg9<_Ep__Fiz>Ve;qvx4+$s(^EUG8TLQ!#nZ6w zR@O&5G3>jQ^WXjf&-*;a(yenGo*36^EjXM67cG12S{K;=*FEox=yzKy%>V3pUx7Yb zmo0Z7FMmw_D-P53SsxvTF~lMNRrV*|X1XI&p2i>gNe)KOPjdcAzcpMhnTeK968UxQ zFPUTJ@=S96J3i@o-`tJ!^X$*|mn>NJ*d^!LpUXE{u`K1AtaAFk?!^|M|D@!XxE0L# z?QHU5+mWBPqz&JBofk`@eA;~G$Gw=3@@*Stp1}|f`D@Es=Hz&7NH5ttt{*!<{sm4S z+h^N6Gv}wR$jtWLR$^v-w3RIf@h`DI=eMnHS@PS4@^agg_66n-+i_bv&ZqQs{*o7) zj^imRgeUG`{d6Q9hJHFy9G>;jk+s|v_hKpJuOr9)tiO(FX4Y3no|*O4f%MSz#C33b zL|+}toIloAN0piN)v?0N`sz5t%=+p;eklLqVA9s!SYMqZmPKEk8D?&OJ8R6WFI3@( zzPb?J)mInm!{`tC>Kfzltgo)3WzknxiTzn$UC@Oo57t*#nVI#~Rkw^}7}uS&Ec)sm z#Ljd-^BXr9<}})z1NNWnEJ{3>YleO`szl0T>I)tGqb+vUfkq| z?W+gjU48YG9EQGn7CAiYtLKbm(O1tZ`?J1MNT{o?RFawXl|uf=UtDU;vgj){&G}<} zrSinnxy8-1|8QYFhl{J55@uT;&l=qq)GneA)SJTvQSQ<>Ax`r5?#mHOD5 zwEkjWy-#L9REBfl2w&@pr z_2oIgtgpUB%c8Ho3j4Et^(`~AzWR_~qi@z%KQiLlSHEvr^wpo{{IS0JN0?b({hZ$> z)>l8$Z}h?X>PPxrec=t55q1TayL3m=(*A~vN z=xa-r!?V5yl9okZ1Ds#6uYq9>&-xljGqb)1a+W=I0|m>XuYn@xkM%XMz|8s@C^56X z29}svUjsJFhW_^t<|^H&7X7eGQhGSzm)V-__R;!n^t!;{1xfhSD6K z^)-~YEczPa{EEJY<~cm;YpBS~`Wixh=z8LYYL-P`Lv_v{>uYG0ne~Msqs>3-YwI90 z>uW30@9JwS((meP>$GL5k6Y(BeQZBwF89?ob(GGoUFMbz11THMFvbP$JVj&v5Azhh z)lZ@^{}=x(`u%v#>ceCAQl0;k`a)|WF}lfzGxh2tUgGNnT(9Dd`M(#{{9hN958Ao- zs4cI?{GVNyNO1qx+L-^N+Uqsu|7`tedy&rnwQ~E~Ci8t5FH!p&%=h`sGT%4MEc1OM z4%2*JhFRwOxP375dzepZ&9cAD_i=r>*!jL7y$c-Q_iMh7^H1YNGv9~&n(-u$Pm{>6 zVIGgt{GMSRkJ9`e={uP3n`3_-&&vEB)g^MtBK!0BKDlgJ#;eH{j!)+M&Nz&52X(P@ zJsFR;4Knliy)DhmQ(n5~r_b5IYp9k}Kod33kXnunEJ=TZJ@5y{j zTg8T_xXHC~{+c+y?U0fFB){!RX1O$NG}_J<(TZ z(uOyY<6mcr&u4vgjKSEbef5Yvu)caKHb0`T9?q}mt4H$7`bwpu`bzn%51H>9 zW@de*kbhHuSzoD~Wse=r-?{dcn&mqQne~+_GykUDH<7AX4&q;Cf7Tb4 zQ6lwmQ<9nWwP}%=^|h(W>1TcQ4q6s{^$t6X_NrI%%lhh_w*F#Yy_{dMuigU3&-&_} zXJ&oL{GQ~8=I>m6^`7DUvA%-&Jl0q5D*Lm(Hm8_bUz>f)68~o8$F;A`Im=>Sn~@*W zUa`LVlFY2HKFL4ptB><5`s$mv=@noVgV|@)&*q`ld0O@!2HGuTH`Wis`U40D>TNZr{rkPn^G{5KSYY^wV`WhOs zEczPa{EEJYvK*fECG&TpuOZH_)W@Mk4$t};Dl@abhL9h+zBrn{bM0$uiu1?%3g+`z zUt4|lXMJr&`dxi(MfzQRZAJQBeQlk$Ec)8I!0BWAF?%!J`9AC$sZ(N;HXQo1M4jgQ z1})P(g_-X|x+oup5td%XOC0R?%UFhwb))$D2IfF|c^_nsc^~hCoOT%N(&p8U6rTL) z`t$5B`;?FmiZ5^_98vg>U>^zXD_UZfeM-v?-;Cp`lU|CyrqX+c{bj#jl3Diq4KvGp zUxr!s`{kHrzu&awV87oSmlKzJtia6W9-C+8a*rXuZn?)6ReWXke~$P2ov|$C9z&th z`Lga3FEVqxV#*S62K)UGpRrTg|91n9q0fL(KJlumie=GX0{L_G*TnJ3 zKAt9=Px+VnLVKLu{eIn#culldN$OQ&zVF4g-_Mi}+JVM=AJ+q?UXfil=KHAfLN{oa zOgqEvM3c0m_uBi}px{;w3(S1>=w`Wje{+E-)0UsPYg{2=S=a`*e0XRn?4 zzwV#$=#eQ5r0h7tFwKuaNcVw_`9FT%ci8G9*zcENZp{CY_26MutB;r3{GZepdWV6# z->;|JYr2gT!}Y2$|M%jW|1;&&nEx}+)tm8eWB$*)SD`5z9gj5T|7^S7*zd>B_rgAC zTogRti}@|XAGo;ZdmH=x?7C%Rzn^VyWSzFL-;eKqc)g{u-;edd_kWH3eyk6kUuf+2 zv;7bDEtvNcH1_*heaQaq#(qE6M`ORAc|XWYZNDGAzabWog#Gp{4WmYKPqkFBWqYV7}<9XH1ZEz5qjIP&1`Ly1?I zWxpTCNBjLggtDjSbt%1uX}{kYhq2#}=JNu7s)`b%V( zkK)yV*MmnLhW_Y1W0CXcm_LNAhbj0kSVsQh73e=vV*kJN;$PVXUSxg9yoJ(lVu}4( zzlmjL)-Ub%GuM~+YV6PYrAcw4Pu_>nG|ar;Gw)Aq;`oC7fH%9?MC1G#PN#>`$ z*!!TLW}Hv{ZFtXD5&3Cm{j}k|UM1ojU!U{SJk8AGoaQ_;=cl>A%=w}Bgi-wBnxQ{q zf1DqA@0Zw1Gv_}Dzsl*ubA3xlPYb7C{98~aCjCoZ>}&1tm;8LwzL%^e9Zg@$Xf%EF zUNE;lv~d1{`18^9wk%qf^tLQ9v;JF_qxo&c`IJ7q*EIgk81}Cfl>a=Z{~z$)vL5(D zKNKF%1;)kN1GZ{t@=vT4n#^UhH{#E|B$$ zd4kyUo!~nAe*jyZ(Vn)lzUeu^yl@%^FTLk$f&Awj-Uco>4E-b*)cIx0R32on$x5_5{_jbAV+m^8`_RyB)`0!j{4*GA)IgIwIjq`_n z``$N^A9{|D@{jj`dCMrDwngU0u@xNUOV8~Y{~6C)MgH1WEC=b~^yB)mKJs7X^l^Pf zm5Ag=p5qgJwEOJO`e;vEmiXI8*#9}(zPINsOMcstAJT`+6LbtRf7reUtOMtp^kbiY zI*xKicvIf2pAODH?GwsDKOGAkp7qgDwT$N;yejh7QDcABUkB&Ell9e6XMfgLC(=XL z6W5uxEc)uqaQ;|da$hgc1#K9gvgoU`!o1(M*IhYg z))zhJ=jw}|>vQ!*&+!EeeRb71JnO5Q^DFx59%g^m7d_W!;%9x)bA5(cU){(bvAFJn zWzm=H(~J!NLr z7d`i9($Dsl;`|$X>Nevp<1h9_&-Iz`tgjU3SM){C^%;NGSBmp5_C?S68GqJS3i%@z zm*Vt@zGUBy=u7tPh<&B%oPXBWCeFV+N4W|4arL#y=kRP_o5ollX#eQB(@i;M)>khQ zM(4|Tpcm(x^s~NtIsc+Bdd`phMPI!I4$u0c=laNB^wqn}{;aQF&cEo3p8GS`V|~#+ z9b$2teaoV+&1udb*T>Bx%xqtqGt8{7&11~JX`iFqjQqIz+MH+q=WP46dC{`i*XA-a z>#Hxz%=Sg^^)l&aef4qvMPKyXANh;E=sjL0JnO5U^DFx5A7p>lS3l=p^wmGi{;V(B z$K&d&pVK4y>MwBqSYQ3~%&f2AIX~7{|04UdzWR|LS6}@V_Gf+duUZy;ZSj~{Ut3Dd ztgkIN-_;kr*DKHu>f-?CU-UKLb9mO*0OwcqH89Qotgitn4{pB(=GdS0HGurN`WoQ$ zh`xe-Jgl#Q70xf~YoNx=`WjeeW_`(fzC3pFo-f%aJUGhw;QBb2WoCWRbAWDrr1yTg z`WoW=i+v4o{zYH(-Y*lL^+nJ95sSWtme`;5HN^QB`=a-Lne$m+^jIAvA*OvKxx0WB0sKuZOw6fY+v*opwS2GYb)o6-Wy8e1^SJJ817rh zQM!8n+>1kn7^qq9!92k#86~INa0htM`qMnY^E6M8wu~d|M)36w#NEsD1X<>N{2UX8nr9e}hL5p6HlOtp_xSKf{z<=>XGmnA zlVDx}??WF&eq;0O|155iQIBaJ!GwRoOVGHD<`IZf-}Vv*?*Lc0oY`)Ic?7O!G31BJ zUB*?h8uM@3c05*B@gYAZ{Bu0dkhU!CQhbDYza3Y_SD3k7BBP=7VO}9Y_c3wSkKr4T zZ_n{Zc_#)PM*d`80l|z5<_-4aed09FkhS44?~o`$e=?8I_k&*IqXXca^*0RtCGt*q zI={&N$GyZSQsA;>uU|wN`{bgRE=5VKJp6&S`u=5Hs zZxGBY403q#Pa^!VW$ZsN^B~DI`~N!6D~vJAyh6@$Ft3nzn65w1e3<7IiVkms|ANCk z;IcZO^H2IW^9snXTYgF8*R{vwDl?ZiHQ}T`dfyPuD+KcfY|m|jHavnE*XHy2T>foi zmZkjLra3;DSD14c?Ncz1!2NzOkHF)Ewu%ie#MV9S@hMp!2YbS&Z=e6SLX`zex6sDV`hDI;e1zLT{X)x z&g`l?414NY#IAqFmGwX}q5ANzq<_$z&sf_g(`$~;+ zc-EK96NtWOKY)pk^_40yv%ctgALGyZO08Iy{LnmstFKM)FzpZPE0{N6eQipyKkI9g z&&>MTl(sDKZyI5L*4L)IWzpBBIcC;Z?;tbls~6|H`syuM7Jc;=9fp0;`@l_j)|bo^ zh`wmQfbnO2(fff6v%cv4K!#agn};n+el}+;BmJiR+MMP5vA%+N1J>8(9Q(7rf_Veh z*Jk9$wXe;Hxnf!LwRxGD_0>1c%=+rX`6m4`uTZrt`s%AW41M*T;qa_4nKux9 z^{3gN_0=!s!TRdYus`dof6lVUuD@tm^wnSD{IS0J7nxaK{bgp>S1@nD`jYnt1@W(N zc-GgJlx5M^mO*CL*Onz_*4GxC@9Jy7w=DV^NIMLD4UBMj)|bp1h`t62?9cidkn&)C z4HVg*^(FHNk{_Bkp!A5o22eh3eH^GWv%Z3P1lCtDZ@~H*M1EZRlJ^S*^9niE$Gvu* zZ*ZEK^)-}aW_{87!(DyJyn*P8-WN{(hM_NdU$_a+`jUAA(brIw{aIf_QXZ_Yp&I+M zzUcWNiccKP8xV`Wg7*ipeQnLy^at|_qs*+YtvP1a*Veq{ApSY_f6k7dx0Wr7eQm99 z`nbNC-)h`p&n8>$|Ej&kr+EcpJQv{|#JHE{5dwyv=Uc}6g}kHv;EZJ)S%-8-<`r_x zG>?F|BEKI9U3vi@84cwXUU;9<@$#Ee|0w$-{a-;`@oCEx-`9|zc%J=#98)r{1|z?2e&X}YoS%4+ne!8u z{BnNcNSjHY#3%Wc{M4iQp?L}lFOKE~i0OATS8(5l?0TMK*Mr+l5#t7j!=3eFol(1v z(OB29>sa5lW!I*E7rP#OyBFJj9=jg=RhV?tu48G(t}#Cw+a0y**l5(QV_C^gQZYS*!YQMbMU4NGBI%V^T_Ad5$vg2XP_DuXw<3sIdFVFiz zFG2fDl_%>kwa;S?Lr+0_E$wr``s2TK^Z26prF||j%e*hrZv2UF#xe9l`7!CG_$!vT z{)QJ@rt~j6+znoFnEY$Z{~7yV$nKE`ZVzHr=*|4b@HT{lyY3l$s2w6mTBd%E)@?~| z$)Q}KUzfq*?q%Gsfx)FT2ddxCQKR4zu=`rUp<#Uc%^vHUH)Vd3Pp3Nz-DKDz~6bGQdwcf#X*>K92L*AL=(8fp*HmZ?5| z5!Z{2u>WBsh1!D**Iypr#73F9Ux;OyxnH1u)bu0VFVOtExt_!~$Ntgll z`|bUIoa2-E**MNO<%_bU`9bqr)AxJEnd|(c$#TRl{!!V*KPC|z`KRz?7tdc~cJVyf zMb)O?<{bZ5EWd207xR5^o%8oe^b-_*mHi7|>^3S_h)g+2xuuw;+z^NHmvSFb=V#bo z%5l!JwCgl}GUdwUNaH2a_sf14CPj9~>3?~%7aNU(&scw)Z~G-q|I1%z`y~X4q({a_ zGR}@m`Z+%|J~HX&{LuJ_t{=pQ{1|^uKaGb>dQlH({{h*Vn|>M((fQ&M93RFjv9Cax zv_I3t{}g^F@OE(4VI)40WBweLq!52%S~0F?&aZm0_n{w56q&!}#XbuAPL!1YqT^5T zS1rE+{rD%)z9v>IW1c#;h;_q6jr||Nen?{0x5qBA>V)@^cgQI{=KLf$W%=ctzNSHr z?d4sazp4^;OC(rOM4`mU17l z@dxK;*#9{@FCyh0lw-mAOMRFA=7zU<@vl4m%?+RO;@?Dj>GU^o`kmz%r~iikihUVK zFM>qct4r-~g7}ahx4pWI{w8q%%9Q@*My!*1*e8;JeyBVQBR`2z%V@6?ebk?nnZM;F zw%-q~DF0>0ADO3hb&3!DN#Zu@PgX6XKS+$A|B(LS#=EhlfSBzcYBNsy2NT|hKRy(n zVT7f1d16Ul6PNcZjv_1MpR@ibU$bw6`UjK0F)y(X=LY=)+e=dcvM2D7{$!q6`jZ7_ zZYP=+ReaEoTRu%^EQ@{7z5wzU`|{RxnAsp>SFZEB5Qsb*dM3Z&$dQK7As&>2b{%&? zBJ#P=x0Tvvkyk@`67?mJR~-4PLU|K(Bd+P&p`7jw#C2oLDDlLd_

($V(C$>zR)` za_BB}$QS;!>!9?AJRkbD(xJ$gLwWM|9QjfxZ~tg0kB@}%6zoLeiDyE2)8B-08ncR{ z@s5P2K1E#TgP}Y@Vc2!wf&)%x+{th9#!yamPFxr6|0H~KPNbOIeaw-Mh4R)v4dpHA zP~P;*j=UbqJN~~=o~(xQ)^aGPwR>^RpK;`)B1L*`2<7cdp}gzUj@-#_+dD#ehZ9fN zPlocY4360~&*6ae*0CT`?7#kBp`3IO6cMcT`;JKZo*xoJi50{C+5>-=q-N@^3>q?J*UX za_R-G0g3DUIUMnI>9<-#2O)K8%5_{1fykZkEo7e}chZymyd$sRm|c?QjyQazy{(1v zNPD|2lt~U4MuJmPgv# zH#+h$35|VXR8Kj4q`m#PBd>?yJN_Y*(>s*KwJwJ8wqcPX>R)o?&UL%6J|)*}ckHSM zW2``4!7;lI>fbq?9Vw9_{nXxyd^(i3-y6!i9C_1wLOJa*64&t`LwT1kQna@}=E#$w zyoLG;zApW?m$7-{+#I;g? zA>q>^MS9vCxgW}VsQr=f%b~p4sb5>1^miNy!}t4Pcv|n2c(xQndFppVIsL|wxRy_Z z@*yXkonH>+0|g0<+hXc}Ii2*(fVkAZ3gxtBFRl~gcL_gK6Di`^6Uu3?edy3`w}d1| z?cc?b$O|Hc=#L!vN+?hMyd!t?nT&_>rcxN5_A^NQv5`=2Y?!YbcjE6k8itQAhT%JJ z3+3D`u_vfC3@1nJe~%-P=S7O7e8rKw>8Ex;!Y_s4+y7-KkF?u|9C;=T-}DEeJXQ$h ziT~lq-E!O>$|LPIoyzHP+wInW4&{jo1+uQ|tN7;d%{dn0tLFhnJ{HPbsa|vVNW1;B zj@+@sj&FtX$T+za$|K`svRjV7Z4}4sdU|od^2j*(7aaMjghsu7B9uqQ$xnsyu1pxd znaY~ukBpQ5Hk3!k$&WhnVi-@?BcVJpPTn8NBjaRhPx!i#aq=yWyoO_T9Y2Kw4j&mO z-yF&#Maw-dUEyr=d z@kH9&A93Uv4veoR>VG+Wq`m!fM?N2h?<8a8@NRqC^*5nB(%ya}ltqgpJ>c>T1m(bX!_uoQ!WSqPZ$|K|CpK;{Qb-O+i$|K|Cc1K>pF}sf6 z#{s7&GESy(tjMP&H0CL3T*UIoIC&rb8 zc?HMpnqGkeiQmz4^WTQ@$T-`aFb=xxdKO0N94CNgop}hI0968wxyPh}>IGzqCo~Cz%a(ZWnxc2>_oZdwuuEoi3 zS3#t>g>&@ZRSD%?hjGl;rFVRYOVNE0%TtcL?G2%v-svH(`QcDb@6Hg{MDC463__B|zmyd27t-wDIhyBoxH{9q_|$C=GediuvCG~)kA7=BA7ly^0U z@_|t7wNih?>7;ich-?2hp`6|gAg+l{mhg)r#dY_Ea(CR@N#kJ-PwyHO*YaLR?!=S& zQAfTip)sF)Je1S3`k}+9up=ZnO7x+^DEW2JYsX%M5V=z>t<-;sd|6^aJAcNJFNN|> znpffQt#hF~w#8|eC@`mlFk)oZac2(qOLV0r`ly}uadB>lHa(cE> zTr1Thj)$IM6xTxIYLTyq6!uT`m*w=XBXLa=p`4!O6W9JwD5qx>#kDy4p=SZbH9LAv z4T}{0-H+gyubV1_^3;u?yw{Pp-51JJPWoxxT;ic;>clmX&N=?xIgvv2uN-+bly@(N za(X9?xYlE#oSvBz*YpFSyl-BlC`W2n`MT~nu-&Og?s%_@CQ~^4fFH)wLSrkI_dDrN zp<0NXp79db{R^RdU{IuJ2kMSIAIdxbD3sH)PU4!~^i)KOdiO~jb9(4mDRJFS{c`X3 zlR1Qt@D&M-diw7}IlVhYT=)HsydqNiMg{A1*&cV0J&3#z`nOX5B63GR$v<`E%VGHT zQ=vSu6v|`wK+!U8q&h-w7t&Abq#S>2%t+0@&c6u5$EYrlyB&J_X?%0|xKl2jKkUd? zDX=)?m&!o7jyoU_c_H*{ZFS@;p*;Efj@->Jl{LrX=GXfZC;e~bc+fUC{Xb!NH^1#m zPWTUT_%!nSOc*|r-+hi;=aHv8%H9~ixl$@ zf8fa7^nciqJLymSuTUN@hVhtofZA5&+W!Uuk-OLZq9b>&`(uvWxo!*9M~)|=x4#PI zuHITHogCiPTi5>%<>%;4+7kp37yA|>K~;*l3Pj(AGB-!0rag-PHp0iF@}?5_-#Fp3 z?2qfkYK~m4kMH;^5f6&ebz3V4e-`20fi?y3ajX9xC!RSH!cqLsIr4j~nB<9HL;Ow5 z{AJSlIVU{Losy&QcOX2~0mp5v0Y)HiafCReJ$2@RBx?H{N9p(8gYZd5h(i;859HLR zI*#H`oPwO&XYoo@pr1VC(%!O%k$)X>X@6KA^O2mdI{6xA59F)uj}Ttk4Hg@F`G6Dt z^G~f9rZQB8O6w7#J>inaSop!E8`Gh zgsI-T{)tl5-x~qD*DoqwiJl)Djh-K`L^)B2a#JqKbRXiTuO$oqxQBoEz_pa4{;ibX ze+>`zPg44v{Iyl0+)n(7Fg!h%>V~IzVAsEUEb8Aw?3|xc>Djat_1~O|p5HeZ^`~*F zd;KlMPW%HaQU5_=$Df{YchBEii28dOuv>l$ifiCs4E3?5eK`J?WFOA?-*@|<{Np3` z(pHUf`wH06FU_a9;k$;T{@wYge@`LmpHlH}Qt@w2N6+sYiJsrT5cS_e?4*z0`QWB+ zkl693cO$y~TT4-YkLs&yALQ@y8L-=aEP)q7{ZW7I`X?5n{*Cq{s*h`~{n&_oxb=H2 z`*8d($v&L(8|??|$*JEj`u3xS^!{AfUeNud+g`+|eR129xu`!q3+eisah(%ib1CZI zk^;Nq1&Ys!pMFcg9WS&|c*nmz6XgzKN8g?EQU5Mt$G>|e>fb}`_-`7H`u7q${+s8b z{(Z!bfB$mSe+#kWKR6imA0l@Aw@yd>=^Zw%|ApFX8fHbxllm{Ge$s80tItF+>QA>f zu0P$rxbZbFMg3cRuv?ymsDF~K?~MOwe}Wr-`&g7ah#h@&mZJV$#EyS=J?h^>?D%iW zME!e-9skY6sDB@^3nxQGq3mz_|wP;=jVdx7(P}2 zJNmfL`5x)dJ)iXFoFA)3{o|Raf72k?v3Gi2!9D*%*N+V&Jk7sxe(BtcIp3t;J%6qA zJO1aSe+1Wa)4vqGe*34u{|@P+h61j=4E{|V2rq-FJrJ&e$v$~rrv2{}uSU58=egl& zzfpv*S4{eH;_uk4cpn&Pl=O5Q1e3jS`a1Gp=s4hKz+`XYKM$t*F8on2*|Ts7Ozo>M zbZhh{O#1r`$Nwwf&pBKLlf6m!uY;+4n7!L@Otv6=4<8F7e`Zcc`0e0(o$yC-{IJ8% z;P`2WKZN7=Is6G6f5G9;;`mDre-X$3uftzM@@{eX>)@Qje+Pbt!_R|fLymQVX}yBe zAG;p>qYmE&{(!^xfd8e#SsXk1G1qn(Fa@swiN zv(W|XBR-;dRPmVNX~lDjVb78H7ZfilUQ)cQct!CU#j8&q1%cE&n@rdG4#bb)670)T2SG=HjQSp-E zWyLFs&nRAvGR@bz`E4FlJgj&`@u=c4#nXxlV4Cx0eK!{smlT&3R}@zj*A&;I+yZp3 zPxn6&_7$fUXB1}@=M?7^7Zev2mlT&3R}@zj*A&;I+zNE_+nQ4BD^4rUD9$R*Db6b{ zC@v~4DK0CnD6T55DXvGE%-zj@GNss8oK~DsoK>7toL5{>TvS|ATvl9BTvc3CT#s@a z(9J*H&qvr-oK~DsoK>7toL5{>TvS|ATvl9BTvc3CT#qs>MZ5WJPbu~lrxj-uXBFoZ z=M@(e7ZsNjmlanOR~6S3*Q0E<%Q)??d49lUUxiOA&M3|*&MD3-E+{T4E-5Z6t|+c5 zt|_iZ8N=I1`FExi`-;rpn_1f2Z#q?Es}IITFNIIB3PIIp;%xTv_KxU9IMxT?6OxE|#c&~5+C zb3=|kQoiy}E6ym+D$Xg+D=sK5DlRE5E3PQ6Dy}K6M;SXOBKfD^q;U1I$yc0KoKc)r zoKu`vTu@w8TvA+CTv1$ATvJ?+ve~ZUly`4R`TL5~iZhC{igSwdiVKR1ic5;iiYtn% ziffANQQi!6%bWIFMA%oHR-93sRh(0tS6onBR9sSAR$NhBRa{eCk21C!Me=K&mv-!- z&sY9w#Tms}#W}@!#RbJh#U;gM#TCU>#WltCDE9;1^6pP5_7$fUXB1}@=M?7^7Zev2 zmlT&3R}@zj*A&;IY_^R#rRXB4kS**quZq|fZ*cX?QaA5lE2cueuM;yK0hiWd|wDqd2&tawH78O5tn zHt)f8@=NQ#Zh6sfyhM0J@u=c4#nX!C6wfPOP`s#kN%6Ac6~$*1uSS`Elg7;-t#?Ow zSn-JBQN?45rxh2#&U(jCQE^FeS#d>iRdG#mJ<3~w?)A;{AWnL=`pQ48IHNeLIHx$T zxS+VGxTLtOxT3hKxTd%sHO2KP`#?AUeo8R~aQXv3 ztvI7Nt2n1PuehMNsJNuKthl1Ms<@`O9_4L7H-Fnwihadt#Tms}#W}@!#RbJh#U;gM z#TCU>#WltCDBl2d^M6B1v9CC-IHNeLIHx$TxS+VGxTLtOxT3hKxTd%s;ptz{G zq`0iOqPVKKrnnyEn}BZqZ%Qfl6{i(v6lWFZ6z3He6c-hj6qglO6jv436xXACGtkZd z%_+sc;7toL5{>TvS|ATvl9BTvc3CT#qts z1$6U&OG>e?IITFNIIB3PIIp;%xTv_KxU9IMxT?6OxE|$Ofo}e9rTGqLzvZoDATHB< zhs!kI;WEv4xJ>gMF3%~RSG=HjQSp-EWyLFs&nRAv@~e`H2Ne%19#K51cueuM;yK0h ziWd|wDqd2&tawH78O5tnzAdSEQ1P(h5yhj5#}rR1o>M%pctP=^;w8n)idPh$QM?-E z9ZAK5iiZ`CC>~WjrZ^9NA3nUFZ%09KQE^FeS#d>iRdG#mJ<2Rub577>^GfJoK>7toL5{>TvS|ATvl9BTvc3CT#xcDpqrmvDaF3x zwBn57tm2&FyyAl5qT-U`vf_&3s^XgBdX(<~y7|8&rPx=TR-93sRh(0tS6onBR9sSA zR$NhBRa{eCkMf;BH~)906#I(PiZhC{igSwdiVKR1ic5;iiYtn%iffANQO4s&k^JvY zDfSho6=xJ@73UP^6&Dm26_*s36;~8j71tEkqx@>1TmG+3DfSho6=xJ@73UP^6&Dm2 z6_*s36;~8j71tEkqx>46oB!9O6#I(PiZhC{igSwdiVKR1ic5;iiYtn%iffANQGPAZ z&Hrmtihadt#Tms}#W}@!#RbJh#U;gM#TCU>#WltCDAVxO&HqSBv9CC-IHNeLIHx$T zxS+VGxTLtOxT3hKxTd%s<<|k-{J$=x*jJoZoKc)roKu`vTu@w8TvA+CTv1$ATvJ?+ z@?AhT|97Pn`-;sTScpNp7|9eu3eZ^_T8O2$}ImLO!1;s_hCB zHO2KPzaHq8|LaqVeZ^_T8O2$}ImLO!1;s_hCBHO2KP)7CCG|M${-hx7dO zy)@t9GIba((|m`^G~eO!wBk9%^NJS~FDhPAysUUd@fpRdQT~CX;z7m3iboWWDjrij zt$0rHyy6ALi;9;NFDqVAd`9tVlru@igNlb0k0>5hJf?VB@top$#S4lT6)!1XR=lG4 zjN;WO-vh z*jJoZoKc)roKu`vTu@w8TvA+CTv1$ATvJ?+@$_7$fUXB1}@=M?7^7Zev2mlT&3R}@zj*A&;IOx=~6 z|Iw6UUvXM-MsZegPH|pwL2*%WNpV?mMR8SeO>sTSdx38L_ofv4iqncSinEGyit~yK zii?U%ipz>CimQriitAB+1JKR?8&ZmW#c9PE#aYEU#d*aA#YM#>#bw16#Z|>M#q}t^ z5$NXsjVZ;x;rs9L=;r^Clwx0TT5(2kR&h>oUU5NjQE^FeS#d>iRdG#mJ<9umZvOYD6#I(PiZhC{ zigSwdiVKR1ic5;iiYtn%iffANQO*M0{AW{&eZ^_T8O0Q#bAOx7Db6b{DE|LjyO$Wp zva^8Ww|r;7!z+dbawZ!uEhH*-J#VdIjR^803nwJtK;XK%%H1xey33TSCvE~0^BAxM z3kxAIB7k{2B!H7l28&D*1Cg+RFcxgQVBr<=0wfEuFstyLbH3}o_fOx>221vLe&?L; zKF+!K*kyHB4d4+xfoJdnUcsBBKPZeJ?+0^m0WQH6xCS@iHr#^;@Ccs3Gk5{7;7!sW zGT(Q^e*fWz%=aB}o9{c~Hs5!|Z9YK8ZNBe_y9IaQK0JiS@D!fIOLz@$lm4MBoQI2W z09WBU+=9DsA0EPEcnZ(qCA@~WNq;yC=iwq8z*V>ox8N?^hllVOp2Bl@39sR8(jUpf zdAJA%a22k@Ew~H!;UPSRr|=wJ!fSY&^bcp@JY0kWxC+wcnFW-DLjXl@EYDGUC+XKxCjSu6|TcAxC{5;Av}hs@El&k zYj~UVN3(DqF2Vs^h3jw&?!tX|2#?_@JcpO?8r~-Tqggl)7vTV|!gaU>ci}!fgvam{ zp2JIc4R4eFu`Ha2i*Nu};X2%cyKo;K!ee*}&*3G!hPO$7EDPu1A{@X~xDL1AF5HKQ z@ED%Lb9f1_;ce1Co`v&p5f0!gT!&k57w*GDcnnYBIlP3|@HXk6$ijKJ2nTQ#uEQ<3 z3-{q6Jcg(69A3g}c$;*Xh4XL`4&W+Whg)zL?!!ZP3{T-XyoA^AHt9wd&cj7GfU9sF zZoyr+4-ernJcZ}*5?;gGq|dW(9xlQGT!rg!3+}>wcnFW-DLjXl@EYDGeJ=~=;gbA% zfAgOp_1`PptH3q50k`2EJb*{=1fIbQcm;2gzVP52T!2e(1+KvjxDEH<0X%{y@C;tS zD|nOir3dHW0$hSCa1Cz2ZMX*y;1N85XYc}E!JDL;9-M;kp1?DB0k7aq(zhO*g9~s8uD~_80k`44So%cY zC)^IdTEiM1~1?hyh-|}Jvav!;1XPcYj6W@!##KakKhSBgBS1$-Xv{)m0)~6 zK9Pe9a0#x!HMjw{;lB8FIS73}_{0z%!&7(;FX1)3P5NiDa2_tg0bGUaa0~9jeRv3u z;VC?am+%_iCjGNnI1d-$0ItGyxCM9NK0JiS@D!fIOLz@$lYTu5=iwq8z*V>ox8N?^ zhllVOp2Bl@39sR8(x1%2dAJA%a22k@Ew~H!;UPQ`|I*X-;gd6X0k7aq(mmN!e0#kd zT!2e(1+KvjxDEH<0X%{y@C;tSD|nOi&v|eTF2E(Y0@vUM+=hGb03N{;cm^-v6}%Py zinn`z`S~oIhl_9kSK&I`g1c}Z9>QaI3eVvsyoR?)|3Vhd!$mlNt8g7|!Ckly58*L9 zh3D`RUc=j@e=!T^;UXNsRk#kf;4a*UhwvDl!gF{Dui!diNB$rAf8zhCKlVTE|C#^ad!NaC#{aDU=l);%pYuQOzv+L<|2_XN z{6F-6*Z*Vx5Bx9sZ~6bT_l>=XXV#fb=D#u%{|o+K`M>Xboz8W5+q?@uetUJ- z44YkV|F(JkxP5zbulZinmaLba&uEIaaoaqWZgrC#R?i9V`aCIl9mC2V^=hva^q;qreYV*zx>)q|SoafEeqr3O& zsdh|3hV1Ijob;pS#W(3_PifclUZ>;jKRj=DJhPRH>zhuq<6X2KKYFzj-g|uie)HD5 zzIhN8JFT0?*O%eldE0AWU3NlA^jb}M(e3Sq|LW2G8*l&m`n8AQ`Q_zp=juW7Dv4hr zDFgca(|tNI(S*1`GQ(x(JHChAMd&IM*U!_=sYB~V%nXeeUSC}_A4wtQphGvm&uEU# z{%$BtUHmxz??!h$o_}z=Zn3-WXzub zGrOs?Ft9NQPju5R9;pvBnzPk}W9{hTLFl4%a0NMg?cm~pS~|Fjv+&S%2sEB(Jkofe zQ4$Vxm#60B%ZH(jGTS!F^x7!%X`@W2wg=koqKuEWyC~arg|qNf6OL^>3SBg(Vk_iS zY&3_i6^BuUE1ZR8S8*B@jw;Wo&XZR3dx zWsS#5jWTC;oHQOPHOfrd)+j2=8fAV>v)m3g${^b)gR2hIE(YPLwcIXR@1oo;)-q(S zAh(OH2*M-n=%N`@Z8)@1E(7i0qFe^n($N)y@IX7dD7THZ+%`7Ku-Yh7VWSM1E66b0 z3Yi+$5EW$DZN;HR8GY9wigF{`3Nx9uU?wxFDMdA|AjesDC0P*6PzElXx*$hmYfqFK zkChtb64WWQ@ldHz?lql47nNlf<*K!QftKrBk2SC>NL3yC@fo zwVa?U$oXkU7v-?jM>fhGZ=t=Y_>|ESl$!C#U^WJyWe(lIE)1va1oes9MVUmki?RV%khQ@! z$ZBSzG#qF}*;UBZEa4zZLpoql3)vFB{;Glc%JbAZ{K#2U7K^2 zb<~7Y7vws#l-tQ(4H}P?8fC4utr`!N8s*lrtx;5#HOdWXnq{f5QI-lDW$bN~CBsIU z1Fa9#F3OUjc2P#o6=bQf4YKyxDC?N|SnZ-LC2ALC1Fj$=VH@O}wS$Xt9@f&)6=b+= zh1}OR%1U9QjJ}PsK-eg^yN$9y*eH`?qrAInA&N4`u0>V>TQHMt3uf)G1vBfmU=|Tu zFw<`fa$s6A7lN&lG*>WJM3m+V=F-@uN$J@i(Dx6$$B!O&nwJM=vgGR2IkQoAc%~JB zjj}k{C^w9avPjq{A0xE>RPCZH5^5J^gRUTpgKdx-M-yF?l}!_(_9Ja~Q9dMTyNhyh zTgxJ1qpbeg-$hydwZDrpaN5sBnNn->E})4n%G|n!s36l}D`b*wl;L$9q9~K&D$Fd| zl9{Dlm6V?Sp;$j?M?W#`ALxXXbtY^yGockhRN)G;MA-^iqHL7=#ztAHY?QZJtv^w_ zDDNz47iABwAWN2Qko!jyU6i5M1Q#XY&{oLUYl4gNfz?{ZUK3oD1Xqx;whc10Hp-CN zXzmwRh@#vtuELC|84uY;xm13}NV=bllRuO0m*xG#{y4BNKP8lfvISX(N+!xWWTUJ@ zHp)6=qwK*IQ&9Y;^xC7k96* zLZ6SHssbCc`mVgBEoyLx}7?NNy3 zXFevCDf^%HUBYwo%|24{->$m+y@HFo*Vz7F`l{5XYHj)A`HD_q&NlJm3D~a&5)<|9#8VzZmOpYhvE}Td9eT-`DME_@}lO z{w-M_{W}9w>;Ij+MERLyzpvY0^e4?*jwr=tG;Wc{wcuxB<$py(y#GI^=I`xQT;3bo^nCwI(uR4{-h00sxKeR0QT|BT-mhy*bpCnqOr9@k zeKPD#A{V6a9(hK`9p%fsWPVfX)ACK8c{Jo{@}uL7=YLk})AD=LCXcH__}ry1!%l z_r6c+)ADE1CXe0zztuUh|BpyrO8#3t?cb1S_8;vxistyuf9^@kUrC!hcKeU|#qu-9 z(jlt1y>~Br(~&FhEhL)#f1C5}IAs6+`=l-<|F7Gw|1SUApOJr_p8s}5`}ZW8{eOo# ze*AT*OWFV1Gwt7#X!5^P9nUwP|5Eb5T+#j|i6;NM)Uo`Rz9e;N`Fj3dMf#ZhcgfQ{ z;`zTOPRpOz-k#T!X!3LFSpME~^1ot^+dL}rH2L2xPxFZ9Ux`!p|CQ+Yd(y|`n|sAP zV)_0*iqrBpwzs!uwqx?6_mfz@_Ydj$vxc;M1& diff --git a/tap/tlstapper/tlstapper_bpfel.go b/tap/tlstapper/tlstapper_bpfel.go index d53a0fb40..6a6a2f836 100644 --- a/tap/tlstapper/tlstapper_bpfel.go +++ b/tap/tlstapper/tlstapper_bpfel.go @@ -13,28 +13,16 @@ import ( "github.com/cilium/ebpf" ) -type tlsTapperChunkType int32 - -const ( - tlsTapperChunkTypeOpensslType tlsTapperChunkType = 1 - tlsTapperChunkTypeGolangType tlsTapperChunkType = 2 -) - -type tlsTapperSysClose struct{ Fd uint32 } - type tlsTapperTlsChunk struct { - Pid uint32 - Tgid uint32 - Len uint32 - Start uint32 - Recorded uint32 - Fd uint32 - Flags uint32 - Type tlsTapperChunkType - IsRequest bool - Address [16]uint8 - Data [4096]uint8 - _ [3]byte + Pid uint32 + Tgid uint32 + Len uint32 + Start uint32 + Recorded uint32 + Fd uint32 + Flags uint32 + Address [16]uint8 + Data [4096]uint8 } // loadTlsTapper returns the embedded CollectionSpec for tlsTapper. @@ -89,7 +77,6 @@ type tlsTapperProgramSpecs struct { SslWrite *ebpf.ProgramSpec `ebpf:"ssl_write"` SslWriteEx *ebpf.ProgramSpec `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.ProgramSpec `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.ProgramSpec `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.ProgramSpec `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.ProgramSpec `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.ProgramSpec `ebpf:"sys_enter_write"` @@ -105,14 +92,11 @@ type tlsTapperMapSpecs struct { ChunksBuffer *ebpf.MapSpec `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.MapSpec `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.MapSpec `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.MapSpec `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.MapSpec `ebpf:"golang_socket_to_write"` Heap *ebpf.MapSpec `ebpf:"heap"` LogBuffer *ebpf.MapSpec `ebpf:"log_buffer"` PidsMap *ebpf.MapSpec `ebpf:"pids_map"` SslReadContext *ebpf.MapSpec `ebpf:"ssl_read_context"` SslWriteContext *ebpf.MapSpec `ebpf:"ssl_write_context"` - SysCloses *ebpf.MapSpec `ebpf:"sys_closes"` } // tlsTapperObjects contains all objects after they have been loaded into the kernel. @@ -138,14 +122,11 @@ type tlsTapperMaps struct { ChunksBuffer *ebpf.Map `ebpf:"chunks_buffer"` ConnectSyscallInfo *ebpf.Map `ebpf:"connect_syscall_info"` FileDescriptorToIpv4 *ebpf.Map `ebpf:"file_descriptor_to_ipv4"` - GolangDialToSocket *ebpf.Map `ebpf:"golang_dial_to_socket"` - GolangSocketToWrite *ebpf.Map `ebpf:"golang_socket_to_write"` Heap *ebpf.Map `ebpf:"heap"` LogBuffer *ebpf.Map `ebpf:"log_buffer"` PidsMap *ebpf.Map `ebpf:"pids_map"` SslReadContext *ebpf.Map `ebpf:"ssl_read_context"` SslWriteContext *ebpf.Map `ebpf:"ssl_write_context"` - SysCloses *ebpf.Map `ebpf:"sys_closes"` } func (m *tlsTapperMaps) Close() error { @@ -154,14 +135,11 @@ func (m *tlsTapperMaps) Close() error { m.ChunksBuffer, m.ConnectSyscallInfo, m.FileDescriptorToIpv4, - m.GolangDialToSocket, - m.GolangSocketToWrite, m.Heap, m.LogBuffer, m.PidsMap, m.SslReadContext, m.SslWriteContext, - m.SysCloses, ) } @@ -180,7 +158,6 @@ type tlsTapperPrograms struct { SslWrite *ebpf.Program `ebpf:"ssl_write"` SslWriteEx *ebpf.Program `ebpf:"ssl_write_ex"` SysEnterAccept4 *ebpf.Program `ebpf:"sys_enter_accept4"` - SysEnterClose *ebpf.Program `ebpf:"sys_enter_close"` SysEnterConnect *ebpf.Program `ebpf:"sys_enter_connect"` SysEnterRead *ebpf.Program `ebpf:"sys_enter_read"` SysEnterWrite *ebpf.Program `ebpf:"sys_enter_write"` @@ -201,7 +178,6 @@ func (p *tlsTapperPrograms) Close() error { p.SslWrite, p.SslWriteEx, p.SysEnterAccept4, - p.SysEnterClose, p.SysEnterConnect, p.SysEnterRead, p.SysEnterWrite, diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o index 0f34952ab1b100211ae3b9e7df365a4721eea352..336f885cef53ea589ba7268321752c970df0175f 100644 GIT binary patch literal 153608 zcmeFa4}4q4b>}-IMG2B6n|7>(k?rQ%NnOa1WZ1D&Cb1nzwro08WYm^o=3fb#q69Ux zgpia?n)!n?-WJW~eG0eP4V$K0$aY(%O&cWbKC|f`p&M_*x5?{6|D|jNxqg*M)NFeTaX71dXGiUzXGjlIKxOd;ZogE#{T!;Gy*C6wC zu76)=9g=dCbT_+QZg|@ZFEXBbT0GqbiuS^bFTU6diTo=HX0NTTOCmnE-t&;g+uE^N z!r7nQ@DDDvq`S0gy6faTOV85ZN@e3qSh}au63zV^|K(1-+#gIG$;bic^K$x3Z<>|s zKTgLHeTFxcTJlp`H9x+bmY;)~k8XDvrAGPDau08-wxnBKCEbHk8t1y*`z4)5`qL5; z*2C;7>DcwBw-x33)7xhByP)5B`EFeAcDdfElk(*@Q2z6j{&Q5{5qX{R#dRz{u8FN~ zJNZF(Bb1^|T{SjZU)0=8~okjT$^`)DlPMchw_2+G%L|HDUhCKH+)KNTo>G~8b zX|cz1lt@J1oS#?HXRCV!{dI2qBVUy`T>j|0M-L5eTc}_EkrRgxbDWW}Xy^2{O5K0r zc$D@2hok9j^L76t(a0G4j~yQ)|8m{`=)}=u?0+O0JwCl{uI|5gZ0xwij~*YJ-lqC= zl6{=Wll6(^xsy1QCpQT$2g_yZq_3w}^$?I_xpfTOx5UR==(DqfV|o8j9>d!{Ci$>* zrZ@R?rl0Wj{M-gP%}qby^#S$h)H6PO1Id}|J*+PddCoUK$tPD0*8lVqOLG0y>YdBE z_VwP&*{ip=@okr8{bPT{_2~O4Uym1WKXr@9ztKfNce?nj=u#PulXcP6#piAauNzr#&>EB#|<^5_1E>t*_;)3;~t ziL74MPX2!>{fLcU)}FiF@7DX-u-_Yc`bqJB_f;?BV${pAoF4HIW%<4EdgSxl?fy^6 z-_)#c$5TgBKA+DN#D8m7Lior=8n5W+as58H@poS2dI-m39`Ct+xE$PmeEoe79Z|V# zy#0u8KhIG*;{OS)$4}@yWX;+MkGeG8e&W(>C*7juq%WVEm3lb!loZDuA)!Zf_(lD; z_VDOcetZ?qIrr#QSIY?vJyJQV{KN5+r%tAKSkKd+@cr1@wVw}4dAi*Z`L_HGKk=+D z=hKpHna4l7YQKD?M4VoxJgj$Cp6MqpR6l%J%kcr9Z*C0ahM)2i&Efa@asQN8LwD*! zKKya5w_)`k{!z}Yb3-S6KQa7DUvJ_3lKYeCk7WIIKJ3#Oe6|06z;`Qd`i-h5f&7-6 zf1lEMmW^+xbY8qQw$G>kUY{<{udk&;)+e6oozm-CyMFJ7`~>h}ibwz5(2x7_K5&&k ze|Wp+BZLusPH`l1R{pIW%j@UVNng(8`bSQ}>h+6s95HLZvUd9UTCLZY$@kF5ynwc@ ziwjRZGb!IJ7k0zjH_JEA_gPS<_6WM2dwqc=9{Fz|x$ltpUTzleVM^!4D`?&f@u#22 z$aPL>eVqDUpRUP&tE5KPoALfF{i(`jHFE4#7%ri`vca44)Wi5)t~|qYIHxT?d1rCN96TI{eF%+ zWsd*qW4xtjv0U26F78@&DvZ})m-`efsTwYQxwYfk6XxFqBFeu}R%b<*owTfZ*s zee{~^m-bJhUlHlco}cjg#ls32EUce7bN$*QiXr+%>8+?=ls*N!$MxIv(e!BN-K*#u zo!Hj1OH9wgek{TL*u9N@taA4K*z_mTGQMr?4D^lCT~XgiokZXC+w^VKevQ&IeQfC4 zYe{RV|HS)`_IT;W&cQA?^(kME-Oda2Ovg(*?~KOHBzuS zdM5J}wwGOqb+xm-&$N0zBR$Kqo?Y3{v%=ZynO$#dXH3$O{)y6E)BcRoYt=Jv*fRSd zuHU`%c8$dsxI^o975P5jexcj_nNO#^{x9vTz5ef9d;Op6k?r;Wi*o-*d;Q<9k1n?^ z!AmM;M{kT*7i!%}?d$FJe?M;6y7DsnGP;9$S-bU(_WFNBa&52wUs!ubd;Q0_4WTB@&&1{|HnPAwEl1FU>EN`fSY7|>2_Dix9tO%n)UMEy6#5t z|L58dF#SevSF-vz^>JT6TXnzUN_N2I_RFw-+Wckh#>q>3AHbBC=h@n4R$R{r*J-Kg zn7w1?p0735Yk5C_Uk-C;zFwP@jGEne#dQr>uf_G*sb{=C*?s`itF3PJ^|H1;c|GBE zDOxUAasRy4_o=#Go!xrbN_u7KTL0A82k_$!y*j6T0J|G{6|J&f26| zbn5H<1Dw2@%4Fo5=MnAa{@D(d7rWY;J@>En&1rki@Fia_y0qu}te4%ar)&M(|3`d1 zpXqwPt*eI5Epo$YKlguO*P+_${_S;tZfD%?&gcChbv-)Csrh~U?dSfzEO@2R)?cij zyKv7fx1amJnD^PW*ZnWCb${v?*|nehS2?tw`xim*IvhV&-G1(WLGI^x{%|q(yS5+Y ztnD-H=l<*U>w5sd-^u1P?foRq@q6XgT))EoBoVL2wx9cF{ads5G`8Pg()#|A1lyO} z&;7UcjO>B!=l-2bF1L=c`hL0gev^{S7sB@juDWmTrO>k!_iOFv{@12oi#VA}_`QpM z-~O4d_u2E&xZc-(?qAeE{#=;-<&mV_e!qm@x81bggx1&F&;5J-JOBHE3;o=GdmjMT z)CGV3zr7FOyw>m9`v81@a=Q0`@;o4-s4TBn(r2sl&%r&X>jd_`aOO+t_aEx(x4M6c z%h!JYKM8?c`}u#eZ=O_HkY2BLKUdeIAbxuvfR|l+9{}mmv#Lk*ToFCCb{@aC!@cjN zd>={;iCp{r|00I^A0BsDG6&s7_Wu9&^Z!yu?dShrn%@IxKmUJW_q{frKRY{n;EK;T zhU>MoFT|dIXg~k&yLS9Nh1UD1OM4%^)ptX$&hq)$7514}y6xxx&v(Aq)-P^}t?L;6 zcR`x;i}wMvpZ}MR>+J18m$sgrbN_WV&t)fh{i6N+|M}hjw)Jee{;cUe6SD5#e*T~3 zbpGpP5hwF6X5D|K=X~4G|BD*PpZ2;x*)#d~)yT2kiuVDZ_5Sj+dC!Eb`?sI}XL+B0 ze|BM?|F`us`#sL-C;W4!)_>IB4{E>D{xp}0%0-Qe*H`d4XtRrMbzb2bzjxgs_R?;r zb}4UGcEk4j_CdNl-&iT##`E}pEcs}p|3{Mk)X)3;ZiY?SNc2U;-6#x zt>SOzJ#Ob|eb?(xf5&>c_my&wx%TyUtK@53+i|zsCT#u7+5g_Pf8W<~`DYcj{9m}| z#=kT4@j0ml=j!_qSh>huy3g!5b#@9W-8CsO<5L5CXX znZEaS)%Ph=Iy{bYmg>I?|8W9xZM`}_y|VSShJMimgWQ=uAF|SVu%&DL6!+I15wEMf zwxM5iLw5G>gZBz4`bFuTseYM0uBvC0UR%#D%=>OlA6^nYOR%2(S>yfimGjgyN^ec| zjM8iC*>`}RC0Wm&YUo+{JoSvyTT?xw^xAs%9iV3^*0XyWdPWA)^BOlPy*1S{O0TVF z-vN4-W=+?iKKKE_W`Hb|6=Jk-4A40-#*pQx5ByT+sWqlc)!7~1D(>}a~pnjkCfwK zs`MAHpx>k+y^hG|as57{`vS^mL*Fj8_jrFu%HQqw%lG--w{^S6eL9!ib8ugkdTy-S z{i$EK8=et={@t$yIttg#NZsW3tk|Mr^*i-UW1a5o_peEfC-1v@+WYf*<(aMT z>HDBzU2l4u|GmA{*7vfS&xkG=uD5%8Nb`D*+28By0`2uZu{VVEPSd9qf5(jVpqoBZ zC;fWO*{|=tPp)U_OmFh(G}ib0dfwDYTkrMtzuNkq)PH+@Pvpw$Y)7JzF{&arc6=+ zeec7ZDvb+%S-_q9@A7&*A71fydHp{5wf|k-)2#2k2-ag;hyEfRN6b3D zuHAja7o?x-c7A-Y`SR4P&)3#o&7pqpkI{Un(7y&*VeB~SijP&U;j(&_cE_Pr}eu%j-9NFP3 zzb>?Xt@XOyGV}Z_>)9_i^sI0${n*dR`J!i(-kRzerPt82)2-L7Z0}*yirIVC&c5>_ zQtobdK)%m-y>5l)B)i@FeL5}cb+dAR|2UN)qR;TAl5n`rK*P_9&%>?!oZV%V8ubqy z@^v21*}Y8?Xsp*A5Ib?0zu8suw_nZ=*LCu%u9JB^m^$g@!uP9Ezc($3T+EKQoZYXR zuC(@g@OsIAx4TZhr-pjudwAQ&TIz}A5I*n4f4ih>{r{Ql2jQ7xyWgj|Ey*F=XT$6Jm#!Xuzvw|j4<9(IdDcO9 zwVYqqqiu_#r=kAwjL`JP^z*_!r~AEp~OupVW-QuooE$vl($ z@2wkP9;NH-(;v}!;}bQJ$8z&VUXeAqtlj;C?lb+!SLM1q55E-Ovp@BW_ID?x`W!#k z`!Surb3NJp+t5irA3oTz^di@%-FJ+y@V*S&zjx~AHC?Lj9M7NM>zU{MoQ|a*>M=!o zaq4M*e=vBJk8ktxBP?g~dR)IBxZZ~^_kIR`A48Zf$F%o@w9eDNCiQ6Ti}T0jKa+V9 zzh`3Y_3KM@z2bb^?>Th4&x!x3OK#rFZ(*SKFHpU)JJ|6?>Hix2l-ENXmxqQTj!yTt z7VhuQ>^&{me}wmEWDaSm|JHgx`|(+RkHX$-^Q>fV4c-IPzAyXdwS!#v@tL;0*ZYZv z-s`yagdfM&ZhSiZ_{{Bt`#ILUf6nolTlCuZpWhkd^Uz7(?;Y&;$EIbyV8Aoi~9X2Nq(N#?S5JOS=Kzi;Ez-oeX;$4 z>olT|OY)!9{p6P^k`k?+mZT?t8tI3Ad|keVjG}%hm3n7C8G+RAokxz34jnr(I6O9$ zoj5)?F*-i@_}I~jk--z$vEz@7ygM2nA61{>?6=?Q77A zN4%GKEMgHIJ$8gd!F%J`XX1F29T__uJ#ymk;gPXuC*LEupZTi}{kbmZvQ+E*`JEf; zX?OAs4_6d_apgsI^l#mxHZB#;H^i*uivZ-^JI!;cE?3|XSD_)$Ax=vQUSJH>R z*X3feJm+8BoK0JA<(kDe9 z9uU)%p@Z~IF2*;o@07zvc`}}3+(;kQFfIcttU4(l-{f)mRDU_B$=?Df&bo*Kr|Dy| z$k8#&F-f0~(ueL0;?ws(>2Z?2JL$rlPL7V(>v5TmH|a4~ zIA@OIBA!k~@So7|?+(IQELQ%nas#3B zxy`Yov_!`&{4HL&HgEUA{I`?agi^_0HYFK1KxCx1SU z=rg3pNjlEahyBy^8CCxr9Y03L(-e>O zWxvLIn?`v|*<|y70BbZ!hs($L=g-p`?;Ui^h5SWg`o4k=_2i|F{X7p&?iZshw1ZM^x?ezT9D>DiP`bBf1CVCwvuMQ`1*0-{^0m6!SVM6 z$NPfgw+6=p!SUOJV|Vn}gc}^({osSU-#+-z{qNX2c;M}+y@P{}r@OaW{16(AdcMxH~j7F+}N|c-^h;#If0#)?ea8U&CiOGc@KVrm`dM(V@w~kz*5MM@PmTO`F|gL!&1~TxMh_>&7$3PmCTK zoS?&9JiB(gZhjhDT2v8o8OWHNGpu`Hvbg<8tYU!nQ}#Zllmm8h&6X8{HXE z5`&KpWe5FKeQ;!S&S?L^efy#tZ;Wng_}+PE zbW7th(UH;Pj|`2bjvk_`Bq#~I_*#Z<8+#;6pGi8tg+2*4_69fB=f;M}XP7>R=rewlzK^=& zV@Hn+O2E;q8yd^H}=jvQk@A3VNm z*gbZfM7Jk(@8I{P9(-WW-gy0t9T5jnHI9$kp}&{d!KxJMpRK_R9P7ISuQP%i&EV_yRrY6Q#s5Mrl z!-q(3yxQQ|lEj_S^!rt%>WO)Uk}GZ$3DUiiUPA6Jsm_KD#c$;JJEHNUPmCNt9EZfW zbMYl_Tq@C6PK2}~;nSsrj||E^Se&Y4N3`#O`v&(u_}~K%4nDYd_dWOTzi;rNhxQHL z{lNYMdj}3sVpI%@y(4ACl&YXO_w1#MG&ev>o!Z|tvV&selOClmYv{LB~{obiI1r#X0_aCXPNjBC30AJieXomAQs@ z4U;lVj2s#qnixDbbnN){=&p!s?*9GvJ}~&!-2;OM4(uD;zkB}!Qtfhv-fL5LCpX=c z9iPzg6Wkg^n}_YVRnDx`C$iL)kNEyEP;%CE(Mgu`?)`6$m6_+jh>r^{ps^GjD1S?mf`d z+N4EGwH>A*<<4lQA8b}`)o;E3p@&%7_ujv6@8CUqAG-U&`%?!Vc+j`(MuC0P8DzoB z0I!Y6S1We{(!EQQpx)JwK5ye;nOZ^W0QDXBJv8{>-F%kBp@EW5-Fa7Cp*XWVTzYk+ z@GuSPo_sm5Z3l9fl=e(bjEvXY3wMEo6VznlG8Sx?h7nwov*IrkHO^+Wr^`1yqC2c} z1pm9D_}%>n_kW*EfufrtZdKy(&|qrsgM$yypWO%Ue_+2KBUY}0JqPc-m*O9I;DNzC z_uuCw-?+S~9FJO0jEo&8f$~H_YJrZIotp4eh#DP7H*sGtCx~?AXy;utGo$kx7qUcm z-X(QOVe;MZrU8*WZRBhC^B^e!4KG$cmGuQtfB`C=N&OYVJCNQ>otZjA2Tx0{;4{SOV^ zz3+Y=WcJ*DfX`c5E36N=_nyJs_uTW~-iICvMqA$tc}3;QzrOC)02$ zw|vvJeegVMY^49zJ$48DGq9H`$pbU7PF2kNC7@TQ`l&rK8pDFX@#;x-aJ=G`0 z(`~L?HuWwyMoZ-J)rM(_QO~DpQ2jQfK1SCwVr|)vAVY`3nI_MkmYq;?fK4LlL_4(E zLolDTfk~2T9+y^0ohREva`VCG`}Km6$uMhmzvad?3$%PKlSQp+n)P~F4NgQi@o5ty z$GA(dY+Fjp4XJ~aqvft%A5|$rBQ08VXf6SlaOET<>@4%oDL%seedDTLkaA_pR%1@E z`o-&KaYC!F-&mcj5KAY!8rrx^q1H5UbT}Fu92$LmXlk7Lx6z}=MyP|Fh*n5RZ*gq; zuJ>cnO+0{7E+cZjPqn)g?ax-afoVE{;?_@-yO=jgg4}S!dmM@*{Rf{bt<=v*Z#eA= zRYQxHUuU{uNB#QL2XgXomvXurs2f|ZK;6C-NxIe3_p42}F?R0hZf5+9*f;z^9Y7~0 zciu&Jzufcjyt_V&)=3A|7==GV;apIdz~H2L)q<_TG#bh&!w6^Vtg4q<(+UfaRIwt1 z!`>W1>fM-Lkka`nUqgCtTBfy0Q}r!p<;KR5*s65qjVefXwKgU5L>~Nx-y=giWxA;v z$Fsf~#Z1HTCQgiN%L`@_H}dE_08wK??lw|RS(wCyINR`XSy+}LN2Q@4M!USpgOf{f?@LQ~*I z+`5^oIjX5~voDvVK1ysnmu?lR#+#_lvO8_D3cdZIL7Mc^O%Bg$%`)WsOSx5$PEu|H z8dLLS`^J{sEu%84OsdVcu~vL<2h&CY!NLPmoC#ABm5kuVFy*ktLIpzOq$7E8pt{2yAIP?vh&@adfRPc z@F1)He!kVQLCnlTX42sxxTX)eZdLmfH7K8_9kO_J#x`*>2EBE6Dn$m{phelz3lCWX_a7MawRD^H$&Egbn)I=e zVOrs88n)DT<(4MXB#YH(YN2;iTMGl0ZEThgX>IaHSGz#_TV?=uA{9wyXue6%h<0ur z6s=waks2Zke48W|_@7>2r&(OQ(K6g3q%-TBT7`1X zy_4mHtLY57CyRcT8Mn@!+IWG@oepCmTByAlFUq3o-x&Dm1ojAEt|SL z+UTec^InEQzGd_q8vG%*0kI)Fx_6iT24byinny~9A2DfUfB)3egUAMaBM=!b!^PO6#HEwY9=rC;+7;(Eu ze&cS}*m1r?b>=Icyqh?(T`jat=W6e+3*T z&d{z#OaCU~KEIQYj%b%DeXjGn{Dg0(zyH7Abtn8r`a9}($_d{^f4|~)u?g>?znf?~ zr=@={G4JAKnNYUHeVYFMHXl)DIE>jG%ZK@E^x3+@?|No_1tr)^+YXa-YHXbbinyG zxmY<(E@=&CX1Q3onOQD54L7+Il<7;{4E+t|V&ycslr@~0&2I56!5gz}ca&mgV zN9kSu#GD^XZ&t%iepThV{FLkRBiS{{kC@Zr_QUOk`^b$Xb9U_i46!RU+Lg4UZ<1Uz zT-p(Fud=kG7dqvs2|nLkA0344h*VkF+R;G3+>X)#b32+;wsvIw2YHJt(BH5f%_>_v znhTiQQJI+YC+&#xTT!MjaSQa9!=)WM^({SW8WP{~??4Y(jvU`yLiwjCKbMix_XWJ3 zIH~+u3cvk*U9O*)^K1D@D_efD$|m1DoL|sz%ip}R$#+5H{~cZLRUhqgRpo1AG}lN{ z`&Uj9Z|XmD=S-h7L+ajRXzVUdQ>a1(BWztZt~#YLE-ew#gwglNo6bF05Ru( zg3??6jSiPlw)3;fAExk4uG8g}Kg023ovuL4*R%Z2DqDU_%2prq%9egb+42`7J>&E& zf4#(E`-qf(i>|*V-s$4X3&dAkOXIfk-w$HcqZT&@vO3yucZ7oI{%vApr5}|{#oMn&pTID{tXWQLux+( zZzhhBo^biEqQ@Vuq0YA_;OmKd1HOVdq0H&=`Tfcw&nnGFi9>zkb{N)QPTA@&ujjvo zu7BItsr(vl`c_o7^3Ez-eO8sNK5N8Wo*$v~E~iP*QotLCd#K(x{4*4O#cMiTT={p1 zua0%Nq_W%0_1oe4m9HaS-`62eQ-=DI*KoQ1feu$B4$D8QY~?8_n?6^RO&(QcEAOJR zl{X@}hx!{=w*F&Y+2(0AV$SbA%7163!zHMkp?s17vwZrMO&&SrU*hujbhv`D$!|v4 z&yn2*PUI}HBS5n#J)vs*w$|;+Ezlk% z#G$+j%BD}nfLUI%$|kR>vdOEaZ1P%CHhJ+Qt9(6^SD&(#C#7ui$`FV0$|{?@CY4QI zGs-5fS!GMVq-^q9R5p3llucd*dUht1*Bo&uuO(%ZSFER@Z_@shO6n|?)P ziwNb#wh3mF*JQvfubi^UYfjnZHLq;)swkVh7L-k1F*4Bb^~}YUOF zlUGLBF1P9UUSMOud=eqD}8mde&vZnc~z86Ue$nEUW>{muZV0te7?zxZ9mK= zucWfct6$mVHEH2mpc!S8*DP@;uadIKYfjnZwV-VBT2wZ9)s#(MaeBIy(>Hk~luce0 zWz(-3aVW0@*|wNXUi|^Hyi&?0ue`F!tEg=9npHM=m6T0hRSUNQ_4@0Zyn2X3dG#ur zydq_jS5n#Jl~T6k2b4`-1!a@hjIznAj~?yj>zlj=h(meJD4V=W0kgd3luces$|kQE z*$PAb>QOd%^(vdZQWmZS$|#$>CW%9N<&;fcd1aH=tg^{#PTAyDRyKJpDVw}v*EGw6 zZMC=S$y~0l61(Rcb_wS7#MF&Sx!d->w!N=y@1y$|>SMxwhVT2W{cwBXHILBV_eNqz z#t^z)X|$uZz3-y2_i_EKr}}Bz`EHNM&V%)ZCW_CB-knY}Nq@y*_s37GADdF4yh-j`B)n#>og&ZUXN`DsSk=A&%i z<8YggvVD)oL9_SGXt>R1&Aw;#Q_^souP!Rvd^NQ1vAr)w^}^}%{GI3Pk+R*t^eNl? zJ*8~(^8sa>pXV%GGsN~iPT%I|X3sPG^Bje9d96HUWs?W%RVWX$?^$_k8gAt^`<|6I z0rtKM*!z~i-q)x0HoKom1`Ks9BP7oQjE z%jxWWagA^K)2D3mN-CSYCY4QIIc2;5i)b9@>)ZVw+WTfG-1LX_$?SWkPbCdEc`YiN zyv)95@-q9L$tyesxo$;<44Ca;=? zo4m~aXYz`Hy)Oy&zJ9RxErPwTN9}KBe;-h`_88j#xIJby-1KW!+2m#RKa*Ek!%bdh z4>Wl#S-2Lcm+Wm}|HbydP+kdTlb6{8OWz(+|+3Ujg zIH~qKlUF&g?{Rw!?SCw<1+e$^ko_#wueh?wE1_)i>Qgp(Wh`6^lvg(WV*6hxucETa zYgXChHLq;)GW(y&tE%B9uU@eCMPTnMgT1c`_P)5<-%P*y0%mz7l}*1Ul}*12$|kQF zWs{fL15I8P3)ceGlucf|K_!$|OxfgR_CS+YLc>j7X8$vJ^=r7vE2nJwl~*?Xij#dV z)USTE*O`75lucg6fLUI%$|kQxWs{fL|4d$v>}jljCNHxGn!J)0t_2!UHhHoAFO*kS z+2m#RK$F*uhMT<1{%7(kX}HO2QQ73h_CLO<&|w;(u^{Fi7V1yPT%%D z&MDizr1^k(Us8pb%WM1ls><{wZjt_Scn|G2;r)HIR4i=!`{K&Bzt8p=+5Wz?hV%Xx z-rq+{v2woc@0%nJ>)rMtS-s~q-0HokZ1v9j`8a=;-kgS8z1x1idcAA7wG-QSWb-24 zcf{%0{=T_@d4FFyV7B)y1kC&UYRW1;7t?(@XS%=7_95B+KHhi4`H}p8)$iwHw*7dx z4{4I(vph|HIc1aIjIzmZR@1liN*ZqRTU4&gPq{8Xx>nfF@V*|-pS2g>!yMZCzQygz zt!vx+v|U|n`}??l)>Hko?S0MtQeNAM?GG$KJDG=eLMBsb2krfRejjyvf1lTf_WnNS z+WY(Hd6Ss$Uu>RW_CFhUs~T?OZhL=U^E{)yzt79V^rOAMuem+7_xE{u*u3BDdp7TH z@9*>SvHPTcwa=Nn%)V#xn$&RXuiN|kn)S=EfZF`>|e{8=&+urBpVdHCif1e)*+xz?c z^Stf-eZGCze6+p4uUQ`L{e4~@W?#VPdE5K@ynJlDZSU{%| z!aqd(^4t7-#W!;osNC{5SOJrki|v zm5G#Bv+sJ9_tSpx=zxDeAIBGa-++HVAG7RJO8fWmG0XnGEWM{l&*%Lw8zwvD{d*jK zlG3~NeVy|Dy>NdY@7D|Wr`dizv-4Io+~(C)P2bX6)bO7sI~2daj~+#m^lTk8u5A0$ z=9O)KUzM2iC;R*I{(XGLHxSo?@N0-;R4xnOKpZKX{Q8u?P33*%Ea^wUR}uFszk>G1 zU;Al#Pg1~_6Z8H)PT$Vw{d&ybOYwVtwbK=qrF_3Z@>Ko^h2KJ(5pBPo&7RJM6^PT9&cqip5j_keMF=1LlF<>B`#a`{bP zY7jq0@6F=#49;KI8ruw#Fgbe zU-UlDl(M|%>q-CKEk0k~^F{qZM#JSjUBo$MdCwPZmd*!!Ju%<6^Z6Wp1u^f#vGg|6 z`DJC1f06b}6LWo9{Vgb4ee-j9VSPK2E2k&V{XI+N*XP_!pL><9ypgii|A4a9e}b)c%xBUc4`dK~Q#N_UC@l^*dG#t=`jN89Ye3oL zl~y)+@e5r-c_oNBzouW4$|kRTz|#JdOiX%FMBVS>6g8i%jA`%^Fw*%lucfFWs_G~+2l2^Z1Upg_(FNj5Qp-rDx17&0kgdL zIX#YV^5W<4n5{h~l}*2RpN_~w^(&=p^5T6t60QZBQ8szmb9g4NISS|eo4m@(Ca(o$ z)2~HklUGgIm@fL-95{{7<|E_MN8ss@QK zc7Y}T{&5aB*GC7RrjI@6mr}Op{00Jksop=%`4hXq3!U;_f99`Hd0*4hCC>pe{}b_j z*V6l_DSu)3qB4hHP2o$*Z>9dP`?f9@*ZXu!kEUXB{x48?L^sJPWw9&VLGKG!7Q4bd z^nP$A>r^oDLtB!8Bk zQ#*m_4Vii*zUfU;+1eT1T1mLgLrDcBJ+Ui{Ql|C3n)wFeSisj1M*(jjHah}|Rh-!g z#4hmBE_u&C%Y*qUViJK|?*)?YD+*omo_`K!zMObc!|nVTBWfoe3Nfd+2os2Hu?54n_VGK9G0h`Z2Dq$1S?NT!>v60{&1GBxp@t@@;JCpH#>sGkMus> z>t`H~Y^G%=ol@}xA}`Z;AQ@0_xgx2$aXo+i5hU*GzhyxIwD-eh(IlTQ`w3X5P@i0J-=%V+bZgtE!6 zPub*^R5p2KEL;neQ#N@Oh(meJD4V>B$|f(f8<@Q2HQeM?Q8szS)NWw%>QOd%@%w;6 zdGY(dxx6MXvm2Pa_|7r*bD^~dyUE@1Az%+6r?wWQ&uU$I_)zUi0Q8BD*- z&S3KD*Z5YRw6f_J+Zi~&Ca+0llb6{YOkOh@Zt^lagQZ{6aFf@fvdOEaZ1Upw1%>h| zgI%FV@9Rxop`C%{71wZ+S6bQRl~p!*O)8tb%$>A-Wd}I7Uoj zmvDK1(5U}iM2>H+j}AUfpNq+^!1PCz$?ukDX&z4;)@xGP>a}0l>XlTlsb1Oc!0B6hlNxUI%60}$ z-`YW0REJ1?uH_p6XZmXDIykc`BdU5v*M& zl&w5whp_UbG~Dzw4e4bx+{#l_w(^uTK1p6&hVI)re^ttN2UQ;bCTOU)yNS7yn)G%Z z{hko{@_DSsG2$k@-Auo?qv3ouyNg9IB?{7KWTpt}=Z2c|gPx@QR?>yy?`EmNZV%GP+#y!Lf8vbz#e>oMT8t@gw ztk)Kw&+j2UVgC2@*+TtULRs{H`ZLyJ4qr#(=PhODNY$J4pkLYguavU&U!*z`-}*1s z<1oFPhFkwNr)>Qf>oMz{%}Y#g?7lrmddcZkDP9K&hkwI(50#M}`#(j@g^nrv=Mh0K zz6pBq!X>5`l;4V$kG{m29(;+)A4R@DV|hq_7N>Psip6{#&0}ua!NT)$wtDMTwtAye zn(94C9G>5=;Z~11Wvj=$vejcz&wmG9e+wnHp!_s(CnZ)>mh(xemXyE3`KA6V2K^ED zU#uslhunWLTY0R%vhpM;obzw#^=tfk{*~+bSGN4m==myc*$2q!RVkkxW%_+N8fTfW zzSg;$GqjEyF#kSXR(T(Vug}uH9^kz4qZEGSleBM3IZwRjV`QI$aJKLB^*Fqf!mG-E zNPPJx$=<3g_S0FCukv3}_%^DHC1ooQ+wVC&v9D76o`7S-k+S8F_YHFVjn`3I`!wzI zGbX$F`d_8@Z!14c;R$Nw8RBp}$tqj@O)6Xc6_l<1io|?9OK(=gt^TUYR(~~Rt3Up2 z^Veu$Ih_}Xc@S*sC$9GEfE+IK9^zh##w_ExBu(LAJI^Sap5&BGPYRIUjE0+@RFq9ms>-G(JihSt zY`n2{&+$42I^CvM(U_=}&vLq%*wIN%dh{gd5pk0qee@F3Bg(Jokrur^?>I{3zkaTv zCo5tG8a2yVV=(Nm%bmVwSI+&w9h*R*zQiR*!iNw|Xq<`Ac;D zEeoXg%DW@#FRPSaWjTM5@~b>f;kSN+>QnW=?%U3Fys`AwbiCQ;f4`dL^Et}zWiR-B z=f>-a2ef~e{<_Dn|8lsDClT!jfba!n8BZwOk*qnsj3;qg-&U6Kg!TjUC@;|Ux9yQnE$XsAH`dVoprlVPHx51Nm|u3v@n@;`#Sgab3%Jo|JM?U_k_#C>|YdXA$9J>Fe>14qF1<~6sSCjf_ zoN=$_vkLx4^|}f9Zp44NUN;B+PV2oO@@T~WYn4AQ&W7%OO+N+kzohw0g8v6pA9xWn zbbqV*!$0mDx`V1Gyr>yEUIgcQnS=Pfnx9$lKdJKU?+H_J?k`lId2?FmwyHdNF)(z$ zr}>N^K5ri3{P2%)gznQSw>j{CtIB~lsfO+oDz_LddWG&kYCiK2zo_})AGHYG%T#U= z84g3YQ?JX5GNJoRt@lZY|1rI8jf`2L>k_$8JB4(`hz|C8u5B?kQ!XQPWpMsOdNa&@=#+q~(CwsW=g+jmO2 zx?B3~FH6$hE&cY7NxgKp^xFrdyxp?7FwD}3GVVY{GT-)-t-f?Z;IY_ zyCtcgM#x>7&qeSb((Ce%YlZG|y)OTVR_K=Gdfkp6LJ8e}SNZdgW`%CIrjPyh7c`%J zkj`VO5By_Pq5FSTf3V+vtLh2%+Y6dc{*kB9^=N)(!2c&zp4e}HP4#&I`qeEePu|oK zy8lb_iT(4>YknN0L;Etxb-P*c->Y)q9}NoKk6Zmh{NL1kV*kvW+Bp3Tq;r|dtq1zy z@7C)^(0~59w)YIg|EONK3jOxCHGO_)KXf%sKM(!wy;`mc#OFCHxfu?Fc8Q$VxAc2?x$b($HzT2YtMGa; zzK8zr7QJ8Zs?b0Gr05%^1OA^EeO}+vk8zq^PA(oM??$9t8(RA9ZBnicE%|?ylxssv zzx@TN#|=&KBoGB^X>nl`h)%UUey!q zw=0@YoNvc8KRDlhO67_D_8+M}<9xeY<%#p{-`0HMeEVlKKiHptQssv8?K@QtIN$z= z$_?k+|6cQn^X-D>2mA9bl^f2tuhZ+|eEW~Jz2kiQNxd%4xBpht$NBbOYWg_ezEjJE z^XIvN_AiJ&$6ER^&UTj*rE4m|!&0t|E&cXp zDc8o9{9h^M+St->e_rZwV@tpNL8+IGE&X<%ly_rGzkQ$R|HhVn`)MiH#+H8j4w28s zmhv7EId5#~x3AXt*l%YUmm!^aB?JsFMIN$!d z=-{y5*hMbpQA`&TrdINv_3`hfH8 zKT-X`e)~?<6YRI=HJ>=&cA6iYZ~v&u6Z`G|TjhZB?SE8#!1?yCX+E)k{1c@hM_OvD z`^~F;g&z{3?M*IM5Ag@s;F#i68ly{T-cw*>(o9HLy2m1LNH2<`|(d3Gn|C+ReM$i{XPdGo8k2^GIv!;)? zD#xT=HaUM^)kr5T`nJhcL|+>In^X?o&e8DSAo-y3N_fM6onChi{IAq<`TnU9{|lCm z$f@D~V_Mz;@PAR|JPZC`75$`($af>1!&=@RDPP0CQ_ICK?+D%RYWn<=jL>~f^H~D_ z?OMNHevLD3RC!Lq{r=yJd^fog`9?=6@die^KR7h5qLURG$1Y ziO~H|t*;q~{~FCt4*Wl>?IqD@0+O7!A8m5|aKHZ{m0J$tKVkI+@xQM5Sp@sT&#K&J zApVc397%@5q2 zdR=}PKXk9v>&}7yKdRh#Q+((?uX@Fs-9vYirq2(zqwDg6YLj&xpxXjV|a+CY4 z$l)@#1pVhXrAU{_OV+{@eogXmnd66uL-#9`KIiAR)bmaH%@3c^vbntcOTFalX3Zx* z+#9;bq~0%ci{SrCmBTE^;hUOHUi7Gu(!+XPZ;x#FKc(f0NqPzwg)UMxu|6^#5MuPV$%VhQH6pWsVnU#rk~L7 z@n#B+kNxL+HJ@pS|DQEK{owyel^Z`C6}o%%y8O^k=sv7+1c`5~jw{gKM21pe1+`uq?Nx-OhlP=x0s|C?L-$x*rP=9Yf)y(0h3E&b$Qi5_m2 zmp6ph^>(Yx@{)_t|Kn2L%`NM39H+}kU>M!aNf zlFy$Jd2VUR=MPI(wycm(XuOo;pOk!F-jdJ#lF!Rq^7)YD^YWH_PKf?o&in0JTo*s# z3+^Lw-78wI`)0ZB6)o4jN3MHC%XL31?eq%S^c!AcRPu9$yc9L`_v7Lft^oObROEJr zY!(jV^D(XBqnDeO{P(ovKOy<=Y03ZXlK-BT{J&fB+2dv)KmNMV>5=ECT=&YB>s~L{ zy|U%HH_COdY`N~N$nDA&xgC`JT-hSG56ZZ9WsBSnh}^DRL2l4_QvUxf%`>i|k>6Zd z4^EQTl@wymy3ze4m#gTG)10l({4{xRe2Zt_|60>Iq$imF@5^A#$kzAD&PVEOzE#p8715dYsvxug;#B&qr7Bf2WMd7P8+ zfagl=-wm|cLG!%Hf+dN@ZW$IRC+2sL;iU_L*^ z5y|lvr(aQd7|%fZeqPXs-y`k4!P$U6PKhi8%;}d@bvXSQW>pzx4)^O$jr43^0*C)3 z{Yk0HSo{H16$_tJ6|wNLs(^(@T9pGON-bsb9fQz za|yoBas83r*u=D4jKIfr6<3at2J_OAAaJu?jklOR|<@(9-g~{<3 zr&kM@!?RGoXOlj+=hf2Z@Uu<7C&=Hkbj%OsvEwh%A0f}DyMN*HQ*i!5z!DDSj|ck9 z{fXTl^J!;teSQd$9e@2i{V4`~Cg+Fs$LFt>e+h^D_e1_G0rU0C+P>IZ?!T0|TP{%e z*MV&xqJ_Tz;a6+>!&YZ)`xonX8lVA%<_I$z^w0?fI0vCa#VJFJ+8l8 zz$}j)66(VV>vj>2&!2rkICu5$3V1gij|Th}I(}ckye9S0fPaLJKN;|^)A6SRex8nh zBj6=E{&K(x%HUT6&Jcei;N!$E1pF8=y@y5|mt~rc>Af>`{xBW$dl}eqIJcc-z z#No_o2+soNfLTY_+4)7_5^x!~0$c^I0h>w9uGg#j&di@Ua363#FxzF=+4&jZN#H#2 z4Dc-Q9Pm8w0`Ma65^zlCOP1eWU|aXJaI^my_e1;v;0*92a2|LDcoujLcpi8GcoBFB zIK~AD>Z=#n`fDq1AB0u?{eI6z|B#08 zEN~9E09*tv0hfU*z*XQHu-U7vygh2KFphu|z)9c~a2hxZoC7WZ7lBK_W#9^M6}Sd$ zTPdu(J)22s$r;=JBjW^wCxLA}$l|9VJPVuyE&vySOTcB|3UC#;25eh2EWbV6Xv6XY zCxDZ{Dd0447B~l704@TTfXl!Y;3{wp*p_hX<=6EX;|MqboCHn*r-8G;Ip6|t5x4|g z2Ce{Cfos6F1;xtSqxLG}2siN7v7dBj5yZ5;z5% z2F?QKfD6Dy;1X~dxB^@St^wPAT`R9W-(_si=^7_=J;^u;oB~b*XMuCT1>hoZ3AhYg z0j>hqfMdFT!sXdbAO6t?cE)jF{?UgpydT)sW9us)2{t=9@e&fJ> zz_u^k$~OSv8Q@9aJn#(gEbtugJn#bWBJdJ$OxFV~|GmI*;6C7fVB25D>Ai(M*&v)b z2V4Ly0+)cxz!l&sa1Ge$ekRMG?e{mf=ckMl5I+f=0=E7Ac77JZbHD}QB5(<~3|s-O z0@r|T|CZ&?_WKz}y8dgN0Jimi3%C8Y#%YM31POS0k{ZU0xknrfUCeYV8<_!CTI240~`S-fRn%};52X+I0sw+ zE&`W;%fJ=jDsTPOS0k{ZU0xknrfUCeYU>8a88|4R%fD^z;;1qBgI18KuE&vySOTcB| z3UC#;25i4bQm_B(ojBtNI02jlP64NZv%opv0&o$y1Y8EL09S!)!0v|T^7a5nzzN_a za0)mLoCVGS7l4bvCEzk}1-J@a19q>5@&iY}3E(7f3OEg%1POS0k{ZU0xknrfUCeYV0R;wA2a0Yl1I1fAnJPSMrJP*78ya>Dm9NP)y2aW^x z0jC1~5lSizoCVGS7l4bvCEzk}1-J@a19rO_<>mbL07t+H;3RMgI1QWy&H)#Ii@+t| zGH?aB3S0wrH$(Y>Bj5yZ5;z5%2F?QKfD6Dy;1X~dxB^@St^v!hzLE%dyqEeu?Q^0B9EN~9E09*tv0hfU*z*XQHu)C$Xygk4XZ~{09oB~b*XMuCT1>hoZ3AhYg z0j>hqfZeT7e&7f=0h|O*0jGhpz&YRoa1po!Tn4THSAlE5?sZUp;0QPYoCHn*r-8G; zIp6|t5x4|g2Ce{Cfos6-HYh)E1e^d)0;hn}z**oNZ~?doTmmiwSAeU)HDGr;lpi<( zP5>u?Q^0B9EN~9E09*tv0hfU*z*XQHuzNj}A28rP6KCwbHD}QB5(<~3|s-O0@r|DKa?Lh z0!{!Yfm6U~;4E+sxBy%PE&-Q;E5KFY8nC+`$`2d?CxDZ{Dd0447B~l704@TTfXl!Y z;3{wpST=Q#2-eZ(dHVFcrCA;kZ~{09oB~b*XMuCT1>hoZ3AhYg0j>hqfZg{sm$wHv z0!{!Yfm6U~;4E+sxBy%PE&-Q;E5KFY8nC@^t6u;6n&lAzCxDZ{Dd0447B~l704@TT zfXl!Y;3{wp*uAy6ygk4XZ~{09oB~b*XMuCT1>hoZ3AhYg0j>hqfZcv5KX3$`08Rp@ zfYZQP;2dxPxCmSVE(2G9tH3p2_W+b1I08-pCxKJIY2Yky4!8hZ1TF!Wfh)jO;2N+? zLHU6r-~@0II0c*r&I0Fv3&2I-5^x!~0$c^I0lV*q@&iY}3E(7f3OEg%126z%U4?F`r3p@ur54-@p2)qOwdkD%8 z90%?L?gt(K&HzsW=YeN{XMyK{=Ybc17lD_6V+Wx8z;WO{;C|o%;0*92a2|LDcoujL zcpi8GcoBFBICc=q4;%;X1MUYN0L}nU0_TBefMi;CCE(b@P=4Sza363#@BnZIcoH}dJOexnJO?}vya2oi zyaXH@fbs*!f%|~_fd_yyz>~mv;2Gdq;5p!V;054C;3eSL+oAlxao|4Se&7M%4Dcjy z9(V?L7I+SL9(VzG5qJqW_6{gNa2&V~xF2``I0HNhoClr(o&}x*o(En4UIbnOj=dAg z4;%;X1MUYN0L}nU0_TBefMi;CCE(b*q5Qyc;6C7f-~r$a@FZ{^cm{YDcn)|Tcma43cnLW615ke8IB*|u zKkxu>26z%U4?F`r3p@ur54-@p2)qOw8-(%$$ASBR`+*05Gr*I;dEgn~S>QR~dEf=$ zMc^giSQ^R?90%?L?gt(K&HzsW=YeN{XMyK{=Ybc17lD_6V?$0H+dr4+(+eC2?gQ=z z9ste&PXgzGXMksc=YZ#d7l3O4CpxHrk4SOF-p||v904bQlfWt9G;kI;2V4Ly0+)cx zz!l&sa1GcEL-~Ot-~@0II0c*r&I0Fv3&2I-5^x!~0$c^I0lPy`e&7f=0h|O*0jGhp zz&YRoa1po!Tn4THSAlE5ZUo8?904bQlfWt9G;kI;2V4Ly0+)cxz!l&sa1GcUhVlbP zzzN_aa0)mLoCVGS7l4bvCEzk}1-J@a19nHC{J;@#0yqhr0!{;GfpfqG;39AdxC~qY zt^(J9T?Wbz904bQlfWt9G;kI;2V4Ly0+)cxz!l&sa1GcUh4KSOzzN_aa0)mLoCVGS z7l4bvCEzk}1-J@a19m?MzzN_aa0)mLoCVGS7l4bv zCEzk}1-J@a19p!#m$wHv0!{!Yfm6U~;4E+sxBy%PE&-Q;E5KFY8n8PC180GAzy;tUa0$2!Tmh~E*MQx7o6Fk+904bQlfWt9G;kI; z2V4Ly0+)cxz!l&sa1GdvLHU6r-~@1g!2ElN1Hc*JN#H#24Dc-Q9Pm8w0`Ma65^!w1 zQGU*UFK`^V54azA05}6Y37iL>0iFe(1D*$70A2)M0**~U`GMoWeZc*|1Hc*JN#H#2 z4Dc-Q9Pm8w0`MZRJJBdF|6XSga0HwHP6DTZ)4*Ba9B=`+2wVa#16P2nz%^j^7?dA4 z0!{!Yfm6U~;4E+sxBy%PE&-Q;E5KFY8nAmD$`2d?CxDZ{Dd0447B~l704@U01Dm9Gh&EpVR9Fjsy1r_X7_AXMiVx^T0E}v%qt}^S}$hi@;03u_-7&a2&V~ zxF2``I0HNhoClr(o&}x*t^_mN2z!7i)I0>8rP6KCwbHD}QB5(<~ z3|s-O0@r}uG?X7W0!{!Yfm6U~;4E+sxBy%PE&-Q;E5KFY8nFE!HqY;+{@>Ruj|eyc zoCHn*r-8G;Ip6|t5x4|g2Ce{Cfos6-{mtd=0giwZz)9c~a2hxZoC7WZ7lBK_W#9^M z6?iFN{(bS-2O8yP?gfqm_W}0<4*+L?CxP?8Gr+UJbHMY!3&4xOOTe)YLivH?z(gDo)b*LJpX~anuBW?x zrmNWX$*vbW{#EC5oxj=ni(S9mRqFb8U2c4QbZ~5BV({^?qZ1>8Ba?2|*vROK?AY-~ zMsDV?W`BygOpv89HZpW*nIxLLn^Lflq2b|??8M;s)cEkw=;+|^@naJsWOZm(FDm!s}aAI^^%i#;QYmnUGN0*Bxi9;+-d17pc zvUvRHv5A{Cm*adur9C>q`8_r=JRzc6F(MUdtP%6kq3pOD&YU>*p7Fs)P8>cwGUi5) zAF;#n%<&WdyR@?hv8#%r@YAS?F>18%2MZ$zia(Qg@B7yjLr}1Y5(|q|cgD=b3`~+? zW{BF2U|}P~-ojD|k`Yk@7Dfo7f;x7BO$tkk6c!eOuD#YeZ{D1_H!t9Ymv5ha&bsH^ zz0cY2P8`YdLbX1>(pp(sSgSC)b$Sthc&2frmd>6!*P2;gK7Xc~UszaOTY6(>LMOA? z5R;o&HTS^et;UIwb4N}!xLRI1xp;PMaY`m?x+gL)ewOe}&cFLn#v^VV|M9Si9lq_` z@f>omt*@@nzuuZzd;1KzdTwEUeV%KX!Dee6J9>0fjRHfVFBFMAwYzpFcGNEIZdW7T zWK<1(vjN$!#I9MIMZ4--&?DiHF{--0gV=YwYnCPi8ZfFlzEf$T*ssK{S(*?Q9ypBW z9#lkM=m}k+Ba}j6w6{s=s2Y&Ns_$EgUAId!p3#CX8P8xxha6U7-|U*D34sQ{D6K5o zHU>^6iENTcBZ<6`NSOPF?icaE?iVq^fR0hsx1eW%*sa9UjAyZ+L&jR|DCFo@Ho7*3 zRUr?0WS~bznGB3+Q;sn*Fh&N($iP&#kOJkD=&Oaj%x2F`6X}Vuh1qe_MAF!s=w@MJ z|3){$Od`xA!b~E}BvvK^2ZN5GiS1^Ah%M&+0f~d-eh~+UZQQU=V^sCXVbvvZPDq>+ z66eJI9rugaQtlTcO&(Z!ponwhfg%#Y_P|6w*hX|^^i1SO9m(j}fqbbW5ox0%_5qF9 z2Q*?I(1?AI#I+yVy*)QgY-4W%vg4+S&FxJfx><-g&g?aj zTDFl|5=V+eYSTCws26k$P2}1F5xI7MpTzcczlbf#Hd5E4ftqQSW>F-g-D{m%T3)Oc z7S~R$F5zurwZa?4(#rWRzXTe;ZsNT_uQgK!^1UF9#F4<)Nmp4Ika#*0UjZbZj>PI^ zpu*6BvrFP}Nt{a(kL&)P`$eSA{UUDIr32pxBpjt3MWPJ!6k}IA4K8FsuJscGwNR0n zYqRI3i9^L+v*V_T>doFnHwzO7FuD;p5+#L1Ng+{ENR$*3YnOqNLI>hTB5ow&Mj~z` z1Tt_u=op$f5f+Hp?e6cAC@Jn2QBvIBaleSCW*g5(VnP|Cs<1#r>99~l#b6sJnM9!= zap=inY$QjK3?z_4qIA%R(m^9i2aPBlG?;B#SWufre5=raOh!}_dLWY#GFjM1&Jc-? zksU)4C!fU0CvoygoO}`j894cLAOj>aKw>MC$N&j}44iB_P~}OaghZ7mkrEPn)-1_k zCE_KBZ4`47FF_txc$|pLu#Iq#QPgQ5MI^$bj$|NLbRb;n7#qofT&V|f92@QO#;?rj zN1K_X7!?Zrkc>#$F(6SxNmLmURfa^BAt8`~Dnkb%Ng|RYB1s~WBm`rlL(ixxNyL;y zOi9F)L`+F2WgwVzAa*1|r2&aiee_fXjNLyB=x5fQKgG=ysMmaXpTRqQfu>$R+CkI` z619Rvtso;@G_diKLk7Y@2Z{%Y;z6Q#kSHD`?jQrjgAPO^b;yXLq&0|fkfI&uC>V!W z1~vqZII}e3%+i2H2FA+3ytd-ZCYg*lvq>f+rfBOgA^yjoSE0QHpF6U9%({Ig^Y6>r zhi|Rd^QIWPdD~7wu79CHzj?cK#~-<|{_h5T>oMu3&3|A|{rc0t=QlfL{s%BkUHq=k zYW~Ypo`0r6|M82`Pka6o4f?<5q@Ol_{F+wX`qTgaFzxyOfVfVd{=WG8De=41kiW|x zYWY2^v;O&C`bPTqaR13GpMSPNzxAzEJ_qR@ zx&GCL_-}nD#Ya=-f3iWp@`Ln;rp*7A^;wu(7k>8qY2jve99oBc{<3AZ+P_G!ANQZU zvS#aq^Ow*6+?G`Ne7XM3hV{={e`s=Y*m?Z_yhr&jvvG6QKb!f}{E5%|`LkiI_pN{B znVmgJm%I_?+!uYn|DzGJ?~3WqeC!jLKaYKkJ@k%7rhk_*>eL5trRRUhH@pI33-7uP zej@!L_dE=SC+QE`|1>7A)3>dk^SIE*I&=MOgZ_f`SG0^)=wpxM`o9|V$1h4a2Tfd| zkG+)Z_u-~>>)*6~a{f3hvq0?w&usqjUXJ4f-wXC+FW=qkpYIf8o;Z`D5;U z{`fWjy7gbTesca8m+P-#nmYaFXPSRYVEp&j=r17L|V3#@eXzur%bI(2JInViXpL6b=pWM0Ywyrg6B6n+|{~a~S zeWR#;e^&!CdX$N-jjoACwte^eg2$dz&u9apefRs{|9&qe@-qk)udUHqjrh#^goiEO z)-{_oT>Qn2ymPTF-NhBtU8m=HdY=APlua(-=^o2zwCIG<_0x0UqzliQ~4yJ+82`rW+VtMq!up3tvo1M)wG^q)a}$M8Cq6gLw2 zNlk2xF2~;}I{HK+$7fQC(d1)Ey-seb+jSQ7JJgqMM4fcGJe{1k0f~xSjtwW=+f+yO z=*9IBtZ9kIGe{)Hx8&zX@!1-^5PzfS@MB-oI8y%j6$kc=Y@2Uf|AB}0?v*&B|Oc9DO3Grrv3}Ojy4YLylp;BTafM{)uz>OaCPG zGI_=E+q3jUUN5UB|G(9K#K$jh&)w1g+307(esB26_pATgxBQ3{qfw5f^hky%&+qBi zqa?rG(eG;hj?N_Q_~`y@lFz4#>c4euT6y0_j8`~%*uHmf{KM}{J%r=2jQ3JMQVwZ9 zN&Q`hBb3X>+sBgj^9<5a|BqTde$?h6tJY3r)WvxF(X+FibgPy_Up_IT^>FONTAXMf zgdXGYOZM&U;lVA*_^Mopq6fEJs3$b_$mDGD564fLI=S9)Jx_i#>Bm;D{rsesr#srG z-=4pbN1jf~`J`rB=kZUk*e_q85hs@@kLaD3XY!HL)erBra=bUmw=@R0k#{HK{jp@a zr{lf^jlA&1N%%*SiRiKSDMk-lJ&suXkq=1jqiFbvq~92MVN#Fbd{g?D$;a}^b$>cZ zXXujT`>v#$i6&oXdK1WVsrmRZn-}|dcg))5){SpW(zkrdeET9?Li9_fe#d?>xt_Q4 zcYipU5Z;G)_#X|ACvv!JOA>G7vV`{mV|(M8YaxT?hN)lerU&3)L zZ2ipY>FecI&ll+T@R3AdTi0ExeDtXa{T8{18@X(=e#`t{1a)kOVzhl{Qece-{|!h+ zW+o$-C35q4_aU9{pO1Mo#h-j^Ot0g5Gx@rlvdiD)dn!aq&;lyx(N}`9xdL;YZAS4eR4hW@xt5L_8+12o=Wsc z?yKZ_N1sUa%=PNH`m{v<+tDYqdyyxc$WiVqyLDCs|6%ck{)mtQcf$H){g3KX4E@;g zONlz(V1>*e-aR?sgb(9x^awacuU zUWNTsTKcIsHv6gS$@f!}j|}Sgw6$vow8r!c=`O2ZP#dU6V?N;ewPJsT^j!a%di6@V zT(sQy=i}s3^NG{bZ<*ciEWHmo`Ws0-c1Ov?@I?DBKktOb#f<3NcfTj~rsHDeKW4O=vhVEv)nhH4*Rm}%W2iKtmxUNn|cO=_sPz`wszetYMRWuklxX!llC!k zz0JQ~-lO5m&A(2lUz2p(=3$8)^33ViVlC$n%lzK!ndkRMpGfL|_<~@bpA$WMps8o2 z=cs2$&#%9#dM4?1^z5|uYbQHD^LjoZJ-*ZiI_vvU)LGw$ow2jN ze@5=_=&bKgTR*kXm=DN!Ag;5%54+_PCJWsE;kIeneL@XA3gUOx_Y>L49fGg3H0M31 zYkjh_zJDf->E>?srE$`aS%3Qh&a#wRPRg)xT}M|MC-D??*l8djI7jUC1|C7Kz+W z*tXvPh^_Zq{qTDKv5#mn*d4dBU2v)WF`ab|$e-3{j~z|qd9wDJV~;22@%_K+kFL|A z%H964eaBxn*K6yr*O(rh(t0h@9eJ(UolUP?pZ3vu?TYKNNasY?&pP^))VHittuznz z`flpg$*rF)r&peCi+;th1MVm`_3D)N0o<$wQ~Mv%J5jxAtY@6?y8p`SvmO091NAE{ z`gLnlzpAIwZw2~=^j1~Bklu;*U(df?`Rrc*Kjr?*#?$5cvEdH~>tz{P$5?ExW30yd z|8nCZ`fYS?jrn+^|5|BZ9P;P=Zb#2f&-(xKqGwsrv)^j!83yp@y8iF`TUK?w4Eb!= zx0UDl&wsxrt>|oizQXR$hqV}|ydU$J-Ji9u|G%TDXREOOe_He`*U_`n{oL$H-%l>H zk9;DV3{$D+*^?#Qi-~V?<|2M7w4{AqqbZkt& zWggLa&R^C;rqr&sYR~!G^GlQdT;U4Oy>z1vd_89Mo_jgF=li0UA{T$&cGaHqe=Moz z6J7uJ^|A0dMP#eAAo{9)8VjL(_(J`%C6<9RFG--+A3rt_Tt z==cxreIX4!dLpS0v6puC0VJ}JI}aasyq`OL&nb8I0d)2OBzh-HUaohY=lm0y@N<_k zkB<=~wT zCw*^3=Q)413$31ArlVJ?SDoklb>F7XgI7<#&ThNk^YZ+4M%F97+gz_$jdlLz-d6&9 zgS2>m?@ec&KZ?$T_sBjkdZz3Ao#*_a{+;>QNxpZ9jxZ-&yC6&dB%qch>pUZXx>?&g6Bc#`*GFDj?~X^=XrmX z$4KXS|JL6#J4@ed+^0A;ex;OHKdiZzTEW^X2`9J8;Ia!+M%NCnUdj7yf?x z^a|IN_o#}S+*Z_ilfMsOa$CW8Lcg2&dzHoy*QZuqZ@OIL`}6G0=PehL^nXzA2RKWA zzgzUM8=s?3B+v7o{QCit-?jC0CO0MN934*f&5T&RA06(~dYjyq)IaOfv8OaRlHaY= z`nPu0rk`SjfRpP%Rbh{4)d&9Fk)?hYPW0K=A69QYD|uh8>%aewxN!W61A9ic&8vP& zdCug01jA1y^(pz3e!!jd3pWBp?jpb8PbBTxpF8~$%wsY9rM&nbJ^0}_;xF{-$!RUO z`WM81tNQzS5BqtIe%0Es{Z94d747$5(qpcE{avs5I&AH@J9@G5&q&ch4jkHTEf(-i&;p+5SZT`1iSw zK9$ttvE;Q9jpqm&ztjDiq+>bW?{uH?d%I14r2R<#n(yuYZ;3v=FDaP3SK%TYN_*>( zct141%l$=_LwEEc{r2DG_TR_ex-R*>!lN@28ZPn?*LZGMIt2*K-@nZ7M;5tC)%))$ zd%XLQj{ZJ3z3+B%+gMUBKP^{jJ}-T|_j9k*&LzvM-*3f|y&wAfc-I%v3;A7cx36#C zaa8M3?ql`$xp%0zq7#2V_Z##Cf8J=>-yuc%F=G1fDYO0^Gd=R(<(7UxveeP1GxPV8 zU4L5i3KhJ4$JI@J!VQ@BBPXs;8Pq!Zcj>QU^he7*??(FM`nRH9A-#@Xou2pEuGV`W zm(;7Y=+!r# zucKFIpmArTRx#$(rTUEV6dL6ww3-u}|dbPHxSEc8uS4eMF^$O{A^y)0s ztGwvdZ1SE8x#^PkYM*p}Rc?Ks_H&%KZxDMB^5yr1O}#qPen;}w>`IgpP~od_#AyA zSwA`X^|nXV{^03MZc5T=uD2!j(W6fkHJ;ahxLzUax8Zu5)_-TcP30x+a$h_;jw*`A z4~@sC`}ZVf=XgttyxZZwXL)Hddgz;b!f`BY`&w3SJ@`MV9F|{i`@Dwxx~cR>;u`C1GKlpA>uozF*U7r2_#bb*?dVKW z{TrakE-K28%b&nIhkLUG~qfaGz)V}VP%xgRP^xWpNtG6za=ui84+xDhD zox*xsQ=i_@)TbEz*mJypZ_z8H*XgIu)OFk?^eQd(pszRWjMbC32Q8^rNOx8B3h8z9 z>MYW$jOf)zntF8#>upQw71CW*y+V2&y*i8ZDl2-mtEpGzlkcy#cA?VYbUuajPF9~> zFISvjA>EE%oke<;6TMo~)T=XKy{%3F}Fy!`!i=RUC2t}ph)(>ia@i(dV% zuJh=9VDVJ?t550q+Fv2PlkKlo?5B`kQ?HJ<-u8U!)rYj)tGC|vGfS?wHJ@Xf(fg~@ z_Z-_f&^C-aiFxQbJja&Pbehkxy+haE#BTl_4N3lpol5q3uk`%d4D5_@Ug$(0#A~;% z&Lr>mxFU!n>0XU+iI=pWJ8^{TJfUA|@0voo5-%2i+20ArdUo`QMBWk)|D(w(7FGUk z-&@Ka*e&t=`M;+n)zx?|_tlzCck~kdK04f^-y_=|PxRqQMSXrzf?!&o74SEp-_`hV`@)djFCPB~l)FL+o<$ncS3&qfI%L z+vJ4X9tzm=6vNfCZ}W^^7rW<9ga2LN#S_e7qH-h`ZV#$DXIKn^F`PS1Qje6#9TQxES_Jq+8u=o#yix0BsbvQFR7 zqiqYSr(t~QSzK>iKTqF#eP5&HY3>_&nQ}M}*LH$QsLW`?dX#>}=Se40e(9>WZbp||T&ZhSZcz=HM zDeLc^(BkO*)8o>=q29dzm+#>xlKYX}YZkvR_38JKhnIQ3i0`jF_8XQi_O%s6-tSIW z(wB5Zo|1m3$B6d*qfaK|%Fvc1zK?7BM9%Q?eJyugl!Pz!K8p#Y6Q(OMeg4{hpY&g} z9vk{)mq>RL?uU~)C&@0Ke-zRlPzoY)g=)U93@Biej72$m4b=v8|^j}Etv z%frL5oCbS^hl|#Typw&E+<%1k$1r!b)qi`vpZxfIo?gF})Wg%7omF^0*T3%j;xk`A zPyhIQexNr^y-()pJ}+Fo@#*;Ev$PNCheh*#kmIwo=+*B(|8V98^Y0?hyNr+7_~_$ibG$5Q|K;PRjOUWn;cZjuzts3Go}iK3PKE|3Tr`O}Q2BTz=Y8s~<7l4rSwj=;$Kmb z;@56Df2B(wK6-d)6eSuTl2ej`u6V5zJ>j;S@7Q%w^wwr{73hgba>-Mc%2RTQr1qPC z*W8}n)uiQ*wec)Q#qMIZmWHHpF?y)Wag zRX+dlibmpHa>FOeCSRiXaRZaLG@_5whLbD+0h;j?@TW_{%&Do*&#`nRs7w6JbxC6p zLl?5L?s_QlB{&vCjJV72k>ePjEA2Rg@3bA~@GZ+Y5~qOA8|=7*?;Unr!S?_@ax+@P z=S}#i2@e?>#IdxU6pnNFmc}`S<57IWrR2u`U3%D%M>GLO{@06qei|P{kBW(3^f7$H ztr0&o&UH^JMk$$q*!`G?B_UBFSDDyKdXg7&Dm(Z00K{1rBZ8Dit|9KT_(+GF!RHJ3 z;C@eK@qgf3I*1BBe}WI(c``QndH6mTh`aR$e`?YMyB`|Y@b;|DxG1i9Da<9NTv$8p}{V)lgZKMS86o<({&ZTdZAzt z@wz@7zY@o?&@Ap29825I;3I8Y{0sQp2mfpEUBTzA9v_(*#xYzfjX(R6l<-=lca@&&2@QS9bR8d4!0t% zTwm(VT-Od9{Mw6;U$);v9ItCRH%$9x@aGXOY2PA&iR-!z-xtKst!!ErBrGnx=1%Zs zadOSuB`|SaZ^ZZQ7d^M~+<`RShBR=!%|C|YPor^4{YXDNfX_Mji2Hr`%W;g)7wtHM zIsPqZaS2K_ncu#LK|rKU=)FuMqDBgniTE z4XqGQ+QbE~&7JVgHM z?DKJp_b#wk0uH+l;*Ysahj1{H#FME-^jSOSK^%wYj7wnRHXX+IA0QsW*U7b{5Ac5C zOLqRd;V0++DHvVw`8bsKL8y~4_DFF2l_V{VlWbRuq8QVdfbDLY<9XD-+S?q4H!}%WBACX36c5NgFGAni<7eb zcle|IX&&xW-$<8??h1~x!SS1e zee?Z8_uTR0JBRMQKf7~iD3aU3k+FvkzAMV_-xD3#hd&2K4@QTN438g)#z#jEjqe%V z6Ya(S1H=0cM@Nq4N2C3RaYOa)hei({iH7&=86Q1-INCFOWEkl`bltVlLkAD<-**sq zgK|ktdPvVYlpj4Px0(uePpZd5I}RN>ASd@X&m9>X9*-Uzo{;;u@%^KRBixHd?-@Su z&}cL^I-HLVj~#mGz@DKaIJ`=3S);42ejva1>iq{t4m`AH^lFsl@Ks|{=(riPPxBWe z?DBXr+NgAeh2J}zk6#}niJ=FF^Fzt~@6hOh(Fgl3m9)h7%2*CBzaiSVe{bBEBrB&~ z^!oVD-Me*H&hmx=csIP}2qf$aW0xJnvH@WpS}@B>FrAQO$GBrD^i zM;;nK*epaNoh5VC2$kI35dB1yKZ2S>wT@r&DtxZT=Q@0@jm96y<1>NdYw$@&ADQ2cN_H@x4DfG`@e|kOu6}MWXnY*nHH1nX620&9s=X*s8Juy`P4RWtUaqMeJ~IB$2viFB z7aK=>h5XGP8DFN>M3wgLf!-u)!)I#}ua75x!c?k}SfWsR#f>UK+`QW*)MTUPjJ``H z{+03J{f~?u+S^BoUoOShyh*84VF z?wvQ^ddHo&58ZRmuAy7*y7S(hgZCma6a%rZjPJVpj@$3JQv-KvRUpo-J8_ZL28h(r z{x(YMJ$lvf_`d6qfB8aY8h+O%e%FS6*Cc*WPK$S7^gW{o;3@grweu}IcO|(*I7bRW%u28@4WNgpAo{i8eWRDVTC~bf zI;i-;!~5R)c4Y42ohM;$xfprhC`x!_e0XGZC_fH8eODinYGeY(s6Sk1I(P$mBc z7)(#T^(`xc6K`sF@4UCAwP}miYTJt;<@NFQWUyJjRln(ud+rfw-*(5YokO?oyyup? z@5tVJ*WF3WZWcIcIzu9O9lEU%CDkgOfOhZNB+$Diqt9DpSVk+z-iyBD_IrlzzD3T` zI2b79)a^Gl6iPBH!)2n52oKXh_mq@_+jby#O=-u`Bcq2K?M1r4p(AKAeL5Cgt_>r& zrer0#Ox!$M)E<{_dc-$+=ScoH#eKI7?7s8IblwzS5lgF5k9&r)JMSL43x96D_l~>n zOvZ@it6<0O+ipYrd+)kyXvZD5Cz5Yo-c?RUtw%=34?&V^!tV=hO-cveIdX{TS33#_M0#ZL|8L_%@7Qj2=S4z=`Vw*1~k1y zIjuJK?twR^Js5^DmxH%V$6kH?Z2V}fk!&d2yT=CEy?aE5aK@4{*t`G0 z=+K_g!z1JSvAi)pge8vs`S)B8vEVW;6;C46J;+(Q^d#9}Ts7g?%(kIqt=>?!B+czN z$<>A=wp^@5=8vL~9xJJZOXJ&i-Hax3$2~*0?7Bk+p&fVJE9Wh*HQqywWhPF&g6*D%fzzDu!T17V$hn7 z>>r7ThK3J3JdDN3{Ra>1KRAjG@<_Z)O14hw(|fyLi?5IY7P*wpJn2*YF2?$^AvT#$2mtNex_{zrh(FaQMbQg2H8>~y) zu7Gaei=^G^@%z=5+Z;dlcsD!Aj5%reLpD+#nb>|4?vADBlX-b#mTi*~)EL4aK)4i? zCOAB)Ua?@SFwLfN>M$bNI;rYKYg%U29~G-I*qfM3px(`S1e7kB5;moG!xF7cn`+W> zmTznlNlaBI-l&3PS87u_kCef0JTLS$~Zl-r{C27IN}d7f85OstJAjhiq?3kX)USbNeNF}#g|Ec2@O91?Q9Vb z;6#+OxgR6R3anG8(}NEk#vL`nMura@7{V-j4_5YH>5W4-V?HY&WAlR#70|=(T&A1ISSZh>Q<5u4xbT=)dM2l**#yt^TTH1nj z9Q&8{VpPSNkW{9)Q_7U?jJf#4Ce1CKdz%gG{(FWn1;;I!%(2~$mGs_vN_0t$$R}@F zI|+qq$zM|mMh+Z0JSv?@pi$~~9F0oi=zRhu)~->FYqV&TnsTv=5W{Mt9X9%mW$qK@ zQkoiULrdCv#XQ^?j`a$1YuL=;@W{w${>b%7fe($mOK$6RjZ4?W8eOzSJB|!IR$>{K zzWk6*CSX@yxm&jr+a(obuOX|XzdCH0b!j>KY*Y#o%u@{!dc28fa>>S6*qjTTs!rZ~ z%Pl)$DHQuO8#1&WCiWj03d)H!$RkMw1p&(oK8)1VzQDIdsDXdWfVt87AuGI0b&h*0 zvVx#i9;@68-6oi(RhB9#oMKAe8XDc6ZA>;L2G*z~6Efb)0JaA!n{L0q^prF1mZ`Rk z>yVY0rjil9X*D;+Yvfob(3Z)oEKqVP_n@w`unOOiearP~{=yp2opR&rHRMJ@H}FXi zT{8)~s$r&UT$=+t8{T##ADTZkQMOn-6L0ODl2zr)lTHfCij!98-B+|$qNh*tl=NOF zyn+JL;G1sFW?|kBT9hx;$&_L6j(dlaTDsncpk|+kCVg;p1nZ%#oqXcEd`r`P)pjmV z9n8C>t%dQIY;2wnZEgC;)<#MD+h$;XB8sH*^`uFh@}P+|&pUVCa-1H@uh|fqbS37w zyv)K#t-X_-+9I(a_VERFys5ZnxJ^hW);YBc<&=9T&xusi33N{${UkH)ol|?pgWgGc z8OetCJhDFC-qkG8*!3j6Gg#ih)R@(uNbB@$+G2XMquwh!UxvhhkZgZR4y6s~ib4cS zj_yvut*5VZ>u{M&gOdF>ZaG)`Zp+-#EWR+iLd?34W| z-d9~0#MdG&aYBp#Ro6#LkE<{jB;9SO&(Y9<{Ug{NHR{>dsVR0ti5=paW__B^wb4}% zU~|n?&;tA&KO|O{$Wu^Hd88w@?O!j)RyFy2=Kc6Bo}WoPWh>oZ;{$JX*yS93q^rr; zB^-TmeUq`XHoEBCCchN?XuvV}a{*rreoeA197ni5KJN|qQt)EHec&uM%XxmT0RI8D zg*(e*9zTyvI?FaZdFH_RHNd-*t<4gmTlwDdqGosoet(KWc>G(zuZ^2L0DkbIChr3G z;3G0ZvD7__zu%T4WLCn2-61Q=TX2D`$gFG)l<-~PUhL`41pFefT+hSTgJt`r@KMB1 zA#-EK_)?e0UkU#Z!e4@ur;Ps+d`UKW)I`FCF9nx^@YjON##^P1v5!#d`c?1~H-qB} zK2d3{J{sb@9^7N$-$(elxh{RoL&Akq;Ml@1!zR+LV_i|dF}~Dg@K^HXa`AGyTyhpJ zEOPO33yWL|7VdH>8skgdH2zBZE*CGS%cWxBE|)p5xy#5=dX*RYfD{G9{d1~--FM& zAB>_2ZnGNL>2NO^~@b@t+4rpJ}!$ZAXici-l`D0{0qgJBrq7 z{~_nQ>&L;f_;@?Y8hbk$3|QJxE?{X#6UN?-y#Ii=I&W9rj%MI1*YkEX8?f{*6|m$_ z+Y$0xHO7~^dHj`dZAVaoy0NyK-nG%9@pq(NUko9eo_f9Y8hgF<8GF0QfF*rDf55`M z9=#oTJx*DC%^dz@aITy$^|K!JlQn)dHnX3bUaOCLNw}U5rJJzuNrYc>U~M!74)w5T z?0PtD?ByvNdwE1(Bz;eB&cZ$a5UHl``G*KKzULoVRIVaF=RCSL@^&P=9-Oi8{|Ef4 z!rExS()0Y}j6FYjW0&s~onN$Y&)=M}=WpKPUzWn-fQVc(elz&O4EiPGhrpW$&@TnN z9=u5LQ`WA23GvsDVGK3)^2f%XLb&vkX=BX~`qh50)Q{Ik#@NfBHTLoj8oNBkjQx6f zV=w=Vv6sJW?EOR*{b|@w^xUP4y?hyCFW(?o^8X3R&)=_!#*F>^yzwl; zH$`31l<_wteyS@fg5`Ri-x*`iZ`s)EW6s#quNr&)QqXHj&-2#{R{7cqvGM=J_0Nwn zP8)B+^ClO(xGTySUjaV%%C2a@_*U?imt!0X_*`(#_-zP3uMgvp@geYqX^iUuZw42Q ze-`1}K7*-Mz%h6x;1qb)*vnfn{wYP{TI=Gj4!}5CNKI5&O$qo@(XVU z_Zsh$aCF9Tz!!o00zMy{q4NigRlYUM%fO-j<&C{Qi^g7`({}#HasBJRf%03p>tET} z%R6iA^;-*P41!K=o$yl#{@0zF#4$CikF6`y07`r^?ja?oK#-4uN*vs38dJXkCZS4I?)!654 zb+E|e3FNqF?M-XjT_}Lc6rHj z^`X2{#xAcOW0zN-vCFI9*wfD#ySyfhT|WxOF0UBnlIy#?GT=~N1!LEzV!$G=X=9gH z)!5}#Gj@3`7`wdc#xAck?set*?gorqUW4FJUO8iz*O;-(t6=Q%DjIwG)5b2ZsIm#1Xx@+yNv zdCeNTyeh^nubQ#Tt8VP+FB-eN(ibG@yS)01U0(CXu3r&s6`{Naj9p%X0gJqH#xAdE zW0%*AvCFG$?DCp5c6lurdwEiL9#Zn-^6CYL@`{aJUVX+cuK{D1*PyYdpEGuOO&hzs zO2#g)%!RG`H3kmlRW^2cRRR`y%^ADALij7@fea0@YL1Qn^gt5zO z3LMI-XzcQuHg!r=wfA{`f6(^6943C!|LJ_OhWa%7 zo7-b2jD0>T_B|N~eLgDoJvra)eKQvB^I5m=xxQ2^+}qQlvCmgS`<~eQdSNe<^kx38 z_cz8qA0IIG`FqaT=jUU_K0hxSdw#^e*C;>ieQwY5^3Ne$%IoE+8oN9ej9ng!#-6^s z=Sa@?^7b2hc{9d-KT|XI`x$xXq~y=-eQwY5`M?eC^%}dp+`i}K5qn-JuRK`t>++f~c6qsd z&*kOzJeSvu#rO2f#xAb~W0zOm*yUA(y)Kkj#q4*kUn$)9Nq${ky#b57Vq=%rps~wq z%-H3XH+FeV7`wb?jJ-T!zYFD61&8vQH+Ffseb413?`)O$F0USAPrujL<&`ydc?}x7 zycUhUJ;r8lb9s#!ySyd>7I_tnU0!a#b9v2KxXY_*?DCp7c6qsd&&wnByHH;JW`A@2 z${4%6+`i}X8nbYh*MzaBUodug%^JJBD#k9a9PD+WeodME&gE4N?0eF`*8&!KEf~AJ z+@9z1>W4i|%IosV7`wa%j9p%C-}CZ_{VtT(3^>%Uva!p{?Rze-c?)-WEf{5U|KAYwYrJd!EayWZ^Ea8Dp1M+1Taf_B}6;*zZDl z^_cz5^{dy|<>mH0msiHZU0zvZPk+$Z}2tm^(@(hfoYe<6J8I7n3dh$7Y8i+{rZf3zhA}}U+M<% z_gQ>=pHj})_bH79Ec=x50n0w6DP!NKG;NG8btU|j^nIVwtg-J?nhRL=DOJHzUf=Im zGsc&?1^kt8-|vT|VrAd&*Jtee{e0h%@Au1DxbOGFQmmfu`|~EiE%k2PsCQ$p_mZ*K zyX^0i{CRq_7Vh=#`}@4!7cJb|iSI-5ajT59Bt75nHyg0*_p1af_P+UmWxrqD*u)p5 z%uaBk`~7@hlJEDEeMpiY&3`S~-zV(*^YRD}q@UUlq!XO_KB>SsObr(^GHZC4$8Um_3h z*E;+Cl76nU->VShCNQ&tKUCoj9p%x{eG?Tnl^i$%d4~BFOiS*_tL+2_WLFBaQjV<+2?#b z>cJFoDQp~pg)5By|dphk%!x3I{W<+dAR+mv)?a~huizyp6B+y650D^jNRT>Hg^4T z`<~B##Sqk(AD}&U_WQNA$1{DupS(-43wy!D9m4U?id`bzrS?AIzr^PS{mFaBoX-Kr z7GL&%Z@Uri$uY*4x&i!s7N0X|f1l*P5Bc4gN#5rtd@H#7Uc6@wG7xsxYy1?#h2#9J zvCoUD#=eeTqx2Rm+}Fut%(*2!UnlP~_Wf#e#=hSVTk5p@y5H}E$@}`GJi-@)Wj~+u zi@+)De{BSGRDNZ=c!wT)zFr zF5h{w2iC!o-X&Pi>#m|bL9W7+;2(WI-a}+8@A+B}<&pP-Nw~h(3!6RVyv%39;B&$99xjQm&jtPy z-g{%L&jo&WO|%&BW^fPglO?`B7no1p%jFz{;~+c*P8)mv`;GNIV0izh+_%g5`W~?N zC-3DF*7txtj(xKhuI~W@7md|UfX&o$A20ERF9OSbyz}|sSvtRJto2cfq8d1?&jn+z zf7z!a;a>keU`b!?1W%*<7Vi4pXYA!o8@oP?8M{7AfF(U$2hFXCrUKpomVG=DuJgoi zpghJpPnyHNU1OaG)$smDW1R;rA{Th>PR@7NW31P|5beXB%k%p%6gwKG@jhC(rRoxXVkP;}dpy$#Z+c?sCR1uRJ)^mkDE+SHaljRWf#Ym5n|9S!0)1 z-Pq-|XzcQm_jrZ!lIQ*;zb>x`_u;}WFL|!dS>z?p^$EMYvc@hid9F{wU0!3xF0Z_? z%d2GED37trYYrUBt7`1>nm2ZN$@-JTcX_3d7h!ij#xAb`W0#lA6D7XOt8VQ2)zg!d z&*df0`MG?~gM7vU7J223U0yTBF0WZ*mzO-}C+WGo=8Roli^h%eU>+dxU0yLblvkgz z%gf*6E88k-ydH?0l^|`#J5MRpU@|rPrdHHjHp1wc# z=ki*#_%5&L!dCq%8N0kH;80#EJU180t2bbgmplh3;V!R1W0%*MvCAuO?DCp0c6rHj zf0CZNim}Vf-`nN#^5_0sUNyuIaL%1fU66Lxv^fy4HgHgRaUS(sKmp=#S>CaiX%PYcjfRdie zs|Os)Lw;kS8~2#v#Q(3sa#M(DowC{q7L)gtOStekV2EAAQ|OBS00wLAK}m9 z<933qu|Eem81VD;zH-T5AM(2~S{q?1sQG^-`m2{;n7qGS!tVj!9^?Jh6uw|A;TIx& z(fCPlH*SjMIYBw!)5BCu`TGcuZ^ZkBjMdJN!TZIH)y{yM<|$*fGYqa(JA$OAc81*A zsBGbCXV|kgs({0GHfQX5Q#E$I!L5$QcfG-_j^@wPi_C7|ded+0dXq8sb|!X(u$@6A zG(EL5_6j2|z2 ze69X2fP@R52cDqwr;QIGyys(Uqgi7u-_ww%vDyV-beIE&@~s-XeCLf_zI9`lZ-h1{ z`SJ8pU`fyA>+d6X`DQKLxS^6&X` zyMpIWo)>K?pRwn6+Sv13HTL}0j2rR?OZ~Z%_xlK|odL?>b_BO8%vreG72J;Cc7=Hh zce{ey5%hgS^`;%c?FykC;X>FEq(heLi=9F23bC=<72IwhEOrIA8wiVCVZh>hezV4I zS8%(5+Z75H?sf&YBe-2b*83$tZdWJ=EOrIABS^T|6{6ZGAjlI6bZXnlpyMo&dT%R)*-|KI{*z3Pw?Db!?^n6}W3Rva^Zb$HO-|YxKPgt<{ zJ`boH`#eDG1d?BOVkZ#R>%*>)0f*%uF!u7e9l`bA?FKH735)OP7mU5Uv<Dim~f^ z4)rA0_jzW)>;!%v6WS5vzHi>bMP4GGnz75n?F2q=O5?s<%Ios$H+Fetj9p%1#*OkA zyS$3vP+rr4=&|%dAZ%d^{Ef{ z=@RbpN*lYp+)m)~lKlXoyrzs@UPWV%Ph{hb_17J+V1mR zzxs_`UT!yVc@-?&(=@dAS|I<>ht*mzTd!$kR`g zU15yu3VE_C^x(ce)UUMN=exYzZs78g{RNVLmsio)<>ht*m)E?7yS!w7ft>I1S}=Bb zxgDWVp59h@Wx%1l28>-^S!0)%+YMY^1q=7|r;J^{D#or~bH=V;W3UT^@|rR`fy>M7 z1}?7}*%jpd;ZlB=m)i|oUTNI7OSsFc-`M4qF?M-P7&ppe+-Q&BP+lctm)DH3%ggNs zF0XkD_w;MVF0Wp)EA)|FL4K=oyPaId@t5$4aypHTg!Q?IJy;Kdw{r>{8|(Xp4n$GL z7+>lJ@b_7K+^&!_cDuq@z|YtFg(Uy_ej(&{9@iKC9zNYzuS;R-F6^$ycqiK9OA4?@ z7^@v%3hRHyzku+KAB4z^^}WQUC@L6hJG}Q$FHdCm?OvW9u*7#Kb^u|$ z?~}@f!iIYNa#3JZatdD(PxX2;){O#Afn#IUYnksG<4fHD{yvM(8L8LEuM}O%_cj!) z8^5o#oL>Jr!e0WV#(#~kdJUy^y{;pCDt%jkO-KSl2av4f@S%?#1sj zfI~evRlWA~PD-!$pgg8WqUW2yEqV=hz5WH{H+2B(U>0A?a|CvHFC|CTrQ_rDd4@uhAGeNrh5WT zfzb>!zRIzf$W6|7*N+1!r^^vVQFb{F2K;>4&n164&LO`dH{rj+=Y=!Ld-j}rz#>QC zf5ztp7?)}RpAW9n`8|-U#P5AE-oO2sWE>RM_9Nqnh3`Z7H5JSYz+w9tF!pf)U5JMJ zxG-ky;{uwXUeD8${zuaDabecj#|5Z@hBxMe)_(ndqX3rtCicPPx2AWXjN-)qpO9}U zbjn!u;-5$_z%6?5-Lp(Dkl(764`1qB53YJi6vZ*@obVNS=(x~_{ZhsSgkN(dgluy5 zdXx4h_2Tu0Q5I zV_Y^?`Jqt{8vh=`)1Sls6>!*(+iKO z)*r2~lFkq~x-eOP71n+NO4I{y=M=c5pNNz7R|$95kAr9NIU~mprzy$_K_W$jewYv3MZzh0m5@8kOCqR|Z) zC+!^jmW@*vVP7})kq?4HJ;@ono{Sm0o)nB-Pl{kEpQkr%;jSlDW7m_KvFk~}+P#lA z)7I{_oxiOsdhnts%0LF<rs;1=Dg#} zDE~#DYwC%PH`qV!dh(KsQLl3lqRH9ot=HJ=P4pzJ_Y7F%>*tH!NVwOd*Spu_l!bde zmhAku;`--)4SH|v)2~=8aW87+ht1ko*kddg)!*#{mxOr)cc;Gi~hkQ#SVcser@u<}BRnC$e>S zub&=cuOBbxQr~Mu*~$IOX7Ru{N&e5uL>2yJ@)ukiK`F?+4(or=;An#U&&RsA_)9wt z-Jfgvc;9sBiQ`wA{|w3gLN!Pf1a}RGq9zK{|xzyJyrZsh&H!&3C~w* zxlr#MTg#Q~BMO85v*sWB142(6KaTZQxoC#+^PZl>U)o{l{#MJI>10CoP}78r}@~ z|4g0{*2hCvwsd5jK6IbZ>mfhnf3fAKu5xXj@f((Z`918=y;IL$8_BwM=ssZa<@caN zmy{p<5yk(O$umRof85fSb>Psw#nPAGPY&IERxViw4&AeszWn}j=w55-%erakK5X)o zeaNAEwWVL6__tYpB8vZKcHKJGAw##<>P6mH7`pFSe&lz1L-!i1_XUdoKFjAA#ecQs zXOR5Ys6IhCVQUH9|FG-I`c>$@WBM>i@!xINt-?MYx@S#3W0cOPt({K5P8YgAw00`{ zWkdJJ*6#W#{;yg7WnCzAPg**CuqTD?7cHFy@|QSkWzZw{VlCIYw*K~8dfjzx{q1M8 zy|0TZl+KIHpZnXIUUFSqe|wSY$-1`w_K3=VU0Z*9qm~PaQ9mQuSSy1WxpTE#-EIBt z*R@>TYIh1x`8CadcUyle`@vwbYwK?hs{Fen?r*=U* z$a8TbpF#3}LazrokpIUmpD9hRna(!L=OXpPe{Rz2s>COyA9lHchH-6K}6 z1&aTlEPeT%uh9LZ<#T}iFE)LU-}MUJHCj&87xj}jx}Io#HqW@q@+rTU6}sQC{LGO5 zRVGh)ZYFf^FgeKcBBA>u)1MiN|D%@AnBu?G^3y~9SDV~s$^Sc+ANl>I&|PJ6OZg&z z1>R=)oTB&}Ek6_F|1Hx8*>4fLuiABGpF!yMo7^TSzN`z0e%7hq{sXHQ*^dyqk6Har zQ-AvfYp1gRAawUxdmN=gI%e^277w%dFmco_y5u$@An(Ek8U@{+8vR=gI%guFLb}Z<;>vJbBoz z%k$(vv-EkM{Oi_Ed7k_kYo|Ou+TrysXmAQT%Ue{iY)BZ@;MZm}={9|3T|3)z;tcQTZbs>Th4H zGM2!ljW1=$$xCu<$3Z?+I4xJ{A#Or zo+po6xpse6Dvr(SEV%f2rk@=gGfm`Qdr; zOHH0UPrlRS!1Lt)sMp&V@jUqg%O}s1Utsy+dGgClZah!^rsap{$uIT#rFrsAmQS81 zud)2_Jo#DE2c9SYkzJSP$@iPwc%FQfU6<#{zh(8p^W?{@etDk!X=|rEPrlRo4W1`| zz|!Y=@`R$uZBtYu|99$j zH?{SLKV|6@ResHr{sD(;oYcs_2lpl2+7zQuTx)(g^6c{J0xPW27>(d#t*$5lT! z>3egUzSu9R`PkGppZv64cTUf1o^hX*YmxkKwQ`NA{x;+PoYmJ1`FB}9Bb942{yQx{ z$vnO3f0tcX-a`_)>+HJnzK_t!bCDu{?%(!Vxw6!cU1{>!7e(mBuM*4XrC7kPonAw~D& zTTGtveu>a+vh?LW4xuYq{&`;d9czy~|9rE_AxHP=FK|7f{CvpLm-iuruG{iINdA|a z+{)ztD<+3oy5E1H>sxP_dKB%l>*gu`uUkJ*Cja-D+)`vWc(2J#-VYGEL*Ab(X-}ZW zf)lZXihi=`pSSbwP_J{^=7%p;Ih@nhAIkHXvSQ2YRv**+oD(JUpk_{AfPPT=rT3aw z#=g6?zRuD8yv^9y-=uOoC+eeq@84;AKPOtGesZr}SJsb1cb(-krPpbO3?Y5V&*#nS z2K#=irQfUd(2W0^TEFK+@|<$$c5A(y6UlqVLN}y(a!!=kO`9RVZRM5cM?-goUAIR5 zYpqqvnn-km*(S~s6zhoenY9RUQMr=PQmgc&mV^FuS_50xysOe$ga!x z<2TrKdnldnSUrxB|FFqZp5qJMZ6-H)J~4DxSo(aQK4keHqjcV(?HY0*|4U2`bJV}x zta68ZXgy2T%|&hnil4RoSIGaDO>Vu^@6DJTc>Z?KW-KF=pVV)@TgI(2JbbL9UQrnh{bey-~q^^+er{g>yY zLbuzlJ4gOGyRJMJ6}tc6dPV*_EFF37h}~MAJRri&T92Ef0!4m-*4O4XJHS^pKbzb7 z$)j2?@TY$1M(Yp1W9eUG-`~^xZ`S=|;idlz|@}ApP-VIvbbKA=M$6DTV+sd2Q^1`3W`XFN&uuI3E-ml5%am6uzoopFXnD_z##(&wUIA?v=S3Cr|9vg* zd2Rb!zM%Sip6>IfQy^!}Y>W4WdfoHe#@TP`bn$HU&*_Xy{EgNqU;cxZ2TiUMsIlbD9BS#Dp~{A_8H+qbmcZHZWJ|67~xmSyBdg9Y;ccW6Ib(30F$?BLt* zx*(X$`AKWhOVzh>z;`}bvsx zOx$1Kl3Rj)X3DDWXAvxN_zcDWO^qM)4q&K#xlK8@d;{KS^d zJ(kZ8Qhe#BB%KoZW6LW1o0AX|fAj%}-~xH5-JDDO+YqJrJNvg!Cvf@bm+&WV=Q(GH zr-^F;e*`DZ%879DHH|-Re-W1OvejcFTq45>%k_&&O`Z=}&d*9jIQf$Ft0r&fX-Z%A zjf(T|9_>$>oDcY;h%_Itq+c;rmh=C;unA6B!rczjVD0yk^zj%*bWw@VqIwhtHdec=)`jhKFZN0X#fo^FTf0e_*KN8m4x6ty-+_S{JH3dod1K?k2%thRG<%{FFiV+XzItHb#X3_G3(ld zMZUAvrFr-q=|@cZ(MS3r?++2@=NCyo7D+$kJ(wO}uAd|Q$dP``1^S@nv++T$C+80& z$u;z&M7$8NwC{?X2q#~Xo{#&&+P_fy?w81L65i=Q(4UZgoaz0?$>@i)@0IjJ`q`j474emH6WzlcA*asVe^(qGgAmj0v==!b+a1}x!=!F)l|o3;5F4z)k( z3+4whUziS9&hHQUf0-}z+tk+2Pww-Z{ac>Kg9?oY6&eqEgZ3@g>$NGVq%Zw#p2mYb z)#n_I2XizY#6kZr>Bn}<;ptD%crZcZL6yb>d4G*KKmU0BwMMk~BLB3UXe{kBwZeQ) z!h3@Hll=Dt^(X071J?Qq>QCyk6tIM6sXnt*pHnoxPf>l&Q+>`;eWs~C(^Q{RRG(8+ zpEat_8r5e%)n`A|XOZf&NcFiu_38I>5X}jV@AF!F&Gy+NC&I~>)K^%)Qa`mIT;(6s zx5Vf9{_)0-m98)C|75N&@%j2`ElpA$nSV?XF9iG>2tS_whw}M^q=%0<`BHsVYF=-p z`z1L)OXtrAtl@!tCH=mj{Yd}i_5nHVM6TZ#r2k1AmjXVK^TYa*^H<8hhEx8N_1Q!| zlK*N@9=ZP0)?UT?x54Fre+N7lu=EGXzBaL~CF9HATe!3DGjd*M?cdqw`_9SpB+c~t zDE{@tyNo5jW#ng1z*w{g(43NUkZ)IZs?5E)tiBMQ6hFD#TUd8gZRCvi9cr>mlw7SmN{(`}05&CZ9nH zA0wV1o+5U8w5K;i;j_eZ#Ph@p#EZl!X~=MXy!{ACe9FNiF3qmkM;Bm6ka4Q5toT8#8u)Nah*6a`>*Gxhd3rq6K9CC#5v+Tae=r< zTp}(LSBR^`HR3w4FBmk+Z}&saF>#tWL+tlcetwR^^TY+>B5{ehOk5$Z64!|9#QsQt z=eNi1|D0puG;xO5?;rjA9EInJ3&cg@5^haVp143+C z*thsJ%D=f)9x<`}{(v}-pCQf?=ZN#f1>z!ciMUK$A+8eFi0j0@<;Tm@BT65XFD6bC zXNa@JIpREVfw)LqA}$kGh^xdk;ySS}sW-}R>ru`zu|GfP;Ta0|ecv9QqwqX&fw)Lq zA}$kGh^xdk;yST!5%B!V?=`g4Ke5~MJbs44v&1>#JaK`zNL(T=6IY0<#5LkNv2Tg; z^7wvx=h*C(&ThYS&QN%kI7gf(E)W-qOT=a33UQUVMqDTM^)oL|kJ)3Lef`xrP2m~h zEOCz5?f0Hufx?T#CE_x1g}6#wBd!x;b4!c9`*U5MznH?)#2Ml&agNy6D?I%Ig%^oS z#AV_Nah146TqnlXo7VCZ$HZyk46#4g;pNLwxbJ87@B)PwiA%&~;tFw zpB`IZaE^)7#2Ml&agI1oTp%tImx#;672+y!jkr$iTdcgiJ+@!M+4rS8rzt!`oF&c? z`#y9}uR!5N;u3M0xI$bdt`XOXeJh#gr^nWloaOgX#0iVN*4LYy2Pk}ySbjf6oX4La zo+6$mo*|wko+F+oULam1PT6{y=g*&ma_*yWUtja^0SX@^9wVM0o+6$mo*|wko+F+o zULam1PW86dkNkd&I4@rxaX;|@@gVUSv9B+C`co7>O*}(9OFTzBPrN|9NSw0uP|r^< zaUXF%@c{84@fdL-;M*Z*UyqgR3zsO|pM&%83WfV~BpzO)@H%m1>%AVohuEJR@o@P) z9dXVX;w*8FI8R(4E)tiB%fuDpDshdtPAtFU8@J9J5-1jqkc#gvJ#0BCa zaf!H0Tp_L!*NE%H(Tl14#4&N2I76Hz&JpK{3&cg@5^z!ciMUK$A+8eFi0j1uBQxG#_goaIbB>AA#2Ml&agI1oTp%tImx#;672+y!jkr!6 zUEEsU9^#ldO`IXl66c8X#0BCaaf!H0Tp_L!*NE%H(Ir%V;+Qy1oFUE<=ZN#f1>z!c ziMUK$A+8eFi0j1uBN?vmJuh#SM@*b1&JbsbbHsV#0&$VJL|i7W5Lbz7#C7866|Lp% zA&!aD#2Ml&agI1oTp%tImx#;672+y!jkr!6T}tIAj)~L68R9H)jyO+TATAP@h|9zk z;wo{CxK12hM&&1tiPOXx;w*8FI8R(4E)tiB%fuDpDshdtPOLvP2NA5p=XQL0`dZ}? z6Q_wY#987Tah|w9TqG_Lmx(LHRpJ_PojAI@wY)vVF>#tWL!2ef5$A~u#6{u~ahbS6 zTqUj%*NLMmTFc)X@Farzi2I2LhzE(sh$o1rh^L8Xh-ZoCi06qHh!=@duWXiI%G*oa zN8C?5Ks-o1Mm#}0MLbPBLp)17M?6owK)gttx{}II+(+C`JU~21JVrc0JViWBJVQK7 zJV!iFygh&JbsbbHsV#0&$VJL|i7W5Lbz7 z#C2l*Au@#JaK`zNL(T=6IY0<#5LkN zadaJ(pExE?6K9CC#5v+Tae=risNRDR-^I8B@( z&JyQ{^TY+>B5{ehOk5$Z64!|9#L;W0{KPSFnm9w8CC(A&i3`L<;u3M0xI$bdt`XOX z{ejfR_}||ukC-@3oFUE<=ZN#f1>z!ciMUK$A+8eFi0j1BYg^0PLmU&Qi8I7m;v8|F zxIkPaE)kcBE5ude8gZRCdL5OYI3`XLXNa@JIpREVfw)LqA}$kGh^xdk;yQ731C^gR zCQcJ)h_l2w;yiJIxJX#JaK`zNL(T= z6IY0<#5LkNarFAu^7atN#A)ITah5nooF^_27l}*6W#S5PmAFP+C)Q1S5P{c!?@dj4 zd=`g&#Qnqr#Dm0R#1q6*#M8tx#IwY6#Ph@p#EZnKH?)?wm$;9(pLl?Hka&!Ef_RE} zns|nImUxbMo_K+HkvNs1@)P$F_Y)5g4-$_NPY_QLPZQ4&&l1lO&l4{YFA}G2j?{_% zi@x^~_YwCK4-gL$=L7yc(k~DfiA%&~;tFw!LP9unr&X|74LH z&N(Jd6K9CC#5v+Tae=rOG};xciCxJq0jt`kRZr1BHT#A)IT zah5nooF^_27l}*6W#S5PmAFP+CysuM%1;~haVp143+C z*k8ESX#cxfBiDTk4afUccoFmQ?7l@0*CE_x1g}6#wBd!xicTxF? zW8yS%hB!-{BhC{Sh>OG};xciCxJq0jt`qwYQ8e0rwpAW6ahf951H^;GW5g50Q^eE6GsLsR zbHww+3&e}Wse7sX#C^p5!~?{G#AC!0#8br6#52UR#B;>+#0$iW#Hrm>e&Rmje&PY* zLEie3dEy1)MdH+3sQkoz#Qnqr#Dm0R#1q6*#M8tx#IwY6#Ph@p z#EZnK`>6cHeZ>951H^;GW5g50Q^eE6GsLsRbHww+3&e}WsX;0~aUXF%@c{84@fh(0 z@f7hi@eJ`S@f`6y@dEK8aq505KXD&%Kk)$ZAn_RS1o0H{H1Q1aEb$!iJn;hYB5~@+ zsr$Q*Wd46ZaAK6Aus%5|0s25Kj?L6VDLO63-FO6E6@i5~toy3;u+#u;yL1Z;sxSG;?!`YPV685h)*wZA8|kN0P!I481V%06!A3i4Dl@S z9PvEy0`Veo>H#W0aXMi6J%kK#mN-Y8CoT{diA%&~;tFwMy;OeUm^e+GA%`GMDnD^doF>i?XNhyfdEx?bk+?)$Caw@yiEG4lV*jD` zbr6HL|FKqi#KdXh3~`n?N1P`v5EqF{#AV_Nah146Tqln9x0bhuI3`XLXNa@JIpREV zfw)LqA}$kGh^xdk;yQ8kPAWffOq?dp5NC;V#ChTZagn%0Tqdp%SBY!Hb>iqB5{ehOk5$Z64!|9#QpMnm9w8CC(A&i3`L<;u3M0 zxI$bdt`XOXqX%2d+d~`^r-?JfS>haVp143Ks9Y8ED+Qxn=Dv(g|b1i5R0%X|9j4PiSv&=VZjqK|MNTdp8Ij`yT=YN3h|WK z+oAmvCy3L;1>zEMg*YPa5bqQBi3h|(;xX}rcuMT;(*B7P#A)IJaf!G>91(Yj_lf(& z1L7g^n0P`wCH5lPKXHOMOg!+d_;Uq zd_uh3JlnsU{~B?UI3O+(mx*h{ZQ?F*kNAN2ka$FVM0`wqLcH9f{SzmN1L7ianYc#W zChijVh!2PliATgo#K*)Z#LIiMf8r!@KwKoQ%&_}?pb>G0c%QgWJRlwtkBKM5Q)2JY zv;DgDT_sKsr-=*1CE^NkMBE|XC+-suh=;^u;tBDT*n5ojPn;l56Bmd}#1-O*xI?^8 z+$SCo4~fUb6XGec*QWgwCy0X?cE8WINL(ha5x0rE#698z;zQyQ@e%Pc@d@$r?X&&6 z{ahnX5(mUZ;xchG!|wO}c8K?h`@{p{A@P`aLOdn*K7F=dx1OuS3F0(yfw)9mA&!VU z#QVg3;sNoHcuYJYo)UYXq5Tslh||Oc;u3L%I3n)Ou={<_J>mo6L*fzf5%Dqc3Gwpd zXZv^aUn5Qu2gF6wX+h?hT0`zKBk2gF6wX+h?hS{`zKBk2gF6wX+h?hT4`zKBk z2gF6kM@tAl*JSFxzXZv;IT_sKsr-=*1CE^NkMBE|XC+-su zh=;^u;tBDT*!zMf&wcn?_D`H3P7@c1OT-o8h`2+%PuwRS5D$sR#1rC^8UE@O&s+ZD z+5R10BTfyIj1Qeqfy=1nlr>X_qh?`mW|ELYSapw zx0{U4JUXbK_RaySZE6 z*tr>QHf~3)-LO?}+WvII_vj{*QZFpmCULDCytTbi4>3t|ck_{IOVZkEY+#?e+dHiX zY^zOYAZ6Pvx9Oeg<|Q3vOQ$`rH=ADS)<)Fy+$fv%-Db7vZPxa79%+Wx_io&%HoW@o z&Dd<#cK7OAVQVAuqV26_h(NDa#a}kwY5KQ!ZtQxgdi~K`;l|chqq%+a{97{niY!Rz zy|;UIF!6zCl3cpvyk}=PeF@ch?)^FIyfC$zF_#)ItZ#2tcVH}7bg1V$r+Mb|PgCK1 zv+KM#=xL98FYdJ4%&j}~o!hUvo2^D`-o7Q;*xlM_ZOB?uxB%Y64?dU=^G*Vl z%)08DVXUjlIdhw46)}X3u`aq6s^(0yrkS)E`EX4-!l6b!T#X%S!_LyRnb8W?A|)4W{uH79r58E#PEuN9HO!ded|flHgD8?L zisTvx#;QTME{yA9epOr-VWdnATo-W!Va__Lx|~|WiYQ(K>!6C)Ko}j>2*Rv&RK>Ls z#LRG_zD&AUYJ=456aK%LfQ``sRbx~A0<26yd zT;^BB3nPpTs)7AkM^!A#I46o5FN%7%>fP9`SHrDpbF;CH?;;KN*|!}%nv*iV@B_nr zQP3|-mvoemy|^cGj+&5jNkAUPv|2MGaRQq_ZmtVz^3>lP^4TzTl;#3#N8^MICjru7dYW z5Z6iG2GdnTQ`A~%HC-_@#nqG6SPe6#xR9?LKL|dMadAw8JIsXRz=A$Rz>F2 zK&g-h)IL$vG2>NZRg@BARScj8G9eAvvvp9#K7`Rx4WwHfxYwen6r#w!C<=rquDd7- zgeVS06rZkU#ELW47E}Q-++mC1YKIu^)WvW`L=1QQVqjrrxfelP2vfto5pkFr?$tOA zgEjvPdTPbn+u3VYx3ccA@OIjniDJUMIRa4>2T@!YQ4|SLe2p;wy0I#Xgt00HR0G99 z8gOweP!*NU0^;_ZwX5PwlC`ViX4{;H_{)?XEgvwo^LQepQgV1cSQTWyF9 z9EUh?$f8KEc8C>+qYigUV!2Z~b-|kdrP#h`$3HQpvUVUDI|)&D66OeEhZ-nR;y{TK z#k~ z!yt;x0dF|%b@5xxbJ)b z#}5|758j}0>G$0`{%ijH`6mgDyKMgcg82CNPL?j2|2>#yUj8Npo&WHX{ihbh_dcTW zm+k)(3*tu=jlXPu_kS0hxBmFw?OeA1{DSj~|96e@CHedCg8V0+()CA|#8(%@_g>KW zG1_Mze*ZqXVEwhb|6BZML45F{#wT2IXC9va#W&B-e|e}uU5r2baQrtG#7|zbD7#1T z7#HHPzIo?A`J+bkFPZ<=g80s#G(K_3{4ZHN9h298Rpb92FWi)_llQWnKP}UHe5?U~ zahscY2)%zI(D``&hhEblo{!^y2Zzfk$CoVr>df5E${&(OH z&wm$5otOW<#TO9c9v6>Nbs_%A1@RM$?;yrKF5cZ)p8rXtY2N%5S6J~BZOA}r_Z>E20Ra+depGxoOqJ)UySbX$N&HU